Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/enxTzFej_VM5W5Dw0Es6X95-gAk.roa
File:                     enxTzFej_VM5W5Dw0Es6X95-gAk.roa (raw, json)
Hash identifier:          RxoH3G+rhQaosBE7eBPoyJJa7t852ydU0a8HmQE7ogI=
Subject key identifier:   7A:7C:53:CC:57:A3:FD:53:39:5B:90:F0:D0:4B:3A:5F:DE:7E:80:09
Certificate issuer:       /CN=1c4e6a1d3cc1e4f3dc01ab96c94196b9c49d2916
Certificate serial:       019EB69E5A04038DD5F7985BCB34349CCA08
Authority key identifier: 1C:4E:6A:1D:3C:C1:E4:F3:DC:01:AB:96:C9:41:96:B9:C4:9D:29:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/enxTzFej_VM5W5Dw0Es6X95-gAk.roa
Signing time:             Thu 11 Jun 2026 12:18:11 +0000
ROA not before:           Thu 11 Jun 2026 12:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        194.88.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b6:9e:5a:04:03:8d:d5:f7:98:5b:cb:34:34:9c:ca:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c4e6a1d3cc1e4f3dc01ab96c94196b9c49d2916
        Validity
            Not Before: Jun 11 12:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a7c53cc57a3fd53395b90f0d04b3a5fde7e8009
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:cb:7b:ea:fe:00:2d:88:6a:86:4c:e3:5d:dc:
                    da:a8:12:9d:9e:50:05:5a:9f:83:0d:2c:83:b0:c9:
                    ba:3f:20:d4:d3:88:2a:78:fa:07:37:7b:1f:d4:aa:
                    3c:4e:a1:c6:be:92:b0:df:61:a2:7a:ee:d4:6e:41:
                    8b:b8:ef:d6:0d:db:6f:7b:46:af:d7:c7:92:cc:c2:
                    8f:23:e0:63:4a:b0:0e:db:41:dc:5e:ee:2d:5b:f8:
                    ec:00:fd:1c:f4:18:31:d9:52:68:ca:0d:c6:01:57:
                    6a:78:c5:7b:1a:ef:39:5c:85:a3:03:96:6e:c5:a0:
                    87:37:77:9a:99:a1:89:e6:a0:4d:67:3d:43:91:5f:
                    99:4e:ec:e4:34:ce:41:56:63:93:36:82:e3:7a:a0:
                    98:33:f0:88:11:d2:de:b4:c7:cc:37:1b:0d:62:19:
                    00:f6:ad:b3:22:d7:d1:08:d3:04:ec:d1:cb:a5:34:
                    fb:df:66:bd:c7:b1:76:05:3e:8a:35:48:4f:c5:39:
                    e9:f1:09:d3:2f:12:e1:16:8c:c3:74:e2:06:e7:23:
                    a2:ad:3e:64:62:af:48:fd:1d:d4:50:61:88:b0:e0:
                    b9:62:d4:d5:63:56:14:68:ad:b0:9a:c0:2b:bf:9b:
                    29:0b:c9:ba:f8:df:27:a5:2b:c1:c5:53:30:9d:e6:
                    aa:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:7C:53:CC:57:A3:FD:53:39:5B:90:F0:D0:4B:3A:5F:DE:7E:80:09
            X509v3 Authority Key Identifier:
                keyid:1C:4E:6A:1D:3C:C1:E4:F3:DC:01:AB:96:C9:41:96:B9:C4:9D:29:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/enxTzFej_VM5W5Dw0Es6X95-gAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:8e:a7:3b:a1:e5:22:64:aa:47:d3:94:92:a3:7a:a5:5c:7e:
         53:44:65:59:3a:a8:fe:de:fd:67:da:88:10:65:70:2d:26:e2:
         4f:9b:1e:44:dd:b6:98:0d:e5:d6:8c:1c:36:c0:8b:b0:1c:6f:
         92:e4:0f:e6:df:d8:da:69:cc:9c:d1:c2:c7:81:18:8e:54:77:
         28:cd:75:a9:5b:f9:86:2a:4b:15:d7:c5:3e:06:c4:92:fe:00:
         9f:e6:d3:e9:df:7e:89:5d:22:d6:94:c7:e5:aa:2c:39:e1:49:
         54:8a:42:ba:21:53:c0:b4:95:f5:2a:7b:85:91:08:36:94:06:
         4f:85:a3:f4:34:c9:b4:80:4c:42:26:f7:e1:0a:1f:67:ef:5a:
         b4:cc:b7:7a:81:53:80:b3:d4:1c:36:eb:ab:5e:df:49:ed:24:
         3a:10:ba:a6:f9:0b:92:1f:2d:43:ee:57:dd:96:71:6e:16:a3:
         7a:74:6f:2c:3c:0d:e7:ac:1c:ec:62:d0:98:5e:b1:b0:f8:70:
         a8:ec:1c:12:0a:5d:e6:2d:5b:9f:62:f9:fb:23:9b:48:43:ae:
         df:94:f9:24:84:32:96:48:2f:fe:da:3a:44:2b:6d:64:a8:05:
         51:62:87:a8:eb:44:0a:22:a2:06:50:2f:2a:ec:be:50:09:21:
         d8:bc:97:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ62nloEA43V95hbyzQ0nMoIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNGU2YTFkM2NjMWU0ZjNkYzAxYWI5NmM5NDE5NmI5YzQ5
ZDI5MTYwHhcNMjYwNjExMTIxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTdjNTNjYzU3YTNmZDUzMzk1YjkwZjBkMDRiM2E1ZmRlN2U4MDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8t76v4ALYhqhkzjXdzaqBKdnlAF
Wp+DDSyDsMm6PyDU04gqePoHN3sf1Ko8TqHGvpKw32Gieu7UbkGLuO/WDdtve0av
18eSzMKPI+BjSrAO20HcXu4tW/jsAP0c9Bgx2VJoyg3GAVdqeMV7Gu85XIWjA5Zu
xaCHN3eamaGJ5qBNZz1DkV+ZTuzkNM5BVmOTNoLjeqCYM/CIEdLetMfMNxsNYhkA
9q2zItfRCNME7NHLpTT732a9x7F2BT6KNUhPxTnp8QnTLxLhFozDdOIG5yOirT5k
Yq9I/R3UUGGIsOC5YtTVY1YUaK2wmsArv5spC8m6+N8npSvBxVMwneaq8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHp8U8xXo/1TOVuQ8NBLOl/efoAJMB8GA1UdIwQY
MBaAFBxOah08weTz3AGrlslBlrnEnSkWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEU1cUhUekI1UFBjQWF1V3lVR1d1Y1NkS1JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi85NmIxMTctZmQzYi00Zjc0LWIzYmYt
MWE0MmY2MzJjMzA3LzEvZW54VHpGZWpfVk01VzVEdzBFczZYOTUtZ0FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi85NmIxMTctZmQzYi00Zjc0LWIzYmYtMWE0MmY2MzJjMzA3
LzEvSEU1cUhUekI1UFBjQWF1V3lVR1d1Y1NkS1JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwljoMA0G
CSqGSIb3DQEBCwUAA4IBAQDCjqc7oeUiZKpH05SSo3qlXH5TRGVZOqj+3v1n2ogQ
ZXAtJuJPmx5E3baYDeXWjBw2wIuwHG+S5A/m39jaacyc0cLHgRiOVHcozXWpW/mG
KksV18U+BsSS/gCf5tPp336JXSLWlMflqiw54UlUikK6IVPAtJX1KnuFkQg2lAZP
haP0NMm0gExCJvfhCh9n71q0zLd6gVOAs9QcNuurXt9J7SQ6ELqm+QuSHy1D7lfd
lnFuFqN6dG8sPA3nrBzsYtCYXrGw+HCo7BwSCl3mLVufYvn7I5tIQ67flPkkhDKW
SC/+2jpEK21kqAVRYoeo60QKIqIGUC8q7L5QCSHYvJfq
-----END CERTIFICATE-----