Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/DsgH-2l0ZUEQ5QwDCoj8o-EpJFs.roa
File:                     DsgH-2l0ZUEQ5QwDCoj8o-EpJFs.roa (raw, json)
Hash identifier:          yvpnLBP9aiLVJJIHtl3Or2O/+llJmxZ1ZUNn0YtwZpg=
Subject key identifier:   0E:C8:07:FB:69:74:65:41:10:E5:0C:03:0A:88:FC:A3:E1:29:24:5B
Certificate issuer:       /CN=2eeec5231d212b310579d78fc41479ca6ec2aa07
Certificate serial:       019DF86FD7194C90C5A0407F5D0E29CED835
Authority key identifier: 2E:EE:C5:23:1D:21:2B:31:05:79:D7:8F:C4:14:79:CA:6E:C2:AA:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lu7FIx0hKzEFedePxBR5ym7Cqgc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/DsgH-2l0ZUEQ5QwDCoj8o-EpJFs.roa
Signing time:             Tue 05 May 2026 13:59:32 +0000
ROA not before:           Tue 05 May 2026 13:59:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48475
IP address blocks:        92.241.28.0/24 maxlen: 24
                          92.241.29.0/24 maxlen: 24
                          92.241.30.0/24 maxlen: 24
                          92.241.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/Lu7FIx0hKzEFedePxBR5ym7Cqgc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/Lu7FIx0hKzEFedePxBR5ym7Cqgc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lu7FIx0hKzEFedePxBR5ym7Cqgc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f8:6f:d7:19:4c:90:c5:a0:40:7f:5d:0e:29:ce:d8:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2eeec5231d212b310579d78fc41479ca6ec2aa07
        Validity
            Not Before: May  5 13:59:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ec807fb6974654110e50c030a88fca3e129245b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f8:37:f8:43:20:e6:a4:e6:2c:73:66:cb:95:
                    e9:23:ac:4c:5c:43:15:03:99:4a:c5:f0:c9:2c:e9:
                    96:7e:32:27:71:b3:90:40:12:5b:46:88:f5:1e:49:
                    25:92:8f:bb:2d:ce:07:7f:e0:59:c2:e8:dc:14:0a:
                    ca:50:92:6f:62:76:1f:e2:e9:3d:85:aa:43:2e:53:
                    34:25:21:5d:41:9f:9a:1b:d2:05:ca:27:f2:78:fe:
                    69:d8:d3:aa:ec:14:76:8f:e5:11:76:17:53:af:82:
                    3e:3d:2b:ed:2f:2b:0e:66:96:36:19:b6:f0:c5:e3:
                    60:16:51:78:08:54:f4:99:5d:7e:72:b3:e7:51:84:
                    d1:ab:fd:b4:40:00:1a:55:a0:ca:c8:33:d5:95:6f:
                    44:48:a4:7b:39:96:f2:00:da:f6:db:b5:5d:f2:b2:
                    5d:b6:a8:0d:fd:67:e9:52:e9:80:73:4d:67:d1:10:
                    66:fc:3d:20:0d:90:41:e1:76:14:37:77:b0:eb:0a:
                    85:15:b4:ce:bc:15:7a:6d:ab:8a:70:2e:ef:59:bc:
                    df:a8:40:58:1b:82:ba:03:44:e4:24:83:57:08:fe:
                    bc:08:2d:8a:23:15:1d:2f:d3:9a:94:11:ea:ea:66:
                    e4:52:c5:2f:47:22:16:56:a7:6d:5f:2c:2a:78:11:
                    d0:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:C8:07:FB:69:74:65:41:10:E5:0C:03:0A:88:FC:A3:E1:29:24:5B
            X509v3 Authority Key Identifier:
                keyid:2E:EE:C5:23:1D:21:2B:31:05:79:D7:8F:C4:14:79:CA:6E:C2:AA:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lu7FIx0hKzEFedePxBR5ym7Cqgc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/DsgH-2l0ZUEQ5QwDCoj8o-EpJFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/Lu7FIx0hKzEFedePxBR5ym7Cqgc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.241.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:44:5a:b9:bd:26:35:7f:64:22:1f:c8:66:03:b1:bc:67:9e:
         0f:98:0e:d5:7c:6d:e4:b4:1d:99:f4:11:ac:4a:62:27:59:c4:
         e5:3e:0d:87:c1:5b:14:b9:13:e0:57:c5:e9:1f:50:0c:0d:4b:
         e9:a4:df:db:9c:2e:75:0c:b3:9b:35:57:7a:1a:ef:c6:ec:3d:
         f5:97:46:24:af:d7:c1:fe:ad:58:8d:1f:c4:f4:20:37:df:49:
         65:55:62:79:17:35:da:a4:8b:1b:37:c6:dc:2a:97:5d:41:f6:
         c1:4e:2b:dc:cb:16:5b:cf:56:7a:ff:22:50:59:59:01:ab:9a:
         4d:eb:3c:9a:0d:6c:02:2c:95:f4:72:d7:c1:e1:94:4c:f4:f8:
         f4:71:ff:89:c4:88:fa:7f:f6:a1:03:83:c7:c9:ec:64:99:05:
         e3:fa:2e:71:20:fc:e0:60:3e:c2:06:64:fa:8e:11:92:c5:1e:
         c8:2d:e1:2b:47:7f:e6:27:3f:03:da:3a:21:de:7a:7f:dd:3c:
         13:4a:15:fb:e0:85:f1:f4:be:2a:14:05:9b:e4:a8:f5:06:82:
         75:8b:c0:6c:35:84:e2:eb:d9:5f:89:3c:7a:2b:2b:fd:29:c6:
         6c:6c:cf:05:39:5e:19:f7:67:a3:eb:3e:9b:2e:ac:78:b0:3e:
         17:3d:a5:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ34b9cZTJDFoEB/XQ4pztg1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZWVjNTIzMWQyMTJiMzEwNTc5ZDc4ZmM0MTQ3OWNhNmVj
MmFhMDcwHhcNMjYwNTA1MTM1OTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWM4MDdmYjY5NzQ2NTQxMTBlNTBjMDMwYTg4ZmNhM2UxMjkyNDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/g3+EMg5qTmLHNmy5XpI6xMXEMV
A5lKxfDJLOmWfjIncbOQQBJbRoj1Hkklko+7Lc4Hf+BZwujcFArKUJJvYnYf4uk9
hapDLlM0JSFdQZ+aG9IFyifyeP5p2NOq7BR2j+URdhdTr4I+PSvtLysOZpY2Gbbw
xeNgFlF4CFT0mV1+crPnUYTRq/20QAAaVaDKyDPVlW9ESKR7OZbyANr227Vd8rJd
tqgN/WfpUumAc01n0RBm/D0gDZBB4XYUN3ew6wqFFbTOvBV6bauKcC7vWbzfqEBY
G4K6A0TkJINXCP68CC2KIxUdL9OalBHq6mbkUsUvRyIWVqdtXywqeBHQUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA7IB/tpdGVBEOUMAwqI/KPhKSRbMB8GA1UdIwQY
MBaAFC7uxSMdISsxBXnXj8QUecpuwqoHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHU3Rkl4MGhLekVGZWRlUHhCUjV5bTdDcWdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84Yjg1NmEtMzhhZS00Y2ZiLTgxZDIt
MjcxYTk1NzZlYWU3LzEvRHNnSC0ybDBaVUVRNVF3RENvajhvLUVwSkZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84Yjg1NmEtMzhhZS00Y2ZiLTgxZDItMjcxYTk1NzZlYWU3
LzEvTHU3Rkl4MGhLekVGZWRlUHhCUjV5bTdDcWdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXPEcMA0G
CSqGSIb3DQEBCwUAA4IBAQA+RFq5vSY1f2QiH8hmA7G8Z54PmA7VfG3ktB2Z9BGs
SmInWcTlPg2HwVsUuRPgV8XpH1AMDUvppN/bnC51DLObNVd6Gu/G7D31l0Ykr9fB
/q1YjR/E9CA330llVWJ5FzXapIsbN8bcKpddQfbBTivcyxZbz1Z6/yJQWVkBq5pN
6zyaDWwCLJX0ctfB4ZRM9Pj0cf+JxIj6f/ahA4PHyexkmQXj+i5xIPzgYD7CBmT6
jhGSxR7ILeErR3/mJz8D2joh3np/3TwTShX74IXx9L4qFAWb5Kj1BoJ1i8BsNYTi
69lfiTx6Kyv9KcZsbM8FOV4Z92ej6z6bLqx4sD4XPaXD
-----END CERTIFICATE-----