Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/8ReEJPFMNr7qTteX6qv8unFvcBU.roa
File:                     8ReEJPFMNr7qTteX6qv8unFvcBU.roa (raw, json)
Hash identifier:          cnOyPdf7KV5827HwqHxHTqoHFSaE73rzQ8nd7uy59YE=
Subject key identifier:   F1:17:84:24:F1:4C:36:BE:EA:4E:D7:97:EA:AB:FC:BA:71:6F:70:15
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       019C1F3065C820B3C5D32CA16AF170E3A10E
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/8ReEJPFMNr7qTteX6qv8unFvcBU.roa
Signing time:             Mon 02 Feb 2026 16:29:51 +0000
ROA not before:           Mon 02 Feb 2026 16:29:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7015
IP address blocks:        135.132.18.0/24 maxlen: 24
                          135.132.19.0/24 maxlen: 24
                          135.132.21.0/24 maxlen: 24
                          135.132.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:1f:30:65:c8:20:b3:c5:d3:2c:a1:6a:f1:70:e3:a1:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Feb  2 16:29:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f1178424f14c36beea4ed797eaabfcba716f7015
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:3d:7e:98:4f:ed:0e:f8:30:e3:5e:7c:96:9e:
                    0c:80:f2:f0:41:67:dd:6b:07:b4:bd:9a:46:6d:d1:
                    24:bc:21:c6:9b:c4:22:f7:fd:d3:ac:24:82:6f:00:
                    15:f9:18:16:ea:67:60:bf:34:92:06:d4:57:dc:10:
                    ea:2d:21:cc:92:33:12:ca:a1:18:31:e7:02:16:fa:
                    6b:23:4c:c5:c0:1e:22:ae:ce:ed:54:7b:32:0d:fa:
                    c7:59:42:3d:65:ba:20:9c:3a:03:4a:d9:28:8b:33:
                    94:63:21:f2:eb:17:80:65:37:32:1f:a8:d6:92:3f:
                    6e:3c:e5:d3:f6:90:11:40:62:99:7e:ad:e1:07:4c:
                    8d:b9:46:09:67:fb:0a:62:e3:c9:30:bc:f8:26:49:
                    00:69:91:9c:46:e6:69:25:52:bb:11:c4:91:79:11:
                    97:3b:6b:36:f3:29:93:37:f3:5a:eb:bf:f9:c5:8f:
                    7a:da:a3:51:26:e5:1b:13:1b:b5:cf:d6:99:4d:47:
                    c7:48:f2:ba:c7:bf:25:cb:a0:be:eb:95:f1:d4:e7:
                    85:43:cb:07:73:35:a7:57:40:b8:94:d3:bc:2d:e5:
                    cd:d8:ff:90:a1:1e:fd:67:fb:65:98:85:f8:e3:5a:
                    3e:6b:7f:c3:6c:61:fa:cb:aa:4a:90:9a:7d:a2:b6:
                    92:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:17:84:24:F1:4C:36:BE:EA:4E:D7:97:EA:AB:FC:BA:71:6F:70:15
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/8ReEJPFMNr7qTteX6qv8unFvcBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  135.132.18.0/23
                  135.132.21.0-135.132.22.255

    Signature Algorithm: sha256WithRSAEncryption
         61:8c:e1:45:1f:0b:07:21:90:da:33:11:36:d7:7f:0c:32:d8:
         c3:db:ff:2d:6d:eb:f6:08:1f:6b:fd:af:b3:dd:85:c7:3f:5f:
         fe:a3:96:ec:1f:bf:1d:47:0a:19:9b:5f:f2:72:35:36:c9:a0:
         4d:48:cf:cf:a4:d2:40:99:ce:2b:25:34:6b:18:1c:5b:a1:e0:
         a4:11:5c:c2:ec:b2:a2:55:7b:be:25:27:94:99:3b:d2:05:42:
         9f:b9:72:83:8c:e7:ec:ff:0d:a3:92:a6:1a:0b:59:25:50:74:
         c9:70:5c:6a:64:af:ef:da:be:b1:96:0a:06:f8:41:24:09:3a:
         8a:3e:97:1d:54:33:fc:9e:62:a7:c0:ac:e8:96:f8:2d:0f:36:
         ad:a1:94:31:8c:7b:49:39:6a:b8:45:0d:70:91:ef:36:b1:17:
         e4:45:e6:97:6c:e4:d5:79:e0:74:e6:d5:66:63:12:e7:ae:7e:
         74:80:ef:16:40:54:51:9f:3a:80:11:75:46:e2:32:43:f4:65:
         2b:19:a7:8d:9a:37:9d:fa:d5:e2:d1:a3:13:50:4b:c2:df:e6:
         23:36:00:41:c5:66:bf:ab:1d:b3:85:ba:01:d7:55:f0:51:45:
         62:14:f9:36:ed:41:85:7d:1d:a4:e3:0e:91:cb:f0:84:b0:a5:
         1f:59:7f:8f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZwfMGXIILPF0yyhavFw46EOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjYwMjAyMTYyOTUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTE3ODQyNGYxNGMzNmJlZWE0ZWQ3OTdlYWFiZmNiYTcxNmY3MDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7j1+mE/tDvgw4158lp4MgPLwQWfd
awe0vZpGbdEkvCHGm8Qi9/3TrCSCbwAV+RgW6mdgvzSSBtRX3BDqLSHMkjMSyqEY
MecCFvprI0zFwB4irs7tVHsyDfrHWUI9ZbognDoDStkoizOUYyHy6xeAZTcyH6jW
kj9uPOXT9pARQGKZfq3hB0yNuUYJZ/sKYuPJMLz4JkkAaZGcRuZpJVK7EcSReRGX
O2s28ymTN/Na67/5xY962qNRJuUbExu1z9aZTUfHSPK6x78ly6C+65Xx1OeFQ8sH
czWnV0C4lNO8LeXN2P+QoR79Z/tlmIX441o+a3/DbGH6y6pKkJp9oraSIwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFPEXhCTxTDa+6k7Xl+qr/Lpxb3AVMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvOFJlRUpQRk1OcjdxVHRlWDZxdjh1bkZ2Y0JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBh4QSMAwD
BACHhBUDBACHhBYwDQYJKoZIhvcNAQELBQADggEBAGGM4UUfCwchkNozETbXfwwy
2MPb/y1t6/YIH2v9r7Pdhcc/X/6jluwfvx1HChmbX/JyNTbJoE1Iz8+k0kCZzisl
NGsYHFuh4KQRXMLssqJVe74lJ5SZO9IFQp+5coOM5+z/DaOSphoLWSVQdMlwXGpk
r+/avrGWCgb4QSQJOoo+lx1UM/yeYqfArOiW+C0PNq2hlDGMe0k5arhFDXCR7zax
F+RF5pds5NV54HTm1WZjEueufnSA7xZAVFGfOoARdUbiMkP0ZSsZp42aN5361eLR
oxNQS8Lf5iM2AEHFZr+rHbOFugHXVfBRRWIU+TbtQYV9HaTjDpHL8ISwpR9Zf48=
-----END CERTIFICATE-----