Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/7wD1oRCmZXrFXjZnMMZWrRNlm6Y.roa
File:                     7wD1oRCmZXrFXjZnMMZWrRNlm6Y.roa (raw, json)
Hash identifier:          YZBs16iKlLfkU00p98dwcKgUDfk2zmtTaKgJhdaLtt0=
Subject key identifier:   EF:00:F5:A1:10:A6:65:7A:C5:5E:36:67:30:C6:56:AD:13:65:9B:A6
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       019D2EF1E4460CFE5C9A40074B9D996CD510
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/7wD1oRCmZXrFXjZnMMZWrRNlm6Y.roa
Signing time:             Fri 27 Mar 2026 10:58:17 +0000
ROA not before:           Fri 27 Mar 2026 10:58:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401776
IP address blocks:        86.110.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 05:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2e:f1:e4:46:0c:fe:5c:9a:40:07:4b:9d:99:6c:d5:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Mar 27 10:58:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ef00f5a110a6657ac55e366730c656ad13659ba6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:46:db:c9:f3:41:27:84:62:66:54:db:54:53:
                    47:ab:af:5c:13:4f:8a:78:58:31:b3:d6:52:63:3a:
                    b3:ae:18:c4:92:02:37:23:c1:d5:44:59:8e:79:48:
                    c1:82:61:4f:92:9e:7b:ae:7d:a9:1d:be:b2:fc:21:
                    68:16:f0:3b:22:c1:ee:af:a4:40:6d:c5:1c:07:b5:
                    50:1f:2a:ff:57:af:42:7e:1e:e6:24:f8:b0:fb:8c:
                    4f:4c:e7:a2:49:07:b1:99:6c:ce:90:4e:ac:52:c4:
                    db:3d:2f:45:62:8e:21:e0:5b:0b:24:94:16:dd:8e:
                    13:fc:45:c1:58:e3:ae:ce:2d:34:e8:c4:73:c3:b8:
                    e7:53:6f:3e:03:2b:cd:f6:95:6c:41:36:67:cc:8c:
                    fb:76:63:7b:f2:c8:5c:72:02:38:a2:9c:4c:6b:86:
                    b9:95:09:95:99:f2:c6:94:33:ae:70:f3:60:66:d8:
                    62:3a:50:6e:00:ff:39:61:8e:b6:ca:d1:4c:97:a0:
                    e2:71:ff:be:b7:d9:bd:29:8f:20:70:6a:a0:f7:23:
                    be:46:22:ce:a4:49:12:28:d1:39:da:b4:c3:4d:a1:
                    e7:d3:78:77:0a:c6:17:9b:2d:55:92:91:2d:66:1f:
                    95:aa:22:ae:b2:64:3e:11:9f:23:c7:01:0e:c4:32:
                    df:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:00:F5:A1:10:A6:65:7A:C5:5E:36:67:30:C6:56:AD:13:65:9B:A6
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/7wD1oRCmZXrFXjZnMMZWrRNlm6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:b9:d2:d9:97:e4:1d:aa:02:0a:41:f9:dd:08:a4:e8:9e:aa:
         39:65:69:8f:00:d9:56:1e:76:c9:19:80:7e:3d:67:78:e2:ba:
         0b:b5:38:c1:c5:1d:a9:46:20:ba:50:52:0b:b0:18:33:58:09:
         ec:b1:80:ee:ea:10:0e:8b:da:ea:0f:4c:c5:b1:29:14:cf:ab:
         81:25:f4:86:2d:e2:a9:d2:a1:d8:b4:33:3c:3c:ed:5d:d8:54:
         8e:9f:74:af:4d:36:03:9d:73:45:8d:7a:ec:a8:70:e8:36:7a:
         cb:a2:c4:6f:ee:51:c4:03:92:e5:4c:e2:e9:f3:ab:de:e6:2d:
         9e:3b:83:8b:c6:0c:6a:65:39:a5:7c:63:4a:f4:2a:87:9b:21:
         45:8b:16:da:cf:76:96:26:d0:65:b2:ba:a1:1a:0a:d6:0a:1d:
         d2:60:3f:21:3f:f4:06:06:32:85:43:46:26:b5:8e:35:57:99:
         c9:96:27:c0:38:08:26:d9:c4:7a:f2:82:e4:8e:0d:67:50:8d:
         a5:79:b7:bb:77:27:16:e8:34:ae:df:d3:04:11:88:66:e8:32:
         36:7c:de:1d:fc:ce:16:7a:cd:21:f1:79:a2:48:1c:66:29:0b:
         9e:9f:2c:a7:79:e7:18:81:2b:82:de:45:d8:03:f5:0f:0b:c2:
         ad:cc:4a:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0u8eRGDP5cmkAHS52ZbNUQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjYwMzI3MTA1ODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjAwZjVhMTEwYTY2NTdhYzU1ZTM2NjczMGM2NTZhZDEzNjU5YmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskbbyfNBJ4RiZlTbVFNHq69cE0+K
eFgxs9ZSYzqzrhjEkgI3I8HVRFmOeUjBgmFPkp57rn2pHb6y/CFoFvA7IsHur6RA
bcUcB7VQHyr/V69Cfh7mJPiw+4xPTOeiSQexmWzOkE6sUsTbPS9FYo4h4FsLJJQW
3Y4T/EXBWOOuzi006MRzw7jnU28+AyvN9pVsQTZnzIz7dmN78shccgI4opxMa4a5
lQmVmfLGlDOucPNgZthiOlBuAP85YY62ytFMl6Dicf++t9m9KY8gcGqg9yO+RiLO
pEkSKNE52rTDTaHn03h3CsYXmy1VkpEtZh+VqiKusmQ+EZ8jxwEOxDLfMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO8A9aEQpmV6xV42ZzDGVq0TZZumMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvN3dEMW9SQ21aWHJGWGpabk1NWldyUk5sbTZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm46MA0G
CSqGSIb3DQEBCwUAA4IBAQB2udLZl+QdqgIKQfndCKTonqo5ZWmPANlWHnbJGYB+
PWd44roLtTjBxR2pRiC6UFILsBgzWAnssYDu6hAOi9rqD0zFsSkUz6uBJfSGLeKp
0qHYtDM8PO1d2FSOn3SvTTYDnXNFjXrsqHDoNnrLosRv7lHEA5LlTOLp86ve5i2e
O4OLxgxqZTmlfGNK9CqHmyFFixbaz3aWJtBlsrqhGgrWCh3SYD8hP/QGBjKFQ0Ym
tY41V5nJlifAOAgm2cR68oLkjg1nUI2lebe7dycW6DSu39MEEYhm6DI2fN4d/M4W
es0h8XmiSBxmKQuenyyneecYgSuC3kXYA/UPC8KtzEop
-----END CERTIFICATE-----