Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/00898a-e7c0-4836-a96b-92b2ea319bc1/1/7vVeQuE1pXfb85TPk9RxkOqhUsQ.roa
File:                     7vVeQuE1pXfb85TPk9RxkOqhUsQ.roa (raw, json)
Hash identifier:          Zidvg6m8T57hltHN7w1iLL7TnfvL//CVYkIzvMWOn9A=
Subject key identifier:   EE:F5:5E:42:E1:35:A5:77:DB:F3:94:CF:93:D4:71:90:EA:A1:52:C4
Certificate issuer:       /CN=af0b1da79ef7fc1ef95962dc8a01f2b8d4b352bf
Certificate serial:       019B7CED4BE3D0AFAAF5569EBAFA48B071E2
Authority key identifier: AF:0B:1D:A7:9E:F7:FC:1E:F9:59:62:DC:8A:01:F2:B8:D4:B3:52:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rwsdp573_B75WWLcigHyuNSzUr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/00898a-e7c0-4836-a96b-92b2ea319bc1/1/7vVeQuE1pXfb85TPk9RxkOqhUsQ.roa
Signing time:             Fri 02 Jan 2026 04:18:04 +0000
ROA not before:           Fri 02 Jan 2026 04:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200748
IP address blocks:        185.154.32.0/22 maxlen: 22
                          185.241.180.0/22 maxlen: 22
                          2a0c:a780::/31 maxlen: 31
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/00898a-e7c0-4836-a96b-92b2ea319bc1/1/rwsdp573_B75WWLcigHyuNSzUr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/00898a-e7c0-4836-a96b-92b2ea319bc1/1/rwsdp573_B75WWLcigHyuNSzUr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rwsdp573_B75WWLcigHyuNSzUr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:4b:e3:d0:af:aa:f5:56:9e:ba:fa:48:b0:71:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af0b1da79ef7fc1ef95962dc8a01f2b8d4b352bf
        Validity
            Not Before: Jan  2 04:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eef55e42e135a577dbf394cf93d47190eaa152c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:99:d1:3b:db:9b:92:f5:ad:72:6f:4a:6a:aa:
                    86:d1:71:62:30:95:08:c9:0d:d8:4b:c2:9a:ce:29:
                    e0:66:11:aa:f0:0c:46:ba:4e:ec:eb:6b:b5:71:74:
                    49:a7:3d:4d:06:18:8d:3b:18:84:07:07:a8:87:59:
                    7f:e2:4f:2d:df:cc:b1:1d:72:14:04:e6:42:2c:cf:
                    2e:5e:4e:48:38:8d:29:ed:70:23:46:04:d0:4a:07:
                    ca:e0:e1:83:e4:1a:17:f4:6e:ce:71:af:a5:e7:03:
                    1d:3b:d6:a5:ed:7d:c3:22:fb:58:1a:a8:58:89:3f:
                    a6:83:3d:1d:cb:41:99:cb:c3:71:67:b6:91:3c:f4:
                    02:6f:2f:ac:0f:d0:a3:47:12:8e:67:4a:db:3e:5e:
                    47:4e:8a:ec:03:06:cd:2c:60:3c:aa:e9:ca:9a:43:
                    54:40:9e:44:d1:10:5c:b2:3c:b2:f7:6b:77:40:02:
                    9c:c9:c6:bd:f9:39:82:8a:90:ee:a4:9c:18:98:9a:
                    c9:cc:06:f2:78:4b:d7:79:48:f1:ce:b6:31:3d:ea:
                    69:7b:4c:41:5c:be:40:be:b4:d5:3c:3d:b9:b8:c7:
                    30:ee:62:21:05:cc:e3:da:30:29:26:d8:9f:f0:49:
                    f8:02:77:89:61:1c:3b:82:82:89:ae:c7:90:1f:a7:
                    28:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:F5:5E:42:E1:35:A5:77:DB:F3:94:CF:93:D4:71:90:EA:A1:52:C4
            X509v3 Authority Key Identifier:
                keyid:AF:0B:1D:A7:9E:F7:FC:1E:F9:59:62:DC:8A:01:F2:B8:D4:B3:52:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rwsdp573_B75WWLcigHyuNSzUr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/00898a-e7c0-4836-a96b-92b2ea319bc1/1/7vVeQuE1pXfb85TPk9RxkOqhUsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/00898a-e7c0-4836-a96b-92b2ea319bc1/1/rwsdp573_B75WWLcigHyuNSzUr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.32.0/22
                  185.241.180.0/22
                IPv6:
                  2a0c:a780::/31

    Signature Algorithm: sha256WithRSAEncryption
         37:55:0f:da:b6:18:79:64:b2:45:26:32:38:84:1c:c1:68:c4:
         06:b8:5d:32:de:57:b1:81:60:14:62:ef:9b:d6:28:73:cb:ca:
         91:e9:cb:36:db:25:a2:c1:9f:a0:a5:7e:d2:6c:87:db:fd:ff:
         3b:0c:de:45:c9:f1:be:49:0a:e2:1e:88:fc:b6:4c:3c:b4:8f:
         e5:47:fb:35:7b:e5:db:3a:7f:4c:e2:1a:f3:74:e6:f4:f7:f8:
         2e:aa:f3:c8:ea:a2:29:17:73:ef:c3:32:1d:42:42:84:5f:63:
         9f:63:6b:ac:a2:21:fb:77:bd:60:32:33:2b:a9:29:ef:53:e0:
         83:c5:b1:75:cb:5a:f9:91:4c:7d:c2:36:83:4d:d4:5e:76:b1:
         5b:26:cc:8c:ec:b4:e3:a0:67:b0:92:40:6b:38:a6:a0:32:1d:
         c6:c2:47:82:36:87:29:ad:4d:14:f0:fb:33:dd:b8:45:86:d9:
         30:a1:58:38:4d:b5:c1:5e:a4:4d:07:3e:3d:53:5c:b0:17:d2:
         ed:e0:9b:87:82:8d:e0:94:42:97:0f:73:98:e7:25:3e:f3:48:
         59:46:00:b3:36:38:9b:a8:63:37:48:46:54:90:9d:76:38:b0:
         0f:d5:0e:15:cd:be:6d:aa:5e:00:47:3d:a6:84:8a:57:43:3a:
         72:60:00:a9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt87Uvj0K+q9VaeuvpIsHHiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMGIxZGE3OWVmN2ZjMWVmOTU5NjJkYzhhMDFmMmI4ZDRi
MzUyYmYwHhcNMjYwMTAyMDQxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWY1NWU0MmUxMzVhNTc3ZGJmMzk0Y2Y5M2Q0NzE5MGVhYTE1MmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ZnRO9ubkvWtcm9KaqqG0XFiMJUI
yQ3YS8KazingZhGq8AxGuk7s62u1cXRJpz1NBhiNOxiEBweoh1l/4k8t38yxHXIU
BOZCLM8uXk5IOI0p7XAjRgTQSgfK4OGD5BoX9G7Oca+l5wMdO9al7X3DIvtYGqhY
iT+mgz0dy0GZy8NxZ7aRPPQCby+sD9CjRxKOZ0rbPl5HTorsAwbNLGA8qunKmkNU
QJ5E0RBcsjyy92t3QAKcyca9+TmCipDupJwYmJrJzAbyeEvXeUjxzrYxPeppe0xB
XL5AvrTVPD25uMcw7mIhBczj2jApJtif8En4AneJYRw7goKJrseQH6coLQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFO71XkLhNaV32/OUz5PUcZDqoVLEMB8GA1UdIwQY
MBaAFK8LHaee9/we+Vli3IoB8rjUs1K/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcndzZHA1NzNfQjc1V1dMY2lnSHl1TlN6VXI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8wMDg5OGEtZTdjMC00ODM2LWE5NmIt
OTJiMmVhMzE5YmMxLzEvN3ZWZVF1RTFwWGZiODVUUGs5UnhrT3FoVXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8wMDg5OGEtZTdjMC00ODM2LWE5NmItOTJiMmVhMzE5YmMx
LzEvcndzZHA1NzNfQjc1V1dMY2lnSHl1TlN6VXI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuZogAwQC
ufG0MA0EAgACMAcDBQEqDKeAMA0GCSqGSIb3DQEBCwUAA4IBAQA3VQ/athh5ZLJF
JjI4hBzBaMQGuF0y3lexgWAUYu+b1ihzy8qR6cs22yWiwZ+gpX7SbIfb/f87DN5F
yfG+SQriHoj8tkw8tI/lR/s1e+XbOn9M4hrzdOb09/guqvPI6qIpF3PvwzIdQkKE
X2OfY2usoiH7d71gMjMrqSnvU+CDxbF1y1r5kUx9wjaDTdRedrFbJsyM7LTjoGew
kkBrOKagMh3GwkeCNocprU0U8Psz3bhFhtkwoVg4TbXBXqRNBz49U1ywF9Lt4JuH
go3glEKXD3OY5yU+80hZRgCzNjibqGM3SEZUkJ12OLAP1Q4Vzb5tql4ARz2mhIpX
QzpyYACp
-----END CERTIFICATE-----