Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/EghvgCHJQuTPc20r7aSv5P3CreY.roa
File:                     EghvgCHJQuTPc20r7aSv5P3CreY.roa (raw, json)
Hash identifier:          sZaCSonQ4EAjwq+Eh7zPEdiBYoRHJ4dSTojJJATtSeM=
Subject key identifier:   12:08:6F:80:21:C9:42:E4:CF:73:6D:2B:ED:A4:AF:E4:FD:C2:AD:E6
Certificate issuer:       /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial:       019CA8CF58E53981F874A5BB5B458E00E1F6
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/EghvgCHJQuTPc20r7aSv5P3CreY.roa
Signing time:             Sun 01 Mar 2026 09:51:26 +0000
ROA not before:           Sun 01 Mar 2026 09:51:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        5.102.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a8:cf:58:e5:39:81:f8:74:a5:bb:5b:45:8e:00:e1:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
        Validity
            Not Before: Mar  1 09:51:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=12086f8021c942e4cf736d2beda4afe4fdc2ade6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7e:81:29:dd:4f:c8:27:a8:a2:f2:c0:b0:10:
                    27:90:6e:b6:c2:17:43:e3:f2:5c:f7:76:8b:35:52:
                    d5:4b:48:fe:d5:00:8a:cc:46:8c:fd:71:8d:21:95:
                    fb:6b:bd:28:aa:e9:42:f1:ed:80:79:2d:e3:df:40:
                    61:dc:3f:0b:2e:9b:e0:db:6d:ed:4c:f3:47:71:ea:
                    6b:6a:dd:fc:c6:ef:0c:eb:b1:85:90:de:27:44:01:
                    95:80:1f:27:be:ca:a9:17:fc:c7:df:49:fc:55:6b:
                    1f:30:d6:cb:27:c7:30:9b:1e:1f:a7:d4:e9:76:24:
                    94:30:a7:3a:4d:6b:69:91:81:23:5b:0e:5f:85:6c:
                    af:80:8b:fd:61:5f:56:d5:3b:c4:dc:76:5c:5a:5c:
                    5a:e0:8b:9f:db:2e:6d:59:71:79:3b:86:dd:f4:fe:
                    a2:67:c7:be:a5:34:b4:47:89:3c:c0:aa:12:fd:ab:
                    70:fe:24:bb:1a:50:1f:85:37:d2:e1:0d:57:a1:b9:
                    bb:db:d1:ec:c3:0f:0a:0e:46:4e:2b:83:48:c6:7d:
                    a8:f2:52:ed:9e:35:75:c8:65:d6:2c:6d:8f:0c:b2:
                    91:e2:62:db:4a:ff:87:2f:50:a4:55:ce:ca:23:7a:
                    cd:76:2c:9c:21:0b:45:dc:89:2e:60:43:dc:11:be:
                    81:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:08:6F:80:21:C9:42:E4:CF:73:6D:2B:ED:A4:AF:E4:FD:C2:AD:E6
            X509v3 Authority Key Identifier:
                keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/EghvgCHJQuTPc20r7aSv5P3CreY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:47:39:01:0c:c9:4b:1c:17:0f:84:18:93:fb:33:79:3e:b4:
         7f:a8:54:07:74:5e:94:10:24:85:6d:4e:73:f5:11:6f:45:28:
         01:a1:a4:8b:d1:15:22:cd:16:75:09:46:f2:7f:31:33:0e:60:
         a2:cb:d2:a3:f6:f4:aa:e1:ca:50:94:24:21:ba:fa:a8:e6:25:
         65:8f:36:79:fa:95:9c:40:43:6c:09:b0:42:52:16:34:4b:28:
         50:0b:fa:b5:e6:62:e8:cf:8f:fe:d6:eb:b9:2b:3d:dd:aa:75:
         a0:49:5d:b9:08:38:97:22:52:d3:9c:d0:06:28:d0:df:c9:80:
         e3:60:75:d7:40:6a:c7:8a:5e:26:1b:a6:bd:ec:92:61:90:96:
         dd:68:ea:cf:5a:b8:c1:4c:e6:5c:e7:db:db:4e:d1:38:22:e3:
         69:19:77:d8:3f:0d:ca:4d:25:1e:1c:87:d6:83:3f:24:9c:bf:
         a4:57:21:c7:a6:b5:70:16:05:fd:3e:08:70:e2:35:e1:17:c7:
         61:5f:5a:2a:0f:16:f9:f4:88:fb:48:f1:37:e3:07:54:b8:c2:
         1c:05:62:59:e9:a8:80:37:8c:5f:32:6c:67:b9:9e:e8:96:b6:
         a6:1c:94:a1:8d:08:84:3e:a8:6b:96:ec:41:5c:89:e9:e5:22:
         db:96:d2:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyoz1jlOYH4dKW7W0WOAOH2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjYwMzAxMDk1MTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjA4NmY4MDIxYzk0MmU0Y2Y3MzZkMmJlZGE0YWZlNGZkYzJhZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyH6BKd1PyCeoovLAsBAnkG62whdD
4/Jc93aLNVLVS0j+1QCKzEaM/XGNIZX7a70oqulC8e2AeS3j30Bh3D8LLpvg223t
TPNHceprat38xu8M67GFkN4nRAGVgB8nvsqpF/zH30n8VWsfMNbLJ8cwmx4fp9Tp
diSUMKc6TWtpkYEjWw5fhWyvgIv9YV9W1TvE3HZcWlxa4Iuf2y5tWXF5O4bd9P6i
Z8e+pTS0R4k8wKoS/atw/iS7GlAfhTfS4Q1Xobm729Hsww8KDkZOK4NIxn2o8lLt
njV1yGXWLG2PDLKR4mLbSv+HL1CkVc7KI3rNdiycIQtF3IkuYEPcEb6BfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBIIb4AhyULkz3NtK+2kr+T9wq3mMB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEvRWdodmdDSEpRdVRQYzIwcjdhU3Y1UDNDcmVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWYnMA0G
CSqGSIb3DQEBCwUAA4IBAQBcRzkBDMlLHBcPhBiT+zN5PrR/qFQHdF6UECSFbU5z
9RFvRSgBoaSL0RUizRZ1CUbyfzEzDmCiy9Kj9vSq4cpQlCQhuvqo5iVljzZ5+pWc
QENsCbBCUhY0SyhQC/q15mLoz4/+1uu5Kz3dqnWgSV25CDiXIlLTnNAGKNDfyYDj
YHXXQGrHil4mG6a97JJhkJbdaOrPWrjBTOZc59vbTtE4IuNpGXfYPw3KTSUeHIfW
gz8knL+kVyHHprVwFgX9Pghw4jXhF8dhX1oqDxb59Ij7SPE34wdUuMIcBWJZ6aiA
N4xfMmxnuZ7olramHJShjQiEPqhrluxBXInp5SLbltIe
-----END CERTIFICATE-----