Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/EhpBhJARc4X2eG8NnhZ_KCq4Tqk.roa
File:                     EhpBhJARc4X2eG8NnhZ_KCq4Tqk.roa (raw, json)
Hash identifier:          S4p02xann0rC2wLhbi5Psq0nb1Jxkjtlkr7kCAMN7Kc=
Subject key identifier:   12:1A:41:84:90:11:73:85:F6:78:6F:0D:9E:16:7F:28:2A:B8:4E:A9
Certificate issuer:       /CN=93e272611139f15d037d7a4be545696cd2853867
Certificate serial:       019D3EEF3696FF1030B13E87ED2EDD0B676D
Authority key identifier: 93:E2:72:61:11:39:F1:5D:03:7D:7A:4B:E5:45:69:6C:D2:85:38:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/EhpBhJARc4X2eG8NnhZ_KCq4Tqk.roa
Signing time:             Mon 30 Mar 2026 13:29:17 +0000
ROA not before:           Mon 30 Mar 2026 13:29:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153771
IP address blocks:        209.248.0.0/20 maxlen: 24
                          209.248.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 04:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3e:ef:36:96:ff:10:30:b1:3e:87:ed:2e:dd:0b:67:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e272611139f15d037d7a4be545696cd2853867
        Validity
            Not Before: Mar 30 13:29:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=121a418490117385f6786f0d9e167f282ab84ea9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b9:22:0b:c4:a0:84:f3:67:e4:b8:7e:87:f2:
                    e2:c6:ca:4b:7c:32:22:58:5d:3e:37:89:e8:1b:cb:
                    a7:e9:c5:55:6a:37:04:cd:44:66:f9:8b:44:23:3d:
                    0d:35:85:80:c2:2a:e6:af:e8:4d:c2:fa:f6:8c:51:
                    6a:1c:24:8c:d9:04:3c:07:a2:6e:57:61:9e:ec:13:
                    04:1a:f3:ad:be:35:38:a5:ba:fd:41:12:28:c4:55:
                    d8:cb:1e:a0:96:cc:81:f3:d2:c8:1c:25:5f:46:74:
                    32:ff:0d:dc:58:c9:9c:16:5f:0c:8f:42:63:13:8b:
                    73:6f:b6:b9:02:06:5d:dc:5b:34:d9:7e:cb:64:83:
                    59:ff:65:65:56:33:32:b1:1c:04:aa:87:51:7d:1d:
                    8d:a5:8f:4d:2e:14:a1:c5:ab:8a:d9:2f:4f:e1:ae:
                    ca:e4:80:4b:6b:27:ea:58:0d:92:81:7f:4a:00:ef:
                    32:c0:0f:81:7d:88:79:14:34:33:16:2a:16:34:f1:
                    49:59:8c:de:7d:dd:14:be:73:03:6f:7c:e7:9c:33:
                    73:b3:56:36:c8:fd:e5:bb:b7:03:73:2f:da:ec:92:
                    e4:1d:eb:08:47:d0:f5:8c:b0:44:76:9f:21:32:ea:
                    3a:05:e5:5a:1f:8d:5f:12:0f:ab:6d:3e:73:bb:7d:
                    3a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:1A:41:84:90:11:73:85:F6:78:6F:0D:9E:16:7F:28:2A:B8:4E:A9
            X509v3 Authority Key Identifier:
                keyid:93:E2:72:61:11:39:F1:5D:03:7D:7A:4B:E5:45:69:6C:D2:85:38:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/EhpBhJARc4X2eG8NnhZ_KCq4Tqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.248.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         99:cb:e7:8c:7f:43:35:dd:dd:1c:c6:e7:fe:b0:68:7f:5b:38:
         91:06:79:b5:bf:44:48:bc:28:3d:d6:07:4e:ea:6d:bb:3c:2f:
         52:e7:2a:0f:6a:f7:f8:af:fd:16:c0:39:df:c1:c5:69:2b:76:
         49:c3:e3:e5:ad:bb:0e:7f:99:1e:1c:4a:86:83:27:ea:6e:3a:
         2c:15:e2:80:36:1c:3a:29:23:f4:1c:0c:e8:84:4d:5c:d1:2d:
         f2:a3:42:76:70:69:e9:bb:49:6c:ec:7f:ba:d0:9e:d9:97:ec:
         41:50:7d:64:51:3c:c1:59:2b:93:6e:e5:5a:bc:1f:78:67:fe:
         55:79:0c:3d:92:0f:85:29:4f:c7:4f:72:4f:34:c1:25:d2:a7:
         e7:ce:10:45:1e:b6:bd:dc:60:2a:92:74:4c:78:a7:3e:81:3d:
         12:d1:cd:ac:7a:52:ad:73:c2:41:27:2d:ea:33:85:83:95:1d:
         f7:d8:b0:3f:02:82:b5:a1:a1:04:81:4f:f2:52:07:9d:51:e8:
         4e:62:26:2f:e1:1c:d1:bb:19:d7:22:8f:8a:b3:29:27:44:97:
         e0:f6:20:63:38:e1:96:2c:b6:47:f4:e2:48:6a:2b:42:fe:cd:
         b5:c8:de:13:63:0f:2c:43:21:58:5d:44:d2:54:95:f0:4a:78:
         46:1f:a1:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0+7zaW/xAwsT6H7S7dC2dtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZTI3MjYxMTEzOWYxNWQwMzdkN2E0YmU1NDU2OTZjZDI4
NTM4NjcwHhcNMjYwMzMwMTMyOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjFhNDE4NDkwMTE3Mzg1ZjY3ODZmMGQ5ZTE2N2YyODJhYjg0ZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrkiC8SghPNn5Lh+h/LixspLfDIi
WF0+N4noG8un6cVVajcEzURm+YtEIz0NNYWAwirmr+hNwvr2jFFqHCSM2QQ8B6Ju
V2Ge7BMEGvOtvjU4pbr9QRIoxFXYyx6glsyB89LIHCVfRnQy/w3cWMmcFl8Mj0Jj
E4tzb7a5AgZd3Fs02X7LZINZ/2VlVjMysRwEqodRfR2NpY9NLhShxauK2S9P4a7K
5IBLayfqWA2SgX9KAO8ywA+BfYh5FDQzFioWNPFJWYzefd0UvnMDb3znnDNzs1Y2
yP3lu7cDcy/a7JLkHesIR9D1jLBEdp8hMuo6BeVaH41fEg+rbT5zu306QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBIaQYSQEXOF9nhvDZ4WfygquE6pMB8GA1UdIwQY
MBaAFJPicmEROfFdA316S+VFaWzShThnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1KeVlSRTU4VjBEZlhwTDVVVnBiTktGT0djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9kYjQyYWItNDljYy00MjdkLTg2Y2Et
NDdhMmMyNTBlNWFhLzEvRWhwQmhKQVJjNFgyZUc4Tm5oWl9LQ3E0VHFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9kYjQyYWItNDljYy00MjdkLTg2Y2EtNDdhMmMyNTBlNWFh
LzEvay1KeVlSRTU4VjBEZlhwTDVVVnBiTktGT0djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE0fgAMA0G
CSqGSIb3DQEBCwUAA4IBAQCZy+eMf0M13d0cxuf+sGh/WziRBnm1v0RIvCg91gdO
6m27PC9S5yoPavf4r/0WwDnfwcVpK3ZJw+PlrbsOf5keHEqGgyfqbjosFeKANhw6
KSP0HAzohE1c0S3yo0J2cGnpu0ls7H+60J7Zl+xBUH1kUTzBWSuTbuVavB94Z/5V
eQw9kg+FKU/HT3JPNMEl0qfnzhBFHra93GAqknRMeKc+gT0S0c2selKtc8JBJy3q
M4WDlR332LA/AoK1oaEEgU/yUgedUehOYiYv4RzRuxnXIo+KsyknRJfg9iBjOOGW
LLZH9OJIaitC/s21yN4TYw8sQyFYXUTSVJXwSnhGH6H4
-----END CERTIFICATE-----