Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/ecc102-ad7e-4101-a727-58018a03330a/1/EXfBcBM7uA8bBSr72NlYucOvfhM.roa
File:                     EXfBcBM7uA8bBSr72NlYucOvfhM.roa (raw, json)
Hash identifier:          oLqWHUAW+al/Mt/NTfMz7OcTXKmFCSYo9Jv88gAzIcg=
Subject key identifier:   11:77:C1:70:13:3B:B8:0F:1B:05:2A:FB:D8:D9:58:B9:C3:AF:7E:13
Certificate issuer:       /CN=1ab8f8fbea49baf59fcec22e48a9fe2157d86483
Certificate serial:       019A4119B09496A0FC220E9DB9BD52315DC1
Authority key identifier: 1A:B8:F8:FB:EA:49:BA:F5:9F:CE:C2:2E:48:A9:FE:21:57:D8:64:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Grj4--pJuvWfzsIuSKn-IVfYZIM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/ecc102-ad7e-4101-a727-58018a03330a/1/EXfBcBM7uA8bBSr72NlYucOvfhM.roa
Signing time:             Sat 01 Nov 2025 20:26:33 +0000
ROA not before:           Sat 01 Nov 2025 20:26:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31898
IP address blocks:        193.104.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/ecc102-ad7e-4101-a727-58018a03330a/1/Grj4--pJuvWfzsIuSKn-IVfYZIM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/ecc102-ad7e-4101-a727-58018a03330a/1/Grj4--pJuvWfzsIuSKn-IVfYZIM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Grj4--pJuvWfzsIuSKn-IVfYZIM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 21:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:41:19:b0:94:96:a0:fc:22:0e:9d:b9:bd:52:31:5d:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ab8f8fbea49baf59fcec22e48a9fe2157d86483
        Validity
            Not Before: Nov  1 20:26:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1177c170133bb80f1b052afbd8d958b9c3af7e13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c5:2e:14:51:37:23:c2:9c:b1:e7:78:f9:fd:
                    69:ce:66:64:44:f9:b7:f9:6f:f9:b9:4d:77:d0:13:
                    0f:c9:e1:08:66:81:a8:c2:e9:ee:e4:26:8a:93:4c:
                    a4:59:4f:a2:4a:66:1d:d4:d5:7d:50:84:56:1d:a6:
                    05:61:fe:5d:f1:3a:68:51:25:2f:00:e9:a3:06:ea:
                    2c:c8:2e:49:72:0e:d9:1a:c1:c8:30:e2:93:ef:48:
                    be:88:f8:69:00:9e:4b:45:af:4b:02:8c:bc:4f:c2:
                    c8:72:89:de:31:4a:90:97:fe:76:3e:6f:ac:ab:e0:
                    e1:81:70:22:1e:82:b5:15:d7:bf:c1:27:66:86:73:
                    29:9d:60:34:7f:ec:a4:69:30:1b:ad:d3:08:69:fa:
                    fc:2c:be:34:35:56:c4:c2:c7:13:f2:9d:b9:6e:2e:
                    c2:1f:87:39:fc:e4:f0:cc:03:de:d6:4d:4c:38:36:
                    0a:ac:50:b6:11:9f:d4:c8:16:8f:0d:5f:b8:16:ea:
                    88:03:28:d0:62:88:03:e8:de:b4:35:55:63:40:50:
                    67:58:46:5e:fd:ad:6e:f3:e0:9d:47:41:71:b9:1a:
                    93:bf:4e:79:fb:bc:fb:65:55:42:18:e8:f6:d6:e7:
                    8c:14:c9:b1:07:16:6a:3a:04:01:5d:bc:5e:01:17:
                    68:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:77:C1:70:13:3B:B8:0F:1B:05:2A:FB:D8:D9:58:B9:C3:AF:7E:13
            X509v3 Authority Key Identifier:
                keyid:1A:B8:F8:FB:EA:49:BA:F5:9F:CE:C2:2E:48:A9:FE:21:57:D8:64:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Grj4--pJuvWfzsIuSKn-IVfYZIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/ecc102-ad7e-4101-a727-58018a03330a/1/EXfBcBM7uA8bBSr72NlYucOvfhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/ecc102-ad7e-4101-a727-58018a03330a/1/Grj4--pJuvWfzsIuSKn-IVfYZIM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:87:ee:1d:6e:e3:fb:9b:58:cc:34:7a:2a:be:3b:68:b8:dc:
         1b:ab:06:b0:4e:4b:eb:68:eb:c8:2d:9e:56:16:30:02:53:82:
         00:41:8c:4d:ae:de:e3:9f:1a:40:36:92:f2:50:da:bb:ba:a6:
         17:8c:f1:fc:35:78:61:15:56:98:fa:0b:e4:bf:a2:c0:74:1e:
         a7:27:9a:25:ee:96:82:cc:1c:0f:88:4a:a4:29:29:65:d4:85:
         93:4e:16:ba:0a:37:03:b8:4e:d9:42:b4:4e:f8:fa:49:45:b5:
         6e:a1:be:ef:c2:40:95:85:e1:41:79:08:ff:9d:70:f1:46:4f:
         f0:be:e5:29:ab:82:99:a0:f2:01:76:8f:17:17:b1:90:04:4f:
         f7:18:97:e9:e1:be:73:7b:28:5f:73:d4:d0:69:ec:53:0b:37:
         da:9f:30:23:1b:31:75:6a:c3:db:e4:0d:6c:6c:90:8e:6c:f1:
         1d:95:7d:cd:10:b4:78:d4:ff:f9:6a:23:97:6c:2c:f8:fa:33:
         63:b3:6b:90:31:85:a0:aa:df:89:5b:89:dd:cb:fa:3b:26:fe:
         af:d4:cd:0b:80:a5:31:18:3b:68:e6:86:5c:9d:51:6a:2a:1a:
         bb:9f:be:d3:7d:30:0f:37:8d:9d:c1:f8:97:72:f5:49:fe:93:
         07:19:51:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpBGbCUlqD8Ig6dub1SMV3BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhYjhmOGZiZWE0OWJhZjU5ZmNlYzIyZTQ4YTlmZTIxNTdk
ODY0ODMwHhcNMjUxMTAxMjAyNjMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTc3YzE3MDEzM2JiODBmMWIwNTJhZmJkOGQ5NThiOWMzYWY3ZTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMUuFFE3I8Kcsed4+f1pzmZkRPm3
+W/5uU130BMPyeEIZoGowunu5CaKk0ykWU+iSmYd1NV9UIRWHaYFYf5d8TpoUSUv
AOmjBuosyC5Jcg7ZGsHIMOKT70i+iPhpAJ5LRa9LAoy8T8LIconeMUqQl/52Pm+s
q+DhgXAiHoK1Fde/wSdmhnMpnWA0f+ykaTAbrdMIafr8LL40NVbEwscT8p25bi7C
H4c5/OTwzAPe1k1MODYKrFC2EZ/UyBaPDV+4FuqIAyjQYogD6N60NVVjQFBnWEZe
/a1u8+CdR0FxuRqTv055+7z7ZVVCGOj21ueMFMmxBxZqOgQBXbxeARdoUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBF3wXATO7gPGwUq+9jZWLnDr34TMB8GA1UdIwQY
MBaAFBq4+PvqSbr1n87CLkip/iFX2GSDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3JqNC0tcEp1dldmenNJdVNLbi1JVmZZWklNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9lY2MxMDItYWQ3ZS00MTAxLWE3Mjct
NTgwMThhMDMzMzBhLzEvRVhmQmNCTTd1QThiQlNyNzJObFl1Y092ZmhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9lY2MxMDItYWQ3ZS00MTAxLWE3MjctNTgwMThhMDMzMzBh
LzEvR3JqNC0tcEp1dldmenNJdVNLbi1JVmZZWklNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWipMA0G
CSqGSIb3DQEBCwUAA4IBAQAPh+4dbuP7m1jMNHoqvjtouNwbqwawTkvraOvILZ5W
FjACU4IAQYxNrt7jnxpANpLyUNq7uqYXjPH8NXhhFVaY+gvkv6LAdB6nJ5ol7paC
zBwPiEqkKSll1IWTTha6CjcDuE7ZQrRO+PpJRbVuob7vwkCVheFBeQj/nXDxRk/w
vuUpq4KZoPIBdo8XF7GQBE/3GJfp4b5zeyhfc9TQaexTCzfanzAjGzF1asPb5A1s
bJCObPEdlX3NELR41P/5aiOXbCz4+jNjs2uQMYWgqt+JW4ndy/o7Jv6v1M0LgKUx
GDto5oZcnVFqKhq7n77TfTAPN42dwfiXcvVJ/pMHGVEn
-----END CERTIFICATE-----