Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/f3a79d-38cf-4905-ab5f-5bca45efde8c/1/EwSHe_xf-jqepkCFLSHCwEgr_AI.roa
File:                     EwSHe_xf-jqepkCFLSHCwEgr_AI.roa (raw, json)
Hash identifier:          RC+AV7VwTqdY5tCu6Twk85UOef4oSKz04Y5st23WBE0=
Subject key identifier:   13:04:87:7B:FC:5F:FA:3A:9E:A6:40:85:2D:21:C2:C0:48:2B:FC:02
Certificate issuer:       /CN=fa46a4f1143abe3adfc4b6835fa134e3df2cac34
Certificate serial:       019B7EA74F3A65073197E00606414F9D603E
Authority key identifier: FA:46:A4:F1:14:3A:BE:3A:DF:C4:B6:83:5F:A1:34:E3:DF:2C:AC:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-kak8RQ6vjrfxLaDX6E0498srDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/f3a79d-38cf-4905-ab5f-5bca45efde8c/1/EwSHe_xf-jqepkCFLSHCwEgr_AI.roa
Signing time:             Fri 02 Jan 2026 12:20:52 +0000
ROA not before:           Fri 02 Jan 2026 12:20:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49909
IP address blocks:        46.20.128.0/20 maxlen: 24
                          178.21.120.0/21 maxlen: 24
                          2a00:1d10::/32 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/f3a79d-38cf-4905-ab5f-5bca45efde8c/1/1-kak8RQ6vjrfxLaDX6E0498srDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/f3a79d-38cf-4905-ab5f-5bca45efde8c/1/1-kak8RQ6vjrfxLaDX6E0498srDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-kak8RQ6vjrfxLaDX6E0498srDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:4f:3a:65:07:31:97:e0:06:06:41:4f:9d:60:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa46a4f1143abe3adfc4b6835fa134e3df2cac34
        Validity
            Not Before: Jan  2 12:20:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1304877bfc5ffa3a9ea640852d21c2c0482bfc02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:67:55:8b:1c:17:5e:24:c1:6e:b0:ca:2b:34:
                    30:47:86:d2:84:b9:0b:86:7d:ee:da:e5:a1:3a:75:
                    9d:91:2a:50:3a:0d:fc:4c:f6:6d:87:58:54:51:e9:
                    bb:15:3c:83:31:ff:11:1c:0e:a2:fc:bc:fc:b3:97:
                    5c:77:f1:5f:9e:e6:ad:b9:2c:8b:d7:0b:34:e3:d4:
                    92:a5:e2:73:e4:ee:1e:70:5f:f0:f8:89:e1:d9:26:
                    1a:8f:8d:77:9c:f5:90:62:a4:11:4a:38:01:5b:54:
                    07:27:60:d4:bb:f1:85:15:45:63:00:15:73:b9:6d:
                    40:a4:59:ab:2e:37:02:73:76:77:69:34:8e:e9:6a:
                    63:23:d4:ed:3e:8c:1b:8c:8c:19:1a:1f:54:39:61:
                    12:e6:e3:da:f0:14:7a:b2:dd:6a:09:d1:1d:7f:d8:
                    56:ec:8f:35:3a:fa:41:17:1c:2c:1e:e5:f3:fc:c4:
                    e2:50:0b:6f:37:74:bb:83:db:ef:1f:16:59:ec:10:
                    af:77:4c:b3:0b:f0:60:d4:73:67:25:b5:79:df:53:
                    73:70:d0:a0:f5:24:ab:72:a1:52:44:f2:0a:2c:9d:
                    ab:34:3a:d9:87:73:2f:ec:79:06:ea:2f:c1:c4:0a:
                    12:67:53:5c:93:84:d6:db:e8:4d:42:58:d4:10:fa:
                    1b:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:04:87:7B:FC:5F:FA:3A:9E:A6:40:85:2D:21:C2:C0:48:2B:FC:02
            X509v3 Authority Key Identifier:
                keyid:FA:46:A4:F1:14:3A:BE:3A:DF:C4:B6:83:5F:A1:34:E3:DF:2C:AC:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-kak8RQ6vjrfxLaDX6E0498srDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/f3a79d-38cf-4905-ab5f-5bca45efde8c/1/EwSHe_xf-jqepkCFLSHCwEgr_AI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/f3a79d-38cf-4905-ab5f-5bca45efde8c/1/1-kak8RQ6vjrfxLaDX6E0498srDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.128.0/20
                  178.21.120.0/21
                IPv6:
                  2a00:1d10::/32

    Signature Algorithm: sha256WithRSAEncryption
         03:8d:fa:4b:00:8d:5b:3f:30:55:8a:61:7a:5a:ea:57:10:2e:
         99:b7:e6:64:e0:ce:d0:d9:03:34:44:41:9f:bc:8e:1d:8d:36:
         af:e8:34:8d:83:3c:0d:a8:50:d1:57:5c:75:63:91:ba:7c:06:
         79:8a:b2:65:c3:51:a1:f7:4d:be:af:1f:2b:23:b3:8c:37:e4:
         d9:76:6e:cc:1a:7f:db:73:08:02:e7:99:46:ad:9e:68:40:62:
         22:2c:69:c2:70:6b:d6:8b:7f:79:30:1e:e7:5c:a4:3b:1f:2b:
         33:c5:f7:cd:e2:01:77:37:f2:ba:ed:1f:ee:3e:6a:16:0e:d6:
         c8:33:be:11:fd:24:69:14:66:a5:c5:63:af:00:2c:47:22:cc:
         8d:02:f0:8e:43:f2:2d:c9:40:fd:cd:14:11:48:bf:93:ad:0d:
         61:d7:0f:6f:07:1e:d0:b2:0d:a7:0e:e1:e9:d7:12:19:42:0b:
         0f:64:28:b5:88:f4:66:1b:35:ac:df:31:77:d4:0d:17:07:fb:
         9b:cb:80:e6:77:44:2a:94:1e:3f:a9:7a:fd:af:e7:83:85:db:
         3f:99:24:1d:85:04:b1:47:cf:72:dc:1d:42:5c:e7:ea:9c:a2:
         32:e4:3c:b9:a1:1d:d9:78:e3:51:ee:ca:ce:a9:e5:e2:ef:3c:
         11:be:c5:00
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZt+p086ZQcxl+AGBkFPnWA+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhNDZhNGYxMTQzYWJlM2FkZmM0YjY4MzVmYTEzNGUzZGYy
Y2FjMzQwHhcNMjYwMTAyMTIyMDUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzA0ODc3YmZjNWZmYTNhOWVhNjQwODUyZDIxYzJjMDQ4MmJmYzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmdVixwXXiTBbrDKKzQwR4bShLkL
hn3u2uWhOnWdkSpQOg38TPZth1hUUem7FTyDMf8RHA6i/Lz8s5dcd/FfnuatuSyL
1ws049SSpeJz5O4ecF/w+Inh2SYaj413nPWQYqQRSjgBW1QHJ2DUu/GFFUVjABVz
uW1ApFmrLjcCc3Z3aTSO6WpjI9TtPowbjIwZGh9UOWES5uPa8BR6st1qCdEdf9hW
7I81OvpBFxwsHuXz/MTiUAtvN3S7g9vvHxZZ7BCvd0yzC/Bg1HNnJbV531NzcNCg
9SSrcqFSRPIKLJ2rNDrZh3Mv7HkG6i/BxAoSZ1Nck4TW2+hNQljUEPobWQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFBMEh3v8X/o6nqZAhS0hwsBIK/wCMB8GA1UdIwQY
MBaAFPpGpPEUOr4638S2g1+hNOPfLKw0MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1rYWs4UlE2dmpyZnhMYURYNkUwNDk4c3JEUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGMvZjNhNzlkLTM4Y2YtNDkwNS1hYjVm
LTViY2E0NWVmZGU4Yy8xL0V3U0hlX3hmLWpxZXBrQ0ZMU0hDd0Vncl9BSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZGMvZjNhNzlkLTM4Y2YtNDkwNS1hYjVmLTViY2E0NWVmZGU4
Yy8xLzEta2FrOFJRNnZqcmZ4TGFEWDZFMDQ5OHNyRFEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNAYIKwYBBQUHAQcBAf8EJTAjMBIEAgABMAwDBAQuFIAD
BAOyFXgwDQQCAAIwBwMFACoAHRAwDQYJKoZIhvcNAQELBQADggEBAAON+ksAjVs/
MFWKYXpa6lcQLpm35mTgztDZAzREQZ+8jh2NNq/oNI2DPA2oUNFXXHVjkbp8BnmK
smXDUaH3Tb6vHysjs4w35Nl2bswaf9tzCALnmUatnmhAYiIsacJwa9aLf3kwHudc
pDsfKzPF983iAXc38rrtH+4+ahYO1sgzvhH9JGkUZqXFY68ALEcizI0C8I5D8i3J
QP3NFBFIv5OtDWHXD28HHtCyDacO4enXEhlCCw9kKLWI9GYbNazfMXfUDRcH+5vL
gOZ3RCqUHj+pev2v54OF2z+ZJB2FBLFHz3LcHUJc5+qcojLkPLmhHdl441Huys6p
5eLvPBG+xQA=
-----END CERTIFICATE-----