Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/exEiZ6g6n6kSonJ7XNfPEt8FYU8.roa
File:                     exEiZ6g6n6kSonJ7XNfPEt8FYU8.roa (raw, json)
Hash identifier:          uoKWvu65xemx1ub0qZWNtuBufDBSL35zskf7uWjMT3A=
Subject key identifier:   7B:11:22:67:A8:3A:9F:A9:12:A2:72:7B:5C:D7:CF:12:DF:05:61:4F
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       019E70B235D3A711FDBC9FC70E04E83F7A74
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/exEiZ6g6n6kSonJ7XNfPEt8FYU8.roa
Signing time:             Thu 28 May 2026 22:26:27 +0000
ROA not before:           Thu 28 May 2026 22:26:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46733
IP address blocks:        153.76.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 15:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:70:b2:35:d3:a7:11:fd:bc:9f:c7:0e:04:e8:3f:7a:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: May 28 22:26:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7b112267a83a9fa912a2727b5cd7cf12df05614f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:39:a5:40:09:45:d9:20:cb:b6:bb:8d:d2:84:
                    79:95:1b:1c:18:30:85:fc:07:ea:c1:84:8f:a2:5a:
                    98:56:a9:14:7d:1e:a3:b1:f6:d5:73:41:90:3e:d5:
                    f7:1e:2d:ff:50:0d:49:0c:a6:24:d6:84:4a:7f:7a:
                    45:c3:cc:99:0f:8d:b4:4e:50:4a:b9:39:ef:83:70:
                    3f:a8:0b:2d:c6:ef:a7:70:c7:f3:1d:8b:3d:d0:c4:
                    37:58:eb:13:10:7a:57:bb:5a:49:df:9a:37:50:c9:
                    9d:5a:c5:bc:32:51:88:3e:b5:e7:85:56:60:7e:11:
                    59:57:dc:a9:d7:af:28:66:fe:ee:5c:ff:a4:10:ec:
                    63:ca:e0:8f:2b:9a:43:b2:62:6e:15:3a:f1:b6:f1:
                    6a:39:ff:50:fb:33:e6:0c:5e:97:c6:fc:4a:d0:72:
                    81:d3:b2:1c:c9:3f:61:0e:24:d2:1e:c8:4a:ad:87:
                    84:06:3b:c0:d0:3e:28:d1:d5:df:c0:b0:4a:b4:4f:
                    3c:f5:6f:98:62:ec:b6:f8:27:1e:7b:b5:4a:64:85:
                    af:32:24:c6:05:45:28:ec:44:ad:2d:6c:72:57:4b:
                    a3:1f:bc:8a:34:eb:a6:8e:10:6e:cc:d4:a1:3e:5f:
                    d4:79:ed:cc:ba:c6:c2:7a:86:9b:6e:fc:7d:9e:34:
                    34:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:11:22:67:A8:3A:9F:A9:12:A2:72:7B:5C:D7:CF:12:DF:05:61:4F
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/exEiZ6g6n6kSonJ7XNfPEt8FYU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.76.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:7f:76:cf:c6:c6:0d:52:92:e4:4e:31:6e:c4:7f:a8:3c:fd:
         1d:e6:21:35:c1:75:d4:5a:b2:2f:ea:5a:86:82:3f:02:5e:82:
         db:b0:f3:7d:d3:25:57:24:d8:1c:7d:3a:d5:39:a0:dc:35:ea:
         73:b4:c1:3a:4d:8e:dc:11:3e:d6:8a:5d:cd:61:ed:84:56:f3:
         ec:2b:46:69:38:9b:1b:94:06:e6:57:04:e0:20:56:07:3f:60:
         f3:8c:3a:0c:e3:70:b4:25:eb:67:b1:6f:ee:9d:7a:a4:ae:e6:
         90:c2:30:12:f8:2a:72:2d:9f:22:3a:c7:86:15:f4:ff:eb:b3:
         9e:2a:e4:6f:97:7c:2f:2c:79:58:d7:cc:3d:ef:9f:0b:53:82:
         94:b0:72:42:70:58:d8:2e:b1:5d:29:22:8a:e5:bb:44:7d:48:
         e9:0c:4b:1d:bf:a1:30:cd:c9:63:d8:5d:4f:64:bb:b8:4a:f9:
         26:6b:06:fe:c6:46:da:d1:f9:70:5f:35:fe:27:d4:04:67:1e:
         d4:b2:02:dd:82:cd:b5:a2:43:c5:a6:a6:3d:80:4c:46:c3:7a:
         57:27:82:19:b3:54:7c:fa:24:f5:e6:b3:0b:7f:a8:22:6f:4e:
         e9:8d:8e:c5:fc:2e:08:e9:f4:2b:45:b7:e6:2d:00:87:38:3a:
         1e:f9:ba:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5wsjXTpxH9vJ/HDgToP3p0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjYwNTI4MjIyNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjExMjI2N2E4M2E5ZmE5MTJhMjcyN2I1Y2Q3Y2YxMmRmMDU2MTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmlQAlF2SDLtruN0oR5lRscGDCF
/AfqwYSPolqYVqkUfR6jsfbVc0GQPtX3Hi3/UA1JDKYk1oRKf3pFw8yZD420TlBK
uTnvg3A/qAstxu+ncMfzHYs90MQ3WOsTEHpXu1pJ35o3UMmdWsW8MlGIPrXnhVZg
fhFZV9yp168oZv7uXP+kEOxjyuCPK5pDsmJuFTrxtvFqOf9Q+zPmDF6XxvxK0HKB
07IcyT9hDiTSHshKrYeEBjvA0D4o0dXfwLBKtE889W+YYuy2+Ccee7VKZIWvMiTG
BUUo7EStLWxyV0ujH7yKNOumjhBuzNShPl/Uee3MusbCeoabbvx9njQ0qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHsRImeoOp+pEqJye1zXzxLfBWFPMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvZXhFaVo2ZzZuNmtTb25KN1hOZlBFdDhGWVU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmUwHMA0G
CSqGSIb3DQEBCwUAA4IBAQAWf3bPxsYNUpLkTjFuxH+oPP0d5iE1wXXUWrIv6lqG
gj8CXoLbsPN90yVXJNgcfTrVOaDcNepztME6TY7cET7Wil3NYe2EVvPsK0ZpOJsb
lAbmVwTgIFYHP2DzjDoM43C0JetnsW/unXqkruaQwjAS+CpyLZ8iOseGFfT/67Oe
KuRvl3wvLHlY18w9758LU4KUsHJCcFjYLrFdKSKK5btEfUjpDEsdv6Ewzclj2F1P
ZLu4Svkmawb+xkba0flwXzX+J9QEZx7UsgLdgs21okPFpqY9gExGw3pXJ4IZs1R8
+iT15rMLf6gib07pjY7F/C4I6fQrRbfmLQCHODoe+bpE
-----END CERTIFICATE-----