Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/EE72quHcHERHxup3602neJ0vbzY.roa
File:                     EE72quHcHERHxup3602neJ0vbzY.roa (raw, json)
Hash identifier:          /+KxM///juRfmx8ISsfzEXO36tkIunwlGtz2L/P6Ync=
Subject key identifier:   10:4E:F6:AA:E1:DC:1C:44:47:C6:EA:77:EB:4D:A7:78:9D:2F:6F:36
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019D9A02FEC03EF88E3CD21D93FB4EA01708
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/EE72quHcHERHxup3602neJ0vbzY.roa
Signing time:             Fri 17 Apr 2026 05:56:20 +0000
ROA not before:           Fri 17 Apr 2026 05:56:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33685
IP address blocks:        80.244.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:02:fe:c0:3e:f8:8e:3c:d2:1d:93:fb:4e:a0:17:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 17 05:56:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=104ef6aae1dc1c4447c6ea77eb4da7789d2f6f36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d1:62:8c:de:80:1a:51:36:90:23:8e:d1:e9:
                    3d:42:f1:26:8f:6f:bf:22:44:1e:17:15:63:d0:55:
                    23:05:1a:71:f9:11:97:96:da:3c:75:e5:d3:62:77:
                    2b:34:c8:41:14:2f:94:71:10:6f:a9:72:9f:1b:a6:
                    a1:58:a6:34:d0:ed:59:0d:aa:18:6d:eb:58:b5:ed:
                    01:d1:13:48:cb:e1:ab:19:7b:9e:e6:0f:21:91:6e:
                    29:77:cc:2a:93:5d:a7:92:56:cf:b4:ac:9d:c1:88:
                    12:80:fb:ed:49:37:82:43:d3:5b:c8:f2:7c:6e:4c:
                    b7:5f:62:28:15:f8:ef:42:fc:bb:ba:f7:19:df:e2:
                    25:cc:f2:a4:ed:35:d5:6d:64:7f:9d:e8:79:e5:d9:
                    ab:6c:34:a4:47:22:24:7e:c3:aa:05:75:3f:ef:85:
                    ca:2b:de:2d:b2:5f:15:02:43:31:9c:4c:c9:31:31:
                    e9:7a:bb:50:00:7a:1d:5f:3d:fc:96:17:82:1e:9b:
                    8b:58:72:bf:84:dd:b1:f0:47:7b:9b:a5:72:42:f1:
                    23:f1:74:1f:f5:88:03:9a:a0:81:b7:fd:ae:1c:89:
                    dc:b4:6e:28:5a:ef:51:92:bd:6b:e7:25:34:44:62:
                    37:31:6e:db:fa:cf:0c:68:de:d7:55:51:7e:f0:5c:
                    31:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:4E:F6:AA:E1:DC:1C:44:47:C6:EA:77:EB:4D:A7:78:9D:2F:6F:36
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/EE72quHcHERHxup3602neJ0vbzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.244.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:5e:69:ea:92:f1:c3:d5:e0:21:40:15:4c:86:ba:5a:96:62:
         3b:dd:c7:30:c0:95:ef:4d:ff:50:fb:2f:28:e5:ee:60:91:c5:
         8d:78:1d:8c:c2:ae:b5:9f:0c:0e:0f:dd:4a:6b:21:f5:54:7a:
         41:dd:77:4c:16:37:f9:e8:8d:a6:6a:97:61:86:b0:83:f3:f5:
         00:08:7b:cc:bd:68:d1:d8:85:85:07:eb:c4:a5:46:a4:50:5d:
         84:e3:7b:1b:64:8a:55:52:bf:ed:1d:0d:45:3d:d6:f3:6d:b9:
         df:11:a6:44:3c:49:4a:53:cf:16:68:d6:9c:c2:02:14:69:07:
         19:d0:b7:09:25:dc:84:67:34:f9:ab:e3:7d:e4:16:66:be:68:
         d1:4d:70:8e:c3:31:67:e9:a4:4f:53:76:08:b5:5b:7b:99:92:
         d8:7d:dd:7f:d0:f4:5e:53:93:e6:43:f6:29:47:32:58:d2:bc:
         5d:2b:c3:c6:3d:16:b0:0b:d5:d1:ea:a0:7a:8f:9d:11:da:12:
         45:75:b7:b3:0d:cb:cb:70:b4:fc:cf:2a:16:04:19:c6:99:69:
         51:95:60:68:8e:63:77:ee:06:68:b4:e4:70:bb:55:bf:a3:86:
         41:7f:9e:aa:f5:a1:2b:8c:14:c1:39:c1:93:16:98:95:81:ed:
         2c:4d:81:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2aAv7APviOPNIdk/tOoBcIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNDE3MDU1NjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDRlZjZhYWUxZGMxYzQ0NDdjNmVhNzdlYjRkYTc3ODlkMmY2ZjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutFijN6AGlE2kCOO0ek9QvEmj2+/
IkQeFxVj0FUjBRpx+RGXlto8deXTYncrNMhBFC+UcRBvqXKfG6ahWKY00O1ZDaoY
betYte0B0RNIy+GrGXue5g8hkW4pd8wqk12nklbPtKydwYgSgPvtSTeCQ9NbyPJ8
bky3X2IoFfjvQvy7uvcZ3+IlzPKk7TXVbWR/neh55dmrbDSkRyIkfsOqBXU/74XK
K94tsl8VAkMxnEzJMTHpertQAHodXz38lheCHpuLWHK/hN2x8Ed7m6VyQvEj8XQf
9YgDmqCBt/2uHInctG4oWu9Rkr1r5yU0RGI3MW7b+s8MaN7XVVF+8FwxaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBBO9qrh3BxER8bqd+tNp3idL282MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvRUU3MnF1SGNIRVJIeHVwMzYwMm5lSjB2YnpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPQPMA0G
CSqGSIb3DQEBCwUAA4IBAQAlXmnqkvHD1eAhQBVMhrpalmI73ccwwJXvTf9Q+y8o
5e5gkcWNeB2Mwq61nwwOD91KayH1VHpB3XdMFjf56I2mapdhhrCD8/UACHvMvWjR
2IWFB+vEpUakUF2E43sbZIpVUr/tHQ1FPdbzbbnfEaZEPElKU88WaNacwgIUaQcZ
0LcJJdyEZzT5q+N95BZmvmjRTXCOwzFn6aRPU3YItVt7mZLYfd1/0PReU5PmQ/Yp
RzJY0rxdK8PGPRawC9XR6qB6j50R2hJFdbezDcvLcLT8zyoWBBnGmWlRlWBojmN3
7gZotORwu1W/o4ZBf56q9aErjBTBOcGTFpiVge0sTYEJ
-----END CERTIFICATE-----