Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/CFHYOYs4BtRN7_Lqoac8Cr2OH9k.roa
File:                     CFHYOYs4BtRN7_Lqoac8Cr2OH9k.roa (raw, json)
Hash identifier:          eySGo/GoamC3ebJm7NdE6ZtNae+0FpVpp+YnjcD7Bhg=
Subject key identifier:   08:51:D8:39:8B:38:06:D4:4D:EF:F2:EA:A1:A7:3C:0A:BD:8E:1F:D9
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019E4F6988512A5913ED3C917D95A944B1F5
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/CFHYOYs4BtRN7_Lqoac8Cr2OH9k.roa
Signing time:             Fri 22 May 2026 11:19:36 +0000
ROA not before:           Fri 22 May 2026 11:19:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199186
IP address blocks:        178.254.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4f:69:88:51:2a:59:13:ed:3c:91:7d:95:a9:44:b1:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: May 22 11:19:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0851d8398b3806d44deff2eaa1a73c0abd8e1fd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:dd:d4:33:ec:99:05:26:65:95:4d:0e:f7:1b:
                    88:c3:82:14:05:db:0f:39:06:6f:3a:a9:ba:15:16:
                    99:70:56:06:a9:42:be:a1:7c:7c:5f:55:bc:04:09:
                    95:aa:84:96:63:cc:ba:18:59:57:b2:26:4a:e8:53:
                    98:0c:f2:58:c7:39:6c:b7:6c:71:e9:17:dd:45:20:
                    56:61:ca:1a:41:f5:0d:9a:c0:78:28:b7:83:5f:9e:
                    f0:05:fb:8b:67:28:f2:f9:8a:88:6b:61:a7:a3:eb:
                    a9:a1:6e:c8:72:a1:74:19:47:a4:f8:a5:c8:dc:10:
                    64:b7:cb:2e:01:76:f1:47:d9:bd:c3:65:52:d7:fb:
                    74:ee:28:ab:f5:dd:72:a7:7f:20:9f:0b:71:f8:d4:
                    be:34:e2:17:f4:b4:e6:ca:1f:18:e9:e5:9d:f7:d1:
                    0a:7f:50:cb:8b:93:b7:d8:50:a8:51:9f:18:ec:e9:
                    21:8b:e2:f4:ff:49:49:9c:d5:e0:59:1f:6e:f5:1a:
                    fe:64:94:3c:74:64:a4:2f:7b:b4:34:cb:a2:98:ae:
                    61:13:4c:05:63:fc:d6:a0:76:0e:5b:1d:fd:46:04:
                    d5:39:c1:71:8d:5e:b1:47:f1:c1:6f:a5:6f:8e:02:
                    88:a1:21:f2:df:39:7e:01:e3:56:5c:66:e1:6d:86:
                    44:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:51:D8:39:8B:38:06:D4:4D:EF:F2:EA:A1:A7:3C:0A:BD:8E:1F:D9
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/CFHYOYs4BtRN7_Lqoac8Cr2OH9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.254.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:68:12:16:af:7d:c0:c1:b6:19:74:a1:28:eb:cc:08:d5:d1:
         0c:89:b0:56:94:cb:fa:82:df:54:31:01:62:b2:26:58:61:a9:
         0a:45:28:d4:19:34:ae:01:ea:2f:25:0f:20:d7:53:ff:e6:dc:
         f1:af:0f:56:7d:02:2d:db:28:de:f1:ee:aa:4a:cb:db:47:9e:
         15:54:9c:3a:b5:97:a8:37:29:5b:f0:5a:f1:6d:96:e5:5d:ac:
         66:f1:e2:83:d4:8e:cd:87:cc:76:2f:81:6a:cc:d3:33:16:25:
         74:18:c6:e0:8d:3a:8b:e6:90:cf:df:ff:1f:8f:73:b6:a6:e9:
         57:f9:bb:a5:d0:8c:04:b8:ab:00:dc:65:99:2a:b3:48:3f:bd:
         c8:0f:52:19:5d:10:fe:de:fc:26:be:96:5a:5a:8d:d2:09:1a:
         c2:42:2b:d2:9a:b8:4b:ec:bb:64:08:bb:c4:ba:00:d2:62:94:
         fb:6a:34:9e:ef:dc:57:ea:ff:7f:86:30:3a:07:68:f5:60:73:
         df:65:c1:b1:50:74:32:48:4e:ac:a7:f9:df:69:5f:ac:58:c6:
         f4:b7:53:93:88:18:96:68:5e:d6:c7:0e:64:f0:94:6a:45:a9:
         d2:28:6e:b4:20:98:27:94:e3:6f:c2:36:7a:d5:6c:9f:07:c5:
         8d:50:61:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5PaYhRKlkT7TyRfZWpRLH1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwNTIyMTExOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODUxZDgzOThiMzgwNmQ0NGRlZmYyZWFhMWE3M2MwYWJkOGUxZmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxd3UM+yZBSZllU0O9xuIw4IUBdsP
OQZvOqm6FRaZcFYGqUK+oXx8X1W8BAmVqoSWY8y6GFlXsiZK6FOYDPJYxzlst2xx
6RfdRSBWYcoaQfUNmsB4KLeDX57wBfuLZyjy+YqIa2Gno+upoW7IcqF0GUek+KXI
3BBkt8suAXbxR9m9w2VS1/t07iir9d1yp38gnwtx+NS+NOIX9LTmyh8Y6eWd99EK
f1DLi5O32FCoUZ8Y7Okhi+L0/0lJnNXgWR9u9Rr+ZJQ8dGSkL3u0NMuimK5hE0wF
Y/zWoHYOWx39RgTVOcFxjV6xR/HBb6VvjgKIoSHy3zl+AeNWXGbhbYZEXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhR2DmLOAbUTe/y6qGnPAq9jh/ZMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvQ0ZIWU9ZczRCdFJON19McW9hYzhDcjJPSDlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv6yMA0G
CSqGSIb3DQEBCwUAA4IBAQA3aBIWr33AwbYZdKEo68wI1dEMibBWlMv6gt9UMQFi
siZYYakKRSjUGTSuAeovJQ8g11P/5tzxrw9WfQIt2yje8e6qSsvbR54VVJw6tZeo
Nylb8FrxbZblXaxm8eKD1I7Nh8x2L4FqzNMzFiV0GMbgjTqL5pDP3/8fj3O2pulX
+bul0IwEuKsA3GWZKrNIP73ID1IZXRD+3vwmvpZaWo3SCRrCQivSmrhL7LtkCLvE
ugDSYpT7ajSe79xX6v9/hjA6B2j1YHPfZcGxUHQySE6sp/nfaV+sWMb0t1OTiBiW
aF7Wxw5k8JRqRanSKG60IJgnlONvwjZ61WyfB8WNUGE3
-----END CERTIFICATE-----