Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/E0XnBBE7lUiYvpb7PH7yYP4L3G0.roa
File:                     E0XnBBE7lUiYvpb7PH7yYP4L3G0.roa (raw, json)
Hash identifier:          FGKSMdYbuir7iq/i4j2guVexIgZYFpUMas3/zxdDKWk=
Subject key identifier:   13:45:E7:04:11:3B:95:48:98:BE:96:FB:3C:7E:F2:60:FE:0B:DC:6D
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019C47F12BF01D2E0E06DE1278907D7D6582
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/E0XnBBE7lUiYvpb7PH7yYP4L3G0.roa
Signing time:             Tue 10 Feb 2026 14:25:13 +0000
ROA not before:           Tue 10 Feb 2026 14:25:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3356
IP address blocks:        178.219.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 10:55:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:47:f1:2b:f0:1d:2e:0e:06:de:12:78:90:7d:7d:65:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Feb 10 14:25:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1345e704113b954898be96fb3c7ef260fe0bdc6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:53:3c:83:c5:07:23:80:51:73:52:cc:1d:e1:
                    ff:e7:30:ee:4c:0f:8b:83:73:ee:57:8e:17:41:ca:
                    32:7c:b7:59:eb:8f:e9:85:70:05:39:1c:17:34:a6:
                    6b:5d:2f:34:a4:2c:c6:04:5b:ff:1e:ed:3e:a6:f0:
                    0b:d9:86:e0:71:1f:26:d6:69:ac:dd:ea:2b:ea:42:
                    72:22:6a:aa:9c:47:7d:e0:da:70:b7:81:bc:83:85:
                    94:c0:4f:ab:49:11:fa:f1:dd:d0:4e:c9:a6:ad:de:
                    44:33:f8:4d:4c:3e:4c:e4:0e:dc:a9:bb:b4:55:f9:
                    4f:ac:ae:f5:40:39:6f:27:97:7f:00:83:ff:d3:59:
                    11:b4:86:8f:fd:83:9a:dd:29:44:61:c4:f4:75:07:
                    51:6a:ad:3a:2d:4a:43:e4:7c:95:85:76:63:fa:c3:
                    57:ce:f8:91:3c:7e:40:61:23:11:78:c7:e3:d1:c4:
                    f2:2a:90:f9:bc:df:c9:6f:15:37:ee:b7:56:8f:9c:
                    05:9e:31:2b:00:18:9c:06:17:bb:7b:c1:7a:c9:84:
                    61:73:7b:c8:7f:92:bd:a7:f6:f1:fb:00:f1:5a:61:
                    d8:c3:a7:a7:65:a5:f0:20:73:c3:d9:9a:36:db:56:
                    fa:04:99:a4:3e:60:6c:fe:0e:f6:68:7a:a2:7e:22:
                    fc:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:45:E7:04:11:3B:95:48:98:BE:96:FB:3C:7E:F2:60:FE:0B:DC:6D
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/E0XnBBE7lUiYvpb7PH7yYP4L3G0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.219.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:e6:8b:d5:2a:aa:8d:51:0b:a7:f7:91:40:b7:d0:4e:ed:e4:
         93:b8:0c:38:b1:02:9c:ad:c5:9f:c5:90:16:fa:13:4a:d7:81:
         1b:94:c3:05:ae:26:d1:e8:7c:d0:a5:02:d1:28:7c:2b:38:70:
         ad:d4:01:54:25:1e:be:a7:10:b2:a0:97:14:4c:51:17:97:9f:
         e4:8f:22:81:1a:a6:c1:37:b6:ff:f7:81:a2:f9:63:fe:4b:31:
         62:e8:a8:13:b9:e2:96:56:d0:69:b6:b5:63:53:d7:1f:e5:e1:
         d0:65:47:84:c1:5e:b8:46:6e:41:64:51:6c:83:69:1b:8c:87:
         34:02:18:33:c7:a7:55:92:aa:eb:c2:48:bf:ea:9b:2a:c5:65:
         2e:c3:b5:0d:38:be:1b:bf:b0:8c:27:4b:7b:b5:43:e7:5a:d8:
         3f:3b:6b:ca:5e:db:bd:63:73:61:77:c1:d8:a6:b7:41:55:d8:
         78:e6:84:9c:f5:dc:a6:7d:cb:14:b3:7a:a1:c9:2a:20:cc:7b:
         21:be:9c:b5:43:d0:00:9f:dd:e5:51:f7:d1:85:c7:2f:09:cc:
         89:ab:1a:53:09:e7:cf:94:1f:05:7e:c5:c0:ea:64:41:d2:dc:
         14:11:af:15:23:e2:bc:c7:76:38:a2:f3:88:4d:e3:49:72:16:
         bf:72:a4:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxH8SvwHS4OBt4SeJB9fWWCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMjEwMTQyNTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzQ1ZTcwNDExM2I5NTQ4OThiZTk2ZmIzYzdlZjI2MGZlMGJkYzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01M8g8UHI4BRc1LMHeH/5zDuTA+L
g3PuV44XQcoyfLdZ64/phXAFORwXNKZrXS80pCzGBFv/Hu0+pvAL2YbgcR8m1mms
3eor6kJyImqqnEd94Npwt4G8g4WUwE+rSRH68d3QTsmmrd5EM/hNTD5M5A7cqbu0
VflPrK71QDlvJ5d/AIP/01kRtIaP/YOa3SlEYcT0dQdRaq06LUpD5HyVhXZj+sNX
zviRPH5AYSMReMfj0cTyKpD5vN/JbxU37rdWj5wFnjErABicBhe7e8F6yYRhc3vI
f5K9p/bx+wDxWmHYw6enZaXwIHPD2Zo221b6BJmkPmBs/g72aHqifiL8vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBNF5wQRO5VImL6W+zx+8mD+C9xtMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvRTBYbkJCRTdsVWlZdnBiN1BIN3lZUDRMM0cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstsAMA0G
CSqGSIb3DQEBCwUAA4IBAQAD5ovVKqqNUQun95FAt9BO7eSTuAw4sQKcrcWfxZAW
+hNK14EblMMFribR6HzQpQLRKHwrOHCt1AFUJR6+pxCyoJcUTFEXl5/kjyKBGqbB
N7b/94Gi+WP+SzFi6KgTueKWVtBptrVjU9cf5eHQZUeEwV64Rm5BZFFsg2kbjIc0
Ahgzx6dVkqrrwki/6psqxWUuw7UNOL4bv7CMJ0t7tUPnWtg/O2vKXtu9Y3Nhd8HY
prdBVdh45oSc9dymfcsUs3qhySogzHshvpy1Q9AAn93lUffRhccvCcyJqxpTCefP
lB8FfsXA6mRB0twUEa8VI+K8x3Y4ovOITeNJcha/cqRl
-----END CERTIFICATE-----