Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/eqjRIQl2tcvdRn0WGpqecEf39BE.roa
File:                     eqjRIQl2tcvdRn0WGpqecEf39BE.roa (raw, json)
Hash identifier:          wo1ZcMLEQzOlMVuGPZQ1qvLlzhW3e3KGV8eqOLVncZU=
Subject key identifier:   7A:A8:D1:21:09:76:B5:CB:DD:46:7D:16:1A:9A:9E:70:47:F7:F4:11
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       019C1E1AAC50593CCC02C0DF58D97B6623D9
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/eqjRIQl2tcvdRn0WGpqecEf39BE.roa
Signing time:             Mon 02 Feb 2026 11:26:30 +0000
ROA not before:           Mon 02 Feb 2026 11:26:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213461
IP address blocks:        185.162.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:1e:1a:ac:50:59:3c:cc:02:c0:df:58:d9:7b:66:23:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Feb  2 11:26:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7aa8d1210976b5cbdd467d161a9a9e7047f7f411
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:dd:02:88:f6:30:aa:75:b5:df:a1:e2:a2:f8:
                    a2:c1:c1:ea:0d:98:4e:d8:9c:ea:56:32:4b:e0:25:
                    c5:68:5b:07:d6:32:66:03:d8:be:ec:fb:f0:59:fd:
                    c1:16:98:4f:05:63:51:0f:0c:7b:03:81:12:41:41:
                    9c:3b:88:45:ff:30:31:9c:18:9b:58:cd:84:f7:44:
                    89:d6:f1:d0:de:69:eb:1c:13:29:e2:8c:66:d5:65:
                    e5:ad:ab:76:a0:af:54:b1:f9:d2:5c:8f:11:2b:1f:
                    82:82:be:52:87:8c:b5:f2:d6:0b:1a:d3:d5:ab:a3:
                    a9:22:89:2f:4b:7d:bd:34:3b:05:95:cc:be:47:f5:
                    d6:0b:f5:1e:42:54:c6:bc:37:9c:f4:62:fa:e8:6a:
                    e5:15:a8:b4:ba:ac:97:e9:88:46:20:91:cf:4c:4d:
                    6c:77:57:4c:c9:9d:70:08:8c:d1:1d:08:4e:f6:23:
                    53:48:39:5e:12:84:9a:64:e3:09:9e:da:c3:db:ec:
                    52:b6:90:10:aa:01:1e:d7:94:89:fd:63:0b:f6:ad:
                    28:5f:2c:a7:7b:42:40:e9:3c:ee:f4:cc:a0:09:2a:
                    4c:23:be:cc:30:c2:49:69:35:7f:85:0e:82:fc:54:
                    fb:d2:67:0d:2d:17:d9:7f:e9:0a:e9:97:72:9c:78:
                    94:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:A8:D1:21:09:76:B5:CB:DD:46:7D:16:1A:9A:9E:70:47:F7:F4:11
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/eqjRIQl2tcvdRn0WGpqecEf39BE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:20:34:32:e0:cb:38:15:7b:1d:f3:e4:f1:d7:84:b6:c3:1b:
         fd:30:de:52:d9:2e:05:6e:04:bd:a6:5b:34:0e:16:c5:d6:63:
         01:bf:20:71:ee:5f:4c:d5:8b:a2:a6:35:80:93:99:ca:b4:18:
         55:ea:8c:4b:10:f8:f8:d5:45:f6:72:48:e0:34:c1:a5:44:f7:
         9e:cc:09:79:3e:d6:5f:4b:f2:b9:14:6c:75:c5:a3:7f:ec:d3:
         d4:ef:c5:9d:89:d3:43:eb:14:04:76:b5:b7:58:2b:74:d2:6b:
         12:13:8d:1a:ce:c5:24:29:59:0f:a3:53:43:37:57:66:c2:98:
         c2:45:58:11:05:03:53:de:d3:1e:cc:7e:99:f0:fe:06:a9:fd:
         7d:4a:1e:82:24:2b:95:ef:57:a5:bc:fa:6e:ce:b5:a9:de:7a:
         94:fe:7f:3e:9d:92:c4:5f:1f:36:2d:fe:fa:7a:72:81:8c:78:
         93:2e:b5:67:49:58:e7:25:78:64:75:bc:fc:7c:f3:90:6e:1b:
         c8:0f:f6:2b:1e:03:a9:6b:10:e4:8a:6b:33:69:a8:12:dc:db:
         f3:5d:3a:e4:db:00:26:b4:c5:54:19:7a:7d:42:92:46:c5:ec:
         f2:bd:96:35:0d:4c:42:14:8d:26:94:fc:32:8c:91:78:7b:1f:
         0d:e7:97:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZweGqxQWTzMAsDfWNl7ZiPZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjYwMjAyMTEyNjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWE4ZDEyMTA5NzZiNWNiZGQ0NjdkMTYxYTlhOWU3MDQ3ZjdmNDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArN0CiPYwqnW136HioviiwcHqDZhO
2JzqVjJL4CXFaFsH1jJmA9i+7PvwWf3BFphPBWNRDwx7A4ESQUGcO4hF/zAxnBib
WM2E90SJ1vHQ3mnrHBMp4oxm1WXlrat2oK9UsfnSXI8RKx+Cgr5Sh4y18tYLGtPV
q6OpIokvS329NDsFlcy+R/XWC/UeQlTGvDec9GL66GrlFai0uqyX6YhGIJHPTE1s
d1dMyZ1wCIzRHQhO9iNTSDleEoSaZOMJntrD2+xStpAQqgEe15SJ/WML9q0oXyyn
e0JA6Tzu9MygCSpMI77MMMJJaTV/hQ6C/FT70mcNLRfZf+kK6ZdynHiU1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHqo0SEJdrXL3UZ9FhqannBH9/QRMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvZXFqUklRbDJ0Y3ZkUm4wV0dwcWVjRWYzOUJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaLrMA0G
CSqGSIb3DQEBCwUAA4IBAQBWIDQy4Ms4FXsd8+Tx14S2wxv9MN5S2S4FbgS9pls0
DhbF1mMBvyBx7l9M1YuipjWAk5nKtBhV6oxLEPj41UX2ckjgNMGlRPeezAl5PtZf
S/K5FGx1xaN/7NPU78WdidND6xQEdrW3WCt00msSE40azsUkKVkPo1NDN1dmwpjC
RVgRBQNT3tMezH6Z8P4Gqf19Sh6CJCuV71elvPpuzrWp3nqU/n8+nZLEXx82Lf76
enKBjHiTLrVnSVjnJXhkdbz8fPOQbhvID/YrHgOpaxDkimszaagS3NvzXTrk2wAm
tMVUGXp9QpJGxezyvZY1DUxCFI0mlPwyjJF4ex8N55dH
-----END CERTIFICATE-----