Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/7vJiOOFZVIBu8OTi7uB4Ub56tv0.roa
File:                     7vJiOOFZVIBu8OTi7uB4Ub56tv0.roa (raw, json)
Hash identifier:          4nXeb8eJUJSSZu0hz1s4is8W6GROXevPEkNgkVkf91Y=
Subject key identifier:   EE:F2:62:38:E1:59:54:80:6E:F0:E4:E2:EE:E0:78:51:BE:7A:B6:FD
Certificate issuer:       /CN=28203decd08bd47d8a9162a6e1742f3c53ea3c74
Certificate serial:       019C8F82E8C22B9B5CE6A9B796852DA8407D
Authority key identifier: 28:20:3D:EC:D0:8B:D4:7D:8A:91:62:A6:E1:74:2F:3C:53:EA:3C:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KCA97NCL1H2KkWKm4XQvPFPqPHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/7vJiOOFZVIBu8OTi7uB4Ub56tv0.roa
Signing time:             Tue 24 Feb 2026 11:57:26 +0000
ROA not before:           Tue 24 Feb 2026 11:57:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35207
IP address blocks:        80.92.60.0/24 maxlen: 24
                          2a0c:7180::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/KCA97NCL1H2KkWKm4XQvPFPqPHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/KCA97NCL1H2KkWKm4XQvPFPqPHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KCA97NCL1H2KkWKm4XQvPFPqPHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:82:e8:c2:2b:9b:5c:e6:a9:b7:96:85:2d:a8:40:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28203decd08bd47d8a9162a6e1742f3c53ea3c74
        Validity
            Not Before: Feb 24 11:57:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eef26238e15954806ef0e4e2eee07851be7ab6fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:c9:63:3c:43:63:61:8a:a9:09:e2:9e:64:55:
                    0e:87:98:ae:a2:d9:d8:56:3b:51:b0:88:bd:da:d4:
                    33:f9:dc:1a:bd:42:2a:2a:ab:3a:2c:01:b6:dd:9e:
                    32:e4:10:a6:33:a1:c2:6b:58:24:bd:9c:ff:5c:fd:
                    27:85:86:fb:2f:2a:7b:d5:68:1b:8e:db:c5:28:80:
                    9e:b6:c8:87:a0:e2:19:4b:0b:9c:e8:13:4b:74:64:
                    59:d0:ff:79:5f:ae:05:48:a1:7b:58:a5:2e:e9:b7:
                    e8:f5:d9:40:e0:50:0f:b6:e7:59:66:c9:c4:5e:5f:
                    96:ea:c0:ba:19:68:48:8b:08:38:59:70:fc:b4:7f:
                    e0:d7:07:7a:96:c6:94:a1:b2:b2:9d:b5:35:52:f1:
                    e1:3a:71:7d:89:d6:72:06:e5:9d:5e:b9:98:ec:32:
                    d4:83:4c:b5:f2:0d:0e:7d:2c:47:fd:ec:0f:82:da:
                    30:67:5d:cf:6c:76:d0:94:54:5f:79:10:dd:0a:77:
                    fb:28:9e:37:84:34:9a:18:b7:b9:b3:01:fd:5e:0b:
                    7a:53:de:57:43:31:c0:95:27:65:52:58:20:65:fd:
                    49:d0:cc:0f:1e:db:0e:cd:62:cb:86:98:d6:47:65:
                    71:a3:29:0b:89:a6:0e:f1:75:1e:2c:79:17:3e:0a:
                    e1:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:F2:62:38:E1:59:54:80:6E:F0:E4:E2:EE:E0:78:51:BE:7A:B6:FD
            X509v3 Authority Key Identifier:
                keyid:28:20:3D:EC:D0:8B:D4:7D:8A:91:62:A6:E1:74:2F:3C:53:EA:3C:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KCA97NCL1H2KkWKm4XQvPFPqPHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/7vJiOOFZVIBu8OTi7uB4Ub56tv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/KCA97NCL1H2KkWKm4XQvPFPqPHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.92.60.0/24
                IPv6:
                  2a0c:7180::/30

    Signature Algorithm: sha256WithRSAEncryption
         9d:6d:94:ff:be:39:f2:bb:d7:e2:d0:50:f2:75:af:7a:8c:15:
         03:20:58:ee:00:36:41:5c:59:d9:64:f8:73:ac:32:d9:63:2b:
         21:3a:81:c1:e8:9b:7a:f0:bb:e7:5b:99:1b:b1:a2:2a:58:c9:
         d7:84:0b:62:29:26:e9:3c:48:80:f1:6e:d8:60:58:2e:67:06:
         71:f8:62:27:af:a3:e3:82:7e:79:94:61:79:27:d0:b2:53:5a:
         34:29:bc:07:a7:a3:58:3d:78:bc:82:5a:ad:f8:89:11:b8:ef:
         dd:8f:c9:fe:2c:83:61:33:ae:49:2a:d0:d8:b9:70:2f:f4:a7:
         7a:63:8b:95:79:63:db:04:14:6d:a8:dd:ce:c0:06:5c:d1:ce:
         d0:b9:6f:f2:82:14:c4:96:01:ea:2e:8b:a6:42:f0:6c:87:6e:
         cf:88:b2:bd:b4:f0:49:24:eb:cb:89:7c:53:02:64:3b:53:ce:
         0c:94:52:48:e8:4e:bf:bb:b9:17:b7:47:72:ad:76:37:3f:df:
         f3:9e:3f:59:fe:93:26:5e:c3:8f:e0:5f:3b:10:9e:04:b3:f4:
         0c:3e:b3:cc:f6:a0:ee:91:e3:22:98:08:bc:1d:06:44:01:b1:
         d9:91:37:73:a0:eb:96:3d:18:3a:93:d0:63:0e:7b:e3:03:8e:
         71:43:f6:e2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZyPgujCK5tc5qm3loUtqEB9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MjAzZGVjZDA4YmQ0N2Q4YTkxNjJhNmUxNzQyZjNjNTNl
YTNjNzQwHhcNMjYwMjI0MTE1NzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWYyNjIzOGUxNTk1NDgwNmVmMGU0ZTJlZWUwNzg1MWJlN2FiNmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7cljPENjYYqpCeKeZFUOh5iuotnY
VjtRsIi92tQz+dwavUIqKqs6LAG23Z4y5BCmM6HCa1gkvZz/XP0nhYb7Lyp71Wgb
jtvFKICetsiHoOIZSwuc6BNLdGRZ0P95X64FSKF7WKUu6bfo9dlA4FAPtudZZsnE
Xl+W6sC6GWhIiwg4WXD8tH/g1wd6lsaUobKynbU1UvHhOnF9idZyBuWdXrmY7DLU
g0y18g0OfSxH/ewPgtowZ13PbHbQlFRfeRDdCnf7KJ43hDSaGLe5swH9Xgt6U95X
QzHAlSdlUlggZf1J0MwPHtsOzWLLhpjWR2VxoykLiaYO8XUeLHkXPgrhWwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO7yYjjhWVSAbvDk4u7geFG+erb9MB8GA1UdIwQY
MBaAFCggPezQi9R9ipFipuF0LzxT6jx0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0NBOTdOQ0wxSDJLa1dLbTRYUXZQRlBxUEhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jOTBhMzQtMGFmZC00OWI5LWJiZDYt
YTI5N2MxNDA4MDg1LzEvN3ZKaU9PRlpWSUJ1OE9UaTd1QjRVYjU2dHYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jOTBhMzQtMGFmZC00OWI5LWJiZDYtYTI5N2MxNDA4MDg1
LzEvS0NBOTdOQ0wxSDJLa1dLbTRYUXZQRlBxUEhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAUFw8MA0E
AgACMAcDBQIqDHGAMA0GCSqGSIb3DQEBCwUAA4IBAQCdbZT/vjnyu9fi0FDyda96
jBUDIFjuADZBXFnZZPhzrDLZYyshOoHB6Jt68LvnW5kbsaIqWMnXhAtiKSbpPEiA
8W7YYFguZwZx+GInr6Pjgn55lGF5J9CyU1o0KbwHp6NYPXi8glqt+IkRuO/dj8n+
LINhM65JKtDYuXAv9Kd6Y4uVeWPbBBRtqN3OwAZc0c7QuW/yghTElgHqLoumQvBs
h27PiLK9tPBJJOvLiXxTAmQ7U84MlFJI6E6/u7kXt0dyrXY3P9/znj9Z/pMmXsOP
4F87EJ4Es/QMPrPM9qDukeMimAi8HQZEAbHZkTdzoOuWPRg6k9BjDnvjA45xQ/bi
-----END CERTIFICATE-----