Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/E7gVR0qJHj_FrMEXG4Yo1G8ig-8.roa
File:                     E7gVR0qJHj_FrMEXG4Yo1G8ig-8.roa (raw, json)
Hash identifier:          cyGASec5FeaBbarjWYsO54pBqOVobPBGS0ac9+UHUHc=
Subject key identifier:   13:B8:15:47:4A:89:1E:3F:C5:AC:C1:17:1B:86:28:D4:6F:22:83:EF
Certificate issuer:       /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial:       019CFC023809B5189AB819CF5062D1E6F077
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/E7gVR0qJHj_FrMEXG4Yo1G8ig-8.roa
Signing time:             Tue 17 Mar 2026 13:35:29 +0000
ROA not before:           Tue 17 Mar 2026 13:35:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207043
IP address blocks:        109.160.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fc:02:38:09:b5:18:9a:b8:19:cf:50:62:d1:e6:f0:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
        Validity
            Not Before: Mar 17 13:35:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=13b815474a891e3fc5acc1171b8628d46f2283ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:13:bc:9a:b1:47:fd:ab:35:fd:e0:05:5f:05:
                    d9:c5:99:cf:9c:1e:6f:77:9e:d3:ee:16:e6:52:82:
                    e0:95:c1:30:3f:de:1c:16:28:4f:ea:f8:97:f8:e2:
                    3f:13:d4:be:7c:bb:99:37:83:ce:71:06:cc:16:38:
                    37:3e:12:f8:cd:d3:e0:dd:f5:6d:9d:e5:d9:6d:9c:
                    28:ff:78:46:0b:82:58:e1:4c:fd:52:89:97:db:72:
                    d9:1c:b9:52:8d:ff:af:c9:95:97:63:da:01:da:12:
                    9f:1b:88:28:ea:87:bc:e1:ce:96:f2:76:8f:65:8a:
                    09:ee:fd:7d:9a:6c:f3:5f:62:80:46:8b:85:d8:1e:
                    f7:b5:17:0d:e9:87:3e:8b:38:d7:12:b8:ae:05:17:
                    a9:72:b1:2b:35:97:59:c9:43:5d:6d:20:5d:16:61:
                    ff:38:b5:6d:20:b0:2c:51:7e:57:f1:78:e3:a1:de:
                    30:c7:e6:49:bf:b5:c9:d7:cf:c8:e6:31:84:2d:b7:
                    80:d3:e6:73:e3:65:37:f9:c9:10:5c:19:c2:82:fc:
                    80:1b:e0:2f:f4:2e:a4:e6:63:7e:44:bc:ec:fd:67:
                    fb:3e:44:13:32:71:b3:24:c9:32:c6:d5:35:3c:f7:
                    83:78:4c:64:0c:0a:c9:66:56:71:58:c3:bd:19:1b:
                    22:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:B8:15:47:4A:89:1E:3F:C5:AC:C1:17:1B:86:28:D4:6F:22:83:EF
            X509v3 Authority Key Identifier:
                keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/E7gVR0qJHj_FrMEXG4Yo1G8ig-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.160.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:5e:d3:6a:ec:e2:cb:0a:a3:82:e9:30:10:ea:37:cd:03:45:
         2b:48:bf:e2:85:a3:ac:7c:1a:ed:37:a4:95:81:27:a1:f0:63:
         97:12:6b:ec:8e:c8:53:47:c3:23:8f:df:cf:09:1b:57:8d:2b:
         f8:07:56:11:7f:cb:11:38:26:d3:ae:ca:66:72:55:31:90:64:
         5e:8e:47:d5:cc:f6:47:70:c0:78:85:d3:fe:ab:e1:bf:21:e5:
         9c:0b:5d:cc:64:4e:e5:75:a7:3a:70:ce:31:f6:2c:79:2d:79:
         81:b9:c3:c4:5c:c0:da:d9:d8:6e:ee:7c:b0:e2:47:34:61:62:
         ed:e7:5f:81:2c:73:41:e0:4f:ba:b5:63:6c:8f:ba:0e:63:ff:
         39:53:2c:af:1a:82:1a:3e:e3:24:80:43:04:21:5f:6f:d3:c7:
         ff:fa:44:c9:53:fb:f3:a0:73:9f:08:91:a9:7f:af:04:33:bc:
         d6:76:56:9a:f1:5d:77:df:da:2e:5a:df:0f:91:e9:66:6c:02:
         6c:27:d5:a2:14:b4:2a:cd:fd:2e:f8:69:4e:c9:f1:33:95:c1:
         9d:34:b7:fc:bd:fb:8e:d4:93:d5:8a:1e:e4:8c:ed:58:fc:61:
         8b:a8:57:95:63:1c:3a:a7:7c:db:1b:78:7d:82:b5:76:ff:aa:
         43:60:c4:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz8AjgJtRiauBnPUGLR5vB3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjYwMzE3MTMzNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2I4MTU0NzRhODkxZTNmYzVhY2MxMTcxYjg2MjhkNDZmMjI4M2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxO8mrFH/as1/eAFXwXZxZnPnB5v
d57T7hbmUoLglcEwP94cFihP6viX+OI/E9S+fLuZN4POcQbMFjg3PhL4zdPg3fVt
neXZbZwo/3hGC4JY4Uz9UomX23LZHLlSjf+vyZWXY9oB2hKfG4go6oe84c6W8naP
ZYoJ7v19mmzzX2KARouF2B73tRcN6Yc+izjXEriuBRepcrErNZdZyUNdbSBdFmH/
OLVtILAsUX5X8Xjjod4wx+ZJv7XJ18/I5jGELbeA0+Zz42U3+ckQXBnCgvyAG+Av
9C6k5mN+RLzs/Wf7PkQTMnGzJMkyxtU1PPeDeExkDArJZlZxWMO9GRsijwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBO4FUdKiR4/xazBFxuGKNRvIoPvMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvRTdnVlIwcUpIal9Gck1FWEc0WW8xRzhpZy04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbaAlMA0G
CSqGSIb3DQEBCwUAA4IBAQBgXtNq7OLLCqOC6TAQ6jfNA0UrSL/ihaOsfBrtN6SV
gSeh8GOXEmvsjshTR8Mjj9/PCRtXjSv4B1YRf8sROCbTrspmclUxkGRejkfVzPZH
cMB4hdP+q+G/IeWcC13MZE7ldac6cM4x9ix5LXmBucPEXMDa2dhu7nyw4kc0YWLt
51+BLHNB4E+6tWNsj7oOY/85UyyvGoIaPuMkgEMEIV9v08f/+kTJU/vzoHOfCJGp
f68EM7zWdlaa8V1339ouWt8PkelmbAJsJ9WiFLQqzf0u+GlOyfEzlcGdNLf8vfuO
1JPVih7kjO1Y/GGLqFeVYxw6p3zbG3h9grV2/6pDYMQ+
-----END CERTIFICATE-----