Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/T86y2lb6VM9SYijib5Gx6TXU_P8.roa
File:                     T86y2lb6VM9SYijib5Gx6TXU_P8.roa (raw, json)
Hash identifier:          ExJprcrpe0RGYOZUNA24jfKZT7aUwu9YCrRRkzYlGpo=
Subject key identifier:   4F:CE:B2:DA:56:FA:54:CF:52:62:28:E2:6F:91:B1:E9:35:D4:FC:FF
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       019CB8016CA919409DBDCD90DFC18A73F980
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/T86y2lb6VM9SYijib5Gx6TXU_P8.roa
Signing time:             Wed 04 Mar 2026 08:40:26 +0000
ROA not before:           Wed 04 Mar 2026 08:40:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21840
IP address blocks:        213.220.7.0/24 maxlen: 24
                          213.220.18.0/24 maxlen: 24
                          213.220.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 20:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b8:01:6c:a9:19:40:9d:bd:cd:90:df:c1:8a:73:f9:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Mar  4 08:40:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4fceb2da56fa54cf526228e26f91b1e935d4fcff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:39:3a:c5:4a:b6:a6:87:9c:97:4b:ba:e5:ef:
                    d6:dc:1e:6f:1d:5c:7f:fb:06:de:7c:7d:88:f7:7e:
                    72:8e:b5:51:95:f2:9d:5b:6c:81:80:23:0a:b1:4c:
                    07:c5:8a:44:c1:64:23:11:01:41:d7:90:5a:2e:85:
                    51:ff:73:71:39:fe:2e:2d:09:0d:8d:e2:b0:c9:a9:
                    44:1d:73:22:6b:0d:b0:69:47:c0:29:f9:bd:9b:3a:
                    19:8e:de:bc:93:bc:f3:ae:24:d2:7b:f0:6f:6f:16:
                    2f:12:fc:70:e4:c8:d3:88:82:db:fb:20:f9:22:fa:
                    da:2e:40:84:66:a3:58:b0:6a:b2:46:f2:a6:24:d0:
                    2f:3f:a2:ca:02:26:8e:16:7a:e6:c8:06:a7:b9:20:
                    7d:58:16:a7:23:7b:08:19:85:54:90:93:49:70:26:
                    80:3c:c1:5b:4a:63:c4:6e:1b:b9:45:c6:0b:a9:46:
                    e8:5e:68:36:48:72:e2:da:25:c5:09:09:d7:99:5c:
                    74:27:7b:16:c9:87:1d:32:f1:18:44:86:9d:fc:4c:
                    0d:9c:19:3f:30:a8:3c:d2:98:49:b7:bd:fc:58:01:
                    77:de:1b:b2:5e:4b:06:b5:da:49:ef:91:d7:03:18:
                    fc:73:dd:92:fd:99:d1:f2:82:ba:35:7f:2c:85:47:
                    f2:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:CE:B2:DA:56:FA:54:CF:52:62:28:E2:6F:91:B1:E9:35:D4:FC:FF
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/T86y2lb6VM9SYijib5Gx6TXU_P8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.220.7.0/24
                  213.220.18.0/24
                  213.220.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:25:72:df:f4:05:f1:6b:1d:7e:2e:0c:a5:b5:c4:a3:e4:1c:
         31:7c:c9:43:a3:18:62:6d:82:c3:15:68:72:14:bf:13:e2:bc:
         33:2e:b3:6c:47:04:fa:ae:d8:5c:78:47:c8:18:7d:9a:63:35:
         7a:c3:c6:ad:e4:25:c1:4c:5f:9a:00:d0:03:1d:03:f5:6d:03:
         40:07:2f:d8:ca:b5:67:8f:3a:ac:48:45:ae:a7:70:03:c8:4b:
         9b:cc:37:da:46:a2:09:ac:87:b7:00:7c:af:f7:ab:64:1d:8c:
         71:34:03:ce:86:ee:10:1b:3a:02:0c:df:b3:e3:9c:02:e6:7a:
         58:94:12:01:72:cf:33:e3:2e:cb:eb:16:58:38:80:3c:87:24:
         0c:2e:7e:67:25:c2:bd:f2:84:ea:01:a8:1f:10:f1:4f:03:8c:
         41:66:d9:fa:99:6e:03:a6:ec:71:9e:e6:55:47:8a:8b:be:82:
         68:43:96:1d:c1:a7:38:59:4a:49:43:f2:8d:12:4b:63:c2:bd:
         b0:4f:19:01:3b:37:5f:44:a0:1d:39:a2:5a:05:2d:62:10:b8:
         eb:30:76:f9:17:24:ab:5a:cb:0e:71:b7:80:f7:bc:33:13:73:
         18:8e:6c:84:90:32:55:45:cd:e6:51:96:57:9d:75:e0:04:aa:
         f6:55:b0:a3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZy4AWypGUCdvc2Q38GKc/mAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjYwMzA0MDg0MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmNlYjJkYTU2ZmE1NGNmNTI2MjI4ZTI2ZjkxYjFlOTM1ZDRmY2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Tk6xUq2poecl0u65e/W3B5vHVx/
+wbefH2I935yjrVRlfKdW2yBgCMKsUwHxYpEwWQjEQFB15BaLoVR/3NxOf4uLQkN
jeKwyalEHXMiaw2waUfAKfm9mzoZjt68k7zzriTSe/BvbxYvEvxw5MjTiILb+yD5
IvraLkCEZqNYsGqyRvKmJNAvP6LKAiaOFnrmyAanuSB9WBanI3sIGYVUkJNJcCaA
PMFbSmPEbhu5RcYLqUboXmg2SHLi2iXFCQnXmVx0J3sWyYcdMvEYRIad/EwNnBk/
MKg80phJt738WAF33huyXksGtdpJ75HXAxj8c92S/ZnR8oK6NX8shUfyQQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE/OstpW+lTPUmIo4m+Rsek11Pz/MB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvVDg2eTJsYjZWTTlTWWlqaWI1R3g2VFhVX1A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1dwHAwQA
1dwSAwQA1dwnMA0GCSqGSIb3DQEBCwUAA4IBAQBaJXLf9AXxax1+LgyltcSj5Bwx
fMlDoxhibYLDFWhyFL8T4rwzLrNsRwT6rthceEfIGH2aYzV6w8at5CXBTF+aANAD
HQP1bQNABy/YyrVnjzqsSEWup3ADyEubzDfaRqIJrIe3AHyv96tkHYxxNAPOhu4Q
GzoCDN+z45wC5npYlBIBcs8z4y7L6xZYOIA8hyQMLn5nJcK98oTqAagfEPFPA4xB
Ztn6mW4DpuxxnuZVR4qLvoJoQ5Ydwac4WUpJQ/KNEktjwr2wTxkBOzdfRKAdOaJa
BS1iELjrMHb5FySrWssOcbeA97wzE3MYjmyEkDJVRc3mUZZXnXXgBKr2VbCj
-----END CERTIFICATE-----