Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/e8LfT7gfSGa2muv0jF7A1t1LYdk.roa
File:                     e8LfT7gfSGa2muv0jF7A1t1LYdk.roa (raw, json)
Hash identifier:          WRAYYzwkRc+Wb2Yiz2tOnruT9Tcor90WcXfJXFu2bXg=
Subject key identifier:   7B:C2:DF:4F:B8:1F:48:66:B6:9A:EB:F4:8C:5E:C0:D6:DD:4B:61:D9
Certificate issuer:       /CN=37d27fc24443fcdd4b1b65cfc8078c4a14289f9e
Certificate serial:       019EC008EFC05BF5C90FB9C66449597AB81D
Authority key identifier: 37:D2:7F:C2:44:43:FC:DD:4B:1B:65:CF:C8:07:8C:4A:14:28:9F:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N9J_wkRD_N1LG2XPyAeMShQon54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/e8LfT7gfSGa2muv0jF7A1t1LYdk.roa
Signing time:             Sat 13 Jun 2026 08:11:11 +0000
ROA not before:           Sat 13 Jun 2026 08:11:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219450
IP address blocks:        5.252.96.0/24 maxlen: 24
                          5.252.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/N9J_wkRD_N1LG2XPyAeMShQon54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/N9J_wkRD_N1LG2XPyAeMShQon54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N9J_wkRD_N1LG2XPyAeMShQon54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:11:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c0:08:ef:c0:5b:f5:c9:0f:b9:c6:64:49:59:7a:b8:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37d27fc24443fcdd4b1b65cfc8078c4a14289f9e
        Validity
            Not Before: Jun 13 08:11:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7bc2df4fb81f4866b69aebf48c5ec0d6dd4b61d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:b7:84:45:a0:29:d7:44:9c:7e:d1:a5:e2:a7:
                    af:48:af:61:81:52:c5:3c:fa:ce:1b:40:2a:c4:74:
                    14:22:1e:05:94:fe:51:61:f8:5f:8e:74:f5:28:ea:
                    23:62:ca:17:a1:ed:fd:c2:0f:2e:80:a2:ce:49:98:
                    32:45:b9:50:bf:70:23:e8:0a:cf:46:ce:47:97:8e:
                    2e:0e:93:46:bb:d5:44:45:17:82:18:c8:94:4c:eb:
                    04:40:bc:b1:fc:77:16:37:ca:0b:6f:57:27:79:f5:
                    3d:45:75:de:3b:8b:fd:cc:0b:eb:3e:f6:62:e1:f2:
                    53:43:71:f4:21:41:4b:81:fa:b1:95:7a:01:64:3b:
                    f1:0a:f8:e9:88:cb:f2:6c:e8:15:06:3e:70:39:f5:
                    c6:61:31:07:89:9b:a7:ee:83:12:b8:78:f3:a2:b0:
                    18:18:e0:93:e8:b5:37:e1:68:17:75:69:3d:5d:81:
                    c2:6f:29:98:ef:8e:2c:1f:99:34:e4:b1:ca:9e:fa:
                    29:cc:fa:f5:90:c8:4c:8b:c0:0e:33:a9:89:32:f8:
                    83:f5:96:f9:fd:f0:ea:77:5d:fa:aa:58:8b:32:89:
                    3e:f2:ee:c0:5a:fc:11:9a:6c:1e:e8:37:8e:13:56:
                    2a:81:b3:04:06:a4:0d:48:95:a1:c3:de:dc:02:16:
                    67:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:C2:DF:4F:B8:1F:48:66:B6:9A:EB:F4:8C:5E:C0:D6:DD:4B:61:D9
            X509v3 Authority Key Identifier:
                keyid:37:D2:7F:C2:44:43:FC:DD:4B:1B:65:CF:C8:07:8C:4A:14:28:9F:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N9J_wkRD_N1LG2XPyAeMShQon54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/e8LfT7gfSGa2muv0jF7A1t1LYdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/d8c58d-8d24-4280-91fd-48b1664d40d5/1/N9J_wkRD_N1LG2XPyAeMShQon54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:c0:d0:84:00:98:33:1e:26:27:48:65:cd:51:00:43:38:20:
         20:a4:20:be:e8:b8:a9:da:19:b2:17:9c:c5:6d:19:f9:48:d1:
         86:3b:9e:5d:60:2a:c2:2c:fd:6f:89:39:e7:5b:82:bb:2d:b1:
         66:4d:8d:68:74:47:39:47:20:96:19:b9:1a:e7:b9:cb:e1:8a:
         75:3d:10:1d:d0:9f:0a:cf:52:d1:14:ff:4e:73:9c:e8:61:f1:
         e2:02:f3:bf:0e:f1:f0:29:e5:a7:d5:43:d4:c8:f0:f9:2d:76:
         da:a2:62:13:17:a4:be:03:0f:10:30:7d:be:9e:9d:4d:f8:02:
         a1:70:bd:f7:00:2b:fe:fd:f9:27:79:68:90:91:22:0c:e4:04:
         0e:8b:8b:f9:e1:87:44:67:bb:04:9d:62:09:31:a8:45:48:6c:
         a5:30:41:15:37:b1:1b:55:1b:ea:32:41:67:29:39:23:51:ed:
         52:ec:10:ae:b8:94:1a:98:da:3c:d6:3c:93:6a:ce:43:34:74:
         99:e6:f5:69:a0:33:d6:a2:de:e3:45:35:3e:34:17:f3:49:64:
         fc:c7:6e:0f:21:fb:0c:de:be:43:7a:ea:1c:00:cc:69:f2:fd:
         71:6e:10:b4:14:5c:eb:8e:23:3a:79:d2:1a:d5:df:48:08:00:
         fd:e3:ac:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7ACO/AW/XJD7nGZElZergdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZDI3ZmMyNDQ0M2ZjZGQ0YjFiNjVjZmM4MDc4YzRhMTQy
ODlmOWUwHhcNMjYwNjEzMDgxMTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmMyZGY0ZmI4MWY0ODY2YjY5YWViZjQ4YzVlYzBkNmRkNGI2MWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3reERaAp10ScftGl4qevSK9hgVLF
PPrOG0AqxHQUIh4FlP5RYfhfjnT1KOojYsoXoe39wg8ugKLOSZgyRblQv3Aj6ArP
Rs5Hl44uDpNGu9VERReCGMiUTOsEQLyx/HcWN8oLb1cnefU9RXXeO4v9zAvrPvZi
4fJTQ3H0IUFLgfqxlXoBZDvxCvjpiMvybOgVBj5wOfXGYTEHiZun7oMSuHjzorAY
GOCT6LU34WgXdWk9XYHCbymY744sH5k05LHKnvopzPr1kMhMi8AOM6mJMviD9Zb5
/fDqd136qliLMok+8u7AWvwRmmwe6DeOE1YqgbMEBqQNSJWhw97cAhZnoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHvC30+4H0hmtprr9IxewNbdS2HZMB8GA1UdIwQY
MBaAFDfSf8JEQ/zdSxtlz8gHjEoUKJ+eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjlKX3drUkRfTjFMRzJYUHlBZU1TaFFvbjU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9kOGM1OGQtOGQyNC00MjgwLTkxZmQt
NDhiMTY2NGQ0MGQ1LzEvZThMZlQ3Z2ZTR2EybXV2MGpGN0ExdDFMWWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9kOGM1OGQtOGQyNC00MjgwLTkxZmQtNDhiMTY2NGQ0MGQ1
LzEvTjlKX3drUkRfTjFMRzJYUHlBZU1TaFFvbjU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBfxgMA0G
CSqGSIb3DQEBCwUAA4IBAQCSwNCEAJgzHiYnSGXNUQBDOCAgpCC+6Lip2hmyF5zF
bRn5SNGGO55dYCrCLP1viTnnW4K7LbFmTY1odEc5RyCWGbka57nL4Yp1PRAd0J8K
z1LRFP9Oc5zoYfHiAvO/DvHwKeWn1UPUyPD5LXbaomITF6S+Aw8QMH2+np1N+AKh
cL33ACv+/fkneWiQkSIM5AQOi4v54YdEZ7sEnWIJMahFSGylMEEVN7EbVRvqMkFn
KTkjUe1S7BCuuJQamNo81jyTas5DNHSZ5vVpoDPWot7jRTU+NBfzSWT8x24PIfsM
3r5DeuocAMxp8v1xbhC0FFzrjiM6edIa1d9ICAD946y4
-----END CERTIFICATE-----