Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/7mCn109sqofRWDcNGOrrWERitmM.roa
File:                     7mCn109sqofRWDcNGOrrWERitmM.roa (raw, json)
Hash identifier:          n6j8KsGkcRSlMvVC+mLJUCmxgZJPqcyhJhHOVryX78M=
Subject key identifier:   EE:60:A7:D7:4F:6C:AA:87:D1:58:37:0D:18:EA:EB:58:44:62:B6:63
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       019D00EB3D152967E64BF26D88F82F6D0AE7
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/7mCn109sqofRWDcNGOrrWERitmM.roa
Signing time:             Wed 18 Mar 2026 12:28:29 +0000
ROA not before:           Wed 18 Mar 2026 12:28:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212477
IP address blocks:        45.91.116.0/24 maxlen: 32
                          91.212.45.0/24 maxlen: 32
                          195.82.132.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:eb:3d:15:29:67:e6:4b:f2:6d:88:f8:2f:6d:0a:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Mar 18 12:28:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ee60a7d74f6caa87d158370d18eaeb584462b663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:42:7e:f2:8d:cf:1f:ca:7b:3b:48:c7:18:75:
                    2c:5d:3f:f2:62:44:ed:e3:ed:fa:08:3a:cb:9f:f8:
                    52:ee:7b:26:e7:b4:7d:7b:47:e2:46:ba:d7:05:33:
                    f3:90:02:c7:a2:2e:f3:df:18:ce:20:25:70:cb:fe:
                    6f:d6:4b:e6:4c:20:be:10:bc:11:e4:e2:53:9a:e1:
                    17:9a:a7:d0:73:85:f6:d0:e4:61:93:0a:c7:ed:4d:
                    aa:83:2d:9b:07:0d:85:33:6a:0a:45:2b:f2:56:27:
                    ce:1c:26:28:8b:97:24:88:6f:0c:02:21:eb:76:18:
                    ca:7e:b2:da:64:48:c9:1c:4f:7d:8a:c9:58:60:61:
                    53:c4:9c:be:da:ed:7d:b3:3a:35:be:c9:bf:0f:b1:
                    5f:14:10:7d:8e:a0:79:ef:2c:08:7d:28:f0:00:88:
                    f1:26:63:3a:c5:60:0e:60:3b:8c:28:92:ae:2c:1f:
                    e7:ad:57:88:bd:ea:54:b1:27:60:74:2b:a9:99:7a:
                    ac:8e:a3:68:b6:c3:73:cd:2e:bb:fa:d5:6c:7c:d4:
                    21:41:54:1e:e4:fc:73:00:89:a7:c8:39:07:fe:2c:
                    e7:0e:2b:ec:24:bf:2a:5b:7f:dd:31:48:b9:b6:7a:
                    ac:36:c6:a8:59:1d:96:f0:0d:5c:d5:d2:6d:bd:fa:
                    80:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:60:A7:D7:4F:6C:AA:87:D1:58:37:0D:18:EA:EB:58:44:62:B6:63
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/7mCn109sqofRWDcNGOrrWERitmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.116.0/24
                  91.212.45.0/24
                  195.82.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:04:30:ac:b3:28:ac:26:28:dd:16:35:c0:26:fe:36:c6:94:
         f7:24:8b:a9:d3:c0:eb:bc:70:46:1f:41:50:49:1c:a5:c2:c1:
         d9:b7:ab:04:82:7d:cb:b0:8e:5e:9c:8b:0f:33:1a:af:4b:78:
         b6:d6:d0:b8:6c:25:4f:06:32:6d:b7:d1:c7:ea:e7:ac:96:82:
         c7:27:81:a8:43:b2:ce:a4:d5:15:36:e8:3d:ce:cc:6b:c3:14:
         ed:fd:b4:83:d0:9d:ad:e1:ef:7d:97:54:89:09:37:ae:63:97:
         45:0b:bb:70:c6:fd:47:88:c8:d3:70:fa:9b:a4:68:be:0f:40:
         1f:95:a0:c7:0e:e3:6c:f0:44:36:1a:b8:fb:a2:21:0a:43:29:
         c8:ab:78:a8:3c:2e:e8:58:da:8f:1e:b7:88:69:fa:1d:89:f2:
         af:07:4f:25:f3:e9:18:9b:95:96:3b:8e:ff:96:f0:80:44:3a:
         91:9a:a2:be:cf:b5:c2:c6:a2:d4:d3:a1:7f:9e:32:22:5d:49:
         26:56:dd:81:eb:2d:ff:51:39:ce:86:d5:6c:22:2a:40:3b:7b:
         d9:4a:29:36:86:97:8a:d6:bd:07:cc:05:ea:db:d4:24:bf:51:
         16:52:bc:28:93:b2:25:1c:59:bc:f5:8d:9f:6f:5d:77:b7:2b:
         98:df:7e:1f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0A6z0VKWfmS/JtiPgvbQrnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjYwMzE4MTIyODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTYwYTdkNzRmNmNhYTg3ZDE1ODM3MGQxOGVhZWI1ODQ0NjJiNjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEJ+8o3PH8p7O0jHGHUsXT/yYkTt
4+36CDrLn/hS7nsm57R9e0fiRrrXBTPzkALHoi7z3xjOICVwy/5v1kvmTCC+ELwR
5OJTmuEXmqfQc4X20ORhkwrH7U2qgy2bBw2FM2oKRSvyVifOHCYoi5ckiG8MAiHr
dhjKfrLaZEjJHE99islYYGFTxJy+2u19szo1vsm/D7FfFBB9jqB57ywIfSjwAIjx
JmM6xWAOYDuMKJKuLB/nrVeIvepUsSdgdCupmXqsjqNotsNzzS67+tVsfNQhQVQe
5PxzAImnyDkH/iznDivsJL8qW3/dMUi5tnqsNsaoWR2W8A1c1dJtvfqAtwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO5gp9dPbKqH0Vg3DRjq61hEYrZjMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvN21DbjEwOXNxb2ZSV0RjTkdPcnJXRVJpdG1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVt0AwQA
W9QtAwQBw1KEMA0GCSqGSIb3DQEBCwUAA4IBAQCeBDCssyisJijdFjXAJv42xpT3
JIup08DrvHBGH0FQSRylwsHZt6sEgn3LsI5enIsPMxqvS3i21tC4bCVPBjJtt9HH
6uesloLHJ4GoQ7LOpNUVNug9zsxrwxTt/bSD0J2t4e99l1SJCTeuY5dFC7twxv1H
iMjTcPqbpGi+D0AflaDHDuNs8EQ2Grj7oiEKQynIq3ioPC7oWNqPHreIafodifKv
B08l8+kYm5WWO47/lvCARDqRmqK+z7XCxqLU06F/njIiXUkmVt2B6y3/UTnOhtVs
IipAO3vZSik2hpeK1r0HzAXq29Qkv1EWUrwok7IlHFm89Y2fb113tyuY334f
-----END CERTIFICATE-----