Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/403ec3-c02e-4463-ad40-2a91c2cd2079/1/EGSTH9RaybCR244Fn2_Wbni43Zc.roa
File:                     EGSTH9RaybCR244Fn2_Wbni43Zc.roa (raw, json)
Hash identifier:          G9xVaELj0jbf2AOTvJPCHauXxZeF3Os8VpZ5MksIAPc=
Subject key identifier:   10:64:93:1F:D4:5A:C9:B0:91:DB:8E:05:9F:6F:D6:6E:78:B8:DD:97
Certificate issuer:       /CN=82bc633e284664a4ca51ad5976c7faf2c6246b4b
Certificate serial:       019E75702FAAA4356A79250841254020F1D5
Authority key identifier: 82:BC:63:3E:28:46:64:A4:CA:51:AD:59:76:C7:FA:F2:C6:24:6B:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/grxjPihGZKTKUa1Zdsf68sYka0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/403ec3-c02e-4463-ad40-2a91c2cd2079/1/EGSTH9RaybCR244Fn2_Wbni43Zc.roa
Signing time:             Fri 29 May 2026 20:32:26 +0000
ROA not before:           Fri 29 May 2026 20:32:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44208
IP address blocks:        194.33.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/403ec3-c02e-4463-ad40-2a91c2cd2079/1/grxjPihGZKTKUa1Zdsf68sYka0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/403ec3-c02e-4463-ad40-2a91c2cd2079/1/grxjPihGZKTKUa1Zdsf68sYka0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/grxjPihGZKTKUa1Zdsf68sYka0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 03:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:75:70:2f:aa:a4:35:6a:79:25:08:41:25:40:20:f1:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82bc633e284664a4ca51ad5976c7faf2c6246b4b
        Validity
            Not Before: May 29 20:32:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1064931fd45ac9b091db8e059f6fd66e78b8dd97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:3b:69:61:d2:d0:0c:84:c8:bb:0f:b8:53:dd:
                    a5:a9:4b:43:ca:09:1e:2f:b3:a3:fc:5c:24:d2:17:
                    d1:6e:5e:07:11:0d:70:44:da:1c:1a:fa:c6:7a:a5:
                    89:8b:58:c7:55:c0:cc:8f:85:b6:43:35:2a:a7:ac:
                    79:72:dc:ee:f4:25:57:0e:78:93:a4:0d:d0:10:f3:
                    73:42:5d:bb:06:a8:51:ff:d7:aa:cd:34:83:04:28:
                    e5:54:8d:4a:b0:6f:a2:4c:fe:3f:da:34:51:28:28:
                    4a:a3:5a:b7:f6:2f:15:fa:83:04:61:c9:dd:fb:1c:
                    f0:78:50:a1:07:04:7c:c9:f0:d4:96:99:21:6c:d7:
                    79:62:c5:46:26:5f:07:77:96:4b:dc:fb:0c:b8:65:
                    9a:a1:42:0c:7d:c0:d2:b3:61:15:bc:76:ee:b8:f0:
                    3c:6c:af:c5:ae:1a:4f:01:30:2f:31:51:7e:ef:1c:
                    2f:a6:29:28:91:89:45:e7:1d:cd:15:ed:f8:32:38:
                    76:f9:0c:72:03:0b:3d:1b:b7:0f:63:6a:1c:50:2c:
                    9f:13:77:ab:1b:2f:9d:83:09:45:be:e7:2e:09:48:
                    60:de:70:54:ec:2d:92:35:bb:da:20:b1:6e:c1:aa:
                    24:a8:df:fe:96:4d:75:61:fc:d5:66:6f:15:e6:63:
                    d8:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:64:93:1F:D4:5A:C9:B0:91:DB:8E:05:9F:6F:D6:6E:78:B8:DD:97
            X509v3 Authority Key Identifier:
                keyid:82:BC:63:3E:28:46:64:A4:CA:51:AD:59:76:C7:FA:F2:C6:24:6B:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/grxjPihGZKTKUa1Zdsf68sYka0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/403ec3-c02e-4463-ad40-2a91c2cd2079/1/EGSTH9RaybCR244Fn2_Wbni43Zc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/403ec3-c02e-4463-ad40-2a91c2cd2079/1/grxjPihGZKTKUa1Zdsf68sYka0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:da:14:ed:3f:89:09:5e:83:85:81:ad:fd:83:e9:9e:a0:ad:
         f3:6e:f5:68:8f:42:fd:3d:aa:08:af:54:9a:bb:5e:0a:f0:5f:
         53:d7:34:e9:22:83:58:90:92:85:37:f3:4f:a5:ab:d4:4e:43:
         7f:d1:91:f1:2c:9d:3f:af:79:3a:52:4e:60:15:19:ee:f8:96:
         2f:9b:77:47:94:b4:ba:f5:d7:f1:b6:1b:26:6a:0a:9a:7c:51:
         4b:3c:d5:6f:4b:39:40:93:f5:ab:2e:3c:b9:44:19:81:7e:46:
         03:30:b9:1f:02:f7:85:34:8c:2b:5a:10:d6:f3:57:80:96:98:
         18:85:59:be:d4:01:02:c0:2f:28:14:be:4f:f7:67:9d:b7:5a:
         fc:41:e2:3a:d3:b0:06:5d:65:e2:70:53:d7:8d:84:54:86:df:
         93:fd:86:e5:44:33:45:a3:b5:a9:39:52:5a:38:24:7b:cb:98:
         c9:49:69:48:dc:b1:fe:a7:f7:7e:96:f8:9e:b5:e7:ef:c5:a0:
         37:26:fc:ae:bd:32:95:73:2b:eb:4a:8f:c5:fa:4e:90:62:e0:
         c1:14:65:39:71:5a:ab:7d:a8:ba:42:70:6c:c9:37:0c:f1:e5:
         b1:51:50:52:ec:38:37:78:5f:7e:d4:17:93:d9:9e:7d:bf:19:
         71:de:46:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ51cC+qpDVqeSUIQSVAIPHVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyYmM2MzNlMjg0NjY0YTRjYTUxYWQ1OTc2YzdmYWYyYzYy
NDZiNGIwHhcNMjYwNTI5MjAzMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDY0OTMxZmQ0NWFjOWIwOTFkYjhlMDU5ZjZmZDY2ZTc4YjhkZDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0TtpYdLQDITIuw+4U92lqUtDygke
L7Oj/Fwk0hfRbl4HEQ1wRNocGvrGeqWJi1jHVcDMj4W2QzUqp6x5ctzu9CVXDniT
pA3QEPNzQl27BqhR/9eqzTSDBCjlVI1KsG+iTP4/2jRRKChKo1q39i8V+oMEYcnd
+xzweFChBwR8yfDUlpkhbNd5YsVGJl8Hd5ZL3PsMuGWaoUIMfcDSs2EVvHbuuPA8
bK/FrhpPATAvMVF+7xwvpikokYlF5x3NFe34Mjh2+QxyAws9G7cPY2ocUCyfE3er
Gy+dgwlFvucuCUhg3nBU7C2SNbvaILFuwaokqN/+lk11YfzVZm8V5mPY0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBBkkx/UWsmwkduOBZ9v1m54uN2XMB8GA1UdIwQY
MBaAFIK8Yz4oRmSkylGtWXbH+vLGJGtLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3J4alBpaEdaS1RLVWExWmRzZjY4c1lrYTBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi80MDNlYzMtYzAyZS00NDYzLWFkNDAt
MmE5MWMyY2QyMDc5LzEvRUdTVEg5UmF5YkNSMjQ0Rm4yX1dibmk0M1pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi80MDNlYzMtYzAyZS00NDYzLWFkNDAtMmE5MWMyY2QyMDc5
LzEvZ3J4alBpaEdaS1RLVWExWmRzZjY4c1lrYTBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiF8MA0G
CSqGSIb3DQEBCwUAA4IBAQAs2hTtP4kJXoOFga39g+meoK3zbvVoj0L9PaoIr1Sa
u14K8F9T1zTpIoNYkJKFN/NPpavUTkN/0ZHxLJ0/r3k6Uk5gFRnu+JYvm3dHlLS6
9dfxthsmagqafFFLPNVvSzlAk/WrLjy5RBmBfkYDMLkfAveFNIwrWhDW81eAlpgY
hVm+1AECwC8oFL5P92edt1r8QeI607AGXWXicFPXjYRUht+T/YblRDNFo7WpOVJa
OCR7y5jJSWlI3LH+p/d+lvietefvxaA3JvyuvTKVcyvrSo/F+k6QYuDBFGU5cVqr
fai6QnBsyTcM8eWxUVBS7Dg3eF9+1BeT2Z59vxlx3kZJ
-----END CERTIFICATE-----