Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/pd8jqiwncyRU07jhzanW6vIda3Y.roa
File:                     pd8jqiwncyRU07jhzanW6vIda3Y.roa (raw, json)
Hash identifier:          oV/iH4Xefv6qKZlHs4aLowL1AcuvenoOb9wsuC5+WYo=
Subject key identifier:   A5:DF:23:AA:2C:27:73:24:54:D3:B8:E1:CD:A9:D6:EA:F2:1D:6B:76
Certificate issuer:       /CN=31683805b23d8b787d6921053d7ebae970408a19
Certificate serial:       019ECB5CBF7736B3EFE5BACC269C1D7D8EA9
Authority key identifier: 31:68:38:05:B2:3D:8B:78:7D:69:21:05:3D:7E:BA:E9:70:40:8A:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MWg4BbI9i3h9aSEFPX666XBAihk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/pd8jqiwncyRU07jhzanW6vIda3Y.roa
Signing time:             Mon 15 Jun 2026 12:58:33 +0000
ROA not before:           Mon 15 Jun 2026 12:58:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51026
IP address blocks:        194.156.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/MWg4BbI9i3h9aSEFPX666XBAihk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/MWg4BbI9i3h9aSEFPX666XBAihk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MWg4BbI9i3h9aSEFPX666XBAihk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 08:33:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cb:5c:bf:77:36:b3:ef:e5:ba:cc:26:9c:1d:7d:8e:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31683805b23d8b787d6921053d7ebae970408a19
        Validity
            Not Before: Jun 15 12:58:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a5df23aa2c27732454d3b8e1cda9d6eaf21d6b76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:4c:4e:d2:02:eb:7c:61:44:aa:84:a1:28:65:
                    5b:5a:ce:e1:42:2d:44:be:15:34:63:df:7f:b6:2d:
                    e2:47:ee:40:72:e6:e4:0d:38:81:63:dc:47:c1:d4:
                    ae:fb:12:ff:23:43:93:d8:41:59:35:72:43:08:96:
                    f1:43:ca:a2:41:a4:73:4d:35:41:e9:7f:a3:50:b8:
                    f9:4a:ce:d1:aa:b1:0e:be:95:a7:8a:a5:06:26:34:
                    70:fd:57:4b:3a:4a:e7:e5:53:cd:12:66:c9:21:21:
                    1b:50:b9:0a:cf:0d:cc:44:65:96:7d:bc:a8:2d:d8:
                    f9:ed:b2:b6:52:10:41:d0:fe:eb:87:15:92:04:6b:
                    ec:2f:9c:7a:7a:07:dd:74:86:7d:d9:9f:f6:50:b5:
                    7a:96:42:59:85:22:f1:06:cd:73:ee:c4:2f:f4:dd:
                    2b:7b:89:d0:dc:50:68:da:46:d0:fd:b6:15:76:65:
                    92:5f:46:c8:31:97:ae:85:37:f2:9d:ff:a8:cd:e6:
                    b1:ee:e0:ea:9a:f0:86:d5:b6:31:a2:a7:84:7c:44:
                    a9:88:aa:90:f0:3c:43:05:8a:87:fd:00:23:11:d1:
                    1c:3e:50:6c:57:6c:0d:1c:ad:c8:36:b6:6b:34:b2:
                    ac:95:a9:ff:a5:bb:31:6e:d6:d6:73:89:af:4e:72:
                    c6:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:DF:23:AA:2C:27:73:24:54:D3:B8:E1:CD:A9:D6:EA:F2:1D:6B:76
            X509v3 Authority Key Identifier:
                keyid:31:68:38:05:B2:3D:8B:78:7D:69:21:05:3D:7E:BA:E9:70:40:8A:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MWg4BbI9i3h9aSEFPX666XBAihk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/pd8jqiwncyRU07jhzanW6vIda3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/MWg4BbI9i3h9aSEFPX666XBAihk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:c5:bf:7f:71:b5:cc:a1:4c:67:81:74:f3:48:ca:6d:c9:0a:
         9f:9e:d6:cd:19:78:83:71:a4:93:32:07:2e:cc:ee:d6:62:76:
         1e:30:8b:4e:60:ee:0e:54:80:8f:05:ab:72:72:c7:dc:71:bb:
         e2:eb:d0:c3:b2:98:83:78:68:ed:66:71:c3:d5:0b:be:f5:b7:
         62:7b:41:38:07:e3:39:61:6d:47:0e:41:b8:99:60:60:b3:b2:
         b5:29:99:b0:19:52:14:9f:0c:fe:eb:b1:7c:55:f6:52:3f:c4:
         c2:5c:91:2c:13:e2:df:a9:c7:26:b8:af:61:64:f7:5f:f1:32:
         15:17:d2:66:4d:24:c4:c3:46:b1:11:45:6c:1e:cf:79:93:f4:
         64:36:79:ca:71:e3:a0:e9:db:43:b0:10:53:52:05:3b:d3:1a:
         af:45:47:03:74:5b:fb:97:8a:63:4a:ab:51:2a:64:52:5a:47:
         79:6e:31:da:3f:ed:1c:71:79:93:d5:ac:b4:18:88:8a:6d:4d:
         ac:a0:4a:91:9a:50:5b:26:10:1e:80:06:25:f6:36:f1:ac:34:
         53:f2:dc:f4:e6:52:18:f6:91:e1:d2:f5:ff:93:35:2f:e3:06:
         db:6b:12:82:27:02:d5:e0:58:3f:9f:9e:8e:cc:1d:60:12:74:
         de:fe:e5:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7LXL93NrPv5brMJpwdfY6pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxNjgzODA1YjIzZDhiNzg3ZDY5MjEwNTNkN2ViYWU5NzA0
MDhhMTkwHhcNMjYwNjE1MTI1ODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWRmMjNhYTJjMjc3MzI0NTRkM2I4ZTFjZGE5ZDZlYWYyMWQ2Yjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ExO0gLrfGFEqoShKGVbWs7hQi1E
vhU0Y99/ti3iR+5AcubkDTiBY9xHwdSu+xL/I0OT2EFZNXJDCJbxQ8qiQaRzTTVB
6X+jULj5Ss7RqrEOvpWniqUGJjRw/VdLOkrn5VPNEmbJISEbULkKzw3MRGWWfbyo
Ldj57bK2UhBB0P7rhxWSBGvsL5x6egfddIZ92Z/2ULV6lkJZhSLxBs1z7sQv9N0r
e4nQ3FBo2kbQ/bYVdmWSX0bIMZeuhTfynf+ozeax7uDqmvCG1bYxoqeEfESpiKqQ
8DxDBYqH/QAjEdEcPlBsV2wNHK3INrZrNLKslan/pbsxbtbWc4mvTnLGIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKXfI6osJ3MkVNO44c2p1uryHWt2MB8GA1UdIwQY
MBaAFDFoOAWyPYt4fWkhBT1+uulwQIoZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVdnNEJiSTlpM2g5YVNFRlBYNjY2WEJBaWhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9lYTM1MjgtNDViOS00N2E0LTk2MTIt
MmE0NTZmZDA5NmFiLzEvcGQ4anFpd25jeVJVMDdqaHphblc2dklkYTNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9lYTM1MjgtNDViOS00N2E0LTk2MTItMmE0NTZmZDA5NmFi
LzEvTVdnNEJiSTlpM2g5YVNFRlBYNjY2WEJBaWhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpxNMA0G
CSqGSIb3DQEBCwUAA4IBAQCxxb9/cbXMoUxngXTzSMptyQqfntbNGXiDcaSTMgcu
zO7WYnYeMItOYO4OVICPBatycsfccbvi69DDspiDeGjtZnHD1Qu+9bdie0E4B+M5
YW1HDkG4mWBgs7K1KZmwGVIUnwz+67F8VfZSP8TCXJEsE+LfqccmuK9hZPdf8TIV
F9JmTSTEw0axEUVsHs95k/RkNnnKceOg6dtDsBBTUgU70xqvRUcDdFv7l4pjSqtR
KmRSWkd5bjHaP+0ccXmT1ay0GIiKbU2soEqRmlBbJhAegAYl9jbxrDRT8tz05lIY
9pHh0vX/kzUv4wbbaxKCJwLV4Fg/n56OzB1gEnTe/uUT
-----END CERTIFICATE-----