Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/NEg7CPGFG-AFqFhcrRFFHQbLVm8.roa
File:                     NEg7CPGFG-AFqFhcrRFFHQbLVm8.roa (raw, json)
Hash identifier:          A0c6Kmj3hUwlwGHgq16Uj43/Zf568YJPqpP2d1HKH5E=
Subject key identifier:   34:48:3B:08:F1:85:1B:E0:05:A8:58:5C:AD:11:45:1D:06:CB:56:6F
Certificate issuer:       /CN=69507f066f2bb0389dd88436074e1426114f2d92
Certificate serial:       019E8E7B5D4D9A895DBD006998C653F031D1
Authority key identifier: 69:50:7F:06:6F:2B:B0:38:9D:D8:84:36:07:4E:14:26:11:4F:2D:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aVB_Bm8rsDid2IQ2B04UJhFPLZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/NEg7CPGFG-AFqFhcrRFFHQbLVm8.roa
Signing time:             Wed 03 Jun 2026 17:15:09 +0000
ROA not before:           Wed 03 Jun 2026 17:15:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205007
IP address blocks:        178.208.86.0/24 maxlen: 24
                          185.105.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/aVB_Bm8rsDid2IQ2B04UJhFPLZI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/aVB_Bm8rsDid2IQ2B04UJhFPLZI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aVB_Bm8rsDid2IQ2B04UJhFPLZI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 02:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8e:7b:5d:4d:9a:89:5d:bd:00:69:98:c6:53:f0:31:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69507f066f2bb0389dd88436074e1426114f2d92
        Validity
            Not Before: Jun  3 17:15:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34483b08f1851be005a8585cad11451d06cb566f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3d:9a:0a:5f:30:80:00:de:46:8d:0f:a6:4c:
                    d1:39:f3:a9:bd:a0:87:b4:05:a3:7d:ba:d0:a4:d4:
                    3b:4d:05:d3:93:18:41:1f:e2:f8:bd:84:50:e7:72:
                    6d:9b:ef:fa:6c:13:93:67:17:18:11:87:b3:5a:64:
                    3e:d4:12:72:49:23:e8:c1:7c:5a:f0:f6:70:92:0c:
                    b3:99:08:6d:63:5b:1c:30:9c:c1:b6:b9:61:b9:36:
                    6c:b8:43:7f:97:fd:49:59:69:45:bc:63:d0:26:a8:
                    41:89:e9:bc:f3:a0:97:14:12:66:33:c2:ee:44:66:
                    9a:5a:8c:e9:d5:c0:95:ff:27:0b:1f:0b:8c:34:89:
                    f9:9f:09:84:78:f7:fe:a8:0a:32:d7:a6:db:b3:5c:
                    a4:cb:1a:fc:2f:e5:c0:49:0b:3f:4a:d7:b5:c7:89:
                    32:7a:a9:db:0c:1b:02:e5:58:8c:02:74:44:d7:fd:
                    be:5d:9b:2d:69:1e:8f:f5:77:0c:a1:dc:ed:7a:05:
                    d4:19:71:cd:fe:38:91:3f:a3:b2:79:16:60:75:bf:
                    9b:64:f1:48:10:56:c7:5b:1b:d8:e2:58:f9:9a:9c:
                    7d:3f:96:58:b8:df:24:3e:70:98:db:9d:d4:29:a9:
                    b6:0f:d8:fc:7b:30:58:f4:95:e1:c6:37:74:a7:fd:
                    1a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:48:3B:08:F1:85:1B:E0:05:A8:58:5C:AD:11:45:1D:06:CB:56:6F
            X509v3 Authority Key Identifier:
                keyid:69:50:7F:06:6F:2B:B0:38:9D:D8:84:36:07:4E:14:26:11:4F:2D:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aVB_Bm8rsDid2IQ2B04UJhFPLZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/NEg7CPGFG-AFqFhcrRFFHQbLVm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/aVB_Bm8rsDid2IQ2B04UJhFPLZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.208.86.0/24
                  185.105.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:d5:89:4f:0c:9a:85:6d:a2:6f:cd:2c:be:d1:bc:be:56:77:
         3d:1d:1a:0b:65:15:97:f6:4c:88:0f:4a:3e:5f:3a:23:52:df:
         aa:5b:39:cd:e2:6e:aa:43:58:d6:ec:b7:27:36:84:74:6f:85:
         ba:ee:a2:b8:44:bc:b6:05:5e:4d:96:79:70:9d:16:e7:70:a8:
         a0:94:77:51:1e:59:20:34:54:56:98:29:5c:42:79:d4:40:6d:
         2a:b5:29:37:09:aa:35:62:90:4a:f0:18:80:b3:59:a4:c5:a9:
         68:d9:98:79:6e:b0:1a:65:61:17:27:4c:d7:1c:58:84:77:b8:
         cf:02:2f:4c:94:d8:cc:b0:30:89:c5:e4:60:b7:a1:d1:9e:cd:
         22:cb:54:5a:63:84:11:fb:cc:19:c4:5d:ac:65:d1:be:58:6e:
         75:25:44:6d:59:a5:b7:d5:3d:9c:ad:bc:17:ae:82:cd:13:e4:
         ec:6f:6b:7f:6f:44:ef:a8:fb:e7:66:54:6a:75:5e:dd:dd:0f:
         da:d9:bf:d2:d1:5b:03:c4:be:ee:f3:05:72:c5:76:a6:79:8e:
         e6:50:ff:b4:58:a3:e1:1b:15:a1:83:ab:1b:40:6c:cc:07:cb:
         72:44:0c:65:e4:1b:79:3a:79:7c:47:2e:0a:77:c0:e6:00:22:
         ef:fc:c5:83
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6Oe11NmoldvQBpmMZT8DHRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NTA3ZjA2NmYyYmIwMzg5ZGQ4ODQzNjA3NGUxNDI2MTE0
ZjJkOTIwHhcNMjYwNjAzMTcxNTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDQ4M2IwOGYxODUxYmUwMDVhODU4NWNhZDExNDUxZDA2Y2I1NjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuj2aCl8wgADeRo0PpkzROfOpvaCH
tAWjfbrQpNQ7TQXTkxhBH+L4vYRQ53Jtm+/6bBOTZxcYEYezWmQ+1BJySSPowXxa
8PZwkgyzmQhtY1scMJzBtrlhuTZsuEN/l/1JWWlFvGPQJqhBiem886CXFBJmM8Lu
RGaaWozp1cCV/ycLHwuMNIn5nwmEePf+qAoy16bbs1ykyxr8L+XASQs/Ste1x4ky
eqnbDBsC5ViMAnRE1/2+XZstaR6P9XcModztegXUGXHN/jiRP6OyeRZgdb+bZPFI
EFbHWxvY4lj5mpx9P5ZYuN8kPnCY253UKam2D9j8ezBY9JXhxjd0p/0aCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDRIOwjxhRvgBahYXK0RRR0Gy1ZvMB8GA1UdIwQY
MBaAFGlQfwZvK7A4ndiENgdOFCYRTy2SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVZCX0JtOHJzRGlkMklRMkIwNFVKaEZQTFpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9iZjgzMzgtODc1Mi00ZDU1LTljMzEt
MGUxYjhmZWE4OTEzLzEvTkVnN0NQR0ZHLUFGcUZoY3JSRkZIUWJMVm04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9iZjgzMzgtODc1Mi00ZDU1LTljMzEtMGUxYjhmZWE4OTEz
LzEvYVZCX0JtOHJzRGlkMklRMkIwNFVKaEZQTFpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAstBWAwQA
uWlsMA0GCSqGSIb3DQEBCwUAA4IBAQBC1YlPDJqFbaJvzSy+0by+Vnc9HRoLZRWX
9kyID0o+XzojUt+qWznN4m6qQ1jW7LcnNoR0b4W67qK4RLy2BV5NlnlwnRbncKig
lHdRHlkgNFRWmClcQnnUQG0qtSk3Cao1YpBK8BiAs1mkxalo2Zh5brAaZWEXJ0zX
HFiEd7jPAi9MlNjMsDCJxeRgt6HRns0iy1RaY4QR+8wZxF2sZdG+WG51JURtWaW3
1T2crbwXroLNE+Tsb2t/b0TvqPvnZlRqdV7d3Q/a2b/S0VsDxL7u8wVyxXameY7m
UP+0WKPhGxWhg6sbQGzMB8tyRAxl5Bt5Onl8Ry4Kd8DmACLv/MWD
-----END CERTIFICATE-----