Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/3EeJh95vWlbqkBMJsY8WJvQJZSQ.roa
File:                     3EeJh95vWlbqkBMJsY8WJvQJZSQ.roa (raw, json)
Hash identifier:          HKt/H+HcjtF1ud6gYULu77Dwf2Spakt+G/k1RzaE2tU=
Subject key identifier:   DC:47:89:87:DE:6F:5A:56:EA:90:13:09:B1:8F:16:26:F4:09:65:24
Certificate issuer:       /CN=48a4693b1dccc49ee6605a7d339e1d847ef0ad8b
Certificate serial:       019EAC64DBBE0A861E4F9CD2BCA9B37C0596
Authority key identifier: 48:A4:69:3B:1D:CC:C4:9E:E6:60:5A:7D:33:9E:1D:84:7E:F0:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SKRpOx3MxJ7mYFp9M54dhH7wrYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/3EeJh95vWlbqkBMJsY8WJvQJZSQ.roa
Signing time:             Tue 09 Jun 2026 12:39:11 +0000
ROA not before:           Tue 09 Jun 2026 12:39:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200111
IP address blocks:        83.150.208.0/22 maxlen: 22
                          83.150.208.0/24 maxlen: 24
                          83.150.210.0/24 maxlen: 24
                          83.150.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/SKRpOx3MxJ7mYFp9M54dhH7wrYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/SKRpOx3MxJ7mYFp9M54dhH7wrYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SKRpOx3MxJ7mYFp9M54dhH7wrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 15:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:64:db:be:0a:86:1e:4f:9c:d2:bc:a9:b3:7c:05:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48a4693b1dccc49ee6605a7d339e1d847ef0ad8b
        Validity
            Not Before: Jun  9 12:39:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc478987de6f5a56ea901309b18f1626f4096524
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e6:1c:26:a6:f2:75:1b:18:6a:6d:18:7b:f2:
                    d2:79:10:61:b9:a7:f2:1c:ef:3f:a7:bb:be:bd:1e:
                    16:a2:5a:20:7a:98:0a:1e:58:d0:bf:d2:8b:5f:22:
                    e8:13:f4:ba:f2:65:8e:77:f6:e3:ec:a4:b5:a0:35:
                    5d:0c:ae:2b:28:0b:13:d6:62:97:96:7a:23:0a:bc:
                    b0:6a:00:09:c5:87:dc:50:b2:48:b6:f9:7f:0a:78:
                    ef:96:de:11:28:0e:2d:2a:d4:18:5b:35:8c:88:00:
                    95:a9:fe:c9:f2:3b:7d:8a:53:f9:96:cf:cb:b1:36:
                    70:78:98:95:1a:ea:5c:e7:88:fc:0d:8b:10:e8:e2:
                    58:57:f8:60:58:ed:66:71:2d:8e:a2:2a:ee:30:66:
                    ff:fd:b8:03:91:d4:6c:bf:c4:66:8d:06:d4:0d:84:
                    2d:f5:bb:0a:34:ba:29:b8:44:f5:72:f1:10:5d:fc:
                    fd:cd:5c:9c:ce:62:d1:bb:14:bf:36:43:12:64:d7:
                    e5:d2:91:df:7d:e3:85:e0:fc:03:46:e3:86:1d:10:
                    d7:a6:83:70:ce:f7:21:43:45:08:fc:8a:3e:4f:c7:
                    09:6a:e7:74:2a:1a:8c:10:88:cf:0a:7b:f9:d5:e9:
                    8d:1b:3e:87:ce:bd:f2:79:b6:f5:56:37:eb:a0:0a:
                    c7:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:47:89:87:DE:6F:5A:56:EA:90:13:09:B1:8F:16:26:F4:09:65:24
            X509v3 Authority Key Identifier:
                keyid:48:A4:69:3B:1D:CC:C4:9E:E6:60:5A:7D:33:9E:1D:84:7E:F0:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SKRpOx3MxJ7mYFp9M54dhH7wrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/3EeJh95vWlbqkBMJsY8WJvQJZSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/SKRpOx3MxJ7mYFp9M54dhH7wrYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.150.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:81:8c:31:7c:12:b8:d3:7a:31:d8:b0:9c:b5:b0:43:f0:10:
         15:4d:0c:38:c9:75:4a:ff:dc:6a:ee:1c:83:1a:ef:8c:a6:1b:
         16:6c:87:c6:c1:ac:68:ab:bf:b1:c3:fd:8a:8f:d9:2e:7a:07:
         54:cd:57:b8:7e:7a:72:ea:73:3c:0d:fb:12:97:62:ea:a4:10:
         1d:ef:cc:f8:f6:75:f3:27:d8:54:5a:67:92:6d:0b:0e:04:ef:
         b7:1a:a9:7e:b6:40:01:b6:2f:c8:a3:3f:85:13:c5:b5:6d:af:
         8c:15:55:c9:0d:7b:98:18:89:1e:6c:08:8a:6c:13:78:0d:1c:
         ed:c4:00:9d:fd:62:80:56:8b:7d:91:b9:52:69:b1:e6:fc:a0:
         fa:03:dc:8d:16:0d:f8:ba:48:4c:23:6a:cf:de:ba:76:6d:a4:
         03:3b:81:d4:fd:0b:10:3b:fd:58:10:1c:8f:72:8c:fc:f9:5d:
         37:f7:92:05:b0:67:e2:38:06:01:64:3f:54:ac:56:77:ae:02:
         c3:95:11:f3:fd:1f:35:a6:5b:d7:0e:c5:13:a8:8e:7a:1a:db:
         16:0b:4e:39:ad:b9:78:fc:31:2f:e4:48:85:08:4c:68:72:ae:
         1b:77:50:34:5c:57:d8:c4:03:9c:84:fd:f3:79:56:05:80:b6:
         64:d1:85:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6sZNu+CoYeT5zSvKmzfAWWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4YTQ2OTNiMWRjY2M0OWVlNjYwNWE3ZDMzOWUxZDg0N2Vm
MGFkOGIwHhcNMjYwNjA5MTIzOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzQ3ODk4N2RlNmY1YTU2ZWE5MDEzMDliMThmMTYyNmY0MDk2NTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweYcJqbydRsYam0Ye/LSeRBhuafy
HO8/p7u+vR4WologepgKHljQv9KLXyLoE/S68mWOd/bj7KS1oDVdDK4rKAsT1mKX
lnojCrywagAJxYfcULJItvl/Cnjvlt4RKA4tKtQYWzWMiACVqf7J8jt9ilP5ls/L
sTZweJiVGupc54j8DYsQ6OJYV/hgWO1mcS2OoiruMGb//bgDkdRsv8RmjQbUDYQt
9bsKNLopuET1cvEQXfz9zVyczmLRuxS/NkMSZNfl0pHffeOF4PwDRuOGHRDXpoNw
zvchQ0UI/Io+T8cJaud0KhqMEIjPCnv51emNGz6Hzr3yebb1VjfroArHqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNxHiYfeb1pW6pATCbGPFib0CWUkMB8GA1UdIwQY
MBaAFEikaTsdzMSe5mBafTOeHYR+8K2LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0tScE94M014SjdtWUZwOU01NGRoSDd3cllzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC85ODVlZmEtOGJlZS00ZjczLTg4Yjct
YmUzYmI2Y2QyZDUxLzEvM0VlSmg5NXZXbGJxa0JNSnNZOFdKdlFKWlNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC85ODVlZmEtOGJlZS00ZjczLTg4YjctYmUzYmI2Y2QyZDUx
LzEvU0tScE94M014SjdtWUZwOU01NGRoSDd3cllzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU5bQMA0G
CSqGSIb3DQEBCwUAA4IBAQA1gYwxfBK403ox2LCctbBD8BAVTQw4yXVK/9xq7hyD
Gu+MphsWbIfGwaxoq7+xw/2Kj9kuegdUzVe4fnpy6nM8DfsSl2LqpBAd78z49nXz
J9hUWmeSbQsOBO+3Gql+tkABti/Ioz+FE8W1ba+MFVXJDXuYGIkebAiKbBN4DRzt
xACd/WKAVot9kblSabHm/KD6A9yNFg34ukhMI2rP3rp2baQDO4HU/QsQO/1YEByP
coz8+V0395IFsGfiOAYBZD9UrFZ3rgLDlRHz/R81plvXDsUTqI56GtsWC045rbl4
/DEv5EiFCExocq4bd1A0XFfYxAOchP3zeVYFgLZk0YX7
-----END CERTIFICATE-----