Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/e0c5b7-d2ac-4a5a-8098-60f9dea43899/1/7eg3o94jzF6MWPTPt5NbTvs7jJs.roa
File:                     7eg3o94jzF6MWPTPt5NbTvs7jJs.roa (raw, json)
Hash identifier:          uBhb3oqgOc4SEMDE6pXGmihKzbDqsdvpsyNNplPMk2I=
Subject key identifier:   ED:E8:37:A3:DE:23:CC:5E:8C:58:F4:CF:B7:93:5B:4E:FB:3B:8C:9B
Certificate issuer:       /CN=4867d37b761cb7a05fc733e3db43366fa362536c
Certificate serial:       019B7AC927DED3A7917CA4ACC2A8D50DF27F
Authority key identifier: 48:67:D3:7B:76:1C:B7:A0:5F:C7:33:E3:DB:43:36:6F:A3:62:53:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SGfTe3Yct6BfxzPj20M2b6NiU2w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/e0c5b7-d2ac-4a5a-8098-60f9dea43899/1/7eg3o94jzF6MWPTPt5NbTvs7jJs.roa
Signing time:             Thu 01 Jan 2026 18:19:21 +0000
ROA not before:           Thu 01 Jan 2026 18:19:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50967
IP address blocks:        2001:67c:2140::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/e0c5b7-d2ac-4a5a-8098-60f9dea43899/1/SGfTe3Yct6BfxzPj20M2b6NiU2w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/e0c5b7-d2ac-4a5a-8098-60f9dea43899/1/SGfTe3Yct6BfxzPj20M2b6NiU2w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SGfTe3Yct6BfxzPj20M2b6NiU2w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:27:de:d3:a7:91:7c:a4:ac:c2:a8:d5:0d:f2:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4867d37b761cb7a05fc733e3db43366fa362536c
        Validity
            Not Before: Jan  1 18:19:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ede837a3de23cc5e8c58f4cfb7935b4efb3b8c9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:9b:8f:06:e7:9a:63:59:17:37:f2:7b:64:00:
                    3e:f8:ed:f7:84:8a:da:79:b4:5b:86:d8:ce:ab:58:
                    3a:91:15:0d:93:3a:87:d1:c2:75:fb:a7:dd:46:c3:
                    21:28:00:f4:07:9d:33:5e:00:32:68:0e:0c:e8:42:
                    7c:c9:87:af:ab:29:dc:50:8c:6b:3d:df:0c:0a:6f:
                    da:84:88:61:0f:77:19:9a:93:8c:03:19:54:32:e2:
                    35:c6:40:3b:dd:fc:f4:3d:8b:5a:8e:b6:29:03:33:
                    fc:d9:75:a2:5d:27:d8:85:96:3e:9f:31:13:b9:08:
                    3f:17:db:ec:0d:83:84:f9:57:7e:09:ca:c6:e4:1f:
                    26:72:9d:26:74:6f:9b:cb:95:4a:5c:82:d8:9f:27:
                    28:cb:82:b9:9b:73:63:e3:79:ba:f7:3b:35:82:a1:
                    37:c1:a1:29:45:52:b3:25:88:b8:b0:ca:1a:96:1e:
                    30:29:16:64:64:f5:2b:d8:9a:32:3b:8c:e6:29:65:
                    ca:08:d5:70:46:81:80:f9:8e:6b:56:8c:43:02:0a:
                    16:79:76:00:91:f1:ff:77:9c:84:47:75:c3:84:4e:
                    86:c1:60:12:b4:fa:5e:b1:bc:99:b2:1f:61:9b:29:
                    6d:84:22:12:b8:c0:ae:50:a4:99:98:5c:e8:31:4d:
                    3c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:E8:37:A3:DE:23:CC:5E:8C:58:F4:CF:B7:93:5B:4E:FB:3B:8C:9B
            X509v3 Authority Key Identifier:
                keyid:48:67:D3:7B:76:1C:B7:A0:5F:C7:33:E3:DB:43:36:6F:A3:62:53:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SGfTe3Yct6BfxzPj20M2b6NiU2w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e0c5b7-d2ac-4a5a-8098-60f9dea43899/1/7eg3o94jzF6MWPTPt5NbTvs7jJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e0c5b7-d2ac-4a5a-8098-60f9dea43899/1/SGfTe3Yct6BfxzPj20M2b6NiU2w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2140::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:a9:ed:0d:28:b5:65:09:93:7c:77:76:d3:4f:da:fb:ee:ca:
         3f:71:62:29:0a:50:5d:da:61:01:45:4e:e9:a7:a7:c2:ef:28:
         6b:c8:94:1f:59:54:cc:9e:f6:8c:ab:a5:2f:33:56:65:ad:3f:
         2e:cc:f9:8c:c9:fc:cc:56:27:d3:f0:40:43:6c:7a:a1:6a:82:
         29:fe:c3:8d:c6:ad:1f:49:f2:21:cd:12:88:8a:a7:fc:94:3b:
         b6:af:2b:35:2c:83:31:3e:fb:0c:04:14:75:ca:72:3b:c5:ef:
         72:f1:d2:f3:97:58:27:f1:0a:f8:b0:d9:2e:60:a5:25:f2:5f:
         cf:9b:f1:92:94:55:9d:17:80:40:e1:3b:3c:bb:21:65:e8:0e:
         38:39:67:68:30:d1:96:07:3f:4b:d8:e0:80:62:65:c9:88:ae:
         63:8e:67:25:a7:28:5a:8a:dc:75:71:4c:84:27:ad:bd:e6:38:
         5a:fc:ed:1d:c7:e0:d3:3b:08:c7:f2:3e:c8:58:79:67:cd:de:
         8c:1a:fa:9d:23:6d:1c:4b:85:91:85:8e:e1:9d:97:b0:1e:32:
         7e:1c:8d:e4:ef:1a:e0:cf:1c:fd:60:93:c7:ff:32:c3:8e:6a:
         9d:2b:f4:93:81:ee:f7:91:17:64:9d:58:2a:2e:93:19:8b:7b:
         48:fa:c7:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt6ySfe06eRfKSswqjVDfJ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4NjdkMzdiNzYxY2I3YTA1ZmM3MzNlM2RiNDMzNjZmYTM2
MjUzNmMwHhcNMjYwMTAxMTgxOTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGU4MzdhM2RlMjNjYzVlOGM1OGY0Y2ZiNzkzNWI0ZWZiM2I4YzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1JuPBueaY1kXN/J7ZAA++O33hIra
ebRbhtjOq1g6kRUNkzqH0cJ1+6fdRsMhKAD0B50zXgAyaA4M6EJ8yYevqyncUIxr
Pd8MCm/ahIhhD3cZmpOMAxlUMuI1xkA73fz0PYtajrYpAzP82XWiXSfYhZY+nzET
uQg/F9vsDYOE+Vd+CcrG5B8mcp0mdG+by5VKXILYnycoy4K5m3Nj43m69zs1gqE3
waEpRVKzJYi4sMoalh4wKRZkZPUr2JoyO4zmKWXKCNVwRoGA+Y5rVoxDAgoWeXYA
kfH/d5yER3XDhE6GwWAStPpesbyZsh9hmylthCISuMCuUKSZmFzoMU084QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO3oN6PeI8xejFj0z7eTW077O4ybMB8GA1UdIwQY
MBaAFEhn03t2HLegX8cz49tDNm+jYlNsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0dmVGUzWWN0NkJmeHpQajIwTTJiNk5pVTJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9lMGM1YjctZDJhYy00YTVhLTgwOTgt
NjBmOWRlYTQzODk5LzEvN2VnM285NGp6RjZNV1BUUHQ1TmJUdnM3akpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9lMGM1YjctZDJhYy00YTVhLTgwOTgtNjBmOWRlYTQzODk5
LzEvU0dmVGUzWWN0NkJmeHpQajIwTTJiNk5pVTJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCFA
MA0GCSqGSIb3DQEBCwUAA4IBAQBRqe0NKLVlCZN8d3bTT9r77so/cWIpClBd2mEB
RU7pp6fC7yhryJQfWVTMnvaMq6UvM1ZlrT8uzPmMyfzMVifT8EBDbHqhaoIp/sON
xq0fSfIhzRKIiqf8lDu2rys1LIMxPvsMBBR1ynI7xe9y8dLzl1gn8Qr4sNkuYKUl
8l/Pm/GSlFWdF4BA4Ts8uyFl6A44OWdoMNGWBz9L2OCAYmXJiK5jjmclpyhaitx1
cUyEJ6295jha/O0dx+DTOwjH8j7IWHlnzd6MGvqdI20cS4WRhY7hnZewHjJ+HI3k
7xrgzxz9YJPH/zLDjmqdK/STge73kRdknVgqLpMZi3tI+sf4
-----END CERTIFICATE-----