Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/eFYkjuueS374d8jpHQ-eRsXYtoI.roa
File:                     eFYkjuueS374d8jpHQ-eRsXYtoI.roa (raw, json)
Hash identifier:          gwcFI/s7qhCO6ggsOku9CNe7VDcyLuX60cmBFUEOOW0=
Subject key identifier:   78:56:24:8E:EB:9E:4B:7E:F8:77:C8:E9:1D:0F:9E:46:C5:D8:B6:82
Certificate issuer:       /CN=321ec194107843848cd36330232b5f6a43791db4
Certificate serial:       019D4890DA2A3F0F399C8BF73D053E024FF4
Authority key identifier: 32:1E:C1:94:10:78:43:84:8C:D3:63:30:23:2B:5F:6A:43:79:1D:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mh7BlBB4Q4SM02MwIytfakN5HbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/eFYkjuueS374d8jpHQ-eRsXYtoI.roa
Signing time:             Wed 01 Apr 2026 10:22:25 +0000
ROA not before:           Wed 01 Apr 2026 10:22:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     138177
IP address blocks:        194.227.193.0/24 maxlen: 24
                          212.148.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/Mh7BlBB4Q4SM02MwIytfakN5HbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/Mh7BlBB4Q4SM02MwIytfakN5HbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mh7BlBB4Q4SM02MwIytfakN5HbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 21:23:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:48:90:da:2a:3f:0f:39:9c:8b:f7:3d:05:3e:02:4f:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=321ec194107843848cd36330232b5f6a43791db4
        Validity
            Not Before: Apr  1 10:22:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7856248eeb9e4b7ef877c8e91d0f9e46c5d8b682
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0c:58:97:11:0b:03:86:5e:fe:24:e8:02:d6:
                    5a:2e:32:bc:97:30:5c:5a:fc:38:8e:ab:69:48:f2:
                    70:da:c4:98:65:1e:ff:11:0a:01:e0:ca:d6:bf:b7:
                    bd:b9:13:88:5d:a5:8c:b9:55:65:0f:4a:e1:92:62:
                    4f:af:51:19:c0:c3:0b:d3:d3:5e:53:a9:a8:e5:8f:
                    5a:ae:0c:45:92:2f:36:e9:18:c4:d6:a9:d0:42:c4:
                    e4:88:7e:58:38:80:bf:8d:cf:8a:b5:06:6b:42:aa:
                    de:a5:88:cc:1c:78:69:a9:08:04:00:89:13:81:ac:
                    a5:30:e2:61:b8:1f:de:18:bb:90:10:90:f2:8a:43:
                    f5:d6:0f:9d:a4:8e:47:15:17:0d:ac:c8:77:00:b4:
                    74:df:a3:b5:3b:f3:46:25:56:80:de:b1:81:af:ac:
                    7e:d0:a5:70:43:c1:7c:a1:53:45:38:71:6f:97:2d:
                    d0:3e:6e:a5:6f:71:73:11:14:ee:26:96:f4:ee:83:
                    a7:95:97:55:0e:e3:27:3b:89:3b:19:d5:e3:6a:bb:
                    7e:dc:6b:c4:17:f4:8a:67:0b:5b:91:36:a8:fd:df:
                    a5:36:42:37:f7:dd:30:09:b4:4b:fb:c2:d2:9f:d5:
                    a6:2a:dd:5a:98:76:25:ec:25:ad:ad:b4:c4:5a:4c:
                    60:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:56:24:8E:EB:9E:4B:7E:F8:77:C8:E9:1D:0F:9E:46:C5:D8:B6:82
            X509v3 Authority Key Identifier:
                keyid:32:1E:C1:94:10:78:43:84:8C:D3:63:30:23:2B:5F:6A:43:79:1D:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mh7BlBB4Q4SM02MwIytfakN5HbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/eFYkjuueS374d8jpHQ-eRsXYtoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/Mh7BlBB4Q4SM02MwIytfakN5HbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.227.193.0/24
                  212.148.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:cb:2a:bc:6d:2f:51:dd:1a:4c:5e:ed:6b:7a:e7:11:6e:85:
         e9:4a:1f:76:f1:f6:2f:8c:de:b8:fb:55:01:d7:18:cb:f1:1f:
         57:b7:71:f0:df:9b:b9:f3:86:44:97:a3:cb:aa:d9:ce:35:12:
         ce:24:46:e9:49:2e:e6:42:9a:19:df:a5:60:58:3d:5d:1f:4b:
         e6:a7:8b:22:62:a7:4a:b5:6d:9c:76:2d:48:17:71:19:10:5e:
         f7:f9:b6:15:55:7f:d2:21:b7:27:7f:98:30:8d:20:a7:da:db:
         b9:0b:00:c0:0e:d2:a6:2b:55:d9:9a:72:d8:0a:8c:b4:19:22:
         07:17:23:d9:d4:47:ec:fa:89:11:00:fd:50:5c:09:d8:7a:15:
         1c:98:69:94:49:f4:13:2c:32:8f:4b:4a:1b:6e:02:4a:45:2e:
         70:0c:7d:2f:9a:a7:20:ae:f2:f4:76:fa:91:30:c6:3e:2d:af:
         c2:87:1c:59:47:d8:ea:5b:34:57:3f:fa:68:7f:2d:1a:36:b7:
         0b:ed:c5:3f:79:71:8d:fe:09:1f:32:21:fa:b7:d6:29:90:bc:
         0f:35:96:d1:d6:60:08:0e:26:25:9a:50:62:62:e0:1c:fe:c4:
         23:88:65:ef:ea:8e:82:8d:fd:cc:bd:21:30:9c:31:68:29:12:
         6c:b2:ba:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1IkNoqPw85nIv3PQU+Ak/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMWVjMTk0MTA3ODQzODQ4Y2QzNjMzMDIzMmI1ZjZhNDM3
OTFkYjQwHhcNMjYwNDAxMTAyMjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODU2MjQ4ZWViOWU0YjdlZjg3N2M4ZTkxZDBmOWU0NmM1ZDhiNjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwxYlxELA4Ze/iToAtZaLjK8lzBc
Wvw4jqtpSPJw2sSYZR7/EQoB4MrWv7e9uROIXaWMuVVlD0rhkmJPr1EZwMML09Ne
U6mo5Y9argxFki826RjE1qnQQsTkiH5YOIC/jc+KtQZrQqrepYjMHHhpqQgEAIkT
gaylMOJhuB/eGLuQEJDyikP11g+dpI5HFRcNrMh3ALR036O1O/NGJVaA3rGBr6x+
0KVwQ8F8oVNFOHFvly3QPm6lb3FzERTuJpb07oOnlZdVDuMnO4k7GdXjart+3GvE
F/SKZwtbkTao/d+lNkI3990wCbRL+8LSn9WmKt1amHYl7CWtrbTEWkxguwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHhWJI7rnkt++HfI6R0PnkbF2LaCMB8GA1UdIwQY
MBaAFDIewZQQeEOEjNNjMCMrX2pDeR20MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWg3QmxCQjRRNFNNMDJNd0l5dGZha041SGJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9mMTQ1OGYtYmRjMy00ZTRiLTlmNjgt
M2E2MTFjMDkzYTJjLzEvZUZZa2p1dWVTMzc0ZDhqcEhRLWVSc1hZdG9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9mMTQ1OGYtYmRjMy00ZTRiLTlmNjgtM2E2MTFjMDkzYTJj
LzEvTWg3QmxCQjRRNFNNMDJNd0l5dGZha041SGJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwuPBAwQA
1JTTMA0GCSqGSIb3DQEBCwUAA4IBAQB1yyq8bS9R3RpMXu1reucRboXpSh928fYv
jN64+1UB1xjL8R9Xt3Hw35u584ZEl6PLqtnONRLOJEbpSS7mQpoZ36VgWD1dH0vm
p4siYqdKtW2cdi1IF3EZEF73+bYVVX/SIbcnf5gwjSCn2tu5CwDADtKmK1XZmnLY
Coy0GSIHFyPZ1Efs+okRAP1QXAnYehUcmGmUSfQTLDKPS0obbgJKRS5wDH0vmqcg
rvL0dvqRMMY+La/ChxxZR9jqWzRXP/pofy0aNrcL7cU/eXGN/gkfMiH6t9YpkLwP
NZbR1mAIDiYlmlBiYuAc/sQjiGXv6o6Cjf3MvSEwnDFoKRJssrqb
-----END CERTIFICATE-----