Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/eFwfcJ8TYubsvnJGV3ToNuHTt0E.roa
File:                     eFwfcJ8TYubsvnJGV3ToNuHTt0E.roa (raw, json)
Hash identifier:          6yiyUfT0vs7d3osCrcXjtKOvrYeh/el2zH8u6misslY=
Subject key identifier:   78:5C:1F:70:9F:13:62:E6:EC:BE:72:46:57:74:E8:36:E1:D3:B7:41
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       019D735CE2797641B1F0AB14907F3B2B2A3B
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/eFwfcJ8TYubsvnJGV3ToNuHTt0E.roa
Signing time:             Thu 09 Apr 2026 17:49:20 +0000
ROA not before:           Thu 09 Apr 2026 17:49:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        185.36.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:73:5c:e2:79:76:41:b1:f0:ab:14:90:7f:3b:2b:2a:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Apr  9 17:49:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=785c1f709f1362e6ecbe72465774e836e1d3b741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:fc:93:60:cf:55:91:18:44:69:d0:b9:10:82:
                    7e:e0:ee:37:f8:cc:0e:1b:20:1a:08:0f:19:f3:fa:
                    92:88:67:90:e6:63:dd:9f:e8:6e:0c:2f:e1:ea:36:
                    95:80:6e:20:6b:70:7e:45:10:40:46:41:f8:d2:7a:
                    b3:c5:63:e3:b6:ec:25:d2:36:b6:51:f7:5c:c2:3e:
                    66:58:7b:f9:c7:f7:93:c4:65:cd:ec:92:d3:06:45:
                    b2:5b:22:15:78:db:45:a7:0a:23:4f:df:d5:20:b6:
                    02:9b:dd:92:9d:d3:79:81:d8:b2:16:97:72:b2:bd:
                    eb:7e:2c:20:7f:2a:c3:2b:f0:9c:0a:14:d8:fb:eb:
                    1b:c5:76:e0:e5:b1:35:85:a3:0f:ef:c6:a3:25:60:
                    13:cc:ae:f1:e5:f1:c6:64:32:7d:d1:75:02:10:97:
                    d7:f0:42:5f:16:21:42:d7:21:5e:fc:dc:5f:52:6b:
                    fb:46:10:fa:7d:44:4f:37:d3:6a:bc:d9:bc:3d:60:
                    4d:75:a3:3f:b9:8a:38:f4:6c:dd:d1:30:f9:23:c0:
                    5a:0f:f8:92:62:1d:01:ed:12:e3:d0:d4:03:29:bd:
                    d2:87:37:70:23:bb:63:2f:cd:f0:fa:af:12:0e:be:
                    2a:a9:8a:a0:ef:a7:bb:e0:03:72:49:a8:38:e4:a4:
                    70:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:5C:1F:70:9F:13:62:E6:EC:BE:72:46:57:74:E8:36:E1:D3:B7:41
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/eFwfcJ8TYubsvnJGV3ToNuHTt0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:79:d9:ab:4a:ff:8a:a3:91:e4:8e:f8:32:83:16:72:d5:c1:
         c5:ac:b6:3e:d9:3d:d2:e9:75:72:a6:7b:90:01:cb:ef:d9:48:
         32:1e:83:5b:42:c2:1d:54:bc:81:fd:38:13:6f:f2:01:68:b8:
         c9:3c:7d:52:6f:81:42:f2:f7:92:f2:7d:ea:f5:6b:45:97:51:
         f7:f3:df:da:0e:63:47:19:60:d3:67:5a:a1:68:e8:44:40:86:
         18:88:39:8e:92:0e:58:f1:01:86:94:01:03:e0:42:bb:69:f7:
         50:22:44:0a:40:8b:dc:db:6a:41:ac:b2:2a:12:36:be:01:a6:
         5d:34:b1:47:a6:b7:d5:cc:83:12:fc:9b:03:89:68:0c:3c:2d:
         7d:ca:a8:60:e5:9f:4e:9b:b5:44:bc:10:8b:8d:ff:f6:fd:1c:
         b9:68:48:09:30:5a:24:75:f4:4b:e4:59:2e:78:23:d3:ce:39:
         ec:73:c3:c3:99:f1:f9:9b:68:2a:99:8d:06:75:b0:ac:46:b3:
         52:2e:bc:47:bb:0b:a7:c5:e5:4c:41:15:f7:84:6f:95:a1:52:
         1c:56:3f:b6:54:12:5b:af:35:06:9c:72:79:29:7a:61:82:af:
         5e:c1:ce:31:d0:f2:42:b2:2d:ff:a3:48:99:3a:eb:bb:da:ee:
         4b:75:e0:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1zXOJ5dkGx8KsUkH87Kyo7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjYwNDA5MTc0OTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODVjMWY3MDlmMTM2MmU2ZWNiZTcyNDY1Nzc0ZTgzNmUxZDNiNzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPyTYM9VkRhEadC5EIJ+4O43+MwO
GyAaCA8Z8/qSiGeQ5mPdn+huDC/h6jaVgG4ga3B+RRBARkH40nqzxWPjtuwl0ja2
Ufdcwj5mWHv5x/eTxGXN7JLTBkWyWyIVeNtFpwojT9/VILYCm92SndN5gdiyFpdy
sr3rfiwgfyrDK/CcChTY++sbxXbg5bE1haMP78ajJWATzK7x5fHGZDJ90XUCEJfX
8EJfFiFC1yFe/NxfUmv7RhD6fURPN9NqvNm8PWBNdaM/uYo49Gzd0TD5I8BaD/iS
Yh0B7RLj0NQDKb3ShzdwI7tjL83w+q8SDr4qqYqg76e74ANySag45KRwowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhcH3CfE2Lm7L5yRld06Dbh07dBMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvZUZ3ZmNKOFRZdWJzdm5KR1YzVG9OdUhUdDBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSR9MA0G
CSqGSIb3DQEBCwUAA4IBAQAfedmrSv+Ko5HkjvgygxZy1cHFrLY+2T3S6XVypnuQ
Acvv2UgyHoNbQsIdVLyB/TgTb/IBaLjJPH1Sb4FC8veS8n3q9WtFl1H389/aDmNH
GWDTZ1qhaOhEQIYYiDmOkg5Y8QGGlAED4EK7afdQIkQKQIvc22pBrLIqEja+AaZd
NLFHprfVzIMS/JsDiWgMPC19yqhg5Z9Om7VEvBCLjf/2/Ry5aEgJMFokdfRL5Fku
eCPTzjnsc8PDmfH5m2gqmY0GdbCsRrNSLrxHuwunxeVMQRX3hG+VoVIcVj+2VBJb
rzUGnHJ5KXphgq9ewc4x0PJCsi3/o0iZOuu72u5LdeCc
-----END CERTIFICATE-----