Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/7rTnCYh3ccijqtDYhIONfakeNR8.roa
File:                     7rTnCYh3ccijqtDYhIONfakeNR8.roa (raw, json)
Hash identifier:          woFm2gn7FuVMAeShemzXKVcohH1CrzUdYLzQudjlSh8=
Subject key identifier:   EE:B4:E7:09:88:77:71:C8:A3:AA:D0:D8:84:83:8D:7D:A9:1E:35:1F
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       019E1D58270AA31B49764FF8524B0ABF2A08
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/7rTnCYh3ccijqtDYhIONfakeNR8.roa
Signing time:             Tue 12 May 2026 17:59:36 +0000
ROA not before:           Tue 12 May 2026 17:59:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        95.164.77.0/24 maxlen: 24
                          95.164.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 11:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1d:58:27:0a:a3:1b:49:76:4f:f8:52:4b:0a:bf:2a:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: May 12 17:59:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eeb4e709887771c8a3aad0d884838d7da91e351f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a9:b1:58:c4:cc:cb:b4:eb:51:a9:43:30:fe:
                    f3:42:cf:2a:3a:34:a5:cb:3b:37:b9:ef:41:5e:1b:
                    fa:32:56:59:fd:cf:35:6d:f1:5b:96:fe:e0:87:c6:
                    0e:07:20:e5:88:c0:ec:45:55:18:9b:ea:e2:14:01:
                    e3:ab:dc:37:a2:74:eb:24:28:ce:3c:7b:e9:dc:13:
                    e4:60:68:af:86:83:bc:d8:c2:24:71:af:93:d5:47:
                    b7:53:90:aa:d9:82:33:4e:50:cc:87:56:13:42:42:
                    7c:07:3e:60:6c:1a:a8:2d:a0:f1:24:96:77:ff:c6:
                    9e:c1:9b:1d:dc:34:cd:f2:86:b0:79:0b:e8:9b:e9:
                    13:aa:82:97:ed:e5:13:82:5f:9d:de:d0:2c:04:20:
                    3f:e5:37:83:4f:bc:b4:b6:91:92:d9:56:d9:9c:40:
                    48:3e:dc:36:10:c6:d1:3d:42:90:4b:8e:1c:20:bb:
                    d2:8c:39:d7:6d:44:21:5b:91:1e:66:62:f3:2e:3f:
                    55:27:da:53:b9:8a:96:ba:3a:df:4a:eb:ed:51:17:
                    53:d3:b3:d1:1d:30:24:8f:ff:ff:81:28:ee:db:b5:
                    98:0f:54:d5:3a:97:a9:ea:3b:d3:4c:7e:88:a1:d1:
                    b7:1d:f0:6c:11:ce:83:84:35:ba:76:0f:7a:f4:ee:
                    26:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:B4:E7:09:88:77:71:C8:A3:AA:D0:D8:84:83:8D:7D:A9:1E:35:1F
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/7rTnCYh3ccijqtDYhIONfakeNR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.77.0/24
                  95.164.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:64:5e:96:f8:c1:69:19:91:de:2e:2f:36:90:c3:2e:2f:77:
         aa:53:74:2a:dd:40:0f:c9:44:9a:e6:02:52:e4:5f:93:fd:47:
         2b:ad:f1:64:76:2b:40:c0:02:d4:d4:2d:ab:4f:79:ac:6d:b2:
         23:92:d0:d7:14:28:d2:38:56:5d:f0:60:51:a3:4c:9c:81:6e:
         4a:6c:a5:5f:93:c6:93:8e:56:c3:1a:52:d4:99:9e:85:bc:73:
         8a:b6:72:98:39:b1:bd:3c:e2:77:cc:af:50:0f:35:8b:6a:c6:
         a2:91:4c:02:ad:82:4d:5e:76:ce:df:4e:68:a1:91:27:af:b2:
         22:96:c8:59:49:df:55:0d:02:75:c5:76:34:e9:22:e9:cc:cb:
         5e:5b:95:54:61:19:ef:fe:9e:8f:79:e0:0e:c7:21:6e:b2:dc:
         ad:76:82:d8:36:51:fd:74:57:5b:9f:e5:9d:40:42:48:6f:e2:
         f0:6c:cf:17:75:e8:85:7a:03:30:c4:f2:b9:7a:87:4d:ba:5d:
         7b:62:71:d3:d8:49:c5:9b:04:2c:cd:09:04:ed:ea:fa:6b:43:
         57:9f:7e:74:96:19:c9:d7:bc:d4:d1:70:6b:2b:e2:79:a6:f7:
         f0:95:1b:3c:20:f1:b3:ad:46:62:fb:d8:16:82:9d:3b:ff:33:
         4b:51:09:d4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4dWCcKoxtJdk/4UksKvyoIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjYwNTEyMTc1OTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWI0ZTcwOTg4Nzc3MWM4YTNhYWQwZDg4NDgzOGQ3ZGE5MWUzNTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqmxWMTMy7TrUalDMP7zQs8qOjSl
yzs3ue9BXhv6MlZZ/c81bfFblv7gh8YOByDliMDsRVUYm+riFAHjq9w3onTrJCjO
PHvp3BPkYGivhoO82MIkca+T1Ue3U5Cq2YIzTlDMh1YTQkJ8Bz5gbBqoLaDxJJZ3
/8aewZsd3DTN8oaweQvom+kTqoKX7eUTgl+d3tAsBCA/5TeDT7y0tpGS2VbZnEBI
Ptw2EMbRPUKQS44cILvSjDnXbUQhW5EeZmLzLj9VJ9pTuYqWujrfSuvtURdT07PR
HTAkj///gSju27WYD1TVOpep6jvTTH6IodG3HfBsEc6DhDW6dg969O4mnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO605wmId3HIo6rQ2ISDjX2pHjUfMB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEvN3JUbkNZaDNjY2lqcXREWWhJT05mYWtlTlI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX6RNAwQA
X6T2MA0GCSqGSIb3DQEBCwUAA4IBAQAwZF6W+MFpGZHeLi82kMMuL3eqU3Qq3UAP
yUSa5gJS5F+T/UcrrfFkditAwALU1C2rT3msbbIjktDXFCjSOFZd8GBRo0ycgW5K
bKVfk8aTjlbDGlLUmZ6FvHOKtnKYObG9POJ3zK9QDzWLasaikUwCrYJNXnbO305o
oZEnr7IilshZSd9VDQJ1xXY06SLpzMteW5VUYRnv/p6PeeAOxyFustytdoLYNlH9
dFdbn+WdQEJIb+LwbM8XdeiFegMwxPK5eodNul17YnHT2EnFmwQszQkE7er6a0NX
n350lhnJ17zU0XBrK+J5pvfwlRs8IPGzrUZi+9gWgp07/zNLUQnU
-----END CERTIFICATE-----