Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/fSRit_7VTph5HKe4bJDsX9JtTHY.roa
File:                     fSRit_7VTph5HKe4bJDsX9JtTHY.roa (raw, json)
Hash identifier:          SCrZ4QjFoYHn91Pt1cg0tNdQ5q5931gbYF5QZgTtYyo=
Subject key identifier:   7D:24:62:B7:FE:D5:4E:98:79:1C:A7:B8:6C:90:EC:5F:D2:6D:4C:76
Certificate issuer:       /CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
Certificate serial:       019CAA85E36FD0B2641437EE12F8D42C478E
Authority key identifier: E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/fSRit_7VTph5HKe4bJDsX9JtTHY.roa
Signing time:             Sun 01 Mar 2026 17:50:26 +0000
ROA not before:           Sun 01 Mar 2026 17:50:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        62.164.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 17:50:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:aa:85:e3:6f:d0:b2:64:14:37:ee:12:f8:d4:2c:47:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
        Validity
            Not Before: Mar  1 17:50:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d2462b7fed54e98791ca7b86c90ec5fd26d4c76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f2:0e:7e:73:6a:ab:22:7d:8a:fa:04:4c:58:
                    06:e4:74:77:db:d7:cc:2e:e4:70:d5:c2:4b:85:7e:
                    57:6f:0b:b2:76:2f:0e:ec:86:7f:41:4c:c1:97:a0:
                    32:1e:a1:4c:58:b9:ba:f5:c9:25:ee:42:b6:11:56:
                    21:3d:c0:17:86:62:25:82:7a:eb:49:8b:9d:af:7e:
                    b5:44:2a:f2:23:94:93:ce:d5:12:83:14:b4:fb:2c:
                    20:26:5d:db:05:5d:18:b5:06:09:b8:e8:71:ea:aa:
                    32:e8:c6:88:70:56:96:21:80:63:1e:88:10:cf:90:
                    96:94:a9:2e:5a:37:25:d1:03:43:09:dc:85:0b:cd:
                    33:05:5b:ad:fd:53:01:d8:68:55:8f:19:9e:1a:80:
                    44:e9:6d:de:2d:14:52:7a:3f:03:4b:11:97:4e:d2:
                    d2:2d:37:41:a2:0f:bc:ea:0b:38:98:03:65:6c:c9:
                    8d:c8:28:40:68:0e:52:80:89:77:7b:b8:ea:41:b9:
                    77:e7:e0:61:c3:9d:81:88:04:d3:59:65:ee:fd:1f:
                    dd:e6:80:c0:da:ed:88:3a:74:84:97:9e:3c:3a:e1:
                    bb:c5:1c:b7:c2:03:0b:f4:8e:bf:cc:45:4c:64:99:
                    e8:2c:1c:b5:f8:19:fa:d3:5f:4f:62:61:a9:c4:ec:
                    17:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:24:62:B7:FE:D5:4E:98:79:1C:A7:B8:6C:90:EC:5F:D2:6D:4C:76
            X509v3 Authority Key Identifier:
                keyid:E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/fSRit_7VTph5HKe4bJDsX9JtTHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:9d:e1:f8:89:23:b9:3d:75:cf:b6:76:0d:f3:3a:4c:bf:9a:
         22:bb:df:9a:e1:08:b3:4f:c5:88:c0:a3:69:46:f4:5b:9e:0c:
         73:27:23:ec:eb:05:67:e3:de:7d:71:b6:79:76:7b:60:f1:3f:
         62:fc:c6:95:af:61:27:d3:37:f0:cd:1a:a9:e8:4b:36:6d:ac:
         6b:f6:ea:c5:9a:bd:36:46:58:66:36:3d:2c:a3:cd:83:2b:0e:
         d5:7b:15:01:a0:b5:99:8f:42:61:eb:0b:16:78:b1:a4:36:31:
         71:98:fd:3c:ea:6c:ea:e4:0b:be:8e:01:9a:d9:06:f7:00:7c:
         68:60:88:df:77:a3:bf:9b:a0:6c:3b:ed:39:a8:3c:45:09:5f:
         c5:28:00:88:07:ad:15:19:75:8f:25:b3:6b:8b:f9:8d:14:f0:
         77:ff:df:fd:b3:09:fc:15:76:d3:05:9b:c5:47:80:7f:ef:38:
         2c:8c:d2:3b:3a:6f:50:c1:da:48:56:c8:de:82:38:89:54:7a:
         82:4a:03:2f:1f:2e:5d:73:a6:65:73:8f:1d:1f:90:72:c3:11:
         19:37:11:d1:d7:05:53:fd:16:24:67:fc:d2:98:6f:1f:18:28:
         f2:b2:61:e8:e1:4c:ce:67:ae:40:b5:bc:a0:16:44:db:a2:4c:
         31:53:26:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyqheNv0LJkFDfuEvjULEeOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZWY5Njk0YWE0OGQ4MTI3OWU4ZWRlNDMwNzk1ZjI3Njhk
MmRkNTIwHhcNMjYwMzAxMTc1MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDI0NjJiN2ZlZDU0ZTk4NzkxY2E3Yjg2YzkwZWM1ZmQyNmQ0Yzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfIOfnNqqyJ9ivoETFgG5HR329fM
LuRw1cJLhX5Xbwuydi8O7IZ/QUzBl6AyHqFMWLm69ckl7kK2EVYhPcAXhmIlgnrr
SYudr361RCryI5STztUSgxS0+ywgJl3bBV0YtQYJuOhx6qoy6MaIcFaWIYBjHogQ
z5CWlKkuWjcl0QNDCdyFC80zBVut/VMB2GhVjxmeGoBE6W3eLRRSej8DSxGXTtLS
LTdBog+86gs4mANlbMmNyChAaA5SgIl3e7jqQbl35+Bhw52BiATTWWXu/R/d5oDA
2u2IOnSEl548OuG7xRy3wgML9I6/zEVMZJnoLBy1+Bn6019PYmGpxOwXvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0kYrf+1U6YeRynuGyQ7F/SbUx2MB8GA1UdIwQY
MBaAFOHvlpSqSNgSeejt5DB5Xydo0t1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMt
YWRlZDFjNDY5ZWFmLzEvZlNSaXRfN1ZUcGg1SEtlNGJKRHNYOUp0VEhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMtYWRlZDFjNDY5ZWFm
LzEvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqTAMA0G
CSqGSIb3DQEBCwUAA4IBAQAhneH4iSO5PXXPtnYN8zpMv5oiu9+a4QizT8WIwKNp
RvRbngxzJyPs6wVn4959cbZ5dntg8T9i/MaVr2En0zfwzRqp6Es2baxr9urFmr02
RlhmNj0so82DKw7VexUBoLWZj0Jh6wsWeLGkNjFxmP086mzq5Au+jgGa2Qb3AHxo
YIjfd6O/m6BsO+05qDxFCV/FKACIB60VGXWPJbNri/mNFPB3/9/9swn8FXbTBZvF
R4B/7zgsjNI7Om9QwdpIVsjegjiJVHqCSgMvHy5dc6Zlc48dH5BywxEZNxHR1wVT
/RYkZ/zSmG8fGCjysmHo4UzOZ65AtbygFkTbokwxUyZq
-----END CERTIFICATE-----