Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/7dhUWprcA690oWza3a07xTNQisA.roa
File:                     7dhUWprcA690oWza3a07xTNQisA.roa (raw, json)
Hash identifier:          srMk3psqRTcvqEYUGnhahuVijzHTsVQFOWP19VS3OJU=
Subject key identifier:   ED:D8:54:5A:9A:DC:03:AF:74:A1:6C:DA:DD:AD:3B:C5:33:50:8A:C0
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       019DF459A756AF623DF4EC915BBFCEB2FF7D
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/7dhUWprcA690oWza3a07xTNQisA.roa
Signing time:             Mon 04 May 2026 18:56:49 +0000
ROA not before:           Mon 04 May 2026 18:56:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        195.14.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f4:59:a7:56:af:62:3d:f4:ec:91:5b:bf:ce:b2:ff:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: May  4 18:56:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=edd8545a9adc03af74a16cdaddad3bc533508ac0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:cf:03:71:38:50:ed:0d:47:d0:2a:75:8e:43:
                    06:ea:69:4e:a3:12:5a:d2:ab:30:a5:9c:fd:65:e7:
                    fb:71:9a:8f:57:16:a6:a6:06:57:ca:a0:7b:1d:b9:
                    32:cb:a3:14:6b:6b:40:f9:83:4a:d8:64:9a:98:3b:
                    3d:15:b4:05:a1:df:0a:9a:31:c8:bd:74:c1:ba:bf:
                    50:80:ab:2e:eb:ba:a4:34:f0:5e:38:87:14:66:72:
                    0e:29:e0:a0:82:56:c2:9b:5e:95:64:0e:41:62:ed:
                    3f:a1:1b:9a:97:af:14:be:4b:fd:32:d1:32:ba:54:
                    41:35:dc:0c:27:6b:b5:c6:5e:db:91:fa:10:76:de:
                    dc:e7:fd:d7:c1:f1:70:80:52:00:39:d5:aa:7a:40:
                    3d:3e:c4:82:5c:48:e0:5e:2e:5f:62:e1:23:3d:24:
                    13:df:ca:8e:07:78:4f:8c:d4:b6:56:46:d1:d0:0c:
                    77:b5:3b:80:20:00:db:1f:bb:8d:29:c7:21:ed:05:
                    4d:28:86:f0:b6:96:34:a9:a2:53:a6:37:85:9c:02:
                    52:de:f4:81:bd:50:03:fc:c0:12:ed:92:8c:4e:e8:
                    fb:db:9d:ae:6d:52:7a:4e:c0:d6:9d:b2:8b:79:f2:
                    2a:d6:4e:1b:59:a9:c6:d8:d8:bb:0e:2b:00:fb:b4:
                    18:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:D8:54:5A:9A:DC:03:AF:74:A1:6C:DA:DD:AD:3B:C5:33:50:8A:C0
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/7dhUWprcA690oWza3a07xTNQisA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.14.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:61:1f:fa:96:e0:ee:b2:70:0c:34:42:45:23:8f:58:d4:f7:
         d6:67:c8:ba:60:45:69:01:51:30:f3:a8:10:8b:3d:d3:46:e2:
         e0:1f:ce:42:b3:20:b4:cc:ff:f7:25:41:60:f9:f9:51:c1:e5:
         56:dd:a8:d5:ff:a6:fa:a1:3f:aa:61:a7:17:86:94:f5:94:65:
         52:0e:36:e5:2f:31:d7:59:eb:06:83:b8:cf:8e:3c:b8:ff:ee:
         6c:44:55:2a:a1:64:1c:41:d9:cd:41:e1:b9:cf:90:c4:b2:76:
         9c:7c:1a:a5:98:5a:28:23:4e:f0:c2:ec:a7:40:eb:c3:b7:3c:
         a0:5f:04:2c:cb:37:39:67:ac:8d:f4:33:af:00:e5:37:ad:73:
         f4:fa:f8:07:37:da:40:ac:41:c2:33:9e:70:70:c7:15:a5:69:
         23:6b:f7:93:ec:0e:37:80:e7:a3:1f:26:22:6a:87:f7:2e:15:
         63:40:ee:11:c6:6f:41:0a:df:cc:9b:c7:7d:e5:a1:35:4f:52:
         e1:2d:6c:70:e2:d0:10:16:bd:17:c0:57:0c:50:b3:1f:c8:09:
         6c:4c:9c:8a:c7:d2:29:f5:56:48:90:72:89:26:fe:80:c0:bb:
         55:d7:96:93:8d:91:5b:90:7d:08:1b:8c:1c:20:56:53:91:c5:
         7f:6a:27:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ30WadWr2I99OyRW7/Osv99MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjYwNTA0MTg1NjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGQ4NTQ1YTlhZGMwM2FmNzRhMTZjZGFkZGFkM2JjNTMzNTA4YWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA788DcThQ7Q1H0Cp1jkMG6mlOoxJa
0qswpZz9Zef7cZqPVxampgZXyqB7Hbkyy6MUa2tA+YNK2GSamDs9FbQFod8KmjHI
vXTBur9QgKsu67qkNPBeOIcUZnIOKeCgglbCm16VZA5BYu0/oRual68Uvkv9MtEy
ulRBNdwMJ2u1xl7bkfoQdt7c5/3XwfFwgFIAOdWqekA9PsSCXEjgXi5fYuEjPSQT
38qOB3hPjNS2VkbR0Ax3tTuAIADbH7uNKcch7QVNKIbwtpY0qaJTpjeFnAJS3vSB
vVAD/MAS7ZKMTuj7252ubVJ6TsDWnbKLefIq1k4bWanG2Ni7DisA+7QYUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO3YVFqa3AOvdKFs2t2tO8UzUIrAMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvN2RoVVdwcmNBNjkwb1d6YTNhMDd4VE5RaXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAww52MA0G
CSqGSIb3DQEBCwUAA4IBAQAMYR/6luDusnAMNEJFI49Y1PfWZ8i6YEVpAVEw86gQ
iz3TRuLgH85CsyC0zP/3JUFg+flRweVW3ajV/6b6oT+qYacXhpT1lGVSDjblLzHX
WesGg7jPjjy4/+5sRFUqoWQcQdnNQeG5z5DEsnacfBqlmFooI07wwuynQOvDtzyg
XwQsyzc5Z6yN9DOvAOU3rXP0+vgHN9pArEHCM55wcMcVpWkja/eT7A43gOejHyYi
aof3LhVjQO4Rxm9BCt/Mm8d95aE1T1LhLWxw4tAQFr0XwFcMULMfyAlsTJyKx9Ip
9VZIkHKJJv6AwLtV15aTjZFbkH0IG4wcIFZTkcV/aicX
-----END CERTIFICATE-----