Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/cb4621-4710-4c4c-85ba-871cf4097746/1/dK7xGJjbLEsHT0KEKRHp-XbxNno.roa
File:                     dK7xGJjbLEsHT0KEKRHp-XbxNno.roa (raw, json)
Hash identifier:          kk3iHGhDC1qD/7txqS7460auTjZEQbYGHvF5VGLfJdA=
Subject key identifier:   74:AE:F1:18:98:DB:2C:4B:07:4F:42:84:29:11:E9:F9:76:F1:36:7A
Certificate issuer:       /CN=5af662b3f3dc8312b1b6bc917f0af00622775355
Certificate serial:       019B7A5AD7347FE6513390E9357A8854691A
Authority key identifier: 5A:F6:62:B3:F3:DC:83:12:B1:B6:BC:91:7F:0A:F0:06:22:77:53:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WvZis_PcgxKxtryRfwrwBiJ3U1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/cb4621-4710-4c4c-85ba-871cf4097746/1/dK7xGJjbLEsHT0KEKRHp-XbxNno.roa
Signing time:             Thu 01 Jan 2026 16:18:52 +0000
ROA not before:           Thu 01 Jan 2026 16:18:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31056
IP address blocks:        83.97.40.0/21 maxlen: 21
                          83.97.48.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/cb4621-4710-4c4c-85ba-871cf4097746/1/WvZis_PcgxKxtryRfwrwBiJ3U1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/cb4621-4710-4c4c-85ba-871cf4097746/1/WvZis_PcgxKxtryRfwrwBiJ3U1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WvZis_PcgxKxtryRfwrwBiJ3U1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 07:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:d7:34:7f:e6:51:33:90:e9:35:7a:88:54:69:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5af662b3f3dc8312b1b6bc917f0af00622775355
        Validity
            Not Before: Jan  1 16:18:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=74aef11898db2c4b074f42842911e9f976f1367a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:50:30:b2:60:ba:b0:51:20:4d:67:9d:95:12:
                    0c:68:c9:b8:30:8a:26:95:e1:96:78:86:b2:5d:02:
                    cf:91:b3:3a:11:8c:a8:db:f1:0f:76:ab:81:a4:ba:
                    dd:bb:7c:1a:53:42:e7:b4:db:72:80:98:3f:ec:b8:
                    4a:e5:ce:1f:e3:a2:87:b0:a1:73:87:1d:a6:61:04:
                    a1:d5:ad:7c:80:9f:9e:7e:fb:9a:4d:5b:91:8f:32:
                    65:75:3d:79:4e:f0:c7:20:a8:41:f1:7e:cb:d1:45:
                    91:b0:ae:b4:7f:25:a2:2f:48:1d:fa:5b:b2:d0:56:
                    3b:da:7c:cb:9f:61:76:df:df:14:61:49:5c:91:ed:
                    7a:57:fa:75:c8:f6:64:f3:7b:06:67:bd:f7:55:04:
                    ab:b8:20:8a:4f:ed:e3:79:5a:30:96:ef:39:92:f3:
                    51:ca:c3:75:60:ed:e1:3b:a2:a9:ec:75:86:db:5c:
                    e9:12:2e:c8:e6:ac:b7:f4:d8:d3:c0:63:93:f7:be:
                    30:6a:6a:18:1f:88:65:1f:4a:34:82:c1:12:36:03:
                    dc:ce:37:ec:52:ab:80:d1:23:a4:01:29:2c:10:bb:
                    42:49:06:b0:70:02:41:b4:62:64:99:8f:23:33:af:
                    20:1d:0c:a5:bf:07:14:f1:fb:34:0d:77:bc:33:ee:
                    5f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:AE:F1:18:98:DB:2C:4B:07:4F:42:84:29:11:E9:F9:76:F1:36:7A
            X509v3 Authority Key Identifier:
                keyid:5A:F6:62:B3:F3:DC:83:12:B1:B6:BC:91:7F:0A:F0:06:22:77:53:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WvZis_PcgxKxtryRfwrwBiJ3U1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/cb4621-4710-4c4c-85ba-871cf4097746/1/dK7xGJjbLEsHT0KEKRHp-XbxNno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/cb4621-4710-4c4c-85ba-871cf4097746/1/WvZis_PcgxKxtryRfwrwBiJ3U1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.40.0-83.97.55.255

    Signature Algorithm: sha256WithRSAEncryption
         7c:48:07:b5:84:31:19:8c:c8:35:5d:cb:7a:d5:88:32:da:d9:
         c4:9d:fe:dd:3c:cb:f1:c0:c7:16:69:a6:38:d4:63:a1:45:d9:
         10:6f:aa:b8:0a:53:a5:35:c7:17:ed:6e:eb:c8:94:0f:51:5b:
         a4:a6:b3:e1:5c:7a:7a:e1:80:6b:bc:f8:f9:79:eb:9a:82:aa:
         77:45:cd:bd:ef:25:4f:a9:7a:79:29:e2:c1:80:0a:29:ac:ae:
         ce:ce:e2:df:89:34:75:f4:13:3e:7d:85:57:57:08:b4:d8:2e:
         d1:6a:3c:f6:ed:5f:30:d3:ba:7e:7b:21:a6:c7:ff:32:73:60:
         d7:ca:86:2f:a5:69:80:fb:f1:69:cf:93:e5:3d:ce:bc:e7:81:
         5e:ee:bf:b0:29:95:db:45:bf:63:60:42:83:98:6b:00:f1:0c:
         75:9b:38:1a:46:2f:9d:86:5d:c4:79:3b:70:2f:37:4a:06:71:
         68:94:24:e2:a7:7b:9a:51:f4:61:a0:6f:fd:fc:ba:3a:61:2a:
         77:36:a8:3c:52:a6:af:e0:1c:36:bc:cd:be:50:dd:88:7f:4f:
         f3:80:2f:62:8e:fc:39:df:2f:aa:d5:70:9b:d5:91:b5:37:1d:
         aa:76:9d:f3:a5:f6:2e:67:0d:d5:d9:ed:25:60:d7:4a:c9:fb:
         d2:9d:42:9a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZt6Wtc0f+ZRM5DpNXqIVGkaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZjY2MmIzZjNkYzgzMTJiMWI2YmM5MTdmMGFmMDA2MjI3
NzUzNTUwHhcNMjYwMTAxMTYxODUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGFlZjExODk4ZGIyYzRiMDc0ZjQyODQyOTExZTlmOTc2ZjEzNjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplAwsmC6sFEgTWedlRIMaMm4MIom
leGWeIayXQLPkbM6EYyo2/EPdquBpLrdu3waU0LntNtygJg/7LhK5c4f46KHsKFz
hx2mYQSh1a18gJ+efvuaTVuRjzJldT15TvDHIKhB8X7L0UWRsK60fyWiL0gd+luy
0FY72nzLn2F2398UYUlcke16V/p1yPZk83sGZ733VQSruCCKT+3jeVowlu85kvNR
ysN1YO3hO6Kp7HWG21zpEi7I5qy39NjTwGOT974wamoYH4hlH0o0gsESNgPczjfs
UquA0SOkASksELtCSQawcAJBtGJkmY8jM68gHQylvwcU8fs0DXe8M+5fdwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHSu8RiY2yxLB09ChCkR6fl28TZ6MB8GA1UdIwQY
MBaAFFr2YrPz3IMSsba8kX8K8AYid1NVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3ZaaXNfUGNneEt4dHJ5UmZ3cndCaUozVTFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9jYjQ2MjEtNDcxMC00YzRjLTg1YmEt
ODcxY2Y0MDk3NzQ2LzEvZEs3eEdKamJMRXNIVDBLRUtSSHAtWGJ4Tm5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9jYjQ2MjEtNDcxMC00YzRjLTg1YmEtODcxY2Y0MDk3NzQ2
LzEvV3ZaaXNfUGNneEt4dHJ5UmZ3cndCaUozVTFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBANTYSgD
BANTYTAwDQYJKoZIhvcNAQELBQADggEBAHxIB7WEMRmMyDVdy3rViDLa2cSd/t08
y/HAxxZppjjUY6FF2RBvqrgKU6U1xxftbuvIlA9RW6Sms+FcenrhgGu8+Pl565qC
qndFzb3vJU+penkp4sGACimsrs7O4t+JNHX0Ez59hVdXCLTYLtFqPPbtXzDTun57
IabH/zJzYNfKhi+laYD78WnPk+U9zrzngV7uv7ApldtFv2NgQoOYawDxDHWbOBpG
L52GXcR5O3AvN0oGcWiUJOKne5pR9GGgb/38ujphKnc2qDxSpq/gHDa8zb5Q3Yh/
T/OAL2KO/DnfL6rVcJvVkbU3Hap2nfOl9i5nDdXZ7SVg10rJ+9KdQpo=
-----END CERTIFICATE-----