Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/eEqpOTfkH43XkW9vFtQYjow3FAQ.roa
File:                     eEqpOTfkH43XkW9vFtQYjow3FAQ.roa (raw, json)
Hash identifier:          z6uWEfB9SBxX8coYZSU3iQ4VodJfVamDsW1Hlni+mmk=
Subject key identifier:   78:4A:A9:39:37:E4:1F:8D:D7:91:6F:6F:16:D4:18:8E:8C:37:14:04
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019D777B6BC2EB997BAF65D6BC69BCB054E9
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/eEqpOTfkH43XkW9vFtQYjow3FAQ.roa
Signing time:             Fri 10 Apr 2026 13:01:10 +0000
ROA not before:           Fri 10 Apr 2026 13:01:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51722
IP address blocks:        194.62.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:77:7b:6b:c2:eb:99:7b:af:65:d6:bc:69:bc:b0:54:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Apr 10 13:01:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=784aa93937e41f8dd7916f6f16d4188e8c371404
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:3b:96:e5:75:b3:20:d1:9e:4f:83:c7:68:e4:
                    88:b3:a4:49:99:ff:e7:d5:49:1c:7d:4c:ff:18:b8:
                    7a:cd:b2:66:37:1c:6f:be:5f:84:bd:88:48:f5:84:
                    c6:84:0e:65:5a:cb:1d:7f:09:be:a7:1b:42:08:c2:
                    38:3b:1b:99:e9:ad:d4:fc:3d:47:e9:f2:59:2e:7e:
                    44:c7:0e:1d:5f:cd:dc:fa:e5:0c:5c:91:89:f1:bf:
                    a4:d5:24:88:3a:2d:7f:0f:b6:ad:c9:75:48:47:59:
                    a0:d2:bd:52:d8:e7:79:6e:fe:76:ff:2d:8a:90:d5:
                    8f:63:67:a4:4a:8c:8c:06:9c:d4:49:e1:d8:1a:b5:
                    72:31:20:4e:98:18:aa:f4:ba:4f:57:ba:35:f0:de:
                    c0:52:f8:ff:fb:a4:29:22:4c:54:a2:e8:de:86:1d:
                    ae:3b:9f:a2:be:bb:9f:a0:a0:8d:df:a8:66:15:a8:
                    95:a9:7f:82:e4:06:5c:dc:cb:fc:be:f4:9d:f0:6a:
                    77:66:8a:83:48:c2:fb:70:3b:f2:bc:d7:ab:8a:73:
                    9c:75:72:8f:a4:10:5f:46:a5:59:1b:ff:a5:46:fa:
                    91:72:86:d9:49:35:a4:70:d4:2a:3a:55:e3:55:da:
                    36:4a:35:d7:2d:cc:f4:34:41:be:43:15:d9:fc:44:
                    29:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:4A:A9:39:37:E4:1F:8D:D7:91:6F:6F:16:D4:18:8E:8C:37:14:04
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/eEqpOTfkH43XkW9vFtQYjow3FAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:ad:ec:6c:6e:d0:19:30:d6:05:56:a2:5b:53:2f:bc:ed:cc:
         37:1d:ab:d7:69:97:b8:a5:e2:6c:c1:de:fa:ea:18:ac:cf:0c:
         85:41:43:c6:27:20:25:41:fc:db:63:5f:aa:0c:12:6e:91:7e:
         29:43:1a:65:6a:fc:a0:b4:54:63:3d:64:1b:21:bc:8b:b3:cc:
         80:c5:12:e9:d9:80:36:84:68:08:7c:8a:00:b0:e2:64:67:60:
         01:f5:29:43:b6:db:57:9a:2b:dd:08:ea:30:ae:49:b5:de:a6:
         2c:af:76:51:ae:c8:d7:f2:2c:c4:85:5a:04:3a:d3:23:99:ff:
         b6:04:97:07:88:2b:af:da:a1:f9:0d:df:9c:10:f5:47:6b:b5:
         e8:43:f8:02:dd:48:a7:33:db:2b:21:c2:33:71:9b:5b:05:20:
         9c:dc:e2:76:d9:87:e2:22:d9:e0:5a:77:7b:36:34:99:e6:85:
         ae:c2:78:21:6c:ef:d6:4e:58:5b:82:9d:b6:61:32:bd:b1:12:
         aa:76:11:0c:57:8f:6b:d5:9d:10:c2:b2:cf:6e:c8:b5:45:f0:
         09:28:9f:49:a8:07:1d:4e:d8:b0:16:aa:99:3c:0b:c5:d7:d5:
         9c:f1:4e:29:9b:a1:e4:43:80:f8:0c:68:49:98:45:cc:60:64:
         31:2e:f2:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ13e2vC65l7r2XWvGm8sFTpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwNDEwMTMwMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODRhYTkzOTM3ZTQxZjhkZDc5MTZmNmYxNmQ0MTg4ZThjMzcxNDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjuW5XWzINGeT4PHaOSIs6RJmf/n
1UkcfUz/GLh6zbJmNxxvvl+EvYhI9YTGhA5lWssdfwm+pxtCCMI4OxuZ6a3U/D1H
6fJZLn5Exw4dX83c+uUMXJGJ8b+k1SSIOi1/D7atyXVIR1mg0r1S2Od5bv52/y2K
kNWPY2ekSoyMBpzUSeHYGrVyMSBOmBiq9LpPV7o18N7AUvj/+6QpIkxUoujehh2u
O5+ivrufoKCN36hmFaiVqX+C5AZc3Mv8vvSd8Gp3ZoqDSML7cDvyvNerinOcdXKP
pBBfRqVZG/+lRvqRcobZSTWkcNQqOlXjVdo2SjXXLcz0NEG+QxXZ/EQp3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhKqTk35B+N15FvbxbUGI6MNxQEMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvZUVxcE9UZmtINDNYa1c5dkZ0UVlqb3czRkFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj42MA0G
CSqGSIb3DQEBCwUAA4IBAQB+rexsbtAZMNYFVqJbUy+87cw3HavXaZe4peJswd76
6hiszwyFQUPGJyAlQfzbY1+qDBJukX4pQxplavygtFRjPWQbIbyLs8yAxRLp2YA2
hGgIfIoAsOJkZ2AB9SlDtttXmivdCOowrkm13qYsr3ZRrsjX8izEhVoEOtMjmf+2
BJcHiCuv2qH5Dd+cEPVHa7XoQ/gC3UinM9srIcIzcZtbBSCc3OJ22YfiItngWnd7
NjSZ5oWuwnghbO/WTlhbgp22YTK9sRKqdhEMV49r1Z0QwrLPbsi1RfAJKJ9JqAcd
TtiwFqqZPAvF19Wc8U4pm6HkQ4D4DGhJmEXMYGQxLvJ+
-----END CERTIFICATE-----