Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/tDsA9QFN9_RtdMjoTq-ZbcMTwPA.roa
File:                     tDsA9QFN9_RtdMjoTq-ZbcMTwPA.roa (raw, json)
Hash identifier:          GPXnICwqrdOoxTBB3EJ81zgaiFSl1eAKKh3oe1EQ3WY=
Subject key identifier:   B4:3B:00:F5:01:4D:F7:F4:6D:74:C8:E8:4E:AF:99:6D:C3:13:C0:F0
Certificate issuer:       /CN=31683805b23d8b787d6921053d7ebae970408a19
Certificate serial:       019ECB5CBFFFBF1AA5A137BCCC7C9901CC4E
Authority key identifier: 31:68:38:05:B2:3D:8B:78:7D:69:21:05:3D:7E:BA:E9:70:40:8A:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MWg4BbI9i3h9aSEFPX666XBAihk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/tDsA9QFN9_RtdMjoTq-ZbcMTwPA.roa
Signing time:             Mon 15 Jun 2026 12:58:33 +0000
ROA not before:           Mon 15 Jun 2026 12:58:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208555
IP address blocks:        194.156.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/MWg4BbI9i3h9aSEFPX666XBAihk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/MWg4BbI9i3h9aSEFPX666XBAihk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MWg4BbI9i3h9aSEFPX666XBAihk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 08:33:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cb:5c:bf:ff:bf:1a:a5:a1:37:bc:cc:7c:99:01:cc:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31683805b23d8b787d6921053d7ebae970408a19
        Validity
            Not Before: Jun 15 12:58:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b43b00f5014df7f46d74c8e84eaf996dc313c0f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:41:50:00:48:29:c0:d4:d8:2a:3c:8d:c1:fb:
                    62:bb:b8:89:12:d3:fd:ec:8d:e3:74:e3:85:8b:81:
                    63:cc:2b:f2:92:0e:f3:72:6a:a7:cc:53:78:d3:0f:
                    6f:39:4a:2f:0c:2a:d6:6c:f9:5d:6b:d0:19:71:8c:
                    71:b8:57:8c:57:eb:08:5d:3f:29:af:20:66:78:7c:
                    4a:a1:ab:8a:9f:af:3c:b7:45:c9:68:df:a6:b8:70:
                    29:99:59:f4:14:14:75:99:fd:8d:ea:f1:62:11:c9:
                    72:8c:a9:d1:8d:76:21:64:9b:70:a1:18:ba:17:18:
                    2d:46:33:09:cd:f9:76:62:42:a0:f7:af:df:36:72:
                    a4:c4:ff:2b:d2:0a:cb:d0:24:c3:3f:bd:0a:29:5e:
                    5f:1e:79:24:8c:fc:4a:14:e7:cf:ef:7f:54:fc:95:
                    46:2e:f7:1d:28:0e:c3:2a:cc:e0:85:fc:ff:f2:05:
                    b1:23:ea:b2:ba:c3:4a:7b:78:97:c5:ac:e0:5b:c4:
                    1b:4c:a2:31:13:6a:91:89:13:66:63:60:a6:1e:28:
                    8c:d4:35:41:28:7a:c0:94:a9:1d:17:4b:6a:69:be:
                    c7:26:fc:ff:09:c5:10:1f:67:2a:74:a3:8c:01:c3:
                    a8:9e:12:86:86:f1:b1:9b:2f:c8:92:0a:21:df:86:
                    3f:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:3B:00:F5:01:4D:F7:F4:6D:74:C8:E8:4E:AF:99:6D:C3:13:C0:F0
            X509v3 Authority Key Identifier:
                keyid:31:68:38:05:B2:3D:8B:78:7D:69:21:05:3D:7E:BA:E9:70:40:8A:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MWg4BbI9i3h9aSEFPX666XBAihk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/tDsA9QFN9_RtdMjoTq-ZbcMTwPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/MWg4BbI9i3h9aSEFPX666XBAihk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:67:eb:d2:7a:99:53:5e:b8:b4:e4:80:1b:7c:4b:59:4b:68:
         69:4b:b6:0e:d4:85:61:13:ae:f1:c8:3b:2f:03:88:1e:50:46:
         dc:c5:03:ab:e6:81:64:db:33:03:74:bf:ed:dd:4a:24:a2:cf:
         72:e1:33:34:0c:28:b3:38:74:22:08:49:c2:d0:41:d7:9e:7c:
         8f:18:58:94:5d:4f:45:02:6f:43:1b:97:9a:30:3c:f4:99:19:
         2d:d3:b9:11:7c:c0:16:bb:bd:8f:33:e7:fe:eb:bc:46:a7:fc:
         a7:1b:df:98:70:04:64:8d:bd:b3:8c:44:e7:c0:d3:d1:7f:d3:
         9e:51:97:38:d4:c2:3d:ef:f2:00:c5:d6:c7:90:e4:ce:f5:d4:
         b5:c2:00:c1:4d:63:ca:67:45:ee:75:24:36:6f:98:73:3c:57:
         54:d6:9d:19:18:7d:d7:2f:a6:3a:8d:70:af:61:94:80:db:2e:
         b6:92:da:12:a9:e6:d5:47:1c:f7:86:eb:ed:cf:db:4e:b0:c7:
         f6:01:fb:c9:ba:71:e6:2a:eb:24:da:ba:ba:bc:01:33:81:af:
         f4:23:49:f1:0b:2c:69:bb:38:0b:52:97:35:f4:ec:99:24:72:
         0f:78:ac:31:a7:4f:73:b2:8c:44:5e:79:7c:e6:69:d0:82:aa:
         30:92:7f:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7LXL//vxqloTe8zHyZAcxOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxNjgzODA1YjIzZDhiNzg3ZDY5MjEwNTNkN2ViYWU5NzA0
MDhhMTkwHhcNMjYwNjE1MTI1ODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDNiMDBmNTAxNGRmN2Y0NmQ3NGM4ZTg0ZWFmOTk2ZGMzMTNjMGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkFQAEgpwNTYKjyNwftiu7iJEtP9
7I3jdOOFi4FjzCvykg7zcmqnzFN40w9vOUovDCrWbPlda9AZcYxxuFeMV+sIXT8p
ryBmeHxKoauKn688t0XJaN+muHApmVn0FBR1mf2N6vFiEclyjKnRjXYhZJtwoRi6
FxgtRjMJzfl2YkKg96/fNnKkxP8r0grL0CTDP70KKV5fHnkkjPxKFOfP739U/JVG
LvcdKA7DKszghfz/8gWxI+qyusNKe3iXxazgW8QbTKIxE2qRiRNmY2CmHiiM1DVB
KHrAlKkdF0tqab7HJvz/CcUQH2cqdKOMAcOonhKGhvGxmy/Ikgoh34Y/EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQ7APUBTff0bXTI6E6vmW3DE8DwMB8GA1UdIwQY
MBaAFDFoOAWyPYt4fWkhBT1+uulwQIoZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVdnNEJiSTlpM2g5YVNFRlBYNjY2WEJBaWhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9lYTM1MjgtNDViOS00N2E0LTk2MTIt
MmE0NTZmZDA5NmFiLzEvdERzQTlRRk45X1J0ZE1qb1RxLVpiY01Ud1BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9lYTM1MjgtNDViOS00N2E0LTk2MTItMmE0NTZmZDA5NmFi
LzEvTVdnNEJiSTlpM2g5YVNFRlBYNjY2WEJBaWhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpxNMA0G
CSqGSIb3DQEBCwUAA4IBAQCAZ+vSeplTXri05IAbfEtZS2hpS7YO1IVhE67xyDsv
A4geUEbcxQOr5oFk2zMDdL/t3Uokos9y4TM0DCizOHQiCEnC0EHXnnyPGFiUXU9F
Am9DG5eaMDz0mRkt07kRfMAWu72PM+f+67xGp/ynG9+YcARkjb2zjETnwNPRf9Oe
UZc41MI97/IAxdbHkOTO9dS1wgDBTWPKZ0XudSQ2b5hzPFdU1p0ZGH3XL6Y6jXCv
YZSA2y62ktoSqebVRxz3huvtz9tOsMf2AfvJunHmKusk2rq6vAEzga/0I0nxCyxp
uzgLUpc19OyZJHIPeKwxp09zsoxEXnl85mnQgqowkn+s
-----END CERTIFICATE-----