Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/92mY21MrtQk_D4N_awcDx79iGeU.roa
File:                     92mY21MrtQk_D4N_awcDx79iGeU.roa (raw, json)
Hash identifier:          Dd6VN8ikrWj6x1xD0LEMvBdvbOwwW45pSkS9RH7fhqM=
Subject key identifier:   F7:69:98:DB:53:2B:B5:09:3F:0F:83:7F:6B:07:03:C7:BF:62:19:E5
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019EAAD11DB24441B1382749C35908413A0A
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/92mY21MrtQk_D4N_awcDx79iGeU.roa
Signing time:             Tue 09 Jun 2026 05:18:11 +0000
ROA not before:           Tue 09 Jun 2026 05:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33355
IP address blocks:        200.102.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:aa:d1:1d:b2:44:41:b1:38:27:49:c3:59:08:41:3a:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jun  9 05:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f76998db532bb5093f0f837f6b0703c7bf6219e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:31:70:95:52:64:9f:62:b5:f5:1c:da:1c:5f:
                    e5:1d:49:7f:db:06:bd:dc:dd:62:40:fb:9b:5f:b4:
                    9d:3c:36:36:e8:bd:38:67:e7:5c:ce:53:98:2b:7e:
                    11:a9:44:24:fb:c0:c5:82:50:c1:31:b1:06:23:55:
                    79:5f:1a:78:77:11:19:98:95:66:6b:20:ae:92:19:
                    65:09:ea:2a:5d:7e:c3:4b:20:47:3b:35:d4:bc:b4:
                    26:f5:04:71:81:bd:58:f2:a2:26:a0:91:22:63:65:
                    7f:fd:81:91:92:b5:b7:9d:bd:82:05:07:ee:86:08:
                    19:85:dc:95:27:46:0f:3e:72:e3:55:20:cb:8c:d6:
                    63:16:17:6d:c0:8d:3a:f5:04:75:23:1c:bb:c1:b3:
                    ab:21:af:8c:53:44:6d:87:ca:6f:8e:00:a9:8f:14:
                    9a:05:7a:b8:6e:00:8f:48:29:05:c1:ff:c3:44:6a:
                    2d:d1:d3:ef:8d:cd:0a:cb:22:0c:48:c0:35:00:9e:
                    93:96:b0:00:57:b9:80:b9:fd:e4:33:83:74:13:bc:
                    3a:75:16:c5:b7:5d:99:2a:bb:86:5f:e3:04:10:3b:
                    78:44:d5:af:07:51:64:27:09:30:dc:ea:74:a6:98:
                    9a:8b:07:0c:ba:67:24:20:f2:a8:8f:57:25:43:f6:
                    a2:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:69:98:DB:53:2B:B5:09:3F:0F:83:7F:6B:07:03:C7:BF:62:19:E5
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/92mY21MrtQk_D4N_awcDx79iGeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.102.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         df:17:28:4f:39:39:a4:22:6e:9c:f1:6c:f1:5e:69:68:6e:62:
         4f:fc:80:da:d4:5a:8a:93:e1:e9:dd:69:51:95:7f:4f:59:0b:
         8f:32:7d:d3:54:fc:df:9b:77:9a:fb:a5:5c:8d:04:a7:b4:a0:
         3a:6e:29:f3:41:c8:6c:73:c8:e5:6e:60:5d:8e:cd:01:07:8c:
         36:79:47:04:1c:59:6a:c2:ea:d3:69:89:cb:2e:59:9d:0b:9b:
         a1:76:fe:dd:9a:a8:dd:c2:f2:47:82:56:93:63:b6:e1:fe:d0:
         61:83:06:c6:18:44:66:4b:60:52:ed:d7:7b:74:8b:9f:02:4d:
         ad:f1:18:cd:4d:d8:3b:f1:d6:02:4a:0e:fe:c3:d8:f3:d5:cd:
         f6:ad:24:f7:4d:a8:ac:9c:fd:54:20:76:bc:62:9f:32:65:56:
         f2:d7:ee:1e:3f:0f:c6:27:86:59:e7:d1:56:aa:ac:25:31:02:
         83:06:62:e6:16:f8:6b:85:14:36:82:bf:ab:ca:08:14:cf:98:
         37:15:fe:f9:c8:9f:16:2a:0d:64:3e:bc:c9:36:34:af:d8:67:
         d6:f9:d4:46:65:98:ad:d1:36:39:47:a4:9f:60:02:4e:38:9e:
         95:ff:13:75:e9:ba:50:1b:ac:a7:d8:99:1b:90:b1:70:69:ec:
         8d:b1:97:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6q0R2yREGxOCdJw1kIQToKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNjA5MDUxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzY5OThkYjUzMmJiNTA5M2YwZjgzN2Y2YjA3MDNjN2JmNjIxOWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTFwlVJkn2K19RzaHF/lHUl/2wa9
3N1iQPubX7SdPDY26L04Z+dczlOYK34RqUQk+8DFglDBMbEGI1V5Xxp4dxEZmJVm
ayCukhllCeoqXX7DSyBHOzXUvLQm9QRxgb1Y8qImoJEiY2V//YGRkrW3nb2CBQfu
hggZhdyVJ0YPPnLjVSDLjNZjFhdtwI069QR1Ixy7wbOrIa+MU0Rth8pvjgCpjxSa
BXq4bgCPSCkFwf/DRGot0dPvjc0KyyIMSMA1AJ6TlrAAV7mAuf3kM4N0E7w6dRbF
t12ZKruGX+MEEDt4RNWvB1FkJwkw3Op0ppiaiwcMumckIPKoj1clQ/aiEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPdpmNtTK7UJPw+Df2sHA8e/YhnlMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvOTJtWTIxTXJ0UWtfRDROX2F3Y0R4NzlpR2VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyGZbMA0G
CSqGSIb3DQEBCwUAA4IBAQDfFyhPOTmkIm6c8WzxXmlobmJP/IDa1FqKk+Hp3WlR
lX9PWQuPMn3TVPzfm3ea+6VcjQSntKA6binzQchsc8jlbmBdjs0BB4w2eUcEHFlq
wurTaYnLLlmdC5uhdv7dmqjdwvJHglaTY7bh/tBhgwbGGERmS2BS7dd7dIufAk2t
8RjNTdg78dYCSg7+w9jz1c32rST3TaisnP1UIHa8Yp8yZVby1+4ePw/GJ4ZZ59FW
qqwlMQKDBmLmFvhrhRQ2gr+ryggUz5g3Ff75yJ8WKg1kPrzJNjSv2GfW+dRGZZit
0TY5R6SfYAJOOJ6V/xN16bpQG6yn2JkbkLFwaeyNsZdT
-----END CERTIFICATE-----