Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/d79fbe-6132-43be-b8c3-3eea51adbd94/1/euwzSj8xOG7EminyKJrU5zxOksk.roa
File:                     euwzSj8xOG7EminyKJrU5zxOksk.roa (raw, json)
Hash identifier:          MbduT34AD8zWgFsmrVTvrR5nk3ZCJDd2QXhzk0/XC6I=
Subject key identifier:   7A:EC:33:4A:3F:31:38:6E:C4:9A:29:F2:28:9A:D4:E7:3C:4E:92:C9
Certificate issuer:       /CN=607c7c7c6491d9e6ccf910fa6f69daf12802802d
Certificate serial:       019EE706936F88C015B1667D6DDB9BCB43AA
Authority key identifier: 60:7C:7C:7C:64:91:D9:E6:CC:F9:10:FA:6F:69:DA:F1:28:02:80:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YHx8fGSR2ebM-RD6b2na8SgCgC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/d79fbe-6132-43be-b8c3-3eea51adbd94/1/euwzSj8xOG7EminyKJrU5zxOksk.roa
Signing time:             Sat 20 Jun 2026 21:53:48 +0000
ROA not before:           Sat 20 Jun 2026 21:53:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47910
IP address blocks:        193.42.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/d79fbe-6132-43be-b8c3-3eea51adbd94/1/YHx8fGSR2ebM-RD6b2na8SgCgC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/d79fbe-6132-43be-b8c3-3eea51adbd94/1/YHx8fGSR2ebM-RD6b2na8SgCgC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YHx8fGSR2ebM-RD6b2na8SgCgC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:e7:06:93:6f:88:c0:15:b1:66:7d:6d:db:9b:cb:43:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=607c7c7c6491d9e6ccf910fa6f69daf12802802d
        Validity
            Not Before: Jun 20 21:53:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7aec334a3f31386ec49a29f2289ad4e73c4e92c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:5f:ad:21:15:cb:b8:14:f3:76:17:ff:ce:95:
                    db:3c:e8:be:ae:57:dd:b7:df:aa:75:d7:cf:bb:4e:
                    0b:0b:8b:8b:a0:cc:35:91:ca:3c:91:18:fa:26:cc:
                    ae:57:8c:18:c6:44:02:24:03:ca:1c:3c:84:3d:ea:
                    5e:d2:a2:6e:62:8c:3d:f4:5d:ab:9d:18:6f:2d:50:
                    23:c1:0b:a3:e6:04:37:45:d0:e4:30:08:c3:02:98:
                    e1:b2:4d:00:57:f3:5a:e5:40:95:56:f5:a9:18:9d:
                    cd:65:b4:53:b6:05:dd:fd:79:03:2b:f5:76:5b:92:
                    d6:63:f4:23:36:1a:36:68:31:b9:1c:b3:b9:ab:3d:
                    a4:80:a3:7d:0c:ca:c9:d6:9b:2b:b9:22:5d:e2:54:
                    e3:48:f7:1f:45:4d:e9:17:ab:48:33:fe:58:bd:6d:
                    73:33:a3:55:3a:a6:a2:a8:64:8d:dd:bb:70:98:b6:
                    d0:99:7a:32:35:a8:6b:0d:e0:b8:39:17:09:49:ef:
                    c6:81:99:21:d0:2e:5f:e9:2c:c7:9d:75:c4:fa:85:
                    0c:6d:a3:72:b1:6d:45:41:fa:36:ab:f6:4f:b1:6a:
                    32:25:1f:06:c3:7d:a2:f2:8c:b8:20:d7:b9:88:99:
                    e3:04:ae:40:14:f9:0d:c1:15:5e:bf:d4:66:4e:13:
                    58:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:EC:33:4A:3F:31:38:6E:C4:9A:29:F2:28:9A:D4:E7:3C:4E:92:C9
            X509v3 Authority Key Identifier:
                keyid:60:7C:7C:7C:64:91:D9:E6:CC:F9:10:FA:6F:69:DA:F1:28:02:80:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YHx8fGSR2ebM-RD6b2na8SgCgC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/d79fbe-6132-43be-b8c3-3eea51adbd94/1/euwzSj8xOG7EminyKJrU5zxOksk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/d79fbe-6132-43be-b8c3-3eea51adbd94/1/YHx8fGSR2ebM-RD6b2na8SgCgC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:5f:3a:67:c7:2f:0f:87:05:28:63:e3:d5:d3:64:76:57:3a:
         e7:52:62:e5:b0:d7:01:92:6e:f4:b8:42:7c:cb:ef:54:93:a4:
         e3:1f:5b:22:e3:14:79:f3:0a:ca:cb:61:23:30:d4:38:f9:25:
         da:58:e4:21:d6:94:cd:58:4f:f5:3f:12:4f:f3:d0:d8:a3:f9:
         06:9c:90:b2:5d:33:03:d8:e4:8e:84:f1:05:cf:78:ca:d6:89:
         53:39:1b:5b:5b:7b:14:a1:35:a5:11:e9:9e:a4:eb:96:64:a8:
         50:28:8b:93:59:39:71:59:ec:a0:b9:3a:c4:65:97:1f:6a:94:
         28:1e:93:28:81:fa:88:8d:69:6c:80:21:47:a5:df:30:29:ca:
         1d:d8:3b:92:99:9d:3a:20:41:6a:c8:44:2f:5b:5a:e4:90:46:
         13:00:0a:3b:f7:ea:d7:11:a4:fa:e4:85:fd:bf:99:f9:03:e9:
         63:e9:b8:a0:51:32:61:fa:09:38:6d:40:1d:5b:fc:19:fc:9d:
         01:9b:d2:d0:6c:5f:86:05:63:26:bd:67:43:2e:ea:d1:98:83:
         f4:e8:a2:ed:aa:f2:86:be:08:82:bf:75:84:20:cf:f3:00:43:
         89:34:b7:ff:48:b6:4c:5e:0e:d5:02:cf:57:4b:4f:50:e4:ab:
         b1:8b:3c:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7nBpNviMAVsWZ9bduby0OqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwN2M3YzdjNjQ5MWQ5ZTZjY2Y5MTBmYTZmNjlkYWYxMjgw
MjgwMmQwHhcNMjYwNjIwMjE1MzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWVjMzM0YTNmMzEzODZlYzQ5YTI5ZjIyODlhZDRlNzNjNGU5MmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAml+tIRXLuBTzdhf/zpXbPOi+rlfd
t9+qddfPu04LC4uLoMw1kco8kRj6JsyuV4wYxkQCJAPKHDyEPepe0qJuYow99F2r
nRhvLVAjwQuj5gQ3RdDkMAjDApjhsk0AV/Na5UCVVvWpGJ3NZbRTtgXd/XkDK/V2
W5LWY/QjNho2aDG5HLO5qz2kgKN9DMrJ1psruSJd4lTjSPcfRU3pF6tIM/5YvW1z
M6NVOqaiqGSN3btwmLbQmXoyNahrDeC4ORcJSe/GgZkh0C5f6SzHnXXE+oUMbaNy
sW1FQfo2q/ZPsWoyJR8Gw32i8oy4INe5iJnjBK5AFPkNwRVev9RmThNYOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHrsM0o/MThuxJop8iia1Oc8TpLJMB8GA1UdIwQY
MBaAFGB8fHxkkdnmzPkQ+m9p2vEoAoAtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUh4OGZHU1IyZWJNLVJENmIybmE4U2dDZ0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kNzlmYmUtNjEzMi00M2JlLWI4YzMt
M2VlYTUxYWRiZDk0LzEvZXV3elNqOHhPRzdFbWlueUtKclU1enhPa3NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kNzlmYmUtNjEzMi00M2JlLWI4YzMtM2VlYTUxYWRiZDk0
LzEvWUh4OGZHU1IyZWJNLVJENmIybmE4U2dDZ0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSqOMA0G
CSqGSIb3DQEBCwUAA4IBAQBOXzpnxy8PhwUoY+PV02R2VzrnUmLlsNcBkm70uEJ8
y+9Uk6TjH1si4xR58wrKy2EjMNQ4+SXaWOQh1pTNWE/1PxJP89DYo/kGnJCyXTMD
2OSOhPEFz3jK1olTORtbW3sUoTWlEemepOuWZKhQKIuTWTlxWeyguTrEZZcfapQo
HpMogfqIjWlsgCFHpd8wKcod2DuSmZ06IEFqyEQvW1rkkEYTAAo79+rXEaT65IX9
v5n5A+lj6bigUTJh+gk4bUAdW/wZ/J0Bm9LQbF+GBWMmvWdDLurRmIP06KLtqvKG
vgiCv3WEIM/zAEOJNLf/SLZMXg7VAs9XS09Q5KuxizxK
-----END CERTIFICATE-----