Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/ekV3uRphNew5aOcMQo-s8iHH-AY.roa
File:                     ekV3uRphNew5aOcMQo-s8iHH-AY.roa (raw, json)
Hash identifier:          FE+IQctGJcO3sSaP7HNmckkGvxU4kU9yBANBqpeU4lI=
Subject key identifier:   7A:45:77:B9:1A:61:35:EC:39:68:E7:0C:42:8F:AC:F2:21:C7:F8:06
Certificate issuer:       /CN=dc11daefaff81c7e501278d87d9bc2b204d71155
Certificate serial:       019EFE253F4BDDE77CCC77DCE85F909ACD20
Authority key identifier: DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/ekV3uRphNew5aOcMQo-s8iHH-AY.roa
Signing time:             Thu 25 Jun 2026 09:38:34 +0000
ROA not before:           Thu 25 Jun 2026 09:38:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219502
IP address blocks:        94.154.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 18:43:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:fe:25:3f:4b:dd:e7:7c:cc:77:dc:e8:5f:90:9a:cd:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc11daefaff81c7e501278d87d9bc2b204d71155
        Validity
            Not Before: Jun 25 09:38:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a4577b91a6135ec3968e70c428facf221c7f806
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:40:be:9c:0d:3b:19:ec:c5:bd:74:05:ff:92:
                    5d:b6:14:1d:de:7c:34:2c:87:87:f1:49:7b:2b:f6:
                    f6:33:b9:fb:71:67:3e:e4:d8:a4:96:23:0d:c9:2f:
                    c3:1b:2d:20:48:76:d4:2e:13:c0:49:30:5f:5e:ad:
                    fc:b9:57:e8:97:85:eb:9b:fb:78:9e:a5:43:af:1b:
                    ee:3b:70:69:5a:ac:bd:71:69:c8:25:2b:2b:3f:66:
                    17:0f:49:4a:8e:59:93:50:88:50:47:b1:03:9b:34:
                    e3:50:a3:43:03:67:14:a4:3b:91:40:df:eb:e6:15:
                    dd:e4:dc:e1:7d:0a:82:8a:5a:22:59:2f:72:df:60:
                    2a:3f:52:19:e5:a8:da:a8:b9:38:8e:40:b4:9e:47:
                    ba:81:02:dc:54:6f:1f:49:3e:00:0f:1e:7a:2c:2c:
                    f1:3f:a2:d7:dd:fd:5f:18:a5:e1:d1:11:42:3e:9a:
                    03:36:80:88:52:9c:28:02:c7:67:20:3d:3a:17:87:
                    10:2c:85:d5:ca:de:25:ba:d7:aa:f2:ab:f3:8f:cb:
                    40:62:a4:16:b8:4f:0e:37:08:1b:03:38:03:e9:14:
                    87:3e:0d:e2:fe:19:22:87:54:ea:f0:e1:5e:70:55:
                    70:d0:52:9e:58:1d:85:35:ff:f2:d9:99:53:a8:27:
                    e6:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:45:77:B9:1A:61:35:EC:39:68:E7:0C:42:8F:AC:F2:21:C7:F8:06
            X509v3 Authority Key Identifier:
                keyid:DC:11:DA:EF:AF:F8:1C:7E:50:12:78:D8:7D:9B:C2:B2:04:D7:11:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BHa76_4HH5QEnjYfZvCsgTXEVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/ekV3uRphNew5aOcMQo-s8iHH-AY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/b22603-90ab-43ad-ab16-65249cbc573c/1/3BHa76_4HH5QEnjYfZvCsgTXEVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:84:22:01:aa:1a:ad:51:30:3e:ad:e6:d4:41:d7:eb:e7:b3:
         19:92:25:b2:6a:86:4a:2c:7f:db:eb:fd:28:78:fa:30:54:e0:
         67:06:81:19:3c:70:69:44:97:49:c5:14:aa:30:61:ea:97:c3:
         ad:06:78:05:3f:bd:0e:0c:5d:d6:8c:0f:f7:cc:a4:f3:0e:ae:
         a4:bb:f0:a9:69:25:8e:be:3a:90:20:ef:91:af:78:8c:3e:92:
         8c:7e:8f:a4:82:51:df:30:01:44:46:79:77:92:66:ef:86:29:
         2c:7c:97:08:13:a7:24:89:82:c8:6f:e7:d7:b4:58:cd:67:a4:
         80:1f:e0:4f:84:ae:b2:23:7b:74:b9:3e:46:7c:c7:55:23:d0:
         a6:3d:3f:28:68:1f:50:a5:d2:b5:09:cf:d5:59:15:45:89:e6:
         02:b0:87:0a:79:70:eb:0d:cd:5d:64:ea:6f:ec:bb:8f:10:48:
         68:78:d0:aa:a6:33:31:fe:46:63:55:b3:38:0e:e2:6b:00:4c:
         f4:12:39:05:b0:bd:a8:89:4c:99:db:48:28:de:70:94:39:52:
         66:26:c3:f4:b3:aa:69:40:f7:93:37:7a:03:e4:09:cc:ee:04:
         63:b5:57:77:94:36:f5:14:0b:05:40:0f:d3:55:eb:f7:0d:90:
         19:41:ca:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7+JT9L3ed8zHfc6F+Qms0gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTFkYWVmYWZmODFjN2U1MDEyNzhkODdkOWJjMmIyMDRk
NzExNTUwHhcNMjYwNjI1MDkzODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTQ1NzdiOTFhNjEzNWVjMzk2OGU3MGM0MjhmYWNmMjIxYzdmODA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEC+nA07GezFvXQF/5JdthQd3nw0
LIeH8Ul7K/b2M7n7cWc+5NikliMNyS/DGy0gSHbULhPASTBfXq38uVfol4Xrm/t4
nqVDrxvuO3BpWqy9cWnIJSsrP2YXD0lKjlmTUIhQR7EDmzTjUKNDA2cUpDuRQN/r
5hXd5NzhfQqCiloiWS9y32AqP1IZ5ajaqLk4jkC0nke6gQLcVG8fST4ADx56LCzx
P6LX3f1fGKXh0RFCPpoDNoCIUpwoAsdnID06F4cQLIXVyt4luteq8qvzj8tAYqQW
uE8ONwgbAzgD6RSHPg3i/hkih1Tq8OFecFVw0FKeWB2FNf/y2ZlTqCfmYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHpFd7kaYTXsOWjnDEKPrPIhx/gGMB8GA1UdIwQY
MBaAFNwR2u+v+Bx+UBJ42H2bwrIE1xFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYt
NjUyNDljYmM1NzNjLzEvZWtWM3VScGhOZXc1YU9jTVFvLXM4aUhILUFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iMjI2MDMtOTBhYi00M2FkLWFiMTYtNjUyNDljYmM1NzNj
LzEvM0JIYTc2XzRISDVRRW5qWWZadkNzZ1RYRVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXporMA0G
CSqGSIb3DQEBCwUAA4IBAQCihCIBqhqtUTA+rebUQdfr57MZkiWyaoZKLH/b6/0o
ePowVOBnBoEZPHBpRJdJxRSqMGHql8OtBngFP70ODF3WjA/3zKTzDq6ku/CpaSWO
vjqQIO+Rr3iMPpKMfo+kglHfMAFERnl3kmbvhiksfJcIE6ckiYLIb+fXtFjNZ6SA
H+BPhK6yI3t0uT5GfMdVI9CmPT8oaB9QpdK1Cc/VWRVFieYCsIcKeXDrDc1dZOpv
7LuPEEhoeNCqpjMx/kZjVbM4DuJrAEz0EjkFsL2oiUyZ20go3nCUOVJmJsP0s6pp
QPeTN3oD5AnM7gRjtVd3lDb1FAsFQA/TVev3DZAZQcrH
-----END CERTIFICATE-----