Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/7Xre036woZ8vcol8k5XmEu1iA1I.roa
File:                     7Xre036woZ8vcol8k5XmEu1iA1I.roa (raw, json)
Hash identifier:          eyn3q3PLjDTVu84Akp3ffRdOxB2vaXhFGWuStQOY2t4=
Subject key identifier:   ED:7A:DE:D3:7E:B0:A1:9F:2F:72:89:7C:93:95:E6:12:ED:62:03:52
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019EABE944459187B81718888AE39326FFC4
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/7Xre036woZ8vcol8k5XmEu1iA1I.roa
Signing time:             Tue 09 Jun 2026 10:24:11 +0000
ROA not before:           Tue 09 Jun 2026 10:24:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214361
IP address blocks:        85.133.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ab:e9:44:45:91:87:b8:17:18:88:8a:e3:93:26:ff:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Jun  9 10:24:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ed7aded37eb0a19f2f72897c9395e612ed620352
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fa:6c:47:0b:3a:cf:06:65:e5:3e:0b:fa:eb:
                    45:73:3f:48:ee:46:ff:94:b4:cd:6c:f6:04:55:e6:
                    6b:72:7e:b5:27:a1:2e:80:e0:32:66:50:69:56:38:
                    a3:4c:5c:c2:fe:c6:ad:3f:73:0a:54:a7:78:78:a8:
                    3b:d2:bb:c3:f3:d4:73:01:e2:c4:c4:6e:e8:c4:8b:
                    e1:37:ad:35:54:ab:d5:72:5b:1b:a1:74:7d:66:44:
                    dc:35:ba:3a:9e:d8:10:36:8f:f2:e2:40:e0:7f:a9:
                    6f:3d:3e:be:19:5a:58:cc:26:84:4f:0a:85:8a:84:
                    c4:af:03:ee:f7:57:eb:a7:77:c2:3d:5d:f8:89:cd:
                    4f:77:ef:2e:1b:d2:af:1a:68:d1:f7:8f:15:35:75:
                    fc:51:a7:e7:f1:7e:9b:34:f8:bc:ea:2d:a2:07:d0:
                    b8:2f:16:e3:57:8d:a6:51:1c:a6:40:43:97:a9:45:
                    3f:ba:b0:19:77:69:f1:cb:98:6f:fa:6d:77:9f:36:
                    83:84:fa:37:8b:75:13:ab:75:4f:4d:d1:4f:60:8f:
                    22:2e:3b:85:1d:7d:b4:aa:6c:9f:bb:1b:c3:29:e2:
                    d5:18:10:39:31:65:b2:c8:b5:4c:c9:9b:57:65:7f:
                    47:31:7c:c5:2c:c9:7d:00:35:a8:ff:f2:ef:d8:05:
                    70:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:7A:DE:D3:7E:B0:A1:9F:2F:72:89:7C:93:95:E6:12:ED:62:03:52
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/7Xre036woZ8vcol8k5XmEu1iA1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:30:33:6b:e1:17:9a:c7:62:1e:d0:61:f2:bd:1b:00:32:86:
         b5:69:e3:7d:f1:96:f2:d9:40:61:4e:d7:5b:73:ac:f9:d1:6f:
         6c:80:9f:f0:ab:9d:90:c5:27:7b:9d:41:ee:69:9a:80:10:e9:
         57:64:4d:0e:cb:c0:3c:b8:9f:7c:54:1e:ae:73:bb:fa:a5:2f:
         92:e8:f5:87:81:85:3f:74:d2:b6:c5:74:17:05:4b:59:e1:10:
         9f:e9:cb:5d:86:73:94:68:17:0c:31:a2:cc:00:c3:12:70:43:
         70:2e:61:1e:40:b4:cf:07:a8:e1:06:ab:84:4d:25:06:2f:37:
         e6:e8:5e:78:9f:ac:5e:c1:5e:ee:c5:2d:b9:2f:14:eb:9d:8e:
         52:79:3a:29:42:e7:f3:4c:78:d2:d0:1d:bb:b9:42:b3:41:51:
         7c:13:f5:db:52:34:de:bd:60:2d:2f:30:72:eb:de:0c:c1:ba:
         33:8e:06:aa:74:14:d1:53:92:90:e8:6a:1e:d4:68:1a:5c:e5:
         15:6c:2f:0e:be:e7:ca:ec:43:fc:b3:37:d5:0b:6f:c4:08:92:
         fe:51:5c:d9:f0:fb:a9:d8:97:b7:9d:b8:34:53:c9:e9:93:21:
         f8:e1:43:f9:06:ed:91:a8:25:78:87:84:b9:f4:f3:5e:03:50:
         79:75:fc:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6r6URFkYe4FxiIiuOTJv/EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwNjA5MTAyNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDdhZGVkMzdlYjBhMTlmMmY3Mjg5N2M5Mzk1ZTYxMmVkNjIwMzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfpsRws6zwZl5T4L+utFcz9I7kb/
lLTNbPYEVeZrcn61J6EugOAyZlBpVjijTFzC/satP3MKVKd4eKg70rvD89RzAeLE
xG7oxIvhN601VKvVclsboXR9ZkTcNbo6ntgQNo/y4kDgf6lvPT6+GVpYzCaETwqF
ioTErwPu91frp3fCPV34ic1Pd+8uG9KvGmjR948VNXX8Uafn8X6bNPi86i2iB9C4
LxbjV42mURymQEOXqUU/urAZd2nxy5hv+m13nzaDhPo3i3UTq3VPTdFPYI8iLjuF
HX20qmyfuxvDKeLVGBA5MWWyyLVMyZtXZX9HMXzFLMl9ADWo//Lv2AVwPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO163tN+sKGfL3KJfJOV5hLtYgNSMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvN1hyZTAzNndvWjh2Y29sOGs1WG1FdTFpQTFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYXzMA0G
CSqGSIb3DQEBCwUAA4IBAQAxMDNr4Reax2Ie0GHyvRsAMoa1aeN98Zby2UBhTtdb
c6z50W9sgJ/wq52QxSd7nUHuaZqAEOlXZE0Oy8A8uJ98VB6uc7v6pS+S6PWHgYU/
dNK2xXQXBUtZ4RCf6ctdhnOUaBcMMaLMAMMScENwLmEeQLTPB6jhBquETSUGLzfm
6F54n6xewV7uxS25LxTrnY5SeTopQufzTHjS0B27uUKzQVF8E/XbUjTevWAtLzBy
694MwbozjgaqdBTRU5KQ6Goe1GgaXOUVbC8OvufK7EP8szfVC2/ECJL+UVzZ8Pup
2Je3nbg0U8npkyH44UP5Bu2RqCV4h4S59PNeA1B5dfyN
-----END CERTIFICATE-----