Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/_E05Fmig-GE-1hxvBuE3uaK4pd8.roa
File:                     _E05Fmig-GE-1hxvBuE3uaK4pd8.roa (raw, json)
Hash identifier:          m80GX81ZImJ6S3koFVTzOm1dtm5L9Oo/6nIrOYHn8W0=
Subject key identifier:   FC:4D:39:16:68:A0:F8:61:3E:D6:1C:6F:06:E1:37:B9:A2:B8:A5:DF
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019EAD1EB869B1CC16183882ABC0186FDB28
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/_E05Fmig-GE-1hxvBuE3uaK4pd8.roa
Signing time:             Tue 09 Jun 2026 16:02:12 +0000
ROA not before:           Tue 09 Jun 2026 16:02:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197210
IP address blocks:        191.222.243.0/24 maxlen: 24
                          201.24.192.0/24 maxlen: 24
                          201.24.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ad:1e:b8:69:b1:cc:16:18:38:82:ab:c0:18:6f:db:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jun  9 16:02:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fc4d391668a0f8613ed61c6f06e137b9a2b8a5df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:93:2c:3a:ca:c8:f5:9a:78:03:bc:58:cf:be:
                    81:61:78:c6:3c:c5:fc:18:d1:25:8d:db:e4:2f:39:
                    22:0a:f7:21:20:cb:cb:9b:db:16:17:ce:e3:66:bf:
                    ca:bf:3a:5b:d6:0a:ea:c8:95:93:68:86:e5:16:c3:
                    a7:0a:6e:cf:71:89:64:0b:4c:81:ec:a4:b4:90:87:
                    fa:54:4d:03:f7:38:ec:7a:96:e7:ab:34:b3:68:5c:
                    12:3d:a6:e0:8c:10:a8:07:f9:e2:cb:38:f0:a2:58:
                    83:2b:2d:b2:11:11:16:57:73:3b:af:a1:11:fb:ff:
                    44:49:e6:76:c1:8b:f1:da:80:58:ce:5b:42:05:f6:
                    11:04:bf:df:0d:f9:7a:d5:ac:d3:41:10:74:e8:dc:
                    64:16:c1:b4:56:8b:00:07:bd:ba:cd:bb:0e:96:31:
                    13:c3:d9:a8:72:f0:88:0b:d4:b0:f9:75:8d:a6:64:
                    8f:c6:de:95:6b:7e:8a:c4:00:4d:41:95:f2:0b:9b:
                    91:95:d3:34:08:c2:36:c2:18:dd:80:1a:52:33:d7:
                    1b:b3:11:3b:dd:e7:b5:f7:f1:e8:04:db:df:21:c0:
                    91:97:eb:57:25:e2:79:38:e5:a1:de:21:d8:24:5b:
                    97:b4:6e:c7:38:78:15:b1:d7:b6:25:aa:b6:90:f0:
                    5e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:4D:39:16:68:A0:F8:61:3E:D6:1C:6F:06:E1:37:B9:A2:B8:A5:DF
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/_E05Fmig-GE-1hxvBuE3uaK4pd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.222.243.0/24
                  201.24.192.0/24
                  201.24.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:79:70:7d:34:0a:59:5f:4d:e7:31:8b:c8:7e:c4:1f:61:af:
         44:68:d3:0d:fb:4c:fd:ac:10:51:d8:7d:eb:9e:f4:3e:35:0e:
         80:a7:e6:a3:b8:02:a1:70:8a:29:20:40:bf:db:99:2f:5e:33:
         0b:b0:84:8b:3b:d7:b0:20:fa:4a:41:00:a6:75:23:92:52:01:
         47:05:3b:e0:c7:2c:e4:b7:c8:4c:c0:0e:38:5d:ab:15:6c:96:
         08:67:c0:06:8f:8d:ec:77:42:e8:1b:cf:0a:b7:58:85:4e:38:
         f7:b6:f5:db:39:9a:0e:02:40:81:f1:b3:5e:72:5b:54:10:e1:
         25:89:dd:51:e1:70:a7:4a:fb:34:b5:97:73:bc:8a:91:ea:78:
         10:0a:0c:00:03:68:bb:73:e3:2b:6b:f4:46:d2:1a:57:e1:ef:
         45:b4:2d:75:0b:2b:81:b6:f4:be:f6:36:31:29:a1:7c:f8:38:
         b2:7c:c5:b3:46:fb:f0:47:9b:ee:af:80:3a:e4:79:42:aa:42:
         84:d3:14:c4:b6:ce:9e:7e:ef:5d:bb:fc:38:cd:ab:6f:21:0d:
         99:d2:92:23:c5:64:81:ec:9e:91:ca:2b:d3:0c:bb:1b:3b:33:
         06:09:ad:e5:4d:dc:bb:2b:ff:be:d0:ec:02:06:de:83:2e:a6:
         1d:5f:e0:e7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6tHrhpscwWGDiCq8AYb9soMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNjA5MTYwMjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzRkMzkxNjY4YTBmODYxM2VkNjFjNmYwNmUxMzdiOWEyYjhhNWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZMsOsrI9Zp4A7xYz76BYXjGPMX8
GNEljdvkLzkiCvchIMvLm9sWF87jZr/Kvzpb1grqyJWTaIblFsOnCm7PcYlkC0yB
7KS0kIf6VE0D9zjsepbnqzSzaFwSPabgjBCoB/niyzjwoliDKy2yEREWV3M7r6ER
+/9ESeZ2wYvx2oBYzltCBfYRBL/fDfl61azTQRB06NxkFsG0VosAB726zbsOljET
w9mocvCIC9Sw+XWNpmSPxt6Va36KxABNQZXyC5uRldM0CMI2whjdgBpSM9cbsxE7
3ee19/HoBNvfIcCRl+tXJeJ5OOWh3iHYJFuXtG7HOHgVsde2Jaq2kPBemwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPxNORZooPhhPtYcbwbhN7miuKXfMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvX0UwNUZtaWctR0UtMWh4dkJ1RTN1YUs0cGQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAv97zAwQA
yRjAAwQAyRjHMA0GCSqGSIb3DQEBCwUAA4IBAQDTeXB9NApZX03nMYvIfsQfYa9E
aNMN+0z9rBBR2H3rnvQ+NQ6Ap+ajuAKhcIopIEC/25kvXjMLsISLO9ewIPpKQQCm
dSOSUgFHBTvgxyzkt8hMwA44XasVbJYIZ8AGj43sd0LoG88Kt1iFTjj3tvXbOZoO
AkCB8bNecltUEOElid1R4XCnSvs0tZdzvIqR6ngQCgwAA2i7c+Mra/RG0hpX4e9F
tC11CyuBtvS+9jYxKaF8+DiyfMWzRvvwR5vur4A65HlCqkKE0xTEts6efu9du/w4
zatvIQ2Z0pIjxWSB7J6RyivTDLsbOzMGCa3lTdy7K/++0OwCBt6DLqYdX+Dn
-----END CERTIFICATE-----