Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/agg93eycwc-rvB8nPNTMouvL620.roa
File:                     agg93eycwc-rvB8nPNTMouvL620.roa (raw, json)
Hash identifier:          l8IOgucjfyhI1MIQqB2bBjj26oEwYULnXCLG+tC+0UY=
Subject key identifier:   6A:08:3D:DD:EC:9C:C1:CF:AB:BC:1F:27:3C:D4:CC:A2:EB:CB:EB:6D
Certificate issuer:       /CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
Certificate serial:       019E350F02F656A011DAF7BBA7B00DB7B570
Authority key identifier: 65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/agg93eycwc-rvB8nPNTMouvL620.roa
Signing time:             Sun 17 May 2026 08:30:36 +0000
ROA not before:           Sun 17 May 2026 08:30:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215336
IP address blocks:        37.202.56.0/24 maxlen: 24
                          185.35.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:35:0f:02:f6:56:a0:11:da:f7:bb:a7:b0:0d:b7:b5:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
        Validity
            Not Before: May 17 08:30:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a083dddec9cc1cfabbc1f273cd4cca2ebcbeb6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1a:50:bd:37:ea:bd:9d:63:00:f0:0a:f8:aa:
                    30:f2:c8:94:c0:d9:f6:1a:24:81:33:c0:06:08:c8:
                    e5:c1:4c:52:86:06:86:50:78:61:5e:94:b5:83:80:
                    c9:8a:b8:99:c5:7d:ec:9e:02:12:4c:c2:c3:22:72:
                    8a:b4:fc:70:7e:c0:f3:54:dd:fa:7a:4e:71:79:2e:
                    70:3b:b2:81:6e:a9:ac:72:5a:63:3e:fc:c7:32:6a:
                    19:65:f8:eb:68:b4:bf:ab:8f:5c:6a:a1:3c:62:50:
                    c9:81:15:50:28:40:15:f4:c3:0d:30:08:bc:ad:58:
                    9e:17:35:60:a8:a9:7d:69:47:4c:c7:b9:e3:2b:8f:
                    a7:c5:e5:46:15:23:12:5b:26:ca:37:9d:72:7e:66:
                    70:d7:a2:07:93:c9:87:42:5b:02:f3:dd:52:e8:63:
                    5d:b4:d7:46:89:5f:f1:ac:68:95:a1:98:08:14:50:
                    93:ee:2c:db:9c:0b:c4:2e:1c:88:0a:9d:e5:b5:a1:
                    1f:58:a7:1d:1d:67:05:35:78:23:b6:b7:69:c8:b6:
                    a7:03:2d:87:7e:1c:1a:a9:e5:ca:ac:43:39:e0:43:
                    43:36:1e:58:08:96:e5:01:ec:da:83:98:02:e2:ba:
                    a2:e9:eb:19:b5:60:25:3a:13:60:e7:94:60:ae:e0:
                    d4:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:08:3D:DD:EC:9C:C1:CF:AB:BC:1F:27:3C:D4:CC:A2:EB:CB:EB:6D
            X509v3 Authority Key Identifier:
                keyid:65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/agg93eycwc-rvB8nPNTMouvL620.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.56.0/24
                  185.35.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:0b:fa:5d:98:ca:44:ec:f4:d9:fa:e0:13:b8:f3:ff:ab:49:
         fd:18:da:c3:fd:d4:74:1c:c3:13:f6:f4:e2:a3:96:bc:a9:2e:
         1a:20:3d:ec:f1:71:5a:44:ee:c4:69:78:98:04:94:c2:e9:1e:
         14:df:d9:cf:33:d7:0d:f8:c7:8b:a7:08:ed:78:65:96:77:2b:
         c7:b9:9d:d9:ab:2c:ba:29:a9:bf:e2:82:f9:4a:80:78:c1:24:
         f3:ef:45:20:82:5a:ea:d9:e5:1a:54:49:10:2d:61:10:da:ba:
         18:0e:59:e5:b4:cb:0e:5c:84:1e:f9:fd:06:a4:9a:f2:37:92:
         c6:2d:19:a1:2f:f9:8a:ea:f0:da:6e:43:7e:2f:54:c6:d8:88:
         ca:ed:a2:a9:fe:49:05:ea:46:fa:33:01:f1:23:f7:bf:5a:d4:
         11:58:b5:7d:d9:85:95:28:f8:eb:93:46:fc:a7:da:d9:21:ca:
         a2:ea:3e:c9:f6:f6:40:74:8d:4e:d0:7f:09:dd:72:df:39:cf:
         ce:db:a1:09:18:79:e6:e2:41:17:70:d8:d5:35:ea:bb:09:0b:
         f2:b7:15:2d:69:47:36:b2:50:c6:24:a7:9e:28:d1:6b:d2:e6:
         66:89:2a:db:e6:fe:bd:13:11:63:48:65:75:90:ce:48:27:c2:
         04:1e:d4:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ41DwL2VqAR2ve7p7ANt7VwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YmRjZmY3N2JmMDYwZDVkYTEyZGU0NWUyMDcyZTFjZmY0
NTYwYTcwHhcNMjYwNTE3MDgzMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTA4M2RkZGVjOWNjMWNmYWJiYzFmMjczY2Q0Y2NhMmViY2JlYjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRpQvTfqvZ1jAPAK+Kow8siUwNn2
GiSBM8AGCMjlwUxShgaGUHhhXpS1g4DJiriZxX3sngISTMLDInKKtPxwfsDzVN36
ek5xeS5wO7KBbqmsclpjPvzHMmoZZfjraLS/q49caqE8YlDJgRVQKEAV9MMNMAi8
rVieFzVgqKl9aUdMx7njK4+nxeVGFSMSWybKN51yfmZw16IHk8mHQlsC891S6GNd
tNdGiV/xrGiVoZgIFFCT7izbnAvELhyICp3ltaEfWKcdHWcFNXgjtrdpyLanAy2H
fhwaqeXKrEM54ENDNh5YCJblAezag5gC4rqi6esZtWAlOhNg55RgruDU/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGoIPd3snMHPq7wfJzzUzKLry+ttMB8GA1UdIwQY
MBaAFGW9z/d78GDV2hLeReIHLhz/RWCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYt
ZDcwY2Q5N2Y0ODU3LzEvYWdnOTNleWN3Yy1ydkI4blBOVE1vdXZMNjIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYtZDcwY2Q5N2Y0ODU3
LzEvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJco4AwQA
uSPLMA0GCSqGSIb3DQEBCwUAA4IBAQB+C/pdmMpE7PTZ+uATuPP/q0n9GNrD/dR0
HMMT9vTio5a8qS4aID3s8XFaRO7EaXiYBJTC6R4U39nPM9cN+MeLpwjteGWWdyvH
uZ3Zqyy6Kam/4oL5SoB4wSTz70Ugglrq2eUaVEkQLWEQ2roYDlnltMsOXIQe+f0G
pJryN5LGLRmhL/mK6vDabkN+L1TG2IjK7aKp/kkF6kb6MwHxI/e/WtQRWLV92YWV
KPjrk0b8p9rZIcqi6j7J9vZAdI1O0H8J3XLfOc/O26EJGHnm4kEXcNjVNeq7CQvy
txUtaUc2slDGJKeeKNFr0uZmiSrb5v69ExFjSGV1kM5IJ8IEHtRn
-----END CERTIFICATE-----