Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/XFzvzsCqhKfzy9W1lifiYsr2FPY.roa
File:                     XFzvzsCqhKfzy9W1lifiYsr2FPY.roa (raw, json)
Hash identifier:          CCsPPsKNz9aAmX7i2Nou1O4K9coGmOr7nMaYy+BYwJo=
Subject key identifier:   5C:5C:EF:CE:C0:AA:84:A7:F3:CB:D5:B5:96:27:E2:62:CA:F6:14:F6
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019EB6C3E5D8B7FDEB00A93E82F00D9CB5A9
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/XFzvzsCqhKfzy9W1lifiYsr2FPY.roa
Signing time:             Thu 11 Jun 2026 12:59:12 +0000
ROA not before:           Thu 11 Jun 2026 12:59:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402215
IP address blocks:        87.86.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b6:c3:e5:d8:b7:fd:eb:00:a9:3e:82:f0:0d:9c:b5:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun 11 12:59:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c5cefcec0aa84a7f3cbd5b59627e262caf614f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:33:63:15:ae:f1:60:8b:02:53:7b:07:da:2a:
                    0a:61:b4:57:dd:15:e2:fb:44:84:68:e4:70:3a:a1:
                    45:bc:23:4e:74:80:7d:c4:17:9e:b8:12:a4:ba:bf:
                    93:8e:3d:d8:91:e6:03:92:3f:bc:8c:f1:d7:55:59:
                    e3:ce:89:46:66:bf:e8:3a:95:ab:c9:b6:c0:c9:78:
                    49:cc:3b:99:c7:f4:9d:13:2e:40:8c:5c:d2:64:bc:
                    89:08:93:5b:41:45:6a:84:8c:a9:72:a1:ce:f3:84:
                    29:90:39:16:8d:f3:75:bf:2a:a9:d6:e8:49:e4:79:
                    79:24:f2:12:ad:66:81:41:3b:30:2d:be:98:ae:2d:
                    3c:d3:30:3f:90:db:1c:05:ed:b8:fb:47:80:e6:75:
                    47:f7:83:29:a8:e4:cf:5b:1f:34:bd:4c:5a:e3:6d:
                    70:96:cf:01:97:91:a8:d2:5e:3c:aa:60:6e:30:4b:
                    89:df:e4:0c:79:d1:20:e4:ec:3c:32:00:db:80:d9:
                    dd:f0:0a:a2:1b:1a:71:fa:2d:3e:bf:be:1a:59:be:
                    4d:25:f7:4c:1d:17:bf:07:18:dd:c0:fa:b2:80:29:
                    93:43:f0:be:60:c1:22:73:f8:f0:21:27:83:f0:0b:
                    15:14:d6:f4:d4:2b:83:20:04:f5:b0:2d:19:32:32:
                    d7:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:5C:EF:CE:C0:AA:84:A7:F3:CB:D5:B5:96:27:E2:62:CA:F6:14:F6
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/XFzvzsCqhKfzy9W1lifiYsr2FPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.86.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:55:d6:31:95:b5:00:69:49:86:66:ef:89:94:20:b2:e0:ec:
         b5:6a:5f:9d:cc:98:b9:fa:40:b8:7e:47:7a:36:79:42:3a:40:
         24:39:08:d2:ed:8a:42:e7:ca:3c:b9:08:4e:16:11:7d:41:0d:
         6a:17:4a:c9:1f:a3:8f:80:77:92:bb:f6:da:ad:44:93:f8:12:
         7c:c7:51:55:38:ef:6f:2c:51:ee:b5:4d:ee:17:8c:ab:31:e3:
         d5:05:6d:ac:63:43:0d:9f:e4:b8:1e:43:56:8d:ce:97:3b:af:
         b7:90:6a:e8:b1:69:4d:68:e1:ea:cd:b3:3f:b7:e0:c3:bd:3c:
         95:93:f8:8e:82:f1:02:94:20:58:38:7d:62:09:5e:bd:10:fc:
         ae:eb:f5:f6:2f:a5:8f:f5:10:4d:54:78:25:60:5c:f0:b6:30:
         da:09:90:6f:79:e9:07:40:cc:ec:c0:af:75:1e:ec:29:32:41:
         55:de:12:5b:46:01:0f:a8:4d:60:ee:7c:93:03:b6:ce:88:ad:
         8b:8e:08:2f:3c:d3:61:13:c7:50:ae:a7:c4:47:ee:28:40:28:
         d7:7e:c3:44:b0:89:bc:58:34:ef:46:87:a4:09:99:fb:7e:e5:
         05:85:57:af:39:d9:3e:e1:4b:88:90:ff:36:0e:f6:ab:ab:0e:
         2c:3e:71:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ62w+XYt/3rAKk+gvANnLWpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjExMTI1OTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzVjZWZjZWMwYWE4NGE3ZjNjYmQ1YjU5NjI3ZTI2MmNhZjYxNGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTNjFa7xYIsCU3sH2ioKYbRX3RXi
+0SEaORwOqFFvCNOdIB9xBeeuBKkur+Tjj3YkeYDkj+8jPHXVVnjzolGZr/oOpWr
ybbAyXhJzDuZx/SdEy5AjFzSZLyJCJNbQUVqhIypcqHO84QpkDkWjfN1vyqp1uhJ
5Hl5JPISrWaBQTswLb6Yri080zA/kNscBe24+0eA5nVH94MpqOTPWx80vUxa421w
ls8Bl5Go0l48qmBuMEuJ3+QMedEg5Ow8MgDbgNnd8AqiGxpx+i0+v74aWb5NJfdM
HRe/BxjdwPqygCmTQ/C+YMEic/jwISeD8AsVFNb01CuDIAT1sC0ZMjLX0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxc787AqoSn88vVtZYn4mLK9hT2MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvWEZ6dnpzQ3FoS2Z6eTlXMWxpZmlZc3IyRlBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV1YlMA0G
CSqGSIb3DQEBCwUAA4IBAQA+VdYxlbUAaUmGZu+JlCCy4Oy1al+dzJi5+kC4fkd6
NnlCOkAkOQjS7YpC58o8uQhOFhF9QQ1qF0rJH6OPgHeSu/barUST+BJ8x1FVOO9v
LFHutU3uF4yrMePVBW2sY0MNn+S4HkNWjc6XO6+3kGrosWlNaOHqzbM/t+DDvTyV
k/iOgvEClCBYOH1iCV69EPyu6/X2L6WP9RBNVHglYFzwtjDaCZBveekHQMzswK91
HuwpMkFV3hJbRgEPqE1g7nyTA7bOiK2LjggvPNNhE8dQrqfER+4oQCjXfsNEsIm8
WDTvRoekCZn7fuUFhVevOdk+4UuIkP82Dvarqw4sPnHU
-----END CERTIFICATE-----