Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/EcVCYTCFbfuctisOnGpTpzze87E.roa
File:                     EcVCYTCFbfuctisOnGpTpzze87E.roa (raw, json)
Hash identifier:          AvUy4CNenHZ3+B409HhzJ1fMxMdjTbDHUphzokd1e30=
Subject key identifier:   11:C5:42:61:30:85:6D:FB:9C:B6:2B:0E:9C:6A:53:A7:3C:DE:F3:B1
Certificate issuer:       /CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
Certificate serial:       019EA609F1F9DE2BCC80C8AB9408FC649BCF
Authority key identifier: 05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/EcVCYTCFbfuctisOnGpTpzze87E.roa
Signing time:             Mon 08 Jun 2026 07:02:10 +0000
ROA not before:           Mon 08 Jun 2026 07:02:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154383
IP address blocks:        89.167.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 23:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a6:09:f1:f9:de:2b:cc:80:c8:ab:94:08:fc:64:9b:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f3e160172ecc75c8cab1bae271be3ebf407a80
        Validity
            Not Before: Jun  8 07:02:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=11c5426130856dfb9cb62b0e9c6a53a73cdef3b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:08:68:28:57:e5:ce:01:8d:a6:64:2a:77:8d:
                    bc:fd:05:a9:ce:53:c5:61:3d:b3:0f:b2:c8:9b:7a:
                    a9:eb:f1:57:07:96:0b:ad:fc:6e:44:6b:73:79:d2:
                    95:11:ac:2d:7a:1a:2a:6b:d6:93:2a:43:ca:a1:a7:
                    86:13:61:ef:c2:db:1c:2b:cb:36:30:f2:b8:9c:f0:
                    60:00:5d:b6:46:ef:97:fc:72:86:5f:c2:75:05:97:
                    e5:95:5d:7d:81:0a:78:c5:c3:71:1a:c1:17:70:01:
                    22:bd:2e:df:d4:1f:ff:e8:7c:57:be:69:5e:68:2a:
                    0e:82:49:7a:71:7e:05:c3:11:4c:0a:9f:a6:72:27:
                    f3:42:55:26:38:30:0a:02:dc:f5:88:99:83:c5:79:
                    ec:ae:2e:d0:af:5a:d9:8f:c1:e8:f6:ea:fd:ea:d5:
                    5d:98:78:fc:07:76:f8:1d:4b:e4:dc:84:7a:3a:ab:
                    90:82:c6:3b:c9:b9:8d:bd:32:3a:05:67:82:fe:7a:
                    cd:07:6f:d1:58:c4:57:52:8e:52:76:07:62:b4:b1:
                    16:e4:0b:70:b9:0c:9d:38:6f:01:c9:15:1b:00:0f:
                    55:f1:08:9d:40:8f:21:fc:d7:93:de:8c:48:b0:85:
                    c7:91:dc:39:d1:a8:96:fe:f1:b2:88:93:5a:6a:4c:
                    17:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:C5:42:61:30:85:6D:FB:9C:B6:2B:0E:9C:6A:53:A7:3C:DE:F3:B1
            X509v3 Authority Key Identifier:
                keyid:05:F3:E1:60:17:2E:CC:75:C8:CA:B1:BA:E2:71:BE:3E:BF:40:7A:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfPhYBcuzHXIyrG64nG-Pr9AeoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/EcVCYTCFbfuctisOnGpTpzze87E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/aa8b46-9645-4620-8479-5d560989cf7b/1/BfPhYBcuzHXIyrG64nG-Pr9AeoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.167.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:1f:c9:ef:c0:42:5d:be:8f:06:b1:b9:3a:b1:3a:84:f7:52:
         c9:24:6a:e0:1f:36:4e:3c:68:fb:37:45:0c:b5:b3:2d:6f:19:
         35:ca:5f:b9:f1:1d:2f:29:a6:d4:f1:11:cb:13:81:c7:6b:77:
         2c:86:d3:fd:91:c4:93:6e:ed:c4:ba:1f:1d:20:d6:91:70:72:
         e5:a7:99:64:60:34:4d:d5:42:cb:7e:25:25:ab:f5:a9:a3:eb:
         5f:50:91:0e:9e:06:4d:11:c2:9e:7e:80:d4:3b:63:c2:54:29:
         47:49:1d:be:b1:f2:38:cc:34:b7:86:49:2f:14:1b:ed:d9:c0:
         c1:f9:8c:5f:90:2c:5b:e4:46:90:96:44:94:7c:b7:6f:10:08:
         c7:f8:05:d2:e6:0a:b7:1c:14:7a:c4:e2:f3:ec:bc:27:5d:cc:
         61:c9:81:e6:d7:8f:69:62:c3:54:64:13:50:b6:38:4e:9e:27:
         2b:2b:fc:f2:c5:52:3c:a4:cc:3f:17:bf:76:f5:37:f0:c8:40:
         cf:9e:a1:15:2a:a6:4f:6e:c4:f6:f6:e2:88:9c:f7:e1:b8:86:
         d0:23:cb:6e:5e:f6:95:fb:41:e6:eb:33:50:4c:e5:75:83:41:
         4a:33:88:b4:0e:3c:d6:d3:7a:5b:53:af:2e:17:05:58:06:92:
         a6:a7:27:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6mCfH53ivMgMirlAj8ZJvPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjNlMTYwMTcyZWNjNzVjOGNhYjFiYWUyNzFiZTNlYmY0
MDdhODAwHhcNMjYwNjA4MDcwMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWM1NDI2MTMwODU2ZGZiOWNiNjJiMGU5YzZhNTNhNzNjZGVmM2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAhoKFflzgGNpmQqd428/QWpzlPF
YT2zD7LIm3qp6/FXB5YLrfxuRGtzedKVEawtehoqa9aTKkPKoaeGE2HvwtscK8s2
MPK4nPBgAF22Ru+X/HKGX8J1BZfllV19gQp4xcNxGsEXcAEivS7f1B//6HxXvmle
aCoOgkl6cX4FwxFMCp+mcifzQlUmODAKAtz1iJmDxXnsri7Qr1rZj8Ho9ur96tVd
mHj8B3b4HUvk3IR6OquQgsY7ybmNvTI6BWeC/nrNB2/RWMRXUo5SdgditLEW5Atw
uQydOG8ByRUbAA9V8QidQI8h/NeT3oxIsIXHkdw50aiW/vGyiJNaakwX2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBHFQmEwhW37nLYrDpxqU6c83vOxMB8GA1UdIwQY
MBaAFAXz4WAXLsx1yMqxuuJxvj6/QHqAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0Nzkt
NWQ1NjA5ODljZjdiLzEvRWNWQ1lUQ0ZiZnVjdGlzT25HcFRwenplODdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9hYThiNDYtOTY0NS00NjIwLTg0NzktNWQ1NjA5ODljZjdi
LzEvQmZQaFlCY3V6SFhJeXJHNjRuRy1QcjlBZW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWaeBMA0G
CSqGSIb3DQEBCwUAA4IBAQB8H8nvwEJdvo8Gsbk6sTqE91LJJGrgHzZOPGj7N0UM
tbMtbxk1yl+58R0vKabU8RHLE4HHa3cshtP9kcSTbu3Euh8dINaRcHLlp5lkYDRN
1ULLfiUlq/Wpo+tfUJEOngZNEcKefoDUO2PCVClHSR2+sfI4zDS3hkkvFBvt2cDB
+YxfkCxb5EaQlkSUfLdvEAjH+AXS5gq3HBR6xOLz7LwnXcxhyYHm149pYsNUZBNQ
tjhOnicrK/zyxVI8pMw/F7929TfwyEDPnqEVKqZPbsT29uKInPfhuIbQI8tuXvaV
+0Hm6zNQTOV1g0FKM4i0DjzW03pbU68uFwVYBpKmpydo
-----END CERTIFICATE-----