Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_Ef_aMpbpMzVae_hvc4UE5X9UPc.roa
File:                     _Ef_aMpbpMzVae_hvc4UE5X9UPc.roa (raw, json)
Hash identifier:          3pcv6kNh7Ds1oAcoBTJYu1TNC0vj/qarDnE71lpRw6A=
Subject key identifier:   FC:47:FF:68:CA:5B:A4:CC:D5:69:EF:E1:BD:CE:14:13:95:FD:50:F7
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019EB7BC053958760A87AED8EE07089B384D
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_Ef_aMpbpMzVae_hvc4UE5X9UPc.roa
Signing time:             Thu 11 Jun 2026 17:30:13 +0000
ROA not before:           Thu 11 Jun 2026 17:30:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154642
IP address blocks:        37.202.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 17:30:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b7:bc:05:39:58:76:0a:87:ae:d8:ee:07:08:9b:38:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun 11 17:30:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fc47ff68ca5ba4ccd569efe1bdce141395fd50f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:fa:18:6d:3e:c6:e0:3a:64:03:b6:86:29:c6:
                    52:56:15:de:ce:78:a0:05:1e:6d:09:f5:56:5d:8b:
                    8d:b4:de:3a:d3:73:54:be:a9:d7:42:19:e5:52:c6:
                    21:24:18:93:e8:54:67:1f:d4:fd:0b:15:9a:72:a7:
                    a2:f6:c9:95:ed:c7:95:35:47:ca:97:0b:79:3c:54:
                    f6:16:26:6c:ca:1e:82:b0:c9:3b:c9:30:40:1b:ee:
                    95:06:48:37:db:92:8b:bd:8a:70:ea:52:d6:17:76:
                    a8:6a:13:57:46:06:91:cd:73:85:ac:47:cf:76:a5:
                    65:5f:b0:af:51:12:2f:2c:10:e3:38:a9:e1:95:f6:
                    8b:83:13:78:bb:40:cd:8a:91:ea:df:43:92:df:22:
                    3e:8e:27:a8:ff:38:b4:b0:3e:3c:17:1b:bc:3f:3e:
                    c6:eb:b2:a4:f2:98:f0:3e:f3:67:87:d2:91:fa:80:
                    0d:ce:91:d7:6f:1c:a3:2c:62:6e:74:9a:03:fb:a1:
                    60:10:62:8f:88:2f:14:02:09:b5:9d:b9:89:aa:ee:
                    63:47:6e:24:b0:cb:0c:90:f9:6b:a4:08:77:80:74:
                    58:19:03:73:3d:06:44:15:20:77:ce:29:96:4c:6a:
                    d1:30:ec:2e:88:55:42:82:26:bd:aa:16:e7:9f:20:
                    c6:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:47:FF:68:CA:5B:A4:CC:D5:69:EF:E1:BD:CE:14:13:95:FD:50:F7
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/_Ef_aMpbpMzVae_hvc4UE5X9UPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:70:28:75:ec:80:61:f8:c3:ac:ce:bb:87:4e:57:d3:a4:2b:
         40:a6:7d:e5:41:6b:6c:a2:cc:e7:0a:4f:a7:8e:27:fb:aa:ff:
         61:95:bd:4b:48:6e:f8:cc:cf:b8:fb:11:f6:91:b1:87:9b:4a:
         01:19:20:ae:92:c4:3e:5e:b5:df:8e:d6:57:99:e9:88:58:6b:
         6c:a0:ea:a5:09:df:44:58:40:a3:43:fa:c3:ea:37:59:27:33:
         67:d8:f1:8a:d1:2f:5f:c0:05:91:75:3f:8e:2c:b5:e2:12:9f:
         d0:e0:12:8a:f1:9f:e2:57:ce:5a:fb:9e:1b:b2:00:bd:c3:95:
         f7:37:6a:f2:e0:d3:e7:bb:fa:d2:d7:b0:8e:e3:7b:df:6f:66:
         60:83:0b:3d:8c:d9:2b:cd:c0:aa:25:d5:0a:45:33:9d:3c:96:
         9a:2f:c6:a9:27:42:d1:15:d5:03:cd:28:28:41:64:c1:f6:af:
         45:20:96:23:fa:9a:41:8f:48:52:0d:99:86:7f:6c:4b:e3:e5:
         70:e0:a8:0a:0e:12:9b:b2:53:bf:1f:1d:2c:28:56:36:f7:5d:
         56:29:1e:bc:3c:7f:19:17:b8:51:15:93:88:34:da:5b:cb:25:
         68:ac:30:82:08:5a:ba:93:23:75:30:63:b0:1e:de:39:f1:34:
         e4:6e:b6:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ63vAU5WHYKh67Y7gcImzhNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNjExMTczMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzQ3ZmY2OGNhNWJhNGNjZDU2OWVmZTFiZGNlMTQxMzk1ZmQ1MGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvoYbT7G4DpkA7aGKcZSVhXeznig
BR5tCfVWXYuNtN4603NUvqnXQhnlUsYhJBiT6FRnH9T9CxWacqei9smV7ceVNUfK
lwt5PFT2FiZsyh6CsMk7yTBAG+6VBkg325KLvYpw6lLWF3aoahNXRgaRzXOFrEfP
dqVlX7CvURIvLBDjOKnhlfaLgxN4u0DNipHq30OS3yI+jieo/zi0sD48Fxu8Pz7G
67Kk8pjwPvNnh9KR+oANzpHXbxyjLGJudJoD+6FgEGKPiC8UAgm1nbmJqu5jR24k
sMsMkPlrpAh3gHRYGQNzPQZEFSB3zimWTGrRMOwuiFVCgia9qhbnnyDGzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxH/2jKW6TM1Wnv4b3OFBOV/VD3MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvX0VmX2FNcGJwTXpWYWVfaHZjNFVFNVg5VVBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJcrLMA0G
CSqGSIb3DQEBCwUAA4IBAQAfcCh17IBh+MOszruHTlfTpCtApn3lQWtsosznCk+n
jif7qv9hlb1LSG74zM+4+xH2kbGHm0oBGSCuksQ+XrXfjtZXmemIWGtsoOqlCd9E
WECjQ/rD6jdZJzNn2PGK0S9fwAWRdT+OLLXiEp/Q4BKK8Z/iV85a+54bsgC9w5X3
N2ry4NPnu/rS17CO43vfb2Zggws9jNkrzcCqJdUKRTOdPJaaL8apJ0LRFdUDzSgo
QWTB9q9FIJYj+ppBj0hSDZmGf2xL4+Vw4KgKDhKbslO/Hx0sKFY2911WKR68PH8Z
F7hRFZOINNpbyyVorDCCCFq6kyN1MGOwHt458TTkbrYl
-----END CERTIFICATE-----