Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/g7RkFmxmt6dHTrZc9IVO6X8Dpo4.roa
File:                     g7RkFmxmt6dHTrZc9IVO6X8Dpo4.roa (raw, json)
Hash identifier:          /Ry0uNAREBMj0cSEog0s+syKKhljtc1oVlJp5tMB5Ic=
Subject key identifier:   83:B4:64:16:6C:66:B7:A7:47:4E:B6:5C:F4:85:4E:E9:7F:03:A6:8E
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019CEC1821187758B2D5DA44566DF5876BC5
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/g7RkFmxmt6dHTrZc9IVO6X8Dpo4.roa
Signing time:             Sat 14 Mar 2026 11:25:30 +0000
ROA not before:           Sat 14 Mar 2026 11:25:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     398465
IP address blocks:        83.137.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ec:18:21:18:77:58:b2:d5:da:44:56:6d:f5:87:6b:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Mar 14 11:25:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=83b464166c66b7a7474eb65cf4854ee97f03a68e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:cf:a3:3b:9f:a1:32:ee:ef:28:5d:7a:e4:9a:
                    1b:02:48:29:47:21:00:a2:2d:38:26:ed:42:9d:2e:
                    96:5b:6b:4f:39:b2:cb:d0:5c:bf:39:a6:44:e4:cd:
                    dc:30:ea:1e:f8:8d:b5:24:75:b1:71:f0:95:ab:0d:
                    11:c9:94:15:34:7e:da:eb:73:25:dc:99:59:00:6a:
                    43:3b:4f:98:b2:08:fc:72:93:0d:4e:b4:3c:8b:1f:
                    ad:f8:48:72:94:05:e1:0f:1d:ca:52:b0:9a:84:9e:
                    56:44:68:71:b8:8f:a2:95:5c:bb:d9:30:90:3f:1c:
                    9c:2e:5c:40:80:01:f2:3b:ae:c1:a1:3d:73:71:ab:
                    b7:1b:82:03:31:2f:23:d5:fb:c3:62:d8:17:7b:6b:
                    79:54:16:08:46:4b:aa:df:1b:53:c4:a5:ff:65:d1:
                    a1:a2:c0:ef:72:8f:a0:ea:96:3b:a0:9f:39:c2:30:
                    10:c7:c5:48:ea:7d:a2:a0:93:84:6c:d7:5e:81:02:
                    9c:06:36:fd:16:1a:0a:e8:05:41:6a:69:3a:ad:e2:
                    e9:77:d8:bd:c1:89:2d:12:5b:61:d2:f9:70:75:48:
                    bc:8c:c9:e5:e9:d0:21:ce:9c:50:a1:8a:e3:af:66:
                    6a:20:11:57:66:3b:7b:9b:12:68:a4:58:47:06:0e:
                    c0:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:B4:64:16:6C:66:B7:A7:47:4E:B6:5C:F4:85:4E:E9:7F:03:A6:8E
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/g7RkFmxmt6dHTrZc9IVO6X8Dpo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:19:99:7d:74:12:80:9f:09:20:01:e4:cd:1d:d2:8b:c0:82:
         82:4a:c5:9b:27:5e:a1:b4:24:7e:76:f4:fd:14:62:1e:a7:e7:
         b8:e9:ad:2a:19:86:12:0d:f2:8e:66:6f:cf:79:c7:58:ee:bb:
         14:05:d2:82:ab:d1:31:e3:04:e9:2a:f5:3e:e1:c9:42:93:43:
         ad:3d:23:df:8d:26:8f:d6:44:d6:23:3d:f1:7e:2a:96:91:f2:
         2e:32:6d:fa:d3:47:55:ea:5f:29:19:af:43:64:cb:f6:e0:2a:
         54:0b:e0:af:75:91:30:ad:5e:e2:0f:75:3c:86:a6:04:41:e5:
         0d:d8:39:14:c5:4c:f1:71:ef:9e:97:96:c5:6b:5e:c1:3f:6a:
         4f:53:fe:3b:9e:38:e0:84:80:23:34:f7:7a:7d:96:80:f3:cb:
         72:63:d5:f1:eb:73:73:09:e4:0d:57:a8:94:9a:92:55:ef:7a:
         f9:eb:09:68:8d:1f:c2:92:3d:68:f7:62:21:25:01:f7:02:60:
         31:97:60:72:31:20:64:10:f3:71:95:0c:1b:43:a5:a8:49:fe:
         df:05:38:a9:51:4c:b1:ae:4a:2e:76:8e:bd:87:88:27:be:0c:
         90:6f:73:de:9a:90:5c:ef:4e:75:12:10:41:73:1f:d6:04:b9:
         84:14:a6:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzsGCEYd1iy1dpEVm31h2vFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjYwMzE0MTEyNTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2I0NjQxNjZjNjZiN2E3NDc0ZWI2NWNmNDg1NGVlOTdmMDNhNjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAks+jO5+hMu7vKF165JobAkgpRyEA
oi04Ju1CnS6WW2tPObLL0Fy/OaZE5M3cMOoe+I21JHWxcfCVqw0RyZQVNH7a63Ml
3JlZAGpDO0+Ysgj8cpMNTrQ8ix+t+EhylAXhDx3KUrCahJ5WRGhxuI+ilVy72TCQ
PxycLlxAgAHyO67BoT1zcau3G4IDMS8j1fvDYtgXe2t5VBYIRkuq3xtTxKX/ZdGh
osDvco+g6pY7oJ85wjAQx8VI6n2ioJOEbNdegQKcBjb9FhoK6AVBamk6reLpd9i9
wYktElth0vlwdUi8jMnl6dAhzpxQoYrjr2ZqIBFXZjt7mxJopFhHBg7AOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIO0ZBZsZrenR062XPSFTul/A6aOMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZzdSa0ZteG10NmRIVHJaYzlJVk82WDhEcG80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU4maMA0G
CSqGSIb3DQEBCwUAA4IBAQASGZl9dBKAnwkgAeTNHdKLwIKCSsWbJ16htCR+dvT9
FGIep+e46a0qGYYSDfKOZm/PecdY7rsUBdKCq9Ex4wTpKvU+4clCk0OtPSPfjSaP
1kTWIz3xfiqWkfIuMm3600dV6l8pGa9DZMv24CpUC+CvdZEwrV7iD3U8hqYEQeUN
2DkUxUzxce+el5bFa17BP2pPU/47njjghIAjNPd6fZaA88tyY9Xx63NzCeQNV6iU
mpJV73r56wlojR/Ckj1o92IhJQH3AmAxl2ByMSBkEPNxlQwbQ6WoSf7fBTipUUyx
rkoudo69h4gnvgyQb3PempBc7051EhBBcx/WBLmEFKaU
-----END CERTIFICATE-----