Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/Eby2JX-spHJnnrr-91zq8KO_xJU.roa
File:                     Eby2JX-spHJnnrr-91zq8KO_xJU.roa (raw, json)
Hash identifier:          ntoCTMgHP2rrhDBBZlOV2jDL++zWYYdQq5MWuiBtZuU=
Subject key identifier:   11:BC:B6:25:7F:AC:A4:72:67:9E:BA:FE:F7:5C:EA:F0:A3:BF:C4:95
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       019E966BD611A3652C80A3AE830C9DDD9380
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/Eby2JX-spHJnnrr-91zq8KO_xJU.roa
Signing time:             Fri 05 Jun 2026 06:15:10 +0000
ROA not before:           Fri 05 Jun 2026 06:15:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207359
IP address blocks:        80.71.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:96:6b:d6:11:a3:65:2c:80:a3:ae:83:0c:9d:dd:93:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jun  5 06:15:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=11bcb6257faca472679ebafef75ceaf0a3bfc495
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:84:e6:a5:09:2f:df:b7:ec:68:d8:48:d5:86:
                    2f:a9:81:3b:3f:67:f9:e1:f8:39:82:2b:3a:00:d8:
                    16:fd:53:96:f5:d7:1e:d8:06:5f:2b:63:3d:07:97:
                    5b:55:c3:b4:b2:e6:f2:82:21:e0:1f:4a:cb:5f:51:
                    9d:d4:24:95:c8:65:96:bb:c0:54:c6:fe:51:f7:dd:
                    56:82:da:7c:3f:c1:99:3e:65:c5:ae:32:c2:87:70:
                    8d:12:8c:dd:bb:a6:bd:c2:2f:92:8c:69:7c:ac:ef:
                    1a:47:92:a5:66:4b:c5:4e:86:9b:85:b9:20:cc:c4:
                    e3:b3:93:03:c0:72:62:79:5e:e8:77:dc:e7:35:84:
                    17:f8:2c:ee:62:de:e4:8c:75:90:c4:2d:19:18:aa:
                    4d:77:71:14:60:d3:21:06:40:cc:96:90:4e:26:52:
                    dc:99:24:13:d0:0c:b5:bf:57:31:38:c8:28:49:8a:
                    a5:bb:a5:74:d1:1f:20:ff:06:d1:43:12:55:3c:5d:
                    49:88:35:77:1f:60:9e:1c:2f:4c:f3:e2:da:60:1c:
                    b1:06:e1:0a:9f:db:99:d8:c2:84:7d:42:18:65:39:
                    e3:8a:8a:28:e4:1d:a2:e5:64:ae:a2:fe:ca:3d:7d:
                    e7:48:70:e2:d8:01:15:1b:94:75:13:1e:20:cc:10:
                    d9:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:BC:B6:25:7F:AC:A4:72:67:9E:BA:FE:F7:5C:EA:F0:A3:BF:C4:95
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/Eby2JX-spHJnnrr-91zq8KO_xJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:62:c7:07:09:87:a0:cb:0e:48:1f:cc:a6:7c:51:27:cb:5b:
         5f:9f:3e:d2:6b:bb:d4:a9:15:a3:1a:c8:a6:6f:a5:09:49:5c:
         4b:fc:af:cd:de:73:98:ce:39:a2:a8:7a:f3:c4:c8:eb:8a:3d:
         91:79:7d:b5:ca:22:05:fa:2a:67:5a:ff:c2:9f:e5:10:44:eb:
         da:9f:1a:84:32:e1:7e:52:25:9b:7b:3f:3a:f9:4b:2a:0b:f0:
         f2:ae:98:7c:f9:18:f0:c7:d9:db:e7:e8:f3:a6:33:e5:25:57:
         a1:ae:3d:58:c5:94:98:c2:a8:02:bb:48:8a:08:a0:19:0d:a3:
         94:c3:23:c7:75:8e:67:ea:f5:a5:da:c7:36:30:ff:50:1d:3d:
         ae:22:1c:86:46:e7:b4:92:f2:2a:03:a8:5a:1a:9f:dc:19:8f:
         71:1f:96:38:e7:b8:1d:3f:8d:ee:b7:35:96:f4:1e:f3:30:48:
         88:98:87:2b:4b:e7:78:bc:42:16:8d:de:0f:d1:1d:04:e6:87:
         d2:88:2c:4e:52:aa:1b:1a:b1:5b:34:74:c5:cf:b6:d4:01:d6:
         4c:4e:ce:5a:89:92:01:2b:74:72:d7:30:88:8b:a9:34:e6:13:
         33:69:cb:e1:4c:1c:08:73:c6:e5:fb:51:46:c2:20:2e:08:4d:
         28:d3:13:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6Wa9YRo2UsgKOugwyd3ZOAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjYwNjA1MDYxNTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWJjYjYyNTdmYWNhNDcyNjc5ZWJhZmVmNzVjZWFmMGEzYmZjNDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3YTmpQkv37fsaNhI1YYvqYE7P2f5
4fg5gis6ANgW/VOW9dce2AZfK2M9B5dbVcO0subygiHgH0rLX1Gd1CSVyGWWu8BU
xv5R991Wgtp8P8GZPmXFrjLCh3CNEozdu6a9wi+SjGl8rO8aR5KlZkvFToabhbkg
zMTjs5MDwHJieV7od9znNYQX+CzuYt7kjHWQxC0ZGKpNd3EUYNMhBkDMlpBOJlLc
mSQT0Ay1v1cxOMgoSYqlu6V00R8g/wbRQxJVPF1JiDV3H2CeHC9M8+LaYByxBuEK
n9uZ2MKEfUIYZTnjiooo5B2i5WSuov7KPX3nSHDi2AEVG5R1Ex4gzBDZTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBG8tiV/rKRyZ566/vdc6vCjv8SVMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvRWJ5MkpYLXNwSEpubnJyLTkxenE4S09feEpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEfkMA0G
CSqGSIb3DQEBCwUAA4IBAQAYYscHCYegyw5IH8ymfFEny1tfnz7Sa7vUqRWjGsim
b6UJSVxL/K/N3nOYzjmiqHrzxMjrij2ReX21yiIF+ipnWv/Cn+UQROvanxqEMuF+
UiWbez86+UsqC/Dyrph8+Rjwx9nb5+jzpjPlJVehrj1YxZSYwqgCu0iKCKAZDaOU
wyPHdY5n6vWl2sc2MP9QHT2uIhyGRue0kvIqA6haGp/cGY9xH5Y457gdP43utzWW
9B7zMEiImIcrS+d4vEIWjd4P0R0E5ofSiCxOUqobGrFbNHTFz7bUAdZMTs5aiZIB
K3Ry1zCIi6k05hMzacvhTBwIc8bl+1FGwiAuCE0o0xP4
-----END CERTIFICATE-----