Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/1f5681-b105-4ff1-9bf4-adc56d43e0c4/1/7HIHyHGDiVhFywfB2aUFsNjko-M.roa
File:                     7HIHyHGDiVhFywfB2aUFsNjko-M.roa (raw, json)
Hash identifier:          Iv4sArJJwlkOrpiX31eTz3pS1dqhRbw3dXCKTSlvosg=
Subject key identifier:   EC:72:07:C8:71:83:89:58:45:CB:07:C1:D9:A5:05:B0:D8:E4:A3:E3
Certificate issuer:       /CN=0e5352d9441b65c2016ed8eb7e2f235954434f5d
Certificate serial:       019E022765684A20DB641154F1503849CCCB
Authority key identifier: 0E:53:52:D9:44:1B:65:C2:01:6E:D8:EB:7E:2F:23:59:54:43:4F:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DlNS2UQbZcIBbtjrfi8jWVRDT10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/1f5681-b105-4ff1-9bf4-adc56d43e0c4/1/7HIHyHGDiVhFywfB2aUFsNjko-M.roa
Signing time:             Thu 07 May 2026 11:16:36 +0000
ROA not before:           Thu 07 May 2026 11:16:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212183
IP address blocks:        2001:67c:924::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/1f5681-b105-4ff1-9bf4-adc56d43e0c4/1/DlNS2UQbZcIBbtjrfi8jWVRDT10.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/1f5681-b105-4ff1-9bf4-adc56d43e0c4/1/DlNS2UQbZcIBbtjrfi8jWVRDT10.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DlNS2UQbZcIBbtjrfi8jWVRDT10.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 11:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:02:27:65:68:4a:20:db:64:11:54:f1:50:38:49:cc:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e5352d9441b65c2016ed8eb7e2f235954434f5d
        Validity
            Not Before: May  7 11:16:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ec7207c87183895845cb07c1d9a505b0d8e4a3e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:bc:68:22:71:fc:71:f7:82:ec:72:93:6d:db:
                    11:43:35:ca:24:14:2f:3c:37:96:66:fb:a0:8f:e0:
                    94:fc:5d:f7:4b:0e:2d:7d:51:de:0c:4b:7f:7d:4e:
                    ac:ab:93:56:b0:9d:c9:54:8e:02:67:0b:8f:d7:a8:
                    fd:59:43:ef:fa:90:a1:73:f8:f2:78:79:8a:48:de:
                    5a:de:cd:d4:57:28:50:12:c2:9e:b9:f7:8b:96:6a:
                    7a:7a:3c:30:11:16:43:5f:1f:e3:58:b0:ab:1d:3b:
                    40:4f:06:45:1a:a3:1f:fa:e9:cb:03:10:7b:68:61:
                    6b:cf:4f:60:5f:4c:68:65:f1:fc:83:ac:e4:7d:5e:
                    25:6c:f7:86:3f:b7:88:5e:fc:de:9f:b7:fe:3c:32:
                    dc:84:c7:eb:47:65:dc:21:96:b6:60:05:47:d1:e9:
                    cf:fa:7d:e3:69:de:f6:a6:9f:33:8a:60:34:af:92:
                    aa:78:1d:68:13:6b:c3:ff:03:02:dd:c9:f1:00:bc:
                    b0:6c:da:fe:43:e9:39:de:bf:b8:1c:45:26:6f:aa:
                    3a:ae:6e:49:a9:79:63:14:c6:af:a1:02:c2:12:03:
                    ff:e7:ef:62:d0:fc:6d:14:ff:88:b0:2c:62:f9:d6:
                    7c:97:19:b6:d3:52:6d:67:ae:33:99:f4:af:e0:81:
                    26:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:72:07:C8:71:83:89:58:45:CB:07:C1:D9:A5:05:B0:D8:E4:A3:E3
            X509v3 Authority Key Identifier:
                keyid:0E:53:52:D9:44:1B:65:C2:01:6E:D8:EB:7E:2F:23:59:54:43:4F:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DlNS2UQbZcIBbtjrfi8jWVRDT10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/1f5681-b105-4ff1-9bf4-adc56d43e0c4/1/7HIHyHGDiVhFywfB2aUFsNjko-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/1f5681-b105-4ff1-9bf4-adc56d43e0c4/1/DlNS2UQbZcIBbtjrfi8jWVRDT10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:924::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:b3:a6:c6:13:6c:5b:76:69:15:44:86:3b:96:93:d0:c0:ac:
         0a:bb:ea:99:82:8a:12:87:6e:43:ba:e5:af:c7:9b:c6:30:bd:
         43:b8:61:92:9b:ad:cc:ec:3c:e8:6a:41:36:b2:ef:57:d3:7b:
         e0:6b:7f:98:76:3b:74:ef:37:35:9b:3c:c9:10:a4:af:da:46:
         34:8b:81:a8:d7:de:76:97:05:17:6b:d4:9e:3d:69:c0:5d:e6:
         e1:2f:e1:11:87:8f:47:9c:e5:58:40:dc:b2:a9:b7:68:4a:cc:
         48:df:36:c1:d1:74:b1:7f:b4:f9:10:31:60:59:3f:20:af:48:
         1f:ee:7e:b3:94:3d:af:5a:e2:41:1d:92:04:70:d4:b3:e8:c6:
         ba:4c:00:44:53:53:3e:94:c3:07:3b:90:b1:31:21:b3:ef:bf:
         e6:d1:d3:9e:8b:9d:51:77:ac:bb:8a:f6:7a:17:b9:97:27:15:
         9f:c6:11:d9:37:9e:2c:1f:51:de:68:e9:71:6c:43:5c:5c:bb:
         fa:f0:ae:1d:30:ec:c7:18:2e:41:c7:32:49:5c:55:a9:36:fa:
         52:b7:d5:99:f2:3c:80:2c:75:4f:93:39:d2:c9:ff:dd:f1:ca:
         39:c2:b1:8e:23:ff:29:cd:29:02:16:1c:d1:aa:99:e8:18:14:
         4c:5c:20:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ4CJ2VoSiDbZBFU8VA4SczLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNTM1MmQ5NDQxYjY1YzIwMTZlZDhlYjdlMmYyMzU5NTQ0
MzRmNWQwHhcNMjYwNTA3MTExNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzcyMDdjODcxODM4OTU4NDVjYjA3YzFkOWE1MDViMGQ4ZTRhM2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7xoInH8cfeC7HKTbdsRQzXKJBQv
PDeWZvugj+CU/F33Sw4tfVHeDEt/fU6sq5NWsJ3JVI4CZwuP16j9WUPv+pChc/jy
eHmKSN5a3s3UVyhQEsKeufeLlmp6ejwwERZDXx/jWLCrHTtATwZFGqMf+unLAxB7
aGFrz09gX0xoZfH8g6zkfV4lbPeGP7eIXvzen7f+PDLchMfrR2XcIZa2YAVH0enP
+n3jad72pp8zimA0r5KqeB1oE2vD/wMC3cnxALywbNr+Q+k53r+4HEUmb6o6rm5J
qXljFMavoQLCEgP/5+9i0PxtFP+IsCxi+dZ8lxm201JtZ64zmfSv4IEmmwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOxyB8hxg4lYRcsHwdmlBbDY5KPjMB8GA1UdIwQY
MBaAFA5TUtlEG2XCAW7Y634vI1lUQ09dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGxOUzJVUWJaY0lCYnRqcmZpOGpXVlJEVDEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8xZjU2ODEtYjEwNS00ZmYxLTliZjQt
YWRjNTZkNDNlMGM0LzEvN0hJSHlIR0RpVmhGeXdmQjJhVUZzTmprby1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8xZjU2ODEtYjEwNS00ZmYxLTliZjQtYWRjNTZkNDNlMGM0
LzEvRGxOUzJVUWJaY0lCYnRqcmZpOGpXVlJEVDEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAkk
MA0GCSqGSIb3DQEBCwUAA4IBAQCYs6bGE2xbdmkVRIY7lpPQwKwKu+qZgooSh25D
uuWvx5vGML1DuGGSm63M7DzoakE2su9X03vga3+Ydjt07zc1mzzJEKSv2kY0i4Go
1952lwUXa9SePWnAXebhL+ERh49HnOVYQNyyqbdoSsxI3zbB0XSxf7T5EDFgWT8g
r0gf7n6zlD2vWuJBHZIEcNSz6Ma6TABEU1M+lMMHO5CxMSGz77/m0dOei51Rd6y7
ivZ6F7mXJxWfxhHZN54sH1HeaOlxbENcXLv68K4dMOzHGC5BxzJJXFWpNvpSt9WZ
8jyALHVPkznSyf/d8co5wrGOI/8pzSkCFhzRqpnoGBRMXCA+
-----END CERTIFICATE-----