Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/XF8zxRoIDsp4mguzCSf0vyETBPY.roa
File:                     XF8zxRoIDsp4mguzCSf0vyETBPY.roa (raw, json)
Hash identifier:          eAwYUTgt//k+vdVNboj1Og7x7yfNtzEkOGt1neMt2EY=
Subject key identifier:   5C:5F:33:C5:1A:08:0E:CA:78:9A:0B:B3:09:27:F4:BF:21:13:04:F6
Certificate issuer:       /CN=8b82433ffe94bf3536fec327543d396158202072
Certificate serial:       019D52DBBDEFED019652604D10CF14069BBE
Authority key identifier: 8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/XF8zxRoIDsp4mguzCSf0vyETBPY.roa
Signing time:             Fri 03 Apr 2026 10:20:25 +0000
ROA not before:           Fri 03 Apr 2026 10:20:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64419
IP address blocks:        83.217.198.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 21:23:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:db:bd:ef:ed:01:96:52:60:4d:10:cf:14:06:9b:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b82433ffe94bf3536fec327543d396158202072
        Validity
            Not Before: Apr  3 10:20:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c5f33c51a080eca789a0bb30927f4bf211304f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:c6:d3:16:fb:ef:f2:3b:e5:e5:0d:30:f1:24:
                    71:72:28:a1:e9:88:15:44:7a:35:15:df:55:29:6f:
                    a7:cb:e0:26:4b:61:3e:fc:15:40:6c:a0:5f:75:4d:
                    b4:ee:03:4b:c2:a7:e9:c9:67:ef:fd:a5:93:a1:33:
                    49:84:1e:9d:09:fd:f0:58:bb:ff:b7:ea:40:2a:d1:
                    89:eb:4d:b8:f3:65:11:fa:9c:9b:a1:d6:03:2d:8e:
                    4a:a7:af:da:52:52:f3:1e:8f:24:22:a2:10:85:58:
                    39:82:d5:0f:1d:d7:97:6a:16:0b:50:25:d1:49:ef:
                    7b:19:e7:d8:16:1d:f6:fe:03:44:2e:35:e8:e7:c0:
                    96:ef:2c:98:5b:25:03:6c:59:d3:a8:7f:81:3e:77:
                    9b:33:a8:43:d2:0d:1f:7d:f8:47:95:79:2c:a4:5c:
                    93:6a:1e:13:1f:fc:d5:28:67:89:a8:c1:b7:e4:e0:
                    be:b4:5b:63:15:af:7e:17:38:c0:00:c0:26:fc:8e:
                    fd:f7:17:67:1d:5a:80:57:c6:de:18:c1:8b:9f:72:
                    08:90:09:19:83:73:38:7b:8e:59:02:2c:60:a6:3d:
                    3e:f0:db:5d:f1:c2:fb:81:6e:c4:8d:4a:7c:30:b3:
                    e2:9f:3c:6e:98:79:89:17:24:0e:0e:50:30:fe:ba:
                    52:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:5F:33:C5:1A:08:0E:CA:78:9A:0B:B3:09:27:F4:BF:21:13:04:F6
            X509v3 Authority Key Identifier:
                keyid:8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/XF8zxRoIDsp4mguzCSf0vyETBPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.217.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c2:6d:46:c6:a6:4e:ea:16:2d:c9:58:3a:61:55:b8:81:da:57:
         a1:e7:86:fd:ae:2c:20:bd:ef:ef:c4:8c:ac:e0:4f:31:e0:21:
         33:3e:0c:77:cc:bd:c8:fc:45:10:01:da:62:4f:59:18:85:13:
         87:a1:08:ce:60:64:73:fb:44:5c:95:e7:7a:c0:43:54:b4:26:
         b6:c4:22:40:1a:ba:4f:17:bd:e0:f0:46:d1:63:68:6f:52:b8:
         8d:f1:a3:60:2b:25:3f:f3:25:5d:08:6c:c6:c7:5f:7c:c6:2c:
         cb:ab:9e:41:34:7f:39:6c:84:3c:bf:b7:7c:6e:cd:74:d9:78:
         b1:e7:bc:e1:bb:f1:b1:2f:74:20:24:cb:69:62:a5:75:6f:45:
         bf:1e:13:ea:d0:6c:bf:1a:30:33:2f:fd:cf:f7:0d:74:5b:57:
         70:ef:47:1a:fc:48:82:17:20:61:5e:1f:00:49:07:ea:a2:8a:
         86:84:8b:bb:7c:7b:f0:87:d8:0c:d0:03:91:54:63:c5:93:f8:
         ad:b3:04:33:e9:8f:52:cd:81:00:82:9b:4e:8a:39:2e:ff:72:
         17:82:36:39:ec:6e:06:28:97:52:42:81:9a:a6:21:31:49:38:
         81:ce:89:ed:ac:8f:81:b8:8f:58:a0:cd:41:f1:01:a6:ed:e5:
         d1:11:e7:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1S273v7QGWUmBNEM8UBpu+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiODI0MzNmZmU5NGJmMzUzNmZlYzMyNzU0M2QzOTYxNTgy
MDIwNzIwHhcNMjYwNDAzMTAyMDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzVmMzNjNTFhMDgwZWNhNzg5YTBiYjMwOTI3ZjRiZjIxMTMwNGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7MbTFvvv8jvl5Q0w8SRxciih6YgV
RHo1Fd9VKW+ny+AmS2E+/BVAbKBfdU207gNLwqfpyWfv/aWToTNJhB6dCf3wWLv/
t+pAKtGJ602482UR+pybodYDLY5Kp6/aUlLzHo8kIqIQhVg5gtUPHdeXahYLUCXR
Se97GefYFh32/gNELjXo58CW7yyYWyUDbFnTqH+BPnebM6hD0g0fffhHlXkspFyT
ah4TH/zVKGeJqMG35OC+tFtjFa9+FzjAAMAm/I799xdnHVqAV8beGMGLn3IIkAkZ
g3M4e45ZAixgpj0+8Ntd8cL7gW7EjUp8MLPinzxumHmJFyQODlAw/rpSHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxfM8UaCA7KeJoLswkn9L8hEwT2MB8GA1UdIwQY
MBaAFIuCQz/+lL81Nv7DJ1Q9OWFYICByMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYt
MmRkNzg5MGRjNjg5LzEvWEY4enhSb0lEc3A0bWd1ekNTZjB2eUVUQlBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYtMmRkNzg5MGRjNjg5
LzEvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU9nGMA0G
CSqGSIb3DQEBCwUAA4IBAQDCbUbGpk7qFi3JWDphVbiB2leh54b9riwgve/vxIys
4E8x4CEzPgx3zL3I/EUQAdpiT1kYhROHoQjOYGRz+0Rcled6wENUtCa2xCJAGrpP
F73g8EbRY2hvUriN8aNgKyU/8yVdCGzGx198xizLq55BNH85bIQ8v7d8bs102Xix
57zhu/GxL3QgJMtpYqV1b0W/HhPq0Gy/GjAzL/3P9w10W1dw70ca/EiCFyBhXh8A
SQfqooqGhIu7fHvwh9gM0AORVGPFk/itswQz6Y9SzYEAgptOijku/3IXgjY57G4G
KJdSQoGapiExSTiBzontrI+BuI9YoM1B8QGm7eXREedP
-----END CERTIFICATE-----