Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/eXk5I423SDSLIT1NiOjb9iJl4pI.roa
File:                     eXk5I423SDSLIT1NiOjb9iJl4pI.roa (raw, json)
Hash identifier:          +E/aHj1bzvGMSX4O+R8s3uhrrYAUtC3EJRq1DaQ6Tvc=
Subject key identifier:   79:79:39:23:8D:B7:48:34:8B:21:3D:4D:88:E8:DB:F6:22:65:E2:92
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019EA8AF792B9523FE5AD7411BBBB4395001
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/eXk5I423SDSLIT1NiOjb9iJl4pI.roa
Signing time:             Mon 08 Jun 2026 19:22:12 +0000
ROA not before:           Mon 08 Jun 2026 19:22:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197570
IP address blocks:        212.189.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a8:af:79:2b:95:23:fe:5a:d7:41:1b:bb:b4:39:50:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jun  8 19:22:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=797939238db748348b213d4d88e8dbf62265e292
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:1a:89:aa:71:72:a7:3a:ea:71:cd:af:0c:b0:
                    b5:7e:7a:cf:a2:8b:cf:d6:3e:33:7c:37:82:36:d3:
                    46:ca:f0:97:84:a0:cb:7e:f2:b0:d5:92:62:da:17:
                    af:eb:00:c2:4a:aa:02:f0:e3:8b:a5:c6:d0:9b:a9:
                    92:24:f7:72:ed:5d:1b:05:02:3f:0e:c2:08:3c:cf:
                    ea:35:c7:45:0f:f5:bb:f3:bd:f3:3c:80:20:68:0b:
                    e2:8c:01:a8:55:4c:6e:93:c3:1c:d8:c7:80:0a:d6:
                    8e:8f:fe:03:f9:58:da:4b:2b:57:0c:d2:b4:25:24:
                    ca:cc:39:35:2c:25:c9:9a:ad:f7:ff:a3:17:c3:88:
                    cb:9a:03:c1:f1:f3:c8:d8:ae:78:6d:f6:e0:e2:36:
                    a4:bc:06:8a:d4:4d:5a:b4:b2:6b:e1:4a:a2:28:9c:
                    5f:d8:93:88:8f:75:00:41:e5:3a:fa:f2:39:82:bd:
                    a6:60:aa:d2:90:51:55:ee:29:b5:14:a8:a9:32:fe:
                    db:c1:c0:9b:58:b8:55:47:13:1f:cc:ee:d5:09:fc:
                    72:c2:77:66:a0:45:76:f3:5b:1f:47:bc:51:bd:8a:
                    49:b8:af:aa:76:cf:ce:05:ec:a7:16:1d:8a:08:22:
                    0c:ec:82:b7:e3:3b:42:d5:73:82:45:f4:d5:c5:bd:
                    ab:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:79:39:23:8D:B7:48:34:8B:21:3D:4D:88:E8:DB:F6:22:65:E2:92
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/eXk5I423SDSLIT1NiOjb9iJl4pI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.189.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:f8:dd:7a:43:1b:5c:84:a7:6d:f7:53:2f:b7:23:ab:7a:f8:
         38:04:84:ca:d5:39:e1:a8:65:02:65:3d:24:8c:af:13:ea:3f:
         ba:e1:78:05:66:d8:e0:72:ee:dc:ee:d8:b7:14:90:e8:24:0f:
         3d:97:75:6b:14:d6:2d:3e:4a:95:bf:e1:48:e5:eb:d2:16:a6:
         e7:9f:2c:d0:33:5e:c2:6b:52:46:6f:90:88:eb:0d:78:36:0a:
         42:cb:14:24:81:ce:0d:5c:70:41:4d:e7:16:52:7e:34:0d:a4:
         13:28:55:50:5f:8b:a9:9c:df:fb:a4:7a:95:30:3d:10:de:05:
         f4:3c:16:ed:a9:be:b1:c7:fc:22:e1:44:d5:56:e1:a5:02:9a:
         17:a5:ed:58:3c:a5:b0:08:de:bf:91:6a:c2:95:c7:f4:fd:8e:
         46:51:64:69:af:29:dc:b6:d6:2c:5d:fa:0c:4c:9c:2a:3b:e2:
         4f:dc:13:6c:46:89:11:5f:f8:3b:82:b4:0a:fe:43:a0:d6:8a:
         2b:11:8d:62:87:d8:75:b2:67:04:9d:c9:5e:a4:b6:19:62:b1:
         08:9d:66:61:07:bd:76:60:b0:13:6b:8a:d9:86:50:bc:e3:33:
         3b:3c:6f:75:03:27:85:87:95:5d:4a:ab:86:cf:c6:84:22:01:
         17:3f:4f:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6or3krlSP+WtdBG7u0OVABMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNjA4MTkyMjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTc5MzkyMzhkYjc0ODM0OGIyMTNkNGQ4OGU4ZGJmNjIyNjVlMjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxqJqnFypzrqcc2vDLC1fnrPoovP
1j4zfDeCNtNGyvCXhKDLfvKw1ZJi2hev6wDCSqoC8OOLpcbQm6mSJPdy7V0bBQI/
DsIIPM/qNcdFD/W7873zPIAgaAvijAGoVUxuk8Mc2MeACtaOj/4D+VjaSytXDNK0
JSTKzDk1LCXJmq33/6MXw4jLmgPB8fPI2K54bfbg4jakvAaK1E1atLJr4UqiKJxf
2JOIj3UAQeU6+vI5gr2mYKrSkFFV7im1FKipMv7bwcCbWLhVRxMfzO7VCfxywndm
oEV281sfR7xRvYpJuK+qds/OBeynFh2KCCIM7IK34ztC1XOCRfTVxb2roQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHl5OSONt0g0iyE9TYjo2/YiZeKSMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvZVhrNUk0MjNTRFNMSVQxTmlPamI5aUpsNHBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1L1pMA0G
CSqGSIb3DQEBCwUAA4IBAQBG+N16QxtchKdt91MvtyOrevg4BITK1TnhqGUCZT0k
jK8T6j+64XgFZtjgcu7c7ti3FJDoJA89l3VrFNYtPkqVv+FI5evSFqbnnyzQM17C
a1JGb5CI6w14NgpCyxQkgc4NXHBBTecWUn40DaQTKFVQX4upnN/7pHqVMD0Q3gX0
PBbtqb6xx/wi4UTVVuGlApoXpe1YPKWwCN6/kWrClcf0/Y5GUWRpryncttYsXfoM
TJwqO+JP3BNsRokRX/g7grQK/kOg1oorEY1ih9h1smcEnclepLYZYrEInWZhB712
YLATa4rZhlC84zM7PG91AyeFh5VdSquGz8aEIgEXP090
-----END CERTIFICATE-----