Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/cxmxQry29AMdc5RX3RJC0Tjw9ko.roa
File:                     cxmxQry29AMdc5RX3RJC0Tjw9ko.roa (raw, json)
Hash identifier:          /vajF9KsWpGo0gpqziat3c/h17bybkweLF9MVnXcM3w=
Subject key identifier:   73:19:B1:42:BC:B6:F4:03:1D:73:94:57:DD:12:42:D1:38:F0:F6:4A
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019DFDFA28684769666D95C4EEDD8BB8F465
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/cxmxQry29AMdc5RX3RJC0Tjw9ko.roa
Signing time:             Wed 06 May 2026 15:48:43 +0000
ROA not before:           Wed 06 May 2026 15:48:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150423
IP address blocks:        82.108.12.0/22 maxlen: 22
                          87.82.52.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:04:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:fa:28:68:47:69:66:6d:95:c4:ee:dd:8b:b8:f4:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: May  6 15:48:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7319b142bcb6f4031d739457dd1242d138f0f64a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:85:5b:de:9a:1e:c1:e2:45:e3:8d:13:79:fe:
                    f1:f7:ac:06:43:95:89:09:b0:20:06:54:b1:71:31:
                    18:07:4d:28:01:22:ff:08:64:f0:09:5a:6b:5a:bc:
                    64:0b:cb:85:6f:93:40:ff:d0:77:1e:72:1a:44:33:
                    d4:46:b9:d0:88:c4:91:e4:80:47:d3:cb:60:a5:d2:
                    65:26:ce:1e:34:34:fa:a2:b9:2b:19:a7:6d:63:fb:
                    e0:aa:32:31:1f:dd:22:63:8a:92:25:b3:e9:ee:27:
                    1d:e6:a8:ee:bd:0a:45:6d:ca:bf:be:f3:10:4c:5e:
                    a2:5b:34:8f:bf:a4:45:6b:a4:e0:0a:a9:36:20:b4:
                    c1:08:83:22:7d:8d:37:a7:c9:3b:74:2a:ee:22:6a:
                    69:6e:f8:b5:5e:72:c8:a1:d2:d8:d9:32:32:3b:98:
                    f4:b8:ad:9d:74:f9:c5:6b:ec:1e:aa:a3:fa:03:9b:
                    5f:9e:e2:f1:ba:5b:c1:fc:17:ba:cd:73:c2:86:58:
                    92:0e:8b:b7:a3:74:5f:e8:fe:04:c5:65:f9:62:10:
                    8c:e2:18:fb:85:4a:98:42:21:aa:82:d2:d9:56:fa:
                    d6:0c:d5:b8:62:67:2b:83:f1:b5:4f:89:f7:6e:1b:
                    d7:44:8b:26:a7:a9:31:b9:d4:89:66:e0:5e:09:4f:
                    6c:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:19:B1:42:BC:B6:F4:03:1D:73:94:57:DD:12:42:D1:38:F0:F6:4A
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/cxmxQry29AMdc5RX3RJC0Tjw9ko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.108.12.0/22
                  87.82.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a8:1d:60:d2:30:16:75:09:b7:db:cb:62:20:e3:7e:87:a6:fd:
         03:45:47:d8:94:8c:1f:96:c5:6a:57:f2:24:04:71:ca:20:cd:
         2f:91:4f:d6:58:ad:5e:d1:ce:6c:c3:34:fb:92:a5:e6:1f:56:
         23:e5:00:f8:ef:65:f5:25:41:d7:a9:9c:6a:e5:98:c4:fb:a4:
         02:4a:84:71:ba:4e:79:cc:62:b2:9b:79:8e:50:9d:97:c3:66:
         a5:38:58:fa:8c:2c:4b:92:ff:a5:da:d3:09:39:5a:76:cb:6c:
         de:b2:71:57:84:a6:29:51:b6:d1:e7:ff:53:f5:79:ef:92:44:
         b3:83:04:43:5a:5a:60:9d:6a:50:24:10:2d:10:56:43:8c:5e:
         2d:a4:32:65:f3:5b:ea:0e:ce:a7:7e:92:c2:15:61:f7:b4:e5:
         fb:ff:39:08:1f:14:2b:38:5f:79:35:ca:f8:77:0b:36:05:38:
         ec:fb:d7:3d:77:8f:43:ca:19:f8:b8:b6:de:a4:28:8b:a9:cf:
         78:d2:9a:ee:0b:31:69:c5:1d:80:71:6b:09:42:15:92:c6:f0:
         8b:7d:bb:7e:3a:3f:8a:93:30:fd:1d:41:44:33:d0:30:06:fe:
         44:88:19:8d:b2:7c:f3:9f:a0:bc:cd:e8:eb:68:51:ba:d1:47:
         73:57:ac:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ39+ihoR2lmbZXE7t2LuPRlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNTA2MTU0ODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzE5YjE0MmJjYjZmNDAzMWQ3Mzk0NTdkZDEyNDJkMTM4ZjBmNjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIVb3poeweJF440Tef7x96wGQ5WJ
CbAgBlSxcTEYB00oASL/CGTwCVprWrxkC8uFb5NA/9B3HnIaRDPURrnQiMSR5IBH
08tgpdJlJs4eNDT6orkrGadtY/vgqjIxH90iY4qSJbPp7icd5qjuvQpFbcq/vvMQ
TF6iWzSPv6RFa6TgCqk2ILTBCIMifY03p8k7dCruImppbvi1XnLIodLY2TIyO5j0
uK2ddPnFa+weqqP6A5tfnuLxulvB/Be6zXPChliSDou3o3Rf6P4ExWX5YhCM4hj7
hUqYQiGqgtLZVvrWDNW4Ymcrg/G1T4n3bhvXRIsmp6kxudSJZuBeCU9s+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHMZsUK8tvQDHXOUV90SQtE48PZKMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvY3hteFFyeTI5QU1kYzVSWDNSSkMwVGp3OWtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCUmwMAwQB
V1I0MA0GCSqGSIb3DQEBCwUAA4IBAQCoHWDSMBZ1Cbfby2Ig436Hpv0DRUfYlIwf
lsVqV/IkBHHKIM0vkU/WWK1e0c5swzT7kqXmH1Yj5QD472X1JUHXqZxq5ZjE+6QC
SoRxuk55zGKym3mOUJ2Xw2alOFj6jCxLkv+l2tMJOVp2y2zesnFXhKYpUbbR5/9T
9XnvkkSzgwRDWlpgnWpQJBAtEFZDjF4tpDJl81vqDs6nfpLCFWH3tOX7/zkIHxQr
OF95Ncr4dws2BTjs+9c9d49Dyhn4uLbepCiLqc940pruCzFpxR2AcWsJQhWSxvCL
fbt+Oj+KkzD9HUFEM9AwBv5EiBmNsnzzn6C8zejraFG60UdzV6xI
-----END CERTIFICATE-----