Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/d2ff0f-e24a-4313-98c1-22e5547316b5/1/5Iruj7Q04-dIh4ZGTzY2lg5RxnQ.roa
File:                     5Iruj7Q04-dIh4ZGTzY2lg5RxnQ.roa (raw, json)
Hash identifier:          x1HpRiyK6tLqJ4m++Ue3xBke0BVmx3kiw0XUNo5+ScQ=
Subject key identifier:   E4:8A:EE:8F:B4:34:E3:E7:48:87:86:46:4F:36:36:96:0E:51:C6:74
Certificate issuer:       /CN=e81d2dcf2b69abdbd609436440115a9e4ea19a05
Certificate serial:       019B7EA6563B84FCA46A91E9CCD61C9A6528
Authority key identifier: E8:1D:2D:CF:2B:69:AB:DB:D6:09:43:64:40:11:5A:9E:4E:A1:9A:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6B0tzytpq9vWCUNkQBFank6hmgU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/d2ff0f-e24a-4313-98c1-22e5547316b5/1/5Iruj7Q04-dIh4ZGTzY2lg5RxnQ.roa
Signing time:             Fri 02 Jan 2026 12:19:48 +0000
ROA not before:           Fri 02 Jan 2026 12:19:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205016
IP address blocks:        2001:67c:198c::/48 maxlen: 48
                          2001:67c:2628::/48 maxlen: 48
                          2001:67c:2660::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/d2ff0f-e24a-4313-98c1-22e5547316b5/1/6B0tzytpq9vWCUNkQBFank6hmgU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/d2ff0f-e24a-4313-98c1-22e5547316b5/1/6B0tzytpq9vWCUNkQBFank6hmgU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6B0tzytpq9vWCUNkQBFank6hmgU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:56:3b:84:fc:a4:6a:91:e9:cc:d6:1c:9a:65:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e81d2dcf2b69abdbd609436440115a9e4ea19a05
        Validity
            Not Before: Jan  2 12:19:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e48aee8fb434e3e7488786464f3636960e51c674
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:f8:0b:4b:76:62:63:4d:c4:94:7c:f5:8f:1f:
                    80:1e:f2:76:9d:b8:69:76:de:b4:cb:01:c6:ab:65:
                    b8:48:13:12:64:63:30:78:aa:01:8b:53:87:38:0e:
                    4d:d4:13:5b:d9:ac:3c:23:41:b2:2a:49:8c:86:31:
                    8e:b3:b0:d8:5c:8b:d7:a6:5b:be:92:f2:36:e3:fe:
                    f5:2c:8c:4f:6e:6e:44:27:49:34:33:98:e0:b0:2b:
                    60:9b:1d:a1:cb:97:d1:02:97:36:b7:e7:75:88:fd:
                    15:ad:95:8c:a4:00:95:78:f4:2e:a2:0c:f2:f1:c6:
                    51:c4:a3:7d:ed:d1:cb:81:58:12:e0:25:da:2e:51:
                    04:15:a1:f3:b7:a0:99:24:da:2a:e8:5f:57:9e:11:
                    74:b6:49:73:33:a0:d2:db:18:d4:d7:92:3e:13:19:
                    bd:e7:1b:d4:4c:36:f3:17:f7:29:8c:e8:01:02:78:
                    e9:d7:40:e1:7b:1d:52:4e:9e:ec:fc:86:46:23:81:
                    6f:f8:78:d8:cd:25:e4:43:07:9c:92:64:27:d2:65:
                    ce:da:fc:1d:e1:0c:6f:47:35:8e:d8:79:6c:42:eb:
                    b1:4a:12:6e:24:15:b9:50:60:99:38:3d:73:3a:91:
                    c7:cb:ce:1a:91:b9:8a:d4:e2:da:6f:e8:00:e8:bb:
                    1e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:8A:EE:8F:B4:34:E3:E7:48:87:86:46:4F:36:36:96:0E:51:C6:74
            X509v3 Authority Key Identifier:
                keyid:E8:1D:2D:CF:2B:69:AB:DB:D6:09:43:64:40:11:5A:9E:4E:A1:9A:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6B0tzytpq9vWCUNkQBFank6hmgU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/d2ff0f-e24a-4313-98c1-22e5547316b5/1/5Iruj7Q04-dIh4ZGTzY2lg5RxnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/d2ff0f-e24a-4313-98c1-22e5547316b5/1/6B0tzytpq9vWCUNkQBFank6hmgU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:198c::/48
                  2001:67c:2628::/48
                  2001:67c:2660::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:69:ad:87:78:a6:a9:70:5d:a7:7b:23:9d:6f:50:d6:b3:70:
         a2:a3:07:9f:09:5a:48:da:4f:54:6d:a9:66:42:23:b7:3b:2d:
         4e:62:37:a7:74:cb:af:60:38:5c:a7:45:76:d9:56:c1:80:ab:
         99:6d:23:48:58:9a:6d:9a:d3:98:15:be:a2:6d:66:25:78:2a:
         9c:67:47:b2:b2:de:e8:af:06:bf:f9:ce:de:f3:12:21:65:72:
         4f:c3:61:cd:bc:12:f1:9e:97:4a:86:9a:56:c1:26:e7:b8:fb:
         b9:36:e2:e2:a1:44:96:1c:67:de:c1:ce:06:90:b1:e6:bd:3c:
         db:22:7b:36:1f:af:94:2f:43:b1:b7:52:d0:a2:39:41:a7:1b:
         c9:55:92:f1:08:3c:3d:ea:4d:44:9b:53:1b:31:41:a5:36:df:
         e0:3a:f8:03:31:7e:50:2d:20:97:2b:c6:03:b0:5e:84:fc:36:
         91:8e:0d:a1:cc:b9:dd:b8:60:c9:65:1a:fc:39:3b:e3:58:92:
         6c:fb:bf:ed:75:d5:92:1c:50:a1:9c:b8:35:99:94:cb:4c:6f:
         0f:49:b5:17:a4:d5:b5:b6:25:70:cc:2e:89:7b:5d:f0:09:9e:
         2b:60:49:77:90:d2:68:c9:78:f8:47:1b:34:aa:e3:27:85:59:
         e1:8e:31:26
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt+plY7hPykapHpzNYcmmUoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MWQyZGNmMmI2OWFiZGJkNjA5NDM2NDQwMTE1YTllNGVh
MTlhMDUwHhcNMjYwMTAyMTIxOTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDhhZWU4ZmI0MzRlM2U3NDg4Nzg2NDY0ZjM2MzY5NjBlNTFjNjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8PgLS3ZiY03ElHz1jx+AHvJ2nbhp
dt60ywHGq2W4SBMSZGMweKoBi1OHOA5N1BNb2aw8I0GyKkmMhjGOs7DYXIvXplu+
kvI24/71LIxPbm5EJ0k0M5jgsCtgmx2hy5fRApc2t+d1iP0VrZWMpACVePQuogzy
8cZRxKN97dHLgVgS4CXaLlEEFaHzt6CZJNoq6F9XnhF0tklzM6DS2xjU15I+Exm9
5xvUTDbzF/cpjOgBAnjp10Dhex1STp7s/IZGI4Fv+HjYzSXkQweckmQn0mXO2vwd
4QxvRzWO2HlsQuuxShJuJBW5UGCZOD1zOpHHy84akbmK1OLab+gA6Lse4QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOSK7o+0NOPnSIeGRk82NpYOUcZ0MB8GA1UdIwQY
MBaAFOgdLc8raavb1glDZEARWp5OoZoFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkIwdHp5dHBxOXZXQ1VOa1FCRmFuazZobWdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9kMmZmMGYtZTI0YS00MzEzLTk4YzEt
MjJlNTU0NzMxNmI1LzEvNUlydWo3UTA0LWRJaDRaR1R6WTJsZzVSeG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9kMmZmMGYtZTI0YS00MzEzLTk4YzEtMjJlNTU0NzMxNmI1
LzEvNkIwdHp5dHBxOXZXQ1VOa1FCRmFuazZobWdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAIAEGfBmM
AwcAIAEGfCYoAwcAIAEGfCZgMA0GCSqGSIb3DQEBCwUAA4IBAQCSaa2HeKapcF2n
eyOdb1DWs3CiowefCVpI2k9UbalmQiO3Oy1OYjendMuvYDhcp0V22VbBgKuZbSNI
WJptmtOYFb6ibWYleCqcZ0eyst7orwa/+c7e8xIhZXJPw2HNvBLxnpdKhppWwSbn
uPu5NuLioUSWHGfewc4GkLHmvTzbIns2H6+UL0Oxt1LQojlBpxvJVZLxCDw96k1E
m1MbMUGlNt/gOvgDMX5QLSCXK8YDsF6E/DaRjg2hzLnduGDJZRr8OTvjWJJs+7/t
ddWSHFChnLg1mZTLTG8PSbUXpNW1tiVwzC6Je13wCZ4rYEl3kNJoyXj4Rxs0quMn
hVnhjjEm
-----END CERTIFICATE-----