Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/EXs9LISjCQhWAd2HiIWm-im5__w.roa
File:                     EXs9LISjCQhWAd2HiIWm-im5__w.roa (raw, json)
Hash identifier:          n4sN98ePnVDPSJNxRYiTwCAYAV7AFkIT151+9zv8WsM=
Subject key identifier:   11:7B:3D:2C:84:A3:09:08:56:01:DD:87:88:85:A6:FA:29:B9:FF:FC
Certificate issuer:       /CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
Certificate serial:       019D67342CFDD2E07E4C5E1CCE76554EF032
Authority key identifier: FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/EXs9LISjCQhWAd2HiIWm-im5__w.roa
Signing time:             Tue 07 Apr 2026 09:09:25 +0000
ROA not before:           Tue 07 Apr 2026 09:09:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        212.108.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:67:34:2c:fd:d2:e0:7e:4c:5e:1c:ce:76:55:4e:f0:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdbfbdb6e975ddca8f6dd968c37a7d5560e691d
        Validity
            Not Before: Apr  7 09:09:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=117b3d2c84a309085601dd878885a6fa29b9fffc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:44:2f:c1:e7:48:c3:bf:5c:fa:2f:2a:91:79:
                    89:88:8a:e1:59:f4:01:36:de:40:89:24:8c:df:23:
                    d6:4b:d2:76:c9:fc:ec:bc:52:8c:c8:49:4e:e0:16:
                    83:36:04:4a:14:21:c0:34:d7:05:37:9d:97:d6:93:
                    56:f5:5d:55:c6:ac:62:b1:f1:64:28:9c:54:72:e0:
                    71:ad:c3:6b:15:30:a8:e9:03:96:4f:8a:77:4e:84:
                    df:e1:31:9a:1e:21:56:05:12:19:11:4c:39:4d:45:
                    cf:5c:ab:f0:af:0d:dc:08:bb:f6:dc:53:6b:fc:cf:
                    8a:d5:00:7c:fe:71:08:e4:23:57:95:09:41:42:34:
                    c2:0c:c5:2f:7f:ad:23:68:6b:be:db:5c:da:f2:c0:
                    80:bb:af:1f:92:a3:fa:f5:7e:f1:5c:95:85:4c:3b:
                    c9:cf:c9:f9:4c:23:e4:6d:95:3e:93:51:4f:61:7b:
                    d7:41:13:84:17:05:f3:70:c2:d3:6d:98:67:0c:99:
                    2b:ae:c6:e4:9a:9b:04:54:a5:e6:a6:eb:6d:a8:c0:
                    39:bc:fc:27:2a:e1:e7:bd:50:78:76:0b:e5:a0:62:
                    c7:ce:b7:db:6e:36:37:73:03:37:6e:bd:dd:a6:84:
                    ad:a2:26:73:28:be:8e:06:1a:7e:46:0b:31:35:df:
                    51:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:7B:3D:2C:84:A3:09:08:56:01:DD:87:88:85:A6:FA:29:B9:FF:FC
            X509v3 Authority Key Identifier:
                keyid:FF:DB:FB:DB:6E:97:5D:DC:A8:F6:DD:96:8C:37:A7:D5:56:0E:69:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_9v7226XXdyo9t2WjDen1VYOaR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/EXs9LISjCQhWAd2HiIWm-im5__w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/66fff3-bfa9-4732-b4b5-19769f578efd/1/_9v7226XXdyo9t2WjDen1VYOaR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:00:dd:03:04:3b:24:ef:5f:45:be:df:a0:70:44:7e:72:26:
         f9:3d:fc:74:4b:d9:0c:05:f0:14:89:a4:ff:f2:92:67:d4:c8:
         3c:6c:53:04:f7:fc:37:a6:c0:7a:cf:c6:a8:f3:8e:7c:98:26:
         b1:6f:f1:8b:df:6f:fb:f2:f8:b1:c7:dc:ae:e0:f5:f1:98:2b:
         dd:a5:84:eb:bb:77:9d:fe:88:96:b2:ab:d6:48:69:0c:b5:54:
         6a:51:c0:e8:d4:6d:28:6b:8f:20:b0:52:56:f9:dd:ab:a2:27:
         f2:55:f1:cc:57:5f:57:85:a3:9b:ff:a8:38:a2:b2:db:f9:1d:
         ce:fd:18:c6:49:ee:39:08:c2:b0:d4:53:34:b4:58:6b:54:b0:
         b9:2d:02:b2:52:a1:a1:28:8d:ca:19:e4:7f:90:a3:bc:63:11:
         a9:e1:29:cd:b3:b5:01:f1:0a:8e:e0:23:b0:d0:57:50:20:a7:
         a3:5b:33:25:e9:64:cf:46:74:c2:ff:ba:b6:6a:b0:df:68:9a:
         04:f3:53:5f:9d:e3:6e:a8:0d:6b:6c:9f:ea:9d:97:6a:03:22:
         ab:34:4f:ae:44:df:82:bf:91:47:4e:37:5d:a2:0e:7d:95:39:
         98:ba:4f:f9:4f:59:65:8c:7f:3e:cc:c7:1a:54:d5:e4:01:c1:
         f8:df:b6:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1nNCz90uB+TF4cznZVTvAyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGJmYmRiNmU5NzVkZGNhOGY2ZGQ5NjhjMzdhN2Q1NTYw
ZTY5MWQwHhcNMjYwNDA3MDkwOTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTdiM2QyYzg0YTMwOTA4NTYwMWRkODc4ODg1YTZmYTI5YjlmZmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA30QvwedIw79c+i8qkXmJiIrhWfQB
Nt5AiSSM3yPWS9J2yfzsvFKMyElO4BaDNgRKFCHANNcFN52X1pNW9V1VxqxisfFk
KJxUcuBxrcNrFTCo6QOWT4p3ToTf4TGaHiFWBRIZEUw5TUXPXKvwrw3cCLv23FNr
/M+K1QB8/nEI5CNXlQlBQjTCDMUvf60jaGu+21za8sCAu68fkqP69X7xXJWFTDvJ
z8n5TCPkbZU+k1FPYXvXQROEFwXzcMLTbZhnDJkrrsbkmpsEVKXmputtqMA5vPwn
KuHnvVB4dgvloGLHzrfbbjY3cwM3br3dpoStoiZzKL6OBhp+RgsxNd9RFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBF7PSyEowkIVgHdh4iFpvopuf/8MB8GA1UdIwQY
MBaAFP/b+9tul13cqPbdlow3p9VWDmkdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUt
MTk3NjlmNTc4ZWZkLzEvRVhzOUxJU2pDUWhXQWQySGlJV20taW01X193LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi82NmZmZjMtYmZhOS00NzMyLWI0YjUtMTk3NjlmNTc4ZWZk
LzEvXzl2NzIyNlhYZHlvOXQyV2pEZW4xVllPYVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GxxMA0G
CSqGSIb3DQEBCwUAA4IBAQAmAN0DBDsk719Fvt+gcER+cib5Pfx0S9kMBfAUiaT/
8pJn1Mg8bFME9/w3psB6z8ao8458mCaxb/GL32/78vixx9yu4PXxmCvdpYTru3ed
/oiWsqvWSGkMtVRqUcDo1G0oa48gsFJW+d2roifyVfHMV19XhaOb/6g4orLb+R3O
/RjGSe45CMKw1FM0tFhrVLC5LQKyUqGhKI3KGeR/kKO8YxGp4SnNs7UB8QqO4COw
0FdQIKejWzMl6WTPRnTC/7q2arDfaJoE81NfneNuqA1rbJ/qnZdqAyKrNE+uRN+C
v5FHTjddog59lTmYuk/5T1lljH8+zMcaVNXkAcH437ax
-----END CERTIFICATE-----