Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/uY1XV36FE6RDI-sxPiHlZz6l1RM.roa
File:                     uY1XV36FE6RDI-sxPiHlZz6l1RM.roa (raw, json)
Hash identifier:          PnKwbI7y3TgaljiZAsmKCieTQkrhVVYReFgGOe2QKZ8=
Subject key identifier:   B9:8D:57:57:7E:85:13:A4:43:23:EB:31:3E:21:E5:67:3E:A5:D5:13
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019EAAD2F26FE1AF41BBE3E633EFE83FCAD0
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/uY1XV36FE6RDI-sxPiHlZz6l1RM.roa
Signing time:             Tue 09 Jun 2026 05:20:11 +0000
ROA not before:           Tue 09 Jun 2026 05:20:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     151389
IP address blocks:        191.219.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:aa:d2:f2:6f:e1:af:41:bb:e3:e6:33:ef:e8:3f:ca:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jun  9 05:20:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b98d57577e8513a44323eb313e21e5673ea5d513
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:77:7d:ab:49:7c:eb:3a:fc:29:00:f8:52:86:
                    a3:22:87:49:4a:63:5c:da:a1:cf:89:be:3c:6c:bf:
                    fd:76:08:85:99:60:03:f2:7d:ff:9e:33:50:3e:22:
                    da:8a:5d:a9:20:e0:d9:24:8e:c3:02:8f:f9:f7:26:
                    3e:0e:ec:bc:85:34:6d:8e:39:ec:f0:1a:6e:68:9c:
                    d4:46:8d:c7:71:23:3e:27:cd:4d:19:1d:45:7f:79:
                    ff:61:2a:d3:df:58:e2:52:a9:2c:c5:6a:14:42:19:
                    db:91:1c:ae:5e:57:f3:a7:56:c0:91:31:72:4c:c5:
                    71:f3:48:8b:47:5c:5a:1c:e2:02:e1:e2:ea:f1:c4:
                    98:40:8f:57:38:75:eb:02:ec:0f:ba:13:9d:44:f3:
                    09:52:29:7a:c0:fc:ba:52:6d:eb:2b:8e:69:3f:29:
                    46:c6:59:b3:96:e8:df:64:9e:37:89:fd:45:22:eb:
                    48:8f:04:06:e4:66:5c:0f:6c:61:9e:02:49:a5:a9:
                    29:f2:3d:ca:89:8a:4b:fc:bd:ed:a7:d8:ef:d7:04:
                    d1:73:a0:6f:13:20:c9:ee:97:37:a4:2f:32:bd:b5:
                    b5:22:5b:9f:e7:71:d9:07:77:de:85:0a:b9:9b:ef:
                    68:3d:2f:27:c2:e3:36:15:ad:f0:f1:d3:60:95:8e:
                    7f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:8D:57:57:7E:85:13:A4:43:23:EB:31:3E:21:E5:67:3E:A5:D5:13
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/uY1XV36FE6RDI-sxPiHlZz6l1RM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.219.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:f7:9b:ae:63:42:5b:eb:58:58:20:b4:ad:66:33:c4:3d:5b:
         d6:b1:e8:ac:4f:a3:16:ef:66:c9:13:a9:3c:92:b5:39:72:92:
         76:de:8a:5e:61:2b:5b:07:8e:0d:10:84:ad:ce:a2:35:df:be:
         3c:4b:c3:0e:09:a7:e5:95:cc:f1:3f:72:cd:a5:1c:52:5f:40:
         e2:90:0d:34:6d:d4:bd:89:e5:29:c3:3a:7d:df:48:2d:b5:b0:
         a5:08:e4:39:92:f3:11:42:73:cf:79:76:8e:34:3e:62:4e:66:
         59:02:b6:ba:d7:ac:13:5b:97:6f:b4:54:3a:5d:58:32:e9:c7:
         e8:f4:b0:a5:de:af:0b:ee:de:33:02:60:6a:16:89:0b:3b:eb:
         97:5f:ae:89:dc:03:42:bc:a7:53:53:d3:77:8b:ad:74:a2:b8:
         ee:a9:df:0a:8b:1c:95:30:60:1c:96:66:ae:4f:0b:eb:4c:2c:
         bd:ad:40:7c:78:b0:5f:ed:ce:da:2c:c7:2c:da:f4:4c:ba:74:
         04:bc:6c:00:9e:62:d0:63:ed:e9:83:2b:41:c5:b0:14:98:6d:
         cf:81:27:a1:0d:f4:e9:85:7d:2c:e8:b7:de:fd:9c:45:d1:21:
         ce:6e:b3:ee:7f:ff:97:90:db:fd:f7:f0:69:36:f2:6a:b9:ca:
         49:54:dd:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6q0vJv4a9Bu+PmM+/oP8rQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNjA5MDUyMDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOThkNTc1NzdlODUxM2E0NDMyM2ViMzEzZTIxZTU2NzNlYTVkNTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43d9q0l86zr8KQD4UoajIodJSmNc
2qHPib48bL/9dgiFmWAD8n3/njNQPiLail2pIODZJI7DAo/59yY+Duy8hTRtjjns
8BpuaJzURo3HcSM+J81NGR1Ff3n/YSrT31jiUqksxWoUQhnbkRyuXlfzp1bAkTFy
TMVx80iLR1xaHOIC4eLq8cSYQI9XOHXrAuwPuhOdRPMJUil6wPy6Um3rK45pPylG
xlmzlujfZJ43if1FIutIjwQG5GZcD2xhngJJpakp8j3KiYpL/L3tp9jv1wTRc6Bv
EyDJ7pc3pC8yvbW1Iluf53HZB3fehQq5m+9oPS8nwuM2Fa3w8dNglY5/dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmNV1d+hROkQyPrMT4h5Wc+pdUTMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvdVkxWFYzNkZFNlJESS1zeFBpSGxaejZsMVJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv9sQMA0G
CSqGSIb3DQEBCwUAA4IBAQDC95uuY0Jb61hYILStZjPEPVvWseisT6MW72bJE6k8
krU5cpJ23opeYStbB44NEIStzqI13748S8MOCafllczxP3LNpRxSX0DikA00bdS9
ieUpwzp930gttbClCOQ5kvMRQnPPeXaOND5iTmZZAra616wTW5dvtFQ6XVgy6cfo
9LCl3q8L7t4zAmBqFokLO+uXX66J3ANCvKdTU9N3i610orjuqd8KixyVMGAclmau
TwvrTCy9rUB8eLBf7c7aLMcs2vRMunQEvGwAnmLQY+3pgytBxbAUmG3PgSehDfTp
hX0s6Lfe/ZxF0SHObrPuf/+XkNv99/BpNvJqucpJVN2g
-----END CERTIFICATE-----