Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/JgibB7R9pRT-QNVfYjt5f6yiUuw.roa
File:                     JgibB7R9pRT-QNVfYjt5f6yiUuw.roa (raw, json)
Hash identifier:          5T/TEAIwMk/FpN7+UNA35DWo4K/gNwXNQrsNeY0274o=
Subject key identifier:   26:08:9B:07:B4:7D:A5:14:FE:40:D5:5F:62:3B:79:7F:AC:A2:52:EC
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019EAAD2F2C65020D8FCFECF6B18CF4F5885
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/JgibB7R9pRT-QNVfYjt5f6yiUuw.roa
Signing time:             Tue 09 Jun 2026 05:20:11 +0000
ROA not before:           Tue 09 Jun 2026 05:20:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209888
IP address blocks:        191.217.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:aa:d2:f2:c6:50:20:d8:fc:fe:cf:6b:18:cf:4f:58:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jun  9 05:20:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=26089b07b47da514fe40d55f623b797faca252ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:41:20:68:56:fa:8d:fc:b8:99:b9:7b:92:2e:
                    35:c7:bb:a4:bb:4a:dc:d9:e6:9f:1a:a1:84:90:57:
                    8f:17:be:37:7c:25:43:e7:73:ac:79:a9:65:da:d7:
                    16:53:a2:58:60:69:5b:0c:12:d3:f9:90:3c:2c:60:
                    00:a0:68:3a:9c:ab:0b:73:82:b5:b5:84:98:f0:b0:
                    76:a7:6b:28:90:4e:ab:fc:8d:78:91:d1:74:04:69:
                    1c:e0:58:b8:a0:76:df:a5:e5:bf:f8:5f:bd:05:32:
                    20:9e:12:6f:0c:6b:d6:7f:80:91:d0:d7:2e:00:54:
                    fc:7c:52:4e:05:12:9c:bb:df:cc:84:fa:9e:c3:71:
                    c9:2d:4a:f4:19:63:93:d7:5f:ab:4d:49:94:55:79:
                    99:7f:8e:d4:39:b2:50:6e:60:62:f9:1f:50:13:7b:
                    fe:4d:26:55:c6:9e:e9:e0:ea:52:08:46:2e:d3:03:
                    64:64:56:c9:3a:6e:37:38:5d:d5:6f:2f:80:5d:19:
                    ef:2c:66:ec:1a:94:db:6b:b1:c5:f9:49:41:1a:fc:
                    90:e3:d3:56:e9:a9:74:0b:1c:6e:aa:1b:db:00:b5:
                    6d:4d:15:1a:76:3e:ae:67:13:45:5b:af:02:8d:71:
                    11:48:f2:cc:09:d9:c6:d0:a9:95:77:41:83:f3:09:
                    2c:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:08:9B:07:B4:7D:A5:14:FE:40:D5:5F:62:3B:79:7F:AC:A2:52:EC
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/JgibB7R9pRT-QNVfYjt5f6yiUuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.217.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:82:55:33:1d:01:5b:27:8f:48:a7:b2:04:63:4d:69:67:7a:
         e7:17:5e:dd:72:60:7e:c1:ee:36:ae:ce:95:0f:77:27:b0:81:
         9b:82:79:c3:49:9f:26:44:83:b6:97:00:9b:e9:58:c8:78:74:
         d7:22:77:b4:bb:7e:73:37:a5:8f:2a:0d:9f:08:d9:3b:60:70:
         d3:a3:4e:3d:b7:48:c3:15:fa:93:86:d7:e5:76:04:72:4a:a6:
         77:57:c7:b8:97:e3:a0:53:09:1d:07:0f:27:51:33:ce:d1:f7:
         08:36:a7:d3:47:45:41:87:ce:92:a9:d4:ec:91:5c:1e:fc:f0:
         e6:fc:df:4c:c4:42:6a:d0:a4:71:5f:07:b8:a1:e7:41:c8:59:
         28:6b:74:fb:a6:26:53:77:3c:f7:19:c5:2b:45:d0:eb:9c:ed:
         e5:80:7c:76:35:3f:6b:09:61:b7:0f:59:f4:78:c6:ba:66:53:
         2f:71:f1:e8:7a:6a:6a:d4:4e:b5:89:28:b1:df:17:c5:87:a7:
         41:2f:55:9e:6d:04:bb:5f:63:af:eb:8e:c3:9b:07:22:34:06:
         47:d9:a8:96:ae:e2:23:4d:b4:59:19:af:79:f7:3c:f8:86:28:
         2f:ad:b5:32:a9:98:95:47:94:42:c2:94:9c:bb:2f:a8:84:a8:
         30:08:aa:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6q0vLGUCDY/P7PaxjPT1iFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNjA5MDUyMDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjA4OWIwN2I0N2RhNTE0ZmU0MGQ1NWY2MjNiNzk3ZmFjYTI1MmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUEgaFb6jfy4mbl7ki41x7uku0rc
2eafGqGEkFePF743fCVD53Oseall2tcWU6JYYGlbDBLT+ZA8LGAAoGg6nKsLc4K1
tYSY8LB2p2sokE6r/I14kdF0BGkc4Fi4oHbfpeW/+F+9BTIgnhJvDGvWf4CR0Ncu
AFT8fFJOBRKcu9/MhPqew3HJLUr0GWOT11+rTUmUVXmZf47UObJQbmBi+R9QE3v+
TSZVxp7p4OpSCEYu0wNkZFbJOm43OF3Vby+AXRnvLGbsGpTba7HF+UlBGvyQ49NW
6al0CxxuqhvbALVtTRUadj6uZxNFW68CjXERSPLMCdnG0KmVd0GD8wkswwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCYImwe0faUU/kDVX2I7eX+solLsMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvSmdpYkI3UjlwUlQtUU5WZllqdDVmNnlpVXV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv9mgMA0G
CSqGSIb3DQEBCwUAA4IBAQBwglUzHQFbJ49Ip7IEY01pZ3rnF17dcmB+we42rs6V
D3cnsIGbgnnDSZ8mRIO2lwCb6VjIeHTXIne0u35zN6WPKg2fCNk7YHDTo049t0jD
FfqThtfldgRySqZ3V8e4l+OgUwkdBw8nUTPO0fcINqfTR0VBh86SqdTskVwe/PDm
/N9MxEJq0KRxXwe4oedByFkoa3T7piZTdzz3GcUrRdDrnO3lgHx2NT9rCWG3D1n0
eMa6ZlMvcfHoempq1E61iSix3xfFh6dBL1WebQS7X2Ov647DmwciNAZH2aiWruIj
TbRZGa959zz4higvrbUyqZiVR5RCwpScuy+ohKgwCKrT
-----END CERTIFICATE-----