Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/31b11f-2b6b-4252-990b-516ca84fe5fe/1/7_L8NcVLRTz2RYybJHlGYVjuobc.roa
File:                     7_L8NcVLRTz2RYybJHlGYVjuobc.roa (raw, json)
Hash identifier:          JorE4629r9nl2sDA/mjIQPSANIbO1m6LYD+3jl05Tds=
Subject key identifier:   EF:F2:FC:35:C5:4B:45:3C:F6:45:8C:9B:24:79:46:61:58:EE:A1:B7
Certificate issuer:       /CN=e66e7726ff53a13c80ccbca4d5d394e4e8aef542
Certificate serial:       019CE2C24FBB1A1DCCE631627994317B4A30
Authority key identifier: E6:6E:77:26:FF:53:A1:3C:80:CC:BC:A4:D5:D3:94:E4:E8:AE:F5:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5m53Jv9ToTyAzLyk1dOU5Oiu9UI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/31b11f-2b6b-4252-990b-516ca84fe5fe/1/7_L8NcVLRTz2RYybJHlGYVjuobc.roa
Signing time:             Thu 12 Mar 2026 15:55:11 +0000
ROA not before:           Thu 12 Mar 2026 15:55:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209786
IP address blocks:        213.139.236.0/22 maxlen: 22
                          213.139.236.0/24 maxlen: 24
                          213.139.237.0/24 maxlen: 24
                          213.139.238.0/24 maxlen: 24
                          213.139.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/31b11f-2b6b-4252-990b-516ca84fe5fe/1/5m53Jv9ToTyAzLyk1dOU5Oiu9UI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/31b11f-2b6b-4252-990b-516ca84fe5fe/1/5m53Jv9ToTyAzLyk1dOU5Oiu9UI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5m53Jv9ToTyAzLyk1dOU5Oiu9UI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:c2:4f:bb:1a:1d:cc:e6:31:62:79:94:31:7b:4a:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e66e7726ff53a13c80ccbca4d5d394e4e8aef542
        Validity
            Not Before: Mar 12 15:55:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eff2fc35c54b453cf6458c9b2479466158eea1b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d0:13:e2:38:88:3e:92:21:a7:3c:99:15:30:
                    d5:eb:f4:0c:7e:d9:27:cc:a0:da:04:86:9c:47:d6:
                    89:9f:8b:5e:7b:22:39:83:8e:71:89:dc:15:64:11:
                    06:da:52:68:36:e1:20:81:e4:0d:48:d0:18:a2:7a:
                    25:58:6e:d6:24:bb:63:2f:96:ef:2d:66:05:e0:1d:
                    71:b4:35:61:83:22:86:3e:28:ae:75:d5:f3:72:3b:
                    9c:be:e1:97:75:fa:cc:00:11:86:55:6d:2e:3f:ce:
                    6b:ae:5c:77:0b:1a:a9:0b:a6:11:dd:7f:2d:68:4c:
                    06:85:7a:6e:e2:bd:41:6c:cd:de:b9:71:3a:45:5d:
                    1f:51:47:1b:67:ea:31:62:c7:17:ca:93:ff:a3:95:
                    c5:ed:36:bf:14:55:ca:88:fc:e2:d6:38:d2:e3:c2:
                    92:5d:01:76:78:c3:e0:01:c1:9c:e0:90:ec:f2:4e:
                    b0:15:53:ab:ec:96:8f:35:1f:11:a3:3a:9f:56:c6:
                    21:d5:8d:1b:69:2e:8c:7a:f7:a8:38:94:47:eb:b9:
                    c8:ed:43:1c:6e:70:96:53:b2:83:82:0b:90:8b:82:
                    15:0d:1c:e4:98:39:2d:55:cf:4f:33:db:f4:c4:25:
                    4c:65:71:07:ce:3a:77:17:41:20:ec:bc:5b:92:c3:
                    3e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:F2:FC:35:C5:4B:45:3C:F6:45:8C:9B:24:79:46:61:58:EE:A1:B7
            X509v3 Authority Key Identifier:
                keyid:E6:6E:77:26:FF:53:A1:3C:80:CC:BC:A4:D5:D3:94:E4:E8:AE:F5:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5m53Jv9ToTyAzLyk1dOU5Oiu9UI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/31b11f-2b6b-4252-990b-516ca84fe5fe/1/7_L8NcVLRTz2RYybJHlGYVjuobc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/31b11f-2b6b-4252-990b-516ca84fe5fe/1/5m53Jv9ToTyAzLyk1dOU5Oiu9UI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:46:66:0d:17:87:73:0a:74:9b:4f:ba:86:d7:be:e4:99:6a:
         66:ea:e7:b0:f1:cb:bd:89:54:8b:6b:07:da:65:5f:22:40:5d:
         1b:99:00:ee:25:6c:00:6b:a1:3c:e6:fa:bc:5b:a9:98:8c:b8:
         e4:ad:9b:14:37:1b:25:31:fa:72:2e:d0:de:91:fd:7b:c8:37:
         09:54:58:e6:bb:a4:02:79:07:71:91:b0:8c:f6:25:b4:3e:fd:
         68:00:f7:2e:f1:f8:fe:cc:7e:1b:e3:f2:0d:6b:4c:44:04:4b:
         3a:0b:41:75:c6:95:52:e0:77:a9:e1:b9:80:ad:7c:09:36:dc:
         39:6c:e5:b1:b4:4c:47:c6:0a:ab:af:b7:96:be:bc:fe:6f:e6:
         ac:db:a3:0c:2c:92:f4:0f:80:46:56:76:8c:73:4e:5b:b7:e4:
         2e:a2:4d:80:f8:a0:ad:1d:2f:a4:db:5e:92:83:94:e2:b2:fd:
         43:8d:63:5a:d1:7e:df:df:b1:10:6f:20:44:94:59:a1:92:df:
         71:6d:62:44:ac:6b:77:bb:4b:a7:6b:9c:4f:9f:6c:9e:45:aa:
         22:16:23:34:16:5b:64:f7:b2:93:c5:85:68:51:07:c5:a0:24:
         99:3e:ff:90:4d:05:a0:35:0f:91:e5:43:d1:c8:d4:84:b3:9d:
         64:ca:d3:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZziwk+7Gh3M5jFieZQxe0owMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2NmU3NzI2ZmY1M2ExM2M4MGNjYmNhNGQ1ZDM5NGU0ZThh
ZWY1NDIwHhcNMjYwMzEyMTU1NTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmYyZmMzNWM1NGI0NTNjZjY0NThjOWIyNDc5NDY2MTU4ZWVhMWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtAT4jiIPpIhpzyZFTDV6/QMftkn
zKDaBIacR9aJn4teeyI5g45xidwVZBEG2lJoNuEggeQNSNAYonolWG7WJLtjL5bv
LWYF4B1xtDVhgyKGPiiuddXzcjucvuGXdfrMABGGVW0uP85rrlx3CxqpC6YR3X8t
aEwGhXpu4r1BbM3euXE6RV0fUUcbZ+oxYscXypP/o5XF7Ta/FFXKiPzi1jjS48KS
XQF2eMPgAcGc4JDs8k6wFVOr7JaPNR8RozqfVsYh1Y0baS6MeveoOJRH67nI7UMc
bnCWU7KDgguQi4IVDRzkmDktVc9PM9v0xCVMZXEHzjp3F0Eg7LxbksM+9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/y/DXFS0U89kWMmyR5RmFY7qG3MB8GA1UdIwQY
MBaAFOZudyb/U6E8gMy8pNXTlOTorvVCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNW01M0p2OVRvVHlBekx5azFkT1U1T2l1OVVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8zMWIxMWYtMmI2Yi00MjUyLTk5MGIt
NTE2Y2E4NGZlNWZlLzEvN19MOE5jVkxSVHoyUll5YkpIbEdZVmp1b2JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8zMWIxMWYtMmI2Yi00MjUyLTk5MGItNTE2Y2E4NGZlNWZl
LzEvNW01M0p2OVRvVHlBekx5azFkT1U1T2l1OVVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1YvsMA0G
CSqGSIb3DQEBCwUAA4IBAQBhRmYNF4dzCnSbT7qG177kmWpm6uew8cu9iVSLawfa
ZV8iQF0bmQDuJWwAa6E85vq8W6mYjLjkrZsUNxslMfpyLtDekf17yDcJVFjmu6QC
eQdxkbCM9iW0Pv1oAPcu8fj+zH4b4/INa0xEBEs6C0F1xpVS4Hep4bmArXwJNtw5
bOWxtExHxgqrr7eWvrz+b+as26MMLJL0D4BGVnaMc05bt+Quok2A+KCtHS+k216S
g5Tisv1DjWNa0X7f37EQbyBElFmhkt9xbWJErGt3u0una5xPn2yeRaoiFiM0Fltk
97KTxYVoUQfFoCSZPv+QTQWgNQ+R5UPRyNSEs51kytPz
-----END CERTIFICATE-----