Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/swNlY7s7I8sMS8e1l4rNLVKaP4I.roa
File:                     swNlY7s7I8sMS8e1l4rNLVKaP4I.roa (raw, json)
Hash identifier:          obRwXlZzcod9z2pS+zUyhJZfxyILsDTmvJ27yirdHwM=
Subject key identifier:   B3:03:65:63:BB:3B:23:CB:0C:4B:C7:B5:97:8A:CD:2D:52:9A:3F:82
Certificate issuer:       /CN=7247ba43e270c98bdc642a9e3c218ca524eb0f53
Certificate serial:       019D6D095000130479DCFD11454178B7B78A
Authority key identifier: 72:47:BA:43:E2:70:C9:8B:DC:64:2A:9E:3C:21:8C:A5:24:EB:0F:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cke6Q-JwyYvcZCqePCGMpSTrD1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/swNlY7s7I8sMS8e1l4rNLVKaP4I.roa
Signing time:             Wed 08 Apr 2026 12:20:20 +0000
ROA not before:           Wed 08 Apr 2026 12:20:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8426
IP address blocks:        80.70.216.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/cke6Q-JwyYvcZCqePCGMpSTrD1M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/cke6Q-JwyYvcZCqePCGMpSTrD1M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cke6Q-JwyYvcZCqePCGMpSTrD1M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 12:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6d:09:50:00:13:04:79:dc:fd:11:45:41:78:b7:b7:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7247ba43e270c98bdc642a9e3c218ca524eb0f53
        Validity
            Not Before: Apr  8 12:20:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b3036563bb3b23cb0c4bc7b5978acd2d529a3f82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:0b:65:bd:f3:72:c4:27:c6:ad:8e:1f:52:85:
                    70:93:cd:2e:65:65:f9:48:b3:50:c5:05:08:a8:d7:
                    06:e0:58:2a:89:9d:65:d7:da:db:23:90:eb:f7:94:
                    55:05:6b:e8:78:31:41:82:f4:07:33:49:2d:2a:db:
                    10:38:d2:5d:5c:f7:7c:44:5b:39:e9:73:81:4e:a7:
                    af:b4:cc:34:dd:74:cc:b3:47:ed:52:cc:82:9d:a4:
                    b2:71:a3:cc:07:52:40:4b:17:cd:71:ce:ed:06:e0:
                    20:03:38:58:22:1c:ae:4f:ed:da:93:6e:d0:29:15:
                    e5:90:d4:6d:d9:6c:76:44:e4:89:03:3f:b3:91:90:
                    9e:24:34:b6:84:47:38:1a:97:10:d3:32:e0:f5:e3:
                    e4:ac:e3:3f:1c:73:35:74:87:3c:f6:f3:1b:09:bd:
                    71:da:87:90:33:a7:9c:62:ef:b2:c7:82:3f:fe:7b:
                    32:95:d8:66:a5:20:b9:59:23:ce:97:5d:1a:23:7a:
                    33:92:0b:5a:d5:86:f2:14:16:81:1b:6f:54:9e:7f:
                    05:8a:dc:bc:a4:ec:00:f0:e6:77:a9:49:1d:54:03:
                    20:66:2e:c8:b0:09:45:b2:7c:2b:8c:7b:6d:e8:62:
                    92:f0:ea:5d:0a:a4:14:e2:d6:12:5a:84:8d:bd:a5:
                    2a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:03:65:63:BB:3B:23:CB:0C:4B:C7:B5:97:8A:CD:2D:52:9A:3F:82
            X509v3 Authority Key Identifier:
                keyid:72:47:BA:43:E2:70:C9:8B:DC:64:2A:9E:3C:21:8C:A5:24:EB:0F:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cke6Q-JwyYvcZCqePCGMpSTrD1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/swNlY7s7I8sMS8e1l4rNLVKaP4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/341068-28f6-4f81-993f-279203b1d92c/1/cke6Q-JwyYvcZCqePCGMpSTrD1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.70.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:3e:49:7c:c1:4f:38:23:fb:27:70:97:7d:d1:da:d9:5a:e1:
         32:2a:e2:35:de:1d:1d:a4:9a:09:46:f3:58:9c:cc:7e:e6:89:
         20:82:e8:20:11:d1:80:c6:c1:41:ae:20:ae:3e:40:ca:64:c1:
         18:49:8c:57:6f:31:1f:d9:ea:1a:09:bf:a5:36:9e:25:4d:1d:
         cf:50:f4:fe:58:69:aa:7a:1c:06:8b:b5:c0:ab:93:da:02:ee:
         fd:56:9c:74:ac:8a:ea:44:8b:04:6d:64:60:2c:d2:0f:a6:27:
         28:21:6b:e3:78:df:a4:27:cc:95:58:8c:85:f1:78:39:cf:2f:
         31:6f:90:69:c3:f7:36:b2:6b:cd:6a:8d:39:2d:4e:12:87:54:
         1f:12:cd:df:b9:48:a8:06:a4:85:fd:50:b8:82:fe:aa:cc:23:
         03:b7:3f:94:c4:2a:40:a7:a9:6f:1b:5f:3e:67:1a:b2:fc:c1:
         d7:3b:76:9e:a3:62:b3:5a:83:3f:c0:e1:46:54:65:88:0c:5d:
         6c:bb:19:7d:84:2c:21:bf:ff:78:f3:e8:d0:8f:68:a6:3a:82:
         45:b3:52:64:c4:10:2a:3f:9a:14:a2:3f:ac:dd:41:b2:55:3c:
         91:63:33:68:d3:1b:c5:0a:5d:90:25:8c:5f:65:f0:dd:cd:50:
         f8:68:13:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1tCVAAEwR53P0RRUF4t7eKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNDdiYTQzZTI3MGM5OGJkYzY0MmE5ZTNjMjE4Y2E1MjRl
YjBmNTMwHhcNMjYwNDA4MTIyMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzAzNjU2M2JiM2IyM2NiMGM0YmM3YjU5NzhhY2QyZDUyOWEzZjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgtlvfNyxCfGrY4fUoVwk80uZWX5
SLNQxQUIqNcG4FgqiZ1l19rbI5Dr95RVBWvoeDFBgvQHM0ktKtsQONJdXPd8RFs5
6XOBTqevtMw03XTMs0ftUsyCnaSycaPMB1JASxfNcc7tBuAgAzhYIhyuT+3ak27Q
KRXlkNRt2Wx2ROSJAz+zkZCeJDS2hEc4GpcQ0zLg9ePkrOM/HHM1dIc89vMbCb1x
2oeQM6ecYu+yx4I//nsyldhmpSC5WSPOl10aI3ozkgta1YbyFBaBG29Unn8Fity8
pOwA8OZ3qUkdVAMgZi7IsAlFsnwrjHtt6GKS8OpdCqQU4tYSWoSNvaUq2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMDZWO7OyPLDEvHtZeKzS1Smj+CMB8GA1UdIwQY
MBaAFHJHukPicMmL3GQqnjwhjKUk6w9TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2tlNlEtSnd5WXZjWkNxZVBDR01wU1RyRDFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8zNDEwNjgtMjhmNi00ZjgxLTk5M2Yt
Mjc5MjAzYjFkOTJjLzEvc3dObFk3czdJOHNNUzhlMWw0ck5MVkthUDRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8zNDEwNjgtMjhmNi00ZjgxLTk5M2YtMjc5MjAzYjFkOTJj
LzEvY2tlNlEtSnd5WXZjWkNxZVBDR01wU1RyRDFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUEbYMA0G
CSqGSIb3DQEBCwUAA4IBAQAnPkl8wU84I/sncJd90drZWuEyKuI13h0dpJoJRvNY
nMx+5okgguggEdGAxsFBriCuPkDKZMEYSYxXbzEf2eoaCb+lNp4lTR3PUPT+WGmq
ehwGi7XAq5PaAu79Vpx0rIrqRIsEbWRgLNIPpicoIWvjeN+kJ8yVWIyF8Xg5zy8x
b5Bpw/c2smvNao05LU4Sh1QfEs3fuUioBqSF/VC4gv6qzCMDtz+UxCpAp6lvG18+
Zxqy/MHXO3aeo2KzWoM/wOFGVGWIDF1suxl9hCwhv/948+jQj2imOoJFs1JkxBAq
P5oUoj+s3UGyVTyRYzNo0xvFCl2QJYxfZfDdzVD4aBPa
-----END CERTIFICATE-----