Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/dac337-8079-43bf-9fe1-9e6772ed39a6/1/emrBWHMDQOVwYTsWct2B_yzAGwE.roa
File:                     emrBWHMDQOVwYTsWct2B_yzAGwE.roa (raw, json)
Hash identifier:          WQ3P9C8Hq6K845EddQOdbb1eJKe9f8hodDUHV6czfZw=
Subject key identifier:   7A:6A:C1:58:73:03:40:E5:70:61:3B:16:72:DD:81:FF:2C:C0:1B:01
Certificate issuer:       /CN=8693655326b0472c866c5c99302e2b2d78cbddf7
Certificate serial:       019B7C125899577562451F324664AF566062
Authority key identifier: 86:93:65:53:26:B0:47:2C:86:6C:5C:99:30:2E:2B:2D:78:CB:DD:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hpNlUyawRyyGbFyZMC4rLXjL3fc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/dac337-8079-43bf-9fe1-9e6772ed39a6/1/emrBWHMDQOVwYTsWct2B_yzAGwE.roa
Signing time:             Fri 02 Jan 2026 00:18:55 +0000
ROA not before:           Fri 02 Jan 2026 00:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15869
IP address blocks:        62.3.128.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/dac337-8079-43bf-9fe1-9e6772ed39a6/1/hpNlUyawRyyGbFyZMC4rLXjL3fc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/dac337-8079-43bf-9fe1-9e6772ed39a6/1/hpNlUyawRyyGbFyZMC4rLXjL3fc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hpNlUyawRyyGbFyZMC4rLXjL3fc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 21:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:58:99:57:75:62:45:1f:32:46:64:af:56:60:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8693655326b0472c866c5c99302e2b2d78cbddf7
        Validity
            Not Before: Jan  2 00:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a6ac158730340e570613b1672dd81ff2cc01b01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:70:84:a4:15:2a:96:a8:8c:91:5e:70:b3:64:
                    8e:8c:d3:97:f3:d0:ad:48:cd:4f:00:fb:5a:dd:e0:
                    4a:05:8a:18:63:24:da:3e:38:6d:86:b0:88:dd:81:
                    63:b9:6e:86:d4:6b:3d:86:7b:b5:99:7a:5e:ca:2d:
                    7e:d8:05:9a:4a:57:34:69:54:40:63:46:1e:94:1d:
                    cf:64:04:fa:08:ca:56:64:24:06:2b:67:81:a9:f4:
                    76:a5:51:37:c8:ae:cc:5c:44:23:be:fc:17:45:67:
                    f1:0e:60:e2:10:24:1e:36:14:28:17:2e:60:bb:59:
                    c9:e8:00:2d:0f:cc:fc:cc:d2:fe:e5:c6:8d:db:28:
                    71:15:84:a4:d9:b8:6c:62:bb:0c:c9:37:07:3d:66:
                    b9:37:3c:ff:31:37:10:c2:fe:a6:25:11:bd:c2:79:
                    43:18:8b:32:cd:a3:e8:b2:d7:c8:25:30:d4:36:d9:
                    5a:5f:62:7e:16:14:e9:23:36:2a:53:2f:9a:5e:29:
                    03:38:19:a6:e6:09:1e:27:70:37:ca:df:23:39:b7:
                    f7:a9:39:ac:79:51:06:ab:ac:6b:23:7e:42:79:28:
                    20:aa:a4:76:5a:15:54:6e:52:45:ee:92:eb:23:63:
                    fb:5f:8d:82:c8:ee:20:94:a7:a2:eb:51:a1:c2:7e:
                    7f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:6A:C1:58:73:03:40:E5:70:61:3B:16:72:DD:81:FF:2C:C0:1B:01
            X509v3 Authority Key Identifier:
                keyid:86:93:65:53:26:B0:47:2C:86:6C:5C:99:30:2E:2B:2D:78:CB:DD:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hpNlUyawRyyGbFyZMC4rLXjL3fc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/dac337-8079-43bf-9fe1-9e6772ed39a6/1/emrBWHMDQOVwYTsWct2B_yzAGwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/dac337-8079-43bf-9fe1-9e6772ed39a6/1/hpNlUyawRyyGbFyZMC4rLXjL3fc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         87:72:34:22:00:35:f3:27:44:f7:f8:5c:e3:3b:d8:89:e3:5a:
         07:46:d9:99:0d:c0:eb:0f:36:36:05:f0:47:ad:81:0d:e8:63:
         90:3a:db:84:d1:e5:84:67:b0:93:61:58:5b:c6:d1:2d:bb:1c:
         03:09:de:37:f9:27:02:24:a0:22:63:1b:8c:f9:49:50:40:df:
         53:28:bb:49:fa:64:c4:c1:99:c5:40:89:d2:a4:cc:a6:2e:7f:
         c0:2c:5b:f4:0e:fe:fc:44:f5:38:a9:41:88:8f:48:c2:81:5b:
         da:ae:43:fd:fb:e9:52:94:13:c6:7a:34:6d:24:a0:62:51:de:
         df:94:03:38:a1:d6:f2:21:c3:b3:4e:46:75:e5:18:86:40:ca:
         45:9d:51:18:7f:31:8d:43:a0:2a:0f:cd:81:cb:49:66:7f:0a:
         fc:ec:c2:19:83:bf:74:f5:de:2c:99:f3:c5:42:8a:7b:3e:fc:
         3b:93:47:0c:e0:cc:5f:c8:58:60:d4:3a:90:51:bc:55:22:05:
         98:70:e6:50:59:06:a4:47:58:60:a8:ec:6c:c5:ca:fc:c2:07:
         2b:59:a3:ec:d3:8e:ff:df:08:de:53:e0:37:9b:23:32:e6:33:
         1d:81:ee:a6:15:f0:6c:c8:36:b8:cb:02:82:90:ad:59:6e:32:
         06:fe:77:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EliZV3ViRR8yRmSvVmBiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2OTM2NTUzMjZiMDQ3MmM4NjZjNWM5OTMwMmUyYjJkNzhj
YmRkZjcwHhcNMjYwMTAyMDAxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTZhYzE1ODczMDM0MGU1NzA2MTNiMTY3MmRkODFmZjJjYzAxYjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHCEpBUqlqiMkV5ws2SOjNOX89Ct
SM1PAPta3eBKBYoYYyTaPjhthrCI3YFjuW6G1Gs9hnu1mXpeyi1+2AWaSlc0aVRA
Y0YelB3PZAT6CMpWZCQGK2eBqfR2pVE3yK7MXEQjvvwXRWfxDmDiECQeNhQoFy5g
u1nJ6AAtD8z8zNL+5caN2yhxFYSk2bhsYrsMyTcHPWa5Nzz/MTcQwv6mJRG9wnlD
GIsyzaPostfIJTDUNtlaX2J+FhTpIzYqUy+aXikDOBmm5gkeJ3A3yt8jObf3qTms
eVEGq6xrI35CeSggqqR2WhVUblJF7pLrI2P7X42CyO4glKei61Ghwn5/SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHpqwVhzA0DlcGE7FnLdgf8swBsBMB8GA1UdIwQY
MBaAFIaTZVMmsEcshmxcmTAuKy14y933MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHBObFV5YXdSeXlHYkZ5Wk1DNHJMWGpMM2ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9kYWMzMzctODA3OS00M2JmLTlmZTEt
OWU2NzcyZWQzOWE2LzEvZW1yQldITURRT1Z3WVRzV2N0MkJfeXpBR3dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9kYWMzMzctODA3OS00M2JmLTlmZTEtOWU2NzcyZWQzOWE2
LzEvaHBObFV5YXdSeXlHYkZ5Wk1DNHJMWGpMM2ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPgOAMA0G
CSqGSIb3DQEBCwUAA4IBAQCHcjQiADXzJ0T3+FzjO9iJ41oHRtmZDcDrDzY2BfBH
rYEN6GOQOtuE0eWEZ7CTYVhbxtEtuxwDCd43+ScCJKAiYxuM+UlQQN9TKLtJ+mTE
wZnFQInSpMymLn/ALFv0Dv78RPU4qUGIj0jCgVvarkP9++lSlBPGejRtJKBiUd7f
lAM4odbyIcOzTkZ15RiGQMpFnVEYfzGNQ6AqD82By0lmfwr87MIZg7909d4smfPF
Qop7Pvw7k0cM4MxfyFhg1DqQUbxVIgWYcOZQWQakR1hgqOxsxcr8wgcrWaPs047/
3wjeU+A3myMy5jMdge6mFfBsyDa4ywKCkK1ZbjIG/nda
-----END CERTIFICATE-----