Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/ySZplH_mqFwSwDyPo_mREGPBQdM.roa
File:                     ySZplH_mqFwSwDyPo_mREGPBQdM.roa (raw, json)
Hash identifier:          xKYbEhAgM5jIl6kyXin5z+1MMHgX9+1WnG3dV568fXA=
Subject key identifier:   C9:26:69:94:7F:E6:A8:5C:12:C0:3C:8F:A3:F9:91:10:63:C1:41:D3
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019C96D06B78F5B6898A055FE07509BCB879
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/ySZplH_mqFwSwDyPo_mREGPBQdM.roa
Signing time:             Wed 25 Feb 2026 21:59:27 +0000
ROA not before:           Wed 25 Feb 2026 21:59:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        94.229.212.0/24 maxlen: 24
                          103.41.46.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:96:d0:6b:78:f5:b6:89:8a:05:5f:e0:75:09:bc:b8:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Feb 25 21:59:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c92669947fe6a85c12c03c8fa3f9911063c141d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:59:4d:ed:56:52:8f:23:d2:2e:84:ba:a2:13:
                    ae:c1:00:6c:8a:31:46:96:24:a0:bf:a7:30:7e:2a:
                    8d:cb:dd:e9:2d:53:fc:56:f3:b9:88:dd:2c:7c:69:
                    1f:07:a7:36:8e:63:4b:65:48:70:5e:04:13:e3:df:
                    c2:b9:8a:45:9b:21:62:2b:15:fb:a2:99:c9:f4:43:
                    61:ff:41:70:3d:20:f0:c4:33:fb:60:c6:82:0d:ba:
                    23:2f:0a:0d:ac:95:58:2f:f0:7a:fc:66:7b:7c:ac:
                    d6:96:ff:7c:72:dc:ce:78:06:34:12:60:f2:53:db:
                    2f:79:ff:02:ac:d7:96:28:b7:00:2b:fb:b5:18:a0:
                    13:24:0a:4c:a1:bd:4d:d8:ec:45:61:1d:e6:f2:b8:
                    fd:19:b6:7a:e1:6b:ce:e9:03:ae:96:bf:2c:7c:9e:
                    a2:e0:25:20:11:ab:51:ad:c7:b1:16:a2:aa:a0:5c:
                    6b:48:5c:fa:5e:d4:8c:d5:dc:18:40:e3:19:68:d5:
                    7a:87:d2:11:09:8e:8f:5e:66:17:93:49:40:e2:a6:
                    64:4c:66:94:a0:10:14:08:6a:81:f3:2e:c6:1d:e4:
                    d2:69:48:36:8b:41:ce:51:88:ff:fe:81:87:cf:f0:
                    b6:0a:dd:0e:23:9d:a9:d5:58:b9:1c:36:e1:0b:ad:
                    d0:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:26:69:94:7F:E6:A8:5C:12:C0:3C:8F:A3:F9:91:10:63:C1:41:D3
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/ySZplH_mqFwSwDyPo_mREGPBQdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.229.212.0/24
                  103.41.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0c:cb:26:ba:7f:e9:b1:8f:c9:41:a6:93:f9:cb:35:c0:a2:e5:
         4d:a4:03:21:79:12:b4:92:70:f3:ec:40:10:9c:c5:b0:57:9a:
         2f:0e:9a:7e:4e:7d:e5:45:9d:77:44:2f:bf:49:c6:b4:45:ca:
         11:b0:53:a3:53:4a:2f:fb:74:13:93:89:2d:ce:d9:52:4b:2b:
         bf:01:59:64:59:11:86:16:21:0d:cf:d0:d5:f3:91:be:c5:ae:
         64:f6:1d:f8:dc:23:0a:7c:39:68:d8:77:ee:18:1e:bf:b3:fd:
         73:13:f1:a2:4d:9f:b2:0b:7f:a3:4f:70:b8:4a:0f:06:ad:b0:
         fe:1b:a2:fd:9d:14:86:ac:d7:33:62:a7:09:5c:e0:b8:ab:4b:
         c0:70:5a:48:e2:86:af:7e:72:3d:dc:11:fe:23:02:bf:0a:a7:
         49:b9:dc:84:94:5b:8a:b4:32:91:2a:48:7c:2a:d1:7b:46:bc:
         05:6e:4a:4d:ec:fa:27:31:44:59:f0:5b:9c:21:8e:de:03:e6:
         f3:89:45:79:cc:61:ad:01:db:9d:27:e1:79:81:97:34:29:ad:
         e4:12:75:02:53:55:9a:8d:e9:ad:53:57:bf:ed:df:17:70:f8:
         c0:09:48:3f:cf:d3:79:b4:61:3b:d6:e0:a5:19:79:d7:55:ea:
         63:9c:1d:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyW0Gt49baJigVf4HUJvLh5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwMjI1MjE1OTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTI2Njk5NDdmZTZhODVjMTJjMDNjOGZhM2Y5OTExMDYzYzE0MWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1FlN7VZSjyPSLoS6ohOuwQBsijFG
liSgv6cwfiqNy93pLVP8VvO5iN0sfGkfB6c2jmNLZUhwXgQT49/CuYpFmyFiKxX7
opnJ9ENh/0FwPSDwxDP7YMaCDbojLwoNrJVYL/B6/GZ7fKzWlv98ctzOeAY0EmDy
U9svef8CrNeWKLcAK/u1GKATJApMob1N2OxFYR3m8rj9GbZ64WvO6QOulr8sfJ6i
4CUgEatRrcexFqKqoFxrSFz6XtSM1dwYQOMZaNV6h9IRCY6PXmYXk0lA4qZkTGaU
oBAUCGqB8y7GHeTSaUg2i0HOUYj//oGHz/C2Ct0OI52p1Vi5HDbhC63Q8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMkmaZR/5qhcEsA8j6P5kRBjwUHTMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEveVNacGxIX21xRndTd0R5UG9fbVJFR1BCUWRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXuXUAwQB
ZykuMA0GCSqGSIb3DQEBCwUAA4IBAQAMyya6f+mxj8lBppP5yzXAouVNpAMheRK0
knDz7EAQnMWwV5ovDpp+Tn3lRZ13RC+/Sca0RcoRsFOjU0ov+3QTk4ktztlSSyu/
AVlkWRGGFiENz9DV85G+xa5k9h343CMKfDlo2HfuGB6/s/1zE/GiTZ+yC3+jT3C4
Sg8GrbD+G6L9nRSGrNczYqcJXOC4q0vAcFpI4oavfnI93BH+IwK/CqdJudyElFuK
tDKRKkh8KtF7RrwFbkpN7PonMURZ8FucIY7eA+bziUV5zGGtAdudJ+F5gZc0Ka3k
EnUCU1WajemtU1e/7d8XcPjACUg/z9N5tGE71uClGXnXVepjnB0O
-----END CERTIFICATE-----