Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/OG7_lXL_FREXPewWG2jRhu7NKkk.roa
File:                     OG7_lXL_FREXPewWG2jRhu7NKkk.roa (raw, json)
Hash identifier:          OjrTv00WjEZGL+NG2/kIWW4GJTL5RgG2LH/lGB1grO8=
Subject key identifier:   38:6E:FF:95:72:FF:15:11:17:3D:EC:16:1B:68:D1:86:EE:CD:2A:49
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019DFD88F541CD2D448F5B3C1EC07DD8020A
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/OG7_lXL_FREXPewWG2jRhu7NKkk.roa
Signing time:             Wed 06 May 2026 13:45:04 +0000
ROA not before:           Wed 06 May 2026 13:45:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35682
IP address blocks:        77.83.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:88:f5:41:cd:2d:44:8f:5b:3c:1e:c0:7d:d8:02:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: May  6 13:45:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=386eff9572ff1511173dec161b68d186eecd2a49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c8:e8:de:5e:22:d0:74:7f:b0:19:c4:0a:4e:
                    f5:70:ee:7b:a9:a3:97:32:eb:ad:eb:29:41:1b:20:
                    54:08:ad:4a:04:29:47:b7:b7:d9:c5:f6:ce:b1:82:
                    a5:21:07:c3:e3:74:72:80:72:96:17:25:be:f9:90:
                    71:41:91:7a:27:cc:fd:49:27:75:77:11:bd:e1:55:
                    13:f1:05:73:bd:9a:28:e3:b9:9f:5c:31:1d:4b:26:
                    64:00:43:0f:45:28:32:0d:2e:4d:f7:42:9a:b9:d3:
                    f2:5d:05:63:4f:28:10:56:05:95:92:40:32:1b:e4:
                    ae:db:16:88:4f:61:d3:39:70:d5:06:a6:50:d2:8e:
                    fe:95:ca:51:af:94:96:03:62:5d:7c:81:a6:03:b1:
                    1a:e6:dc:6e:c1:a2:16:65:f9:17:2e:e9:66:45:e8:
                    e1:4c:e7:51:10:c8:23:bd:4c:b9:5f:6c:c1:09:43:
                    1b:d7:94:61:00:b8:47:94:f2:a7:38:83:cc:24:3b:
                    fd:93:59:ab:87:37:01:5c:2a:2a:8c:a5:9e:b9:c2:
                    07:7f:5b:a1:03:22:4c:a2:9b:74:c2:bc:08:5a:1a:
                    6b:fe:22:5a:ff:6c:4e:7b:8b:f2:f8:60:64:68:2d:
                    95:5e:d1:71:ec:cd:09:0e:cb:12:df:c0:5c:c1:44:
                    2b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:6E:FF:95:72:FF:15:11:17:3D:EC:16:1B:68:D1:86:EE:CD:2A:49
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/OG7_lXL_FREXPewWG2jRhu7NKkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:42:63:dc:c8:98:be:57:03:6e:4f:f7:8b:b1:ee:8c:17:12:
         01:62:c3:be:62:91:7a:9c:7c:c1:cf:6e:51:a8:61:3f:cf:3b:
         23:0c:32:51:b1:b5:92:d7:52:7b:6e:24:08:cf:e3:ce:b5:4f:
         77:6c:38:60:24:88:6b:ce:f3:a2:49:15:d2:36:66:74:60:0b:
         17:94:37:53:a0:e0:dc:a8:d6:e5:6b:8a:5d:34:47:a6:4c:ac:
         2a:d1:3c:90:60:95:49:e9:a7:42:57:f0:ba:c0:cd:77:bc:45:
         85:ea:90:8b:0a:ba:0e:bf:d4:52:8e:4f:50:ba:4b:f2:8d:89:
         b9:3f:15:14:63:bc:a7:af:b9:48:21:4c:d7:7b:1a:73:34:1a:
         b1:27:80:b4:b8:f4:bf:34:ba:38:67:c2:bc:5a:21:94:8b:fe:
         46:d7:03:f0:73:dc:b9:64:1c:76:25:4a:4b:b4:6f:1e:0d:f2:
         22:25:04:c0:d0:3b:62:21:24:07:5b:79:88:7e:48:11:3c:8b:
         95:53:d4:ae:7b:d5:01:e7:c7:a1:26:63:41:ff:ef:c1:63:8a:
         99:12:55:0d:e9:f3:c2:b7:84:cb:c7:7e:a3:49:c0:31:53:ba:
         e4:28:b2:19:e4:2d:16:57:06:04:65:9f:00:01:28:cf:55:67:
         51:4a:67:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ39iPVBzS1Ej1s8HsB92AIKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwNTA2MTM0NTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODZlZmY5NTcyZmYxNTExMTczZGVjMTYxYjY4ZDE4NmVlY2QyYTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsjo3l4i0HR/sBnECk71cO57qaOX
Muut6ylBGyBUCK1KBClHt7fZxfbOsYKlIQfD43RygHKWFyW++ZBxQZF6J8z9SSd1
dxG94VUT8QVzvZoo47mfXDEdSyZkAEMPRSgyDS5N90KaudPyXQVjTygQVgWVkkAy
G+Su2xaIT2HTOXDVBqZQ0o7+lcpRr5SWA2JdfIGmA7Ea5txuwaIWZfkXLulmRejh
TOdREMgjvUy5X2zBCUMb15RhALhHlPKnOIPMJDv9k1mrhzcBXCoqjKWeucIHf1uh
AyJMopt0wrwIWhpr/iJa/2xOe4vy+GBkaC2VXtFx7M0JDssS38BcwUQrgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhu/5Vy/xURFz3sFhto0YbuzSpJMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvT0c3X2xYTF9GUkVYUGV3V0cyalJodTdOS2trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVPOMA0G
CSqGSIb3DQEBCwUAA4IBAQAeQmPcyJi+VwNuT/eLse6MFxIBYsO+YpF6nHzBz25R
qGE/zzsjDDJRsbWS11J7biQIz+POtU93bDhgJIhrzvOiSRXSNmZ0YAsXlDdToODc
qNbla4pdNEemTKwq0TyQYJVJ6adCV/C6wM13vEWF6pCLCroOv9RSjk9QukvyjYm5
PxUUY7ynr7lIIUzXexpzNBqxJ4C0uPS/NLo4Z8K8WiGUi/5G1wPwc9y5ZBx2JUpL
tG8eDfIiJQTA0DtiISQHW3mIfkgRPIuVU9Sue9UB58ehJmNB/+/BY4qZElUN6fPC
t4TLx36jScAxU7rkKLIZ5C0WVwYEZZ8AASjPVWdRSmdk
-----END CERTIFICATE-----