Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/N7KzbnSCtBZxo6leDNHJYf_fUpw.roa
File:                     N7KzbnSCtBZxo6leDNHJYf_fUpw.roa (raw, json)
Hash identifier:          /UrnKy1zrMq95TUGKkiYPqqZU6gx6ujjcxvogPKd0Oo=
Subject key identifier:   37:B2:B3:6E:74:82:B4:16:71:A3:A9:5E:0C:D1:C9:61:FF:DF:52:9C
Certificate issuer:       /CN=8b82433ffe94bf3536fec327543d396158202072
Certificate serial:       019CF6510F173E466E0E3224954C07D10059
Authority key identifier: 8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/N7KzbnSCtBZxo6leDNHJYf_fUpw.roa
Signing time:             Mon 16 Mar 2026 11:03:53 +0000
ROA not before:           Mon 16 Mar 2026 11:03:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57494
IP address blocks:        83.217.202.0/24 maxlen: 32
                          83.217.203.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 14:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f6:51:0f:17:3e:46:6e:0e:32:24:95:4c:07:d1:00:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b82433ffe94bf3536fec327543d396158202072
        Validity
            Not Before: Mar 16 11:03:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=37b2b36e7482b41671a3a95e0cd1c961ffdf529c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:47:50:99:a3:1e:39:aa:4e:10:71:0c:ae:dc:
                    be:87:60:67:5d:cb:9c:b0:cb:b1:65:ce:bd:3b:17:
                    12:51:6a:e8:b7:6b:ac:0d:85:7a:34:f7:92:89:28:
                    c5:b3:1f:77:06:05:32:aa:5c:39:b1:cf:4b:0e:f4:
                    03:fb:68:15:e2:eb:5e:6d:56:3b:6a:83:4b:c0:7e:
                    18:b7:d7:60:0b:60:5b:64:fa:41:07:85:94:5b:17:
                    c2:e0:0d:ab:e3:4b:3d:ad:91:dd:85:f1:03:ec:5c:
                    71:d7:be:b7:a8:67:e5:d4:33:87:8d:9b:e3:38:85:
                    c3:95:32:4f:dc:fa:4c:fb:4d:bb:f4:ee:e6:9d:f1:
                    1c:f2:5a:ea:77:30:65:2b:e0:30:48:83:94:76:c2:
                    f8:09:33:26:e8:26:4f:13:cb:51:e6:0e:79:c8:75:
                    3c:a6:d8:16:f3:1a:ec:cb:fa:12:f8:af:cf:f4:df:
                    de:54:3e:8c:bf:2f:d0:55:f7:bf:e0:0c:55:43:87:
                    99:d4:27:a7:13:a2:af:8d:fd:55:8f:22:ef:dc:24:
                    24:c3:da:c0:48:11:fa:cb:fc:85:47:77:66:6a:ab:
                    5b:fa:50:a5:9d:39:eb:58:e0:96:ba:9b:c9:af:be:
                    a6:e6:61:bc:1f:a1:15:02:8b:8c:4b:df:09:ae:54:
                    d7:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:B2:B3:6E:74:82:B4:16:71:A3:A9:5E:0C:D1:C9:61:FF:DF:52:9C
            X509v3 Authority Key Identifier:
                keyid:8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/N7KzbnSCtBZxo6leDNHJYf_fUpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.217.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:84:e1:46:b7:7c:b7:b3:af:25:ac:98:09:c6:7c:ff:b2:96:
         b4:9a:30:32:87:0d:ef:35:df:48:a7:70:48:c2:15:17:1c:4b:
         b3:8a:a0:0c:b7:94:3b:19:2e:7c:43:52:ed:3e:01:3c:d9:15:
         68:1b:5e:f2:0d:aa:0c:99:8c:db:aa:9e:f3:52:04:68:16:47:
         43:a4:7e:20:7c:bf:46:20:b9:da:50:50:3d:c0:39:66:15:57:
         f5:30:b3:f2:cb:06:6a:0a:96:20:3b:95:0f:88:86:e1:84:04:
         1b:de:09:3c:8f:11:69:07:86:5f:cf:ff:b2:f5:da:1b:cd:1b:
         19:2a:39:5a:9e:c3:37:b8:f5:89:0a:8f:ee:f6:19:82:f9:09:
         f0:08:3b:28:39:77:e9:dc:69:c1:f8:e4:23:22:cf:84:53:cc:
         76:e1:1e:23:48:ce:84:cb:0c:ee:a3:93:04:e5:7f:18:dd:ca:
         2c:4c:ff:a7:5f:77:77:0a:eb:24:d6:47:9b:e7:62:c1:70:f2:
         d1:dc:c5:88:35:02:02:52:bd:0d:e0:b5:9d:c7:e8:f5:74:26:
         84:63:8f:a1:af:d1:3d:eb:72:9a:ed:cf:cd:f8:1e:c3:a0:fc:
         c9:95:35:96:72:58:32:91:ed:ef:8f:a0:12:b7:c2:09:0d:85:
         45:ba:d4:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz2UQ8XPkZuDjIklUwH0QBZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiODI0MzNmZmU5NGJmMzUzNmZlYzMyNzU0M2QzOTYxNTgy
MDIwNzIwHhcNMjYwMzE2MTEwMzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2IyYjM2ZTc0ODJiNDE2NzFhM2E5NWUwY2QxYzk2MWZmZGY1MjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkdQmaMeOapOEHEMrty+h2BnXcuc
sMuxZc69OxcSUWrot2usDYV6NPeSiSjFsx93BgUyqlw5sc9LDvQD+2gV4utebVY7
aoNLwH4Yt9dgC2BbZPpBB4WUWxfC4A2r40s9rZHdhfED7Fxx1763qGfl1DOHjZvj
OIXDlTJP3PpM+0279O7mnfEc8lrqdzBlK+AwSIOUdsL4CTMm6CZPE8tR5g55yHU8
ptgW8xrsy/oS+K/P9N/eVD6Mvy/QVfe/4AxVQ4eZ1CenE6Kvjf1VjyLv3CQkw9rA
SBH6y/yFR3dmaqtb+lClnTnrWOCWupvJr76m5mG8H6EVAouMS98JrlTX3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDeys250grQWcaOpXgzRyWH/31KcMB8GA1UdIwQY
MBaAFIuCQz/+lL81Nv7DJ1Q9OWFYICByMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYt
MmRkNzg5MGRjNjg5LzEvTjdLemJuU0N0Qlp4bzZsZUROSEpZZl9mVXB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYtMmRkNzg5MGRjNjg5
LzEvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU9nKMA0G
CSqGSIb3DQEBCwUAA4IBAQBBhOFGt3y3s68lrJgJxnz/spa0mjAyhw3vNd9Ip3BI
whUXHEuziqAMt5Q7GS58Q1LtPgE82RVoG17yDaoMmYzbqp7zUgRoFkdDpH4gfL9G
ILnaUFA9wDlmFVf1MLPyywZqCpYgO5UPiIbhhAQb3gk8jxFpB4Zfz/+y9dobzRsZ
KjlansM3uPWJCo/u9hmC+QnwCDsoOXfp3GnB+OQjIs+EU8x24R4jSM6Eywzuo5ME
5X8Y3cosTP+nX3d3Cusk1keb52LBcPLR3MWINQICUr0N4LWdx+j1dCaEY4+hr9E9
63Ka7c/N+B7DoPzJlTWWclgyke3vj6ASt8IJDYVFutTg
-----END CERTIFICATE-----