Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/7cAN5cdu2_S9bDQVNC5QqKrYvmc.roa
File:                     7cAN5cdu2_S9bDQVNC5QqKrYvmc.roa (raw, json)
Hash identifier:          CLStmuiko/zgT60qCZzYYWQkc+wkCRkeSaDCC+s+3Mo=
Subject key identifier:   ED:C0:0D:E5:C7:6E:DB:F4:BD:6C:34:15:34:2E:50:A8:AA:D8:BE:67
Certificate issuer:       /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial:       019D690E553189EB19B6223663F1A6909775
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/7cAN5cdu2_S9bDQVNC5QqKrYvmc.roa
Signing time:             Tue 07 Apr 2026 17:47:20 +0000
ROA not before:           Tue 07 Apr 2026 17:47:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40352
IP address blocks:        195.222.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 17:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:69:0e:55:31:89:eb:19:b6:22:36:63:f1:a6:90:97:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
        Validity
            Not Before: Apr  7 17:47:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=edc00de5c76edbf4bd6c3415342e50a8aad8be67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:cf:b3:5d:f3:f6:32:e6:88:fd:33:c9:e6:61:
                    4e:5d:f7:bd:0a:1b:f0:6d:b3:20:8a:39:9c:c5:8a:
                    5f:cd:84:8f:31:0d:5d:5b:27:a9:8d:6e:5c:85:e0:
                    f8:d8:bd:22:44:4e:be:32:f7:82:0a:f1:e2:2c:1b:
                    95:6b:f1:d4:de:6a:8c:a8:2b:ea:fc:f0:cd:08:7d:
                    bd:7f:21:f2:70:32:9c:d9:af:87:88:5d:05:2a:2a:
                    24:95:75:dd:0e:a5:5c:2a:01:d5:58:1f:6a:21:f3:
                    a2:a6:2c:fa:2e:9e:ce:73:cb:91:01:f1:e7:e6:31:
                    a9:9e:1c:9c:71:9d:75:ea:ea:ec:35:88:0f:c8:44:
                    bd:03:a7:60:f8:a8:89:74:60:fa:00:f0:39:fd:4e:
                    15:13:94:2a:e8:b7:3d:61:db:04:21:db:be:89:b9:
                    29:9d:8a:a0:2c:cb:52:71:e8:c6:52:0f:e5:d5:2a:
                    7e:20:00:43:f0:9b:e3:90:d2:da:64:72:98:a4:97:
                    b7:78:c9:13:3d:65:8a:a6:62:8f:70:ac:51:96:2f:
                    80:a5:21:d6:17:08:2d:19:89:19:75:d9:47:48:c2:
                    51:a7:94:8a:56:1a:25:57:0d:56:57:b4:3b:66:42:
                    f8:b8:6a:4f:31:b9:d0:e3:bf:c5:99:10:33:5d:24:
                    80:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:C0:0D:E5:C7:6E:DB:F4:BD:6C:34:15:34:2E:50:A8:AA:D8:BE:67
            X509v3 Authority Key Identifier:
                keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/7cAN5cdu2_S9bDQVNC5QqKrYvmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.222.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:46:44:21:75:47:0b:de:2c:17:a6:4d:f9:b2:0d:b1:93:3b:
         7a:f0:09:f4:9b:ad:e5:ae:d5:46:ad:57:b2:0b:d0:06:91:90:
         49:29:cc:13:1b:a4:be:05:f7:01:40:a3:b6:e4:3b:bd:89:df:
         30:d5:bd:52:f1:43:61:d3:3a:ed:fc:1d:66:4b:49:4c:dc:6c:
         74:c5:dd:a0:b4:77:a1:9d:31:29:e9:0a:bf:2a:58:f1:56:ae:
         49:85:7f:6b:53:25:81:cb:8f:24:aa:25:70:29:ca:96:73:c5:
         ca:47:5e:54:94:00:9d:d5:4c:7a:41:e1:3b:24:c0:5f:51:70:
         e4:a7:76:26:0a:ff:01:39:7d:86:56:c0:88:5e:77:41:cb:db:
         ce:39:fd:e6:5e:25:d9:9d:3c:7b:50:f6:f7:7c:04:64:0c:5c:
         bb:c9:18:bc:8b:50:1a:3a:54:58:f7:fa:d8:44:a3:fc:43:67:
         02:f2:2c:b9:93:2f:22:62:2d:5d:e4:fc:81:3b:19:fc:48:ef:
         b1:89:a4:f1:e9:71:ae:7f:14:24:4a:8c:02:4a:5e:2d:d8:79:
         95:a1:3f:f5:35:3d:07:87:1f:7f:95:56:73:46:b3:da:8a:31:
         f1:ef:42:d1:6c:f9:95:77:3c:ae:77:39:f0:03:e9:4e:de:fa:
         4b:ac:f1:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1pDlUxiesZtiI2Y/GmkJd1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjYwNDA3MTc0NzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGMwMGRlNWM3NmVkYmY0YmQ2YzM0MTUzNDJlNTBhOGFhZDhiZTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8+zXfP2MuaI/TPJ5mFOXfe9Chvw
bbMgijmcxYpfzYSPMQ1dWyepjW5cheD42L0iRE6+MveCCvHiLBuVa/HU3mqMqCvq
/PDNCH29fyHycDKc2a+HiF0FKioklXXdDqVcKgHVWB9qIfOipiz6Lp7Oc8uRAfHn
5jGpnhyccZ116ursNYgPyES9A6dg+KiJdGD6APA5/U4VE5Qq6Lc9YdsEIdu+ibkp
nYqgLMtScejGUg/l1Sp+IABD8JvjkNLaZHKYpJe3eMkTPWWKpmKPcKxRli+ApSHW
FwgtGYkZddlHSMJRp5SKVholVw1WV7Q7ZkL4uGpPMbnQ47/FmRAzXSSAEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO3ADeXHbtv0vWw0FTQuUKiq2L5nMB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEvN2NBTjVjZHUyX1M5YkRRVk5DNVFxS3JZdm1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw95/MA0G
CSqGSIb3DQEBCwUAA4IBAQCERkQhdUcL3iwXpk35sg2xkzt68An0m63lrtVGrVey
C9AGkZBJKcwTG6S+BfcBQKO25Du9id8w1b1S8UNh0zrt/B1mS0lM3Gx0xd2gtHeh
nTEp6Qq/KljxVq5JhX9rUyWBy48kqiVwKcqWc8XKR15UlACd1Ux6QeE7JMBfUXDk
p3YmCv8BOX2GVsCIXndBy9vOOf3mXiXZnTx7UPb3fARkDFy7yRi8i1AaOlRY9/rY
RKP8Q2cC8iy5ky8iYi1d5PyBOxn8SO+xiaTx6XGufxQkSowCSl4t2HmVoT/1NT0H
hx9/lVZzRrPaijHx70LRbPmVdzyudznwA+lO3vpLrPH/
-----END CERTIFICATE-----