Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/837e64-c744-45d5-8ad8-e5240073909b/1/s7t_akC7zKi1bxuEfE-gecZOJkw.roa
File:                     s7t_akC7zKi1bxuEfE-gecZOJkw.roa (raw, json)
Hash identifier:          hOOmqhwtS/j3wjfpIaMddw7GnavqbISUHa+AEjysuQA=
Subject key identifier:   B3:BB:7F:6A:40:BB:CC:A8:B5:6F:1B:84:7C:4F:A0:79:C6:4E:26:4C
Certificate issuer:       /CN=cce50cabb6f73862160ef1f9f5054f490a89dff8
Certificate serial:       019B79ECEB6F8AD5092F931DAE7875CD3A79
Authority key identifier: CC:E5:0C:AB:B6:F7:38:62:16:0E:F1:F9:F5:05:4F:49:0A:89:DF:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zOUMq7b3OGIWDvH59QVPSQqJ3_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/837e64-c744-45d5-8ad8-e5240073909b/1/s7t_akC7zKi1bxuEfE-gecZOJkw.roa
Signing time:             Thu 01 Jan 2026 14:18:48 +0000
ROA not before:           Thu 01 Jan 2026 14:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21171
IP address blocks:        80.91.32.0/20 maxlen: 20
                          185.227.124.0/22 maxlen: 22
                          2a01:9900::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/837e64-c744-45d5-8ad8-e5240073909b/1/zOUMq7b3OGIWDvH59QVPSQqJ3_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/837e64-c744-45d5-8ad8-e5240073909b/1/zOUMq7b3OGIWDvH59QVPSQqJ3_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zOUMq7b3OGIWDvH59QVPSQqJ3_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:50:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:eb:6f:8a:d5:09:2f:93:1d:ae:78:75:cd:3a:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cce50cabb6f73862160ef1f9f5054f490a89dff8
        Validity
            Not Before: Jan  1 14:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b3bb7f6a40bbcca8b56f1b847c4fa079c64e264c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:98:3b:74:ab:ab:89:d5:89:90:2a:c9:bf:ab:
                    6e:ef:c4:15:0a:b1:84:a2:19:48:18:07:0d:99:03:
                    37:66:a8:8b:f9:15:f7:b6:39:49:7d:ff:83:4f:3b:
                    a1:82:24:6e:12:18:bd:d2:16:3f:f5:0b:ab:0b:bf:
                    96:5b:be:34:6c:af:07:23:7d:86:bf:63:ea:9d:5c:
                    c3:a9:1f:79:1a:52:44:cc:ea:cf:ee:5c:2b:db:51:
                    6d:2b:54:da:1d:73:23:9e:88:f4:83:d3:c1:4f:a4:
                    7c:28:9a:81:18:5b:62:8a:ff:dc:de:ce:1a:f4:db:
                    8c:eb:38:7d:a4:09:4f:a0:e9:28:8c:9e:45:7e:c7:
                    4b:ec:68:29:c6:b9:d6:73:2a:be:2a:4e:36:45:36:
                    36:ce:3c:41:28:06:b0:fd:29:7f:04:83:95:31:15:
                    95:22:e1:49:0b:ce:cc:f3:ac:ac:dc:8a:04:f0:16:
                    07:99:fa:b1:51:92:46:5e:23:3b:a9:51:75:30:3e:
                    bf:47:bb:ce:16:bc:ca:8b:b7:b1:58:eb:f5:a5:90:
                    32:2f:04:3c:a2:1d:8e:df:8a:9e:d9:13:af:9b:85:
                    19:2a:63:9c:65:b6:a7:40:e1:7d:d4:9d:64:e0:83:
                    a3:bc:90:cc:0a:cf:d9:da:06:29:92:9d:26:d7:48:
                    4f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:BB:7F:6A:40:BB:CC:A8:B5:6F:1B:84:7C:4F:A0:79:C6:4E:26:4C
            X509v3 Authority Key Identifier:
                keyid:CC:E5:0C:AB:B6:F7:38:62:16:0E:F1:F9:F5:05:4F:49:0A:89:DF:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zOUMq7b3OGIWDvH59QVPSQqJ3_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/837e64-c744-45d5-8ad8-e5240073909b/1/s7t_akC7zKi1bxuEfE-gecZOJkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/837e64-c744-45d5-8ad8-e5240073909b/1/zOUMq7b3OGIWDvH59QVPSQqJ3_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.91.32.0/20
                  185.227.124.0/22
                IPv6:
                  2a01:9900::/32

    Signature Algorithm: sha256WithRSAEncryption
         2f:ca:08:8b:15:7c:0d:48:f4:87:09:fa:f4:60:34:44:4a:aa:
         0b:bd:b8:d4:01:76:cb:49:9f:ad:b7:57:94:22:71:0e:f8:95:
         3f:9c:06:bf:76:a8:bb:da:79:08:80:89:18:12:0d:c2:e7:ab:
         66:df:ea:08:79:9d:66:b4:a9:e9:af:cb:29:11:04:ff:61:7f:
         24:d2:78:03:84:9f:9b:cc:8a:6a:49:06:60:3c:d9:1d:f7:12:
         38:cb:88:c1:1c:af:7d:9e:ce:75:19:d8:e4:f6:dc:de:76:0c:
         b3:a7:48:7e:66:74:a0:72:f9:a1:0d:4a:ef:24:7d:f3:fb:34:
         49:0f:90:62:2d:3c:b8:00:7b:d8:db:99:62:5f:35:a7:2c:ac:
         98:41:d1:b3:3b:fb:a7:a7:2f:ca:54:8b:17:71:e4:3c:a2:22:
         95:98:78:a9:63:39:d2:51:d5:df:2f:ba:b6:eb:2d:7f:10:a7:
         d1:31:aa:15:ae:fb:32:ff:c7:63:5e:03:5b:8d:87:81:e5:f2:
         7b:6d:f6:bf:0f:6e:64:1a:eb:8e:6b:d2:86:6e:7e:56:f1:bc:
         1f:fa:c8:df:60:ae:41:20:aa:c3:f7:ab:47:bd:8e:c1:cd:60:
         11:e2:d9:c2:10:b5:60:54:77:0d:c6:87:0f:1e:ec:97:ba:90:
         26:73:da:a7
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt57OtvitUJL5Mdrnh1zTp5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZTUwY2FiYjZmNzM4NjIxNjBlZjFmOWY1MDU0ZjQ5MGE4
OWRmZjgwHhcNMjYwMTAxMTQxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2JiN2Y2YTQwYmJjY2E4YjU2ZjFiODQ3YzRmYTA3OWM2NGUyNjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Jg7dKuridWJkCrJv6tu78QVCrGE
ohlIGAcNmQM3ZqiL+RX3tjlJff+DTzuhgiRuEhi90hY/9QurC7+WW740bK8HI32G
v2PqnVzDqR95GlJEzOrP7lwr21FtK1TaHXMjnoj0g9PBT6R8KJqBGFtiiv/c3s4a
9NuM6zh9pAlPoOkojJ5FfsdL7GgpxrnWcyq+Kk42RTY2zjxBKAaw/Sl/BIOVMRWV
IuFJC87M86ys3IoE8BYHmfqxUZJGXiM7qVF1MD6/R7vOFrzKi7exWOv1pZAyLwQ8
oh2O34qe2ROvm4UZKmOcZbanQOF91J1k4IOjvJDMCs/Z2gYpkp0m10hPUQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLO7f2pAu8yotW8bhHxPoHnGTiZMMB8GA1UdIwQY
MBaAFMzlDKu29zhiFg7x+fUFT0kKid/4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek9VTXE3YjNPR0lXRHZINTlRVlBTUXFKM19nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy84MzdlNjQtYzc0NC00NWQ1LThhZDgt
ZTUyNDAwNzM5MDliLzEvczd0X2FrQzd6S2kxYnh1RWZFLWdlY1pPSmt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy84MzdlNjQtYzc0NC00NWQ1LThhZDgtZTUyNDAwNzM5MDli
LzEvek9VTXE3YjNPR0lXRHZINTlRVlBTUXFKM19nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUFsgAwQC
ueN8MA0EAgACMAcDBQAqAZkAMA0GCSqGSIb3DQEBCwUAA4IBAQAvygiLFXwNSPSH
Cfr0YDRESqoLvbjUAXbLSZ+tt1eUInEO+JU/nAa/dqi72nkIgIkYEg3C56tm3+oI
eZ1mtKnpr8spEQT/YX8k0ngDhJ+bzIpqSQZgPNkd9xI4y4jBHK99ns51Gdjk9tze
dgyzp0h+ZnSgcvmhDUrvJH3z+zRJD5BiLTy4AHvY25liXzWnLKyYQdGzO/unpy/K
VIsXceQ8oiKVmHipYznSUdXfL7q26y1/EKfRMaoVrvsy/8djXgNbjYeB5fJ7bfa/
D25kGuuOa9KGbn5W8bwf+sjfYK5BIKrD96tHvY7BzWAR4tnCELVgVHcNxocPHuyX
upAmc9qn
-----END CERTIFICATE-----