Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/dd5032-94b9-43f5-9dbb-782cf71c82cc/1/EYjq5PTntQ_pzWKcs1u7ceeGxQY.roa
File:                     EYjq5PTntQ_pzWKcs1u7ceeGxQY.roa (raw, json)
Hash identifier:          V6IVhgWxUM0HbEed6VcScjqL3JGVYEaJss+a2Pf1dk0=
Subject key identifier:   11:88:EA:E4:F4:E7:B5:0F:E9:CD:62:9C:B3:5B:BB:71:E7:86:C5:06
Certificate issuer:       /CN=e6e2575267ff832d979e38ddaf3dd67420162cda
Certificate serial:       019B7F153A95545D33908F505AC2C2CF39FD
Authority key identifier: E6:E2:57:52:67:FF:83:2D:97:9E:38:DD:AF:3D:D6:74:20:16:2C:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5uJXUmf_gy2Xnjjdrz3WdCAWLNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/dd5032-94b9-43f5-9dbb-782cf71c82cc/1/EYjq5PTntQ_pzWKcs1u7ceeGxQY.roa
Signing time:             Fri 02 Jan 2026 14:20:56 +0000
ROA not before:           Fri 02 Jan 2026 14:20:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9176
IP address blocks:        193.41.126.0/24 maxlen: 24
                          193.41.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/dd5032-94b9-43f5-9dbb-782cf71c82cc/1/5uJXUmf_gy2Xnjjdrz3WdCAWLNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/dd5032-94b9-43f5-9dbb-782cf71c82cc/1/5uJXUmf_gy2Xnjjdrz3WdCAWLNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5uJXUmf_gy2Xnjjdrz3WdCAWLNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:3a:95:54:5d:33:90:8f:50:5a:c2:c2:cf:39:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6e2575267ff832d979e38ddaf3dd67420162cda
        Validity
            Not Before: Jan  2 14:20:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1188eae4f4e7b50fe9cd629cb35bbb71e786c506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:66:9e:0d:66:d6:b1:6d:ba:9a:24:67:90:22:
                    18:50:41:f0:b6:5e:c1:bb:0e:01:af:9e:31:b9:4f:
                    23:26:4d:93:32:f4:a6:de:b4:85:2c:c0:03:f0:d7:
                    18:8a:ed:af:e1:7d:34:1a:fe:7d:bb:51:ad:02:79:
                    f4:3a:8b:c0:48:06:be:8f:2e:57:22:31:47:19:a4:
                    a5:9d:fc:ce:0c:8f:16:4d:1f:27:57:f4:02:af:d1:
                    8f:da:d8:f5:cd:a9:2f:81:2d:1a:97:ff:b9:84:b6:
                    9a:b0:e5:1c:c1:c4:c5:76:a7:8e:ac:e4:8c:2c:98:
                    47:fa:a6:46:5a:9f:41:c2:44:e2:68:4e:91:65:19:
                    a7:98:91:e3:01:1d:2c:ac:8f:9d:70:bb:4a:0b:83:
                    be:13:16:23:83:39:9d:f5:10:d0:5d:dd:be:31:aa:
                    e1:d9:f9:38:b3:bb:d5:12:94:4c:70:09:d8:5b:b5:
                    20:49:ad:91:ab:a4:69:67:e5:5d:15:3a:d3:e4:fa:
                    db:c4:43:d5:bb:4f:8d:55:76:8b:d7:e5:62:60:1f:
                    cf:25:a0:e3:4f:ee:f4:89:e4:9e:5f:8e:72:63:55:
                    44:e7:f0:9d:b7:28:c0:04:01:6c:b9:4f:14:16:21:
                    2e:47:d0:a2:0a:0b:6c:71:f1:54:fd:a7:b4:73:a3:
                    3c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:88:EA:E4:F4:E7:B5:0F:E9:CD:62:9C:B3:5B:BB:71:E7:86:C5:06
            X509v3 Authority Key Identifier:
                keyid:E6:E2:57:52:67:FF:83:2D:97:9E:38:DD:AF:3D:D6:74:20:16:2C:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5uJXUmf_gy2Xnjjdrz3WdCAWLNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/dd5032-94b9-43f5-9dbb-782cf71c82cc/1/EYjq5PTntQ_pzWKcs1u7ceeGxQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/dd5032-94b9-43f5-9dbb-782cf71c82cc/1/5uJXUmf_gy2Xnjjdrz3WdCAWLNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:b2:ef:78:ab:28:53:79:6b:34:0c:de:2d:a9:b3:a5:b2:02:
         8e:66:9b:e4:2c:23:3d:e5:6f:90:5f:fe:e2:0a:6c:0f:c3:bf:
         42:25:26:d0:81:74:d0:00:74:10:4a:43:3b:66:81:f9:be:4d:
         db:c9:04:69:14:10:16:25:74:20:a5:2d:03:c3:c8:c7:bb:f0:
         26:a8:6a:4f:a3:44:37:cc:37:ba:b9:09:cb:93:45:2a:40:74:
         1f:c0:11:b6:ff:2f:57:7e:c6:d3:a9:15:92:a0:71:a3:d3:67:
         59:fc:47:21:60:ca:80:13:77:2a:a5:e9:ee:a7:0d:64:6d:27:
         43:ba:e1:09:65:eb:7a:af:fb:e5:fc:f0:49:72:45:7d:22:10:
         a3:8c:5e:65:82:a1:df:30:14:90:d2:76:e3:ac:98:f1:c9:9b:
         ee:da:6d:dd:e4:31:c0:e4:5d:07:37:5f:84:51:64:b2:2e:d1:
         47:62:ec:8f:aa:6d:8e:49:55:e3:11:38:5b:c8:9c:a5:c3:7c:
         fc:82:bd:56:96:66:fc:84:fc:40:19:e3:38:cc:12:65:87:69:
         be:a1:fc:ca:0c:1a:ed:ae:ab:1e:41:fe:69:99:63:d3:71:9b:
         e1:8f:73:57:67:31:8c:f9:31:0e:16:80:69:51:f6:4c:f0:b0:
         7a:5f:52:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FTqVVF0zkI9QWsLCzzn9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2ZTI1NzUyNjdmZjgzMmQ5NzllMzhkZGFmM2RkNjc0MjAx
NjJjZGEwHhcNMjYwMTAyMTQyMDU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTg4ZWFlNGY0ZTdiNTBmZTljZDYyOWNiMzViYmI3MWU3ODZjNTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2aeDWbWsW26miRnkCIYUEHwtl7B
uw4Br54xuU8jJk2TMvSm3rSFLMAD8NcYiu2v4X00Gv59u1GtAnn0OovASAa+jy5X
IjFHGaSlnfzODI8WTR8nV/QCr9GP2tj1zakvgS0al/+5hLaasOUcwcTFdqeOrOSM
LJhH+qZGWp9BwkTiaE6RZRmnmJHjAR0srI+dcLtKC4O+ExYjgzmd9RDQXd2+Marh
2fk4s7vVEpRMcAnYW7UgSa2Rq6RpZ+VdFTrT5PrbxEPVu0+NVXaL1+ViYB/PJaDj
T+70ieSeX45yY1VE5/CdtyjABAFsuU8UFiEuR9CiCgtscfFU/ae0c6M8OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGI6uT057UP6c1inLNbu3HnhsUGMB8GA1UdIwQY
MBaAFObiV1Jn/4Mtl5443a891nQgFizaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXVKWFVtZl9neTJYbmpqZHJ6M1dkQ0FXTE5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9kZDUwMzItOTRiOS00M2Y1LTlkYmIt
NzgyY2Y3MWM4MmNjLzEvRVlqcTVQVG50UV9weldLY3MxdTdjZWVHeFFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9kZDUwMzItOTRiOS00M2Y1LTlkYmItNzgyY2Y3MWM4MmNj
LzEvNXVKWFVtZl9neTJYbmpqZHJ6M1dkQ0FXTE5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSl+MA0G
CSqGSIb3DQEBCwUAA4IBAQArsu94qyhTeWs0DN4tqbOlsgKOZpvkLCM95W+QX/7i
CmwPw79CJSbQgXTQAHQQSkM7ZoH5vk3byQRpFBAWJXQgpS0Dw8jHu/AmqGpPo0Q3
zDe6uQnLk0UqQHQfwBG2/y9XfsbTqRWSoHGj02dZ/EchYMqAE3cqpenupw1kbSdD
uuEJZet6r/vl/PBJckV9IhCjjF5lgqHfMBSQ0nbjrJjxyZvu2m3d5DHA5F0HN1+E
UWSyLtFHYuyPqm2OSVXjEThbyJylw3z8gr1Wlmb8hPxAGeM4zBJlh2m+ofzKDBrt
rqseQf5pmWPTcZvhj3NXZzGM+TEOFoBpUfZM8LB6X1IH
-----END CERTIFICATE-----