Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/349aa4-3149-454b-958c-6280f2fef0e5/1/EcOiKWkfENOhpUFqCuAv__VHhnw.roa
File:                     EcOiKWkfENOhpUFqCuAv__VHhnw.roa (raw, json)
Hash identifier:          Dg3pxaRe1cEkDH8sGf4s69+1RouBE83t1FQSJNv9iHw=
Subject key identifier:   11:C3:A2:29:69:1F:10:D3:A1:A5:41:6A:0A:E0:2F:FF:F5:47:86:7C
Certificate issuer:       /CN=08c0f824fc69c47bf5fed7946316cdffe3fa045b
Certificate serial:       019E925BE21520D4DF1094DB41F34E58C84E
Authority key identifier: 08:C0:F8:24:FC:69:C4:7B:F5:FE:D7:94:63:16:CD:FF:E3:FA:04:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CMD4JPxpxHv1_teUYxbN_-P6BFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/349aa4-3149-454b-958c-6280f2fef0e5/1/EcOiKWkfENOhpUFqCuAv__VHhnw.roa
Signing time:             Thu 04 Jun 2026 11:19:15 +0000
ROA not before:           Thu 04 Jun 2026 11:19:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3301
IP address blocks:        164.37.46.0/23 maxlen: 23
                          2001:678:1280::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/349aa4-3149-454b-958c-6280f2fef0e5/1/CMD4JPxpxHv1_teUYxbN_-P6BFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/349aa4-3149-454b-958c-6280f2fef0e5/1/CMD4JPxpxHv1_teUYxbN_-P6BFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CMD4JPxpxHv1_teUYxbN_-P6BFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:5b:e2:15:20:d4:df:10:94:db:41:f3:4e:58:c8:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08c0f824fc69c47bf5fed7946316cdffe3fa045b
        Validity
            Not Before: Jun  4 11:19:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=11c3a229691f10d3a1a5416a0ae02ffff547867c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:12:94:50:f8:16:fb:16:d9:8d:38:94:40:2e:
                    4d:34:80:2e:da:0b:42:52:c7:c5:a3:41:88:ca:d5:
                    5b:73:ab:24:e0:6d:5b:ce:94:bd:12:5c:84:f3:b6:
                    e3:7c:5c:41:d1:76:05:e2:8d:5c:05:63:45:7c:c9:
                    54:a0:ec:ad:94:7d:02:84:ce:81:21:69:0a:71:8a:
                    16:28:1e:d4:cf:7b:9e:e1:75:79:ca:e6:2b:6e:d9:
                    05:ef:3f:e3:a6:c6:34:ca:fb:96:f5:cc:35:7c:ca:
                    9d:65:70:57:13:9b:01:cc:32:82:ca:48:31:a2:af:
                    79:b6:35:c6:af:bc:46:fb:78:26:ed:1f:b8:29:b0:
                    c8:79:03:91:aa:20:5b:ff:1a:00:25:21:9f:db:c2:
                    fb:40:df:c0:02:0f:8a:46:6e:4d:4c:f0:d6:6e:3e:
                    4a:c7:e9:35:33:66:77:5c:36:0c:91:0f:7b:87:d4:
                    ab:16:c8:bc:f9:f4:a2:e9:24:fa:5a:22:ae:4a:90:
                    0f:55:96:f9:c6:37:00:ca:23:02:cc:68:f3:c1:11:
                    db:66:54:59:34:b7:e0:0f:76:a2:91:72:cb:e8:1a:
                    4c:fd:f3:c9:cf:1a:b3:eb:c6:d5:26:a7:9c:b9:59:
                    2f:22:fd:8b:57:9b:54:26:74:07:5f:b7:15:e0:ba:
                    6f:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:C3:A2:29:69:1F:10:D3:A1:A5:41:6A:0A:E0:2F:FF:F5:47:86:7C
            X509v3 Authority Key Identifier:
                keyid:08:C0:F8:24:FC:69:C4:7B:F5:FE:D7:94:63:16:CD:FF:E3:FA:04:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CMD4JPxpxHv1_teUYxbN_-P6BFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/349aa4-3149-454b-958c-6280f2fef0e5/1/EcOiKWkfENOhpUFqCuAv__VHhnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/349aa4-3149-454b-958c-6280f2fef0e5/1/CMD4JPxpxHv1_teUYxbN_-P6BFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.37.46.0/23
                IPv6:
                  2001:678:1280::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:61:03:5c:bf:0a:68:de:dd:fe:55:9d:c3:cc:6f:36:ab:e5:
         f3:c8:31:a0:0f:d5:ee:0f:cb:9a:a1:e7:f7:05:8e:6b:eb:5c:
         37:f2:b7:d5:c8:71:08:fa:c9:7a:c6:a8:f2:74:32:2c:87:ae:
         d6:23:1c:87:c0:12:a4:2b:91:db:f5:c3:8c:86:8a:ad:e1:25:
         7e:4a:03:3d:62:86:13:90:41:77:23:ff:da:5c:74:48:bf:64:
         2b:24:08:e1:da:4c:a3:51:a6:16:50:d4:d6:95:2c:5a:4b:75:
         2d:f9:50:be:89:35:25:3e:3a:c1:4d:b9:a5:fc:f1:7d:75:d8:
         ea:84:e3:07:5f:06:19:8b:8c:16:92:6c:34:c7:eb:df:85:52:
         4a:1a:b1:49:fc:a6:e4:95:bd:b1:35:31:8b:a5:24:b3:6b:40:
         ec:3c:b9:f0:c5:20:c0:73:58:a1:51:cb:33:1f:94:b5:0d:de:
         e8:be:b9:34:e1:d0:57:81:90:cb:ea:0d:b8:a4:f0:33:fe:e2:
         c4:a1:7d:48:9c:95:a6:b4:c5:0d:36:cd:8f:50:b5:5b:21:97:
         ac:fc:b1:90:43:cb:12:d0:ed:a1:ea:89:5c:c3:40:91:a0:3a:
         1c:0d:1b:f8:c2:19:9a:86:f4:1a:55:6e:c9:97:7f:b8:b8:92:
         f1:1c:a7:06
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ6SW+IVINTfEJTbQfNOWMhOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YzBmODI0ZmM2OWM0N2JmNWZlZDc5NDYzMTZjZGZmZTNm
YTA0NWIwHhcNMjYwNjA0MTExOTE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWMzYTIyOTY5MWYxMGQzYTFhNTQxNmEwYWUwMmZmZmY1NDc4NjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRKUUPgW+xbZjTiUQC5NNIAu2gtC
UsfFo0GIytVbc6sk4G1bzpS9ElyE87bjfFxB0XYF4o1cBWNFfMlUoOytlH0ChM6B
IWkKcYoWKB7Uz3ue4XV5yuYrbtkF7z/jpsY0yvuW9cw1fMqdZXBXE5sBzDKCykgx
oq95tjXGr7xG+3gm7R+4KbDIeQORqiBb/xoAJSGf28L7QN/AAg+KRm5NTPDWbj5K
x+k1M2Z3XDYMkQ97h9SrFsi8+fSi6ST6WiKuSpAPVZb5xjcAyiMCzGjzwRHbZlRZ
NLfgD3aikXLL6BpM/fPJzxqz68bVJqecuVkvIv2LV5tUJnQHX7cV4LpvewIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBHDoilpHxDToaVBagrgL//1R4Z8MB8GA1UdIwQY
MBaAFAjA+CT8acR79f7XlGMWzf/j+gRbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ01ENEpQeHB4SHYxX3RlVVl4Yk5fLVA2QkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8zNDlhYTQtMzE0OS00NTRiLTk1OGMt
NjI4MGYyZmVmMGU1LzEvRWNPaUtXa2ZFTk9ocFVGcUN1QXZfX1ZIaG53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8zNDlhYTQtMzE0OS00NTRiLTk1OGMtNjI4MGYyZmVmMGU1
LzEvQ01ENEpQeHB4SHYxX3RlVVl4Yk5fLVA2QkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBpCUuMA8E
AgACMAkDBwAgAQZ4EoAwDQYJKoZIhvcNAQELBQADggEBAH9hA1y/Cmje3f5VncPM
bzar5fPIMaAP1e4Py5qh5/cFjmvrXDfyt9XIcQj6yXrGqPJ0MiyHrtYjHIfAEqQr
kdv1w4yGiq3hJX5KAz1ihhOQQXcj/9pcdEi/ZCskCOHaTKNRphZQ1NaVLFpLdS35
UL6JNSU+OsFNuaX88X112OqE4wdfBhmLjBaSbDTH69+FUkoasUn8puSVvbE1MYul
JLNrQOw8ufDFIMBzWKFRyzMflLUN3ui+uTTh0FeBkMvqDbik8DP+4sShfUiclaa0
xQ02zY9QtVshl6z8sZBDyxLQ7aHqiVzDQJGgOhwNG/jCGZqG9BpVbsmXf7i4kvEc
pwY=
-----END CERTIFICATE-----