Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/EHvhUtm3XjNEqU6ZDmXvCKGGejs.roa
File:                     EHvhUtm3XjNEqU6ZDmXvCKGGejs.roa (raw, json)
Hash identifier:          Sjm6qP30PiAHSYJSRSYmoChy9Wtgx8uMzWn3IwTy6Rg=
Subject key identifier:   10:7B:E1:52:D9:B7:5E:33:44:A9:4E:99:0E:65:EF:08:A1:86:7A:3B
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       019E76A94C3589F7645C8D0D203DD1109A7B
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/EHvhUtm3XjNEqU6ZDmXvCKGGejs.roa
Signing time:             Sat 30 May 2026 02:14:27 +0000
ROA not before:           Sat 30 May 2026 02:14:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        109.111.48.0/20 maxlen: 20
                          185.65.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:76:a9:4c:35:89:f7:64:5c:8d:0d:20:3d:d1:10:9a:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: May 30 02:14:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=107be152d9b75e3344a94e990e65ef08a1867a3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ea:6f:e9:3c:6b:33:97:ef:a4:c4:0b:ad:98:
                    82:37:a5:3d:ee:6b:8f:c9:b5:8f:de:6c:0b:0a:28:
                    25:d2:17:9a:a3:94:6c:65:33:31:46:0d:a7:4f:0f:
                    2b:2d:e7:42:b5:d3:c0:36:ab:65:23:6c:e5:55:92:
                    77:b7:e5:75:48:c3:89:f5:d4:60:04:46:8c:6a:91:
                    24:b1:ee:63:8d:01:71:b7:81:f5:57:ed:a4:20:a8:
                    bc:06:83:c4:55:c0:54:17:49:30:2b:10:6b:2f:77:
                    b5:0e:e4:08:38:4c:d5:86:b0:ba:ff:d4:93:38:a7:
                    19:00:be:62:d6:f2:fb:dd:87:1a:d1:72:41:07:03:
                    be:f9:90:2c:54:15:6c:e9:3a:6d:33:a4:14:2f:9d:
                    c4:d4:76:05:6b:dc:57:05:88:ac:e6:71:fb:b7:d4:
                    41:b2:83:a1:0c:ad:ab:4b:77:1a:ab:19:9f:21:27:
                    bf:a3:0b:2b:70:cd:62:e4:e2:c8:54:bb:f7:0b:40:
                    2f:ce:37:6e:91:71:c5:bf:9c:af:95:02:1d:bc:4a:
                    d7:39:48:2a:58:56:8b:5c:c5:d2:8c:e3:85:53:d9:
                    ac:4a:ae:9a:ca:19:96:90:0b:50:23:82:07:c3:d2:
                    70:29:97:d9:20:2d:d6:bb:06:ac:5f:92:a9:d5:17:
                    a9:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:7B:E1:52:D9:B7:5E:33:44:A9:4E:99:0E:65:EF:08:A1:86:7A:3B
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/EHvhUtm3XjNEqU6ZDmXvCKGGejs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.48.0/20
                  185.65.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:1f:9c:4a:be:9d:14:10:39:47:f4:fe:60:f3:fc:67:9a:92:
         14:9a:82:67:c8:76:95:4a:0a:7c:7a:da:5e:16:92:79:a7:73:
         c5:8b:d0:8e:63:a1:f1:f7:a1:0a:ab:ec:65:c1:02:8f:45:3d:
         85:3c:8c:3e:0e:6d:9e:c7:1f:fa:b2:88:5a:08:07:65:64:5b:
         72:ca:0e:bd:8c:01:dd:00:4d:16:1d:0a:66:f4:11:49:d0:f8:
         e6:45:38:f0:32:63:3e:2f:b4:05:d9:61:47:77:5b:1f:51:eb:
         3a:33:de:5e:c0:d5:1f:3f:a7:ef:ce:48:c2:61:28:16:8b:93:
         36:4a:5c:40:42:e5:e1:c4:aa:c7:0f:22:01:fb:93:12:84:f3:
         b1:6b:96:14:d4:ca:7d:53:88:69:ca:b2:0e:a6:53:48:66:c5:
         d9:1f:07:6f:b1:c2:a5:e9:58:86:29:88:33:b6:34:4e:4f:99:
         0c:f9:4a:78:e3:a3:32:e8:d8:29:71:63:0e:bf:ee:29:bb:18:
         c5:89:69:80:71:c5:c2:4b:0d:89:67:ae:99:c5:8c:ab:03:8f:
         1a:4e:38:4d:c8:8d:58:db:46:bd:31:68:ee:cc:1d:1d:53:c2:
         be:2e:48:cc:ca:cf:84:37:be:24:37:9a:9f:35:ce:27:f0:65:
         a7:27:8f:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ52qUw1ifdkXI0NID3REJp7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjYwNTMwMDIxNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDdiZTE1MmQ5Yjc1ZTMzNDRhOTRlOTkwZTY1ZWYwOGExODY3YTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOpv6TxrM5fvpMQLrZiCN6U97muP
ybWP3mwLCigl0heao5RsZTMxRg2nTw8rLedCtdPANqtlI2zlVZJ3t+V1SMOJ9dRg
BEaMapEkse5jjQFxt4H1V+2kIKi8BoPEVcBUF0kwKxBrL3e1DuQIOEzVhrC6/9ST
OKcZAL5i1vL73Yca0XJBBwO++ZAsVBVs6TptM6QUL53E1HYFa9xXBYis5nH7t9RB
soOhDK2rS3caqxmfISe/owsrcM1i5OLIVLv3C0AvzjdukXHFv5yvlQIdvErXOUgq
WFaLXMXSjOOFU9msSq6ayhmWkAtQI4IHw9JwKZfZIC3WuwasX5Kp1RepwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBB74VLZt14zRKlOmQ5l7wihhno7MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvRUh2aFV0bTNYak5FcVU2WkRtWHZDS0dHZWpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEbW8wAwQA
uUE/MA0GCSqGSIb3DQEBCwUAA4IBAQA9H5xKvp0UEDlH9P5g8/xnmpIUmoJnyHaV
Sgp8etpeFpJ5p3PFi9COY6Hx96EKq+xlwQKPRT2FPIw+Dm2exx/6sohaCAdlZFty
yg69jAHdAE0WHQpm9BFJ0PjmRTjwMmM+L7QF2WFHd1sfUes6M95ewNUfP6fvzkjC
YSgWi5M2SlxAQuXhxKrHDyIB+5MShPOxa5YU1Mp9U4hpyrIOplNIZsXZHwdvscKl
6ViGKYgztjROT5kM+Up446My6NgpcWMOv+4puxjFiWmAccXCSw2JZ66ZxYyrA48a
TjhNyI1Y20a9MWjuzB0dU8K+LkjMys+EN74kN5qfNc4n8GWnJ49F
-----END CERTIFICATE-----