Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/abe161-6e7d-4c3f-8b08-71b450fbafbc/1/eIGQ7OTIETh1SMQL7eT4pNdJuwE.roa
File:                     eIGQ7OTIETh1SMQL7eT4pNdJuwE.roa (raw, json)
Hash identifier:          yvgblrAjB/uRs9ll3Bf1SWWkEIyGeHQyhsfe5WIS+Fk=
Subject key identifier:   78:81:90:EC:E4:C8:11:38:75:48:C4:0B:ED:E4:F8:A4:D7:49:BB:01
Certificate issuer:       /CN=072e29cad6add22a21b562151187841c8f53f2e5
Certificate serial:       019E974FCD41AE4B281116E7C4C0D21DF397
Authority key identifier: 07:2E:29:CA:D6:AD:D2:2A:21:B5:62:15:11:87:84:1C:8F:53:F2:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/By4pytat0iohtWIVEYeEHI9T8uU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/abe161-6e7d-4c3f-8b08-71b450fbafbc/1/eIGQ7OTIETh1SMQL7eT4pNdJuwE.roa
Signing time:             Fri 05 Jun 2026 10:24:09 +0000
ROA not before:           Fri 05 Jun 2026 10:24:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198584
IP address blocks:        194.213.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/abe161-6e7d-4c3f-8b08-71b450fbafbc/1/By4pytat0iohtWIVEYeEHI9T8uU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/abe161-6e7d-4c3f-8b08-71b450fbafbc/1/By4pytat0iohtWIVEYeEHI9T8uU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/By4pytat0iohtWIVEYeEHI9T8uU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:97:4f:cd:41:ae:4b:28:11:16:e7:c4:c0:d2:1d:f3:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=072e29cad6add22a21b562151187841c8f53f2e5
        Validity
            Not Before: Jun  5 10:24:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=788190ece4c811387548c40bede4f8a4d749bb01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c3:3d:84:3c:ff:57:fb:4e:37:16:45:73:e9:
                    9e:6e:e4:2d:03:27:e1:31:22:51:85:a6:18:64:1e:
                    75:73:98:f4:7b:16:68:17:d7:1a:cd:5e:d0:63:4c:
                    e3:f7:c0:86:b9:ec:f9:e9:c6:28:d3:1c:30:b2:0a:
                    b9:19:4f:ab:1b:59:38:39:09:00:f9:c0:eb:33:a8:
                    06:c5:c1:ac:44:29:28:1c:69:2b:a7:7e:cc:23:4c:
                    3d:d3:83:dd:41:b0:12:3d:52:95:49:c2:c4:c2:43:
                    34:30:28:75:2f:4a:43:cd:ed:1e:ab:02:7f:b0:75:
                    3c:dc:32:88:3d:26:f2:ae:77:7b:16:eb:f2:fb:3f:
                    85:f7:c3:b9:fd:79:36:74:27:bb:30:52:c3:3f:44:
                    94:80:bd:14:84:ec:22:09:44:71:e5:55:a3:98:64:
                    43:23:36:61:25:74:c3:13:f3:f9:0b:37:68:b1:67:
                    94:7b:83:18:2c:0e:cd:ad:2b:80:a2:20:8d:4b:0a:
                    60:25:eb:78:4f:18:e2:86:af:08:66:5b:35:4b:0e:
                    e1:07:16:12:18:f3:e5:9c:0c:b8:c6:d7:84:0d:51:
                    e8:86:8e:9f:b7:d8:2e:90:87:e5:c8:d7:f7:90:1c:
                    ab:d3:5b:5b:a0:45:f2:0c:23:40:e9:61:6c:ac:27:
                    46:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:81:90:EC:E4:C8:11:38:75:48:C4:0B:ED:E4:F8:A4:D7:49:BB:01
            X509v3 Authority Key Identifier:
                keyid:07:2E:29:CA:D6:AD:D2:2A:21:B5:62:15:11:87:84:1C:8F:53:F2:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/By4pytat0iohtWIVEYeEHI9T8uU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/abe161-6e7d-4c3f-8b08-71b450fbafbc/1/eIGQ7OTIETh1SMQL7eT4pNdJuwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/abe161-6e7d-4c3f-8b08-71b450fbafbc/1/By4pytat0iohtWIVEYeEHI9T8uU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.213.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:85:66:34:eb:ad:b4:b9:4f:ef:47:80:55:a1:5f:cc:61:46:
         89:e1:81:8e:a7:01:a8:ea:51:4d:21:cc:f3:fd:a2:56:54:4c:
         80:ae:4b:ea:fb:f3:94:9b:c0:4c:5d:1d:ef:e1:c1:6a:2f:a4:
         98:94:d8:7b:70:4e:75:12:ed:58:70:d6:e0:e0:03:8a:73:97:
         18:f3:ee:91:19:c0:05:7e:3b:89:9a:11:b6:38:9f:71:06:03:
         e5:e6:ce:d8:f0:28:19:41:89:3f:f1:a6:32:15:18:73:dd:03:
         6b:ec:ac:89:ea:86:d3:10:d1:17:a4:c7:f2:5b:4d:30:e8:00:
         25:f1:ac:a6:0e:69:f0:72:77:f9:45:a8:b1:e3:a6:31:b8:77:
         47:8d:e0:47:e8:70:29:7b:fd:4b:10:f9:73:29:21:78:d8:6d:
         a2:45:47:23:04:fd:1a:22:5a:48:3c:08:7e:a4:eb:fa:55:5a:
         ce:32:77:44:30:27:f7:77:58:eb:8a:2f:cc:9f:3a:4d:bf:21:
         7e:0b:b8:e9:8e:35:6d:f2:d6:e6:e5:da:c1:7e:61:70:00:9c:
         59:17:0c:25:e0:0e:e4:27:a1:08:43:db:2e:b0:5f:0f:45:aa:
         b9:c5:08:1c:d9:e9:ea:28:a4:08:f1:01:c6:3c:6c:cd:e2:06:
         db:51:1f:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6XT81BrksoERbnxMDSHfOXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MmUyOWNhZDZhZGQyMmEyMWI1NjIxNTExODc4NDFjOGY1
M2YyZTUwHhcNMjYwNjA1MTAyNDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODgxOTBlY2U0YzgxMTM4NzU0OGM0MGJlZGU0ZjhhNGQ3NDliYjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8M9hDz/V/tONxZFc+mebuQtAyfh
MSJRhaYYZB51c5j0exZoF9cazV7QY0zj98CGuez56cYo0xwwsgq5GU+rG1k4OQkA
+cDrM6gGxcGsRCkoHGkrp37MI0w904PdQbASPVKVScLEwkM0MCh1L0pDze0eqwJ/
sHU83DKIPSbyrnd7Fuvy+z+F98O5/Xk2dCe7MFLDP0SUgL0UhOwiCURx5VWjmGRD
IzZhJXTDE/P5CzdosWeUe4MYLA7NrSuAoiCNSwpgJet4Txjihq8IZls1Sw7hBxYS
GPPlnAy4xteEDVHoho6ft9gukIflyNf3kByr01tboEXyDCNA6WFsrCdGcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHiBkOzkyBE4dUjEC+3k+KTXSbsBMB8GA1UdIwQY
MBaAFAcuKcrWrdIqIbViFRGHhByPU/LlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnk0cHl0YXQwaW9odFdJVkVZZUVISTlUOHVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hYmUxNjEtNmU3ZC00YzNmLThiMDgt
NzFiNDUwZmJhZmJjLzEvZUlHUTdPVElFVGgxU01RTDdlVDRwTmRKdXdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hYmUxNjEtNmU3ZC00YzNmLThiMDgtNzFiNDUwZmJhZmJj
LzEvQnk0cHl0YXQwaW9odFdJVkVZZUVISTlUOHVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtV2MA0G
CSqGSIb3DQEBCwUAA4IBAQBGhWY06620uU/vR4BVoV/MYUaJ4YGOpwGo6lFNIczz
/aJWVEyArkvq+/OUm8BMXR3v4cFqL6SYlNh7cE51Eu1YcNbg4AOKc5cY8+6RGcAF
fjuJmhG2OJ9xBgPl5s7Y8CgZQYk/8aYyFRhz3QNr7KyJ6obTENEXpMfyW00w6AAl
8aymDmnwcnf5Raix46YxuHdHjeBH6HApe/1LEPlzKSF42G2iRUcjBP0aIlpIPAh+
pOv6VVrOMndEMCf3d1jrii/MnzpNvyF+C7jpjjVt8tbm5drBfmFwAJxZFwwl4A7k
J6EIQ9susF8PRaq5xQgc2enqKKQI8QHGPGzN4gbbUR/j
-----END CERTIFICATE-----