Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/c7r0L2ENZSmqzGht-gN0WK2wO-w.roa
File:                     c7r0L2ENZSmqzGht-gN0WK2wO-w.roa (raw, json)
Hash identifier:          qscdcuXNHP5xr9NKr0pzszSsGawZRBL4L0aRxzbki3I=
Subject key identifier:   73:BA:F4:2F:61:0D:65:29:AA:CC:68:6D:FA:03:74:58:AD:B0:3B:EC
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       019E6781720BE19F160FF32EA7887FCEB903
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/c7r0L2ENZSmqzGht-gN0WK2wO-w.roa
Signing time:             Wed 27 May 2026 03:36:37 +0000
ROA not before:           Wed 27 May 2026 03:36:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        176.105.244.0/24 maxlen: 24
                          195.88.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:67:81:72:0b:e1:9f:16:0f:f3:2e:a7:88:7f:ce:b9:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: May 27 03:36:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=73baf42f610d6529aacc686dfa037458adb03bec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:60:85:7b:94:94:54:64:05:05:a2:ad:28:32:
                    b1:5a:55:75:07:64:f2:e4:06:3f:1f:e7:88:5b:07:
                    25:89:08:d3:6c:e7:8b:6a:bd:b5:1f:96:d8:6d:fe:
                    90:9a:ea:31:7a:1a:2a:26:77:00:50:cd:9c:38:73:
                    e1:51:a7:e0:e3:48:af:c9:86:ce:5f:c9:01:93:c6:
                    66:2c:3b:0a:5c:37:3b:d4:7b:4c:98:33:ef:8e:85:
                    c0:af:dc:4a:f7:b4:50:d9:a2:19:10:89:84:a6:aa:
                    4b:a4:ce:54:35:14:10:83:45:be:a7:04:c4:b9:e3:
                    89:11:d1:eb:ca:7f:ab:e4:6e:88:f2:fe:e8:e6:a5:
                    05:3f:7b:eb:81:75:f4:3a:c6:b2:e9:9e:49:ad:92:
                    2f:a8:9c:b7:86:31:64:d2:76:fd:06:4e:19:76:d7:
                    4a:b9:53:21:e4:3a:f4:da:aa:c1:34:a0:4e:29:70:
                    f6:2d:eb:a2:3f:d8:e9:93:4e:bc:c3:c7:54:2e:e0:
                    7c:01:1a:c8:b1:ba:24:85:95:1d:89:50:ee:61:e4:
                    86:2e:e9:89:7c:e4:50:7d:15:a3:7b:5d:c7:fa:61:
                    ea:6c:75:8c:ac:a0:46:a8:9e:7b:a9:73:8c:6d:94:
                    91:b8:da:86:ae:f0:4d:2f:db:80:c8:fa:9e:32:90:
                    63:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:BA:F4:2F:61:0D:65:29:AA:CC:68:6D:FA:03:74:58:AD:B0:3B:EC
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/c7r0L2ENZSmqzGht-gN0WK2wO-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.105.244.0/24
                  195.88.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:dd:57:28:72:2d:92:10:70:8c:d8:6c:26:1d:c6:88:2b:6e:
         56:3e:d1:27:99:2a:e1:02:15:46:7a:6a:37:05:20:c2:66:ed:
         0c:c7:52:a3:e3:3d:62:44:7e:0f:1b:6a:8b:ba:81:0a:c9:eb:
         c4:fa:3c:ae:6e:67:3f:f7:10:96:cb:36:fc:a7:d9:7b:92:ea:
         65:b0:88:05:60:c7:ad:47:6f:ec:e3:7d:97:88:48:e4:51:b2:
         64:ef:3c:d5:6b:8c:ae:f2:f5:c3:5a:6f:bf:e9:33:71:5a:b1:
         19:2c:48:5f:36:6b:cf:0f:4a:91:39:a3:27:99:01:c1:38:93:
         99:cb:0e:7c:d9:34:53:ec:33:12:bb:5f:24:18:65:a3:2c:a7:
         25:62:22:fc:4d:15:03:1d:29:03:de:db:2d:e6:53:cf:0f:34:
         12:6e:03:76:22:05:9f:3e:6c:b7:42:94:38:96:68:29:56:75:
         92:d5:b0:8a:bc:99:e7:86:31:00:13:1c:6d:7f:59:f2:fd:c8:
         92:6b:d8:ff:7b:ef:6c:32:b5:e0:64:a6:9f:f1:e8:39:7a:b7:
         78:2d:ca:2b:69:a6:99:16:5c:8b:2c:68:32:7e:e6:b4:f1:c6:
         66:be:7f:54:94:e2:02:a4:72:75:84:ea:56:31:a1:58:66:2a:
         8f:d4:44:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5ngXIL4Z8WD/Mup4h/zrkDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjYwNTI3MDMzNjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2JhZjQyZjYxMGQ2NTI5YWFjYzY4NmRmYTAzNzQ1OGFkYjAzYmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGCFe5SUVGQFBaKtKDKxWlV1B2Ty
5AY/H+eIWwcliQjTbOeLar21H5bYbf6QmuoxehoqJncAUM2cOHPhUafg40ivyYbO
X8kBk8ZmLDsKXDc71HtMmDPvjoXAr9xK97RQ2aIZEImEpqpLpM5UNRQQg0W+pwTE
ueOJEdHryn+r5G6I8v7o5qUFP3vrgXX0Osay6Z5JrZIvqJy3hjFk0nb9Bk4ZdtdK
uVMh5Dr02qrBNKBOKXD2LeuiP9jpk068w8dULuB8ARrIsbokhZUdiVDuYeSGLumJ
fORQfRWje13H+mHqbHWMrKBGqJ57qXOMbZSRuNqGrvBNL9uAyPqeMpBjrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHO69C9hDWUpqsxobfoDdFitsDvsMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvYzdyMEwyRU5aU21xekdodC1nTjBXSzJ3Ty13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsGn0AwQA
w1jVMA0GCSqGSIb3DQEBCwUAA4IBAQBs3Vcoci2SEHCM2GwmHcaIK25WPtEnmSrh
AhVGemo3BSDCZu0Mx1Kj4z1iRH4PG2qLuoEKyevE+jyubmc/9xCWyzb8p9l7kupl
sIgFYMetR2/s432XiEjkUbJk7zzVa4yu8vXDWm+/6TNxWrEZLEhfNmvPD0qROaMn
mQHBOJOZyw582TRT7DMSu18kGGWjLKclYiL8TRUDHSkD3tst5lPPDzQSbgN2IgWf
Pmy3QpQ4lmgpVnWS1bCKvJnnhjEAExxtf1ny/ciSa9j/e+9sMrXgZKaf8eg5erd4
LcoraaaZFlyLLGgyfua08cZmvn9UlOICpHJ1hOpWMaFYZiqP1ERJ
-----END CERTIFICATE-----