Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/eadafe-6c9d-4ae0-8733-819a253225cc/1/eqG_Lu9K1qeyCezwmD8iSckpXF8.roa
File:                     eqG_Lu9K1qeyCezwmD8iSckpXF8.roa (raw, json)
Hash identifier:          NNiUw+36eLooMz2fegl+jBJENlw1OVfq6vuvVM1umzI=
Subject key identifier:   7A:A1:BF:2E:EF:4A:D6:A7:B2:09:EC:F0:98:3F:22:49:C9:29:5C:5F
Certificate issuer:       /CN=1bf14e8d0b3defb0304270130d1147ae0dd92d8b
Certificate serial:       019DAA2E17ED27CEC58E26DDB34E9BF90672
Authority key identifier: 1B:F1:4E:8D:0B:3D:EF:B0:30:42:70:13:0D:11:47:AE:0D:D9:2D:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G_FOjQs977AwQnATDRFHrg3ZLYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/eadafe-6c9d-4ae0-8733-819a253225cc/1/eqG_Lu9K1qeyCezwmD8iSckpXF8.roa
Signing time:             Mon 20 Apr 2026 09:17:20 +0000
ROA not before:           Mon 20 Apr 2026 09:17:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20546
IP address blocks:        141.91.0.0/16 maxlen: 24
                          185.223.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/eadafe-6c9d-4ae0-8733-819a253225cc/1/G_FOjQs977AwQnATDRFHrg3ZLYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/eadafe-6c9d-4ae0-8733-819a253225cc/1/G_FOjQs977AwQnATDRFHrg3ZLYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G_FOjQs977AwQnATDRFHrg3ZLYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 Apr 2026 13:39:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:aa:2e:17:ed:27:ce:c5:8e:26:dd:b3:4e:9b:f9:06:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bf14e8d0b3defb0304270130d1147ae0dd92d8b
        Validity
            Not Before: Apr 20 09:17:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7aa1bf2eef4ad6a7b209ecf0983f2249c9295c5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:73:44:95:24:10:1f:57:50:e6:98:41:96:14:
                    fb:f6:80:72:09:e3:27:93:b6:7a:ad:92:e6:d7:95:
                    b2:a2:70:3c:02:05:d0:ca:29:f4:25:56:d8:06:77:
                    78:c2:6a:64:64:58:74:17:8e:aa:c6:54:71:fe:a1:
                    a3:4e:71:72:b1:ee:8d:bb:35:b9:9e:72:2d:8c:b6:
                    70:70:67:f3:d0:46:15:fe:bb:29:b3:ce:b6:26:e0:
                    16:85:6e:21:91:88:6b:15:67:de:48:82:16:94:9a:
                    94:c2:d5:3e:08:78:04:df:e3:cb:c8:e4:88:da:fb:
                    51:d9:00:5f:fb:6b:89:97:92:54:5c:d8:cf:f0:c5:
                    19:e4:ae:bd:38:e5:b3:94:92:c7:4f:f0:a5:93:32:
                    f5:7c:ce:ec:ce:b8:5e:ec:85:73:56:6e:6d:55:f8:
                    ab:eb:59:7a:27:95:ec:12:52:5d:8e:ef:eb:82:d3:
                    33:a7:92:b2:a9:5c:8a:f1:65:2d:19:ac:3a:76:b1:
                    68:e9:d5:62:21:d5:92:a7:da:f2:be:80:1d:78:28:
                    d7:ec:d4:65:ed:d3:bf:70:19:38:82:42:24:33:04:
                    6a:4e:d2:5c:3e:a2:be:fb:ea:2a:70:3f:12:34:0e:
                    3b:fa:6e:c7:c8:47:2c:e7:80:c5:92:77:be:93:14:
                    57:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:A1:BF:2E:EF:4A:D6:A7:B2:09:EC:F0:98:3F:22:49:C9:29:5C:5F
            X509v3 Authority Key Identifier:
                keyid:1B:F1:4E:8D:0B:3D:EF:B0:30:42:70:13:0D:11:47:AE:0D:D9:2D:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G_FOjQs977AwQnATDRFHrg3ZLYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/eadafe-6c9d-4ae0-8733-819a253225cc/1/eqG_Lu9K1qeyCezwmD8iSckpXF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/eadafe-6c9d-4ae0-8733-819a253225cc/1/G_FOjQs977AwQnATDRFHrg3ZLYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.91.0.0/16
                  185.223.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:12:6d:61:1b:c9:c4:00:ad:50:5b:16:0e:24:81:19:bc:c1:
         79:07:c0:98:63:d1:17:74:fe:30:54:5e:a0:59:b3:02:db:dc:
         a3:88:31:b0:6c:bd:10:f3:53:35:18:56:0e:18:e3:85:ac:65:
         1e:99:56:e4:e6:dc:f5:05:a4:da:fb:0f:b4:aa:4a:74:3b:bd:
         c2:d1:c6:05:1e:53:c8:cb:a7:97:9a:a0:bb:46:a2:37:19:43:
         e8:36:ef:c9:7e:71:52:47:b5:d6:f7:27:cc:a3:0b:f8:95:82:
         07:e9:ca:dd:80:ac:32:d7:27:f2:78:59:b2:55:ac:40:f1:1c:
         bc:93:e7:28:8f:89:be:b9:9a:a9:71:9f:82:08:7c:fb:de:44:
         da:fe:6a:df:00:68:8f:55:7c:af:37:fe:a3:6c:86:3d:37:68:
         4c:14:8b:18:ea:43:6f:ed:b8:42:ed:a4:52:fa:71:ae:aa:d2:
         ca:62:66:b3:72:fe:c7:4b:36:a2:8f:29:b3:78:08:1e:72:3e:
         5d:61:ab:d2:af:c6:1b:e4:92:ee:6a:25:24:85:b9:8c:b1:1b:
         01:83:59:d0:b9:41:92:f7:b4:e4:55:a8:1a:71:aa:a8:92:ab:
         dd:d1:d8:58:39:14:5b:cf:45:ac:e1:fd:e8:0f:69:99:90:cb:
         6c:2f:51:61
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZ2qLhftJ87Fjibds06b+QZyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZjE0ZThkMGIzZGVmYjAzMDQyNzAxMzBkMTE0N2FlMGRk
OTJkOGIwHhcNMjYwNDIwMDkxNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWExYmYyZWVmNGFkNmE3YjIwOWVjZjA5ODNmMjI0OWM5Mjk1YzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnNElSQQH1dQ5phBlhT79oByCeMn
k7Z6rZLm15WyonA8AgXQyin0JVbYBnd4wmpkZFh0F46qxlRx/qGjTnFyse6NuzW5
nnItjLZwcGfz0EYV/rsps862JuAWhW4hkYhrFWfeSIIWlJqUwtU+CHgE3+PLyOSI
2vtR2QBf+2uJl5JUXNjP8MUZ5K69OOWzlJLHT/ClkzL1fM7szrhe7IVzVm5tVfir
61l6J5XsElJdju/rgtMzp5KyqVyK8WUtGaw6drFo6dViIdWSp9ryvoAdeCjX7NRl
7dO/cBk4gkIkMwRqTtJcPqK+++oqcD8SNA47+m7HyEcs54DFkne+kxRXjwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFHqhvy7vStansgns8Jg/IknJKVxfMB8GA1UdIwQY
MBaAFBvxTo0LPe+wMEJwEw0RR64N2S2LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR19GT2pRczk3N0F3UW5BVERSRkhyZzNaTFlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9lYWRhZmUtNmM5ZC00YWUwLTg3MzMt
ODE5YTI1MzIyNWNjLzEvZXFHX0x1OUsxcWV5Q2V6d21EOGlTY2twWEY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9lYWRhZmUtNmM5ZC00YWUwLTg3MzMtODE5YTI1MzIyNWNj
LzEvR19GT2pRczk3N0F3UW5BVERSRkhyZzNaTFlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAjVsDBAK5
32gwDQYJKoZIhvcNAQELBQADggEBAB0SbWEbycQArVBbFg4kgRm8wXkHwJhj0Rd0
/jBUXqBZswLb3KOIMbBsvRDzUzUYVg4Y44WsZR6ZVuTm3PUFpNr7D7SqSnQ7vcLR
xgUeU8jLp5eaoLtGojcZQ+g278l+cVJHtdb3J8yjC/iVggfpyt2ArDLXJ/J4WbJV
rEDxHLyT5yiPib65mqlxn4IIfPveRNr+at8AaI9VfK83/qNshj03aEwUixjqQ2/t
uELtpFL6ca6q0spiZrNy/sdLNqKPKbN4CB5yPl1hq9Kvxhvkku5qJSSFuYyxGwGD
WdC5QZL3tORVqBpxqqiSq93R2Fg5FFvPRazh/egPaZmQy2wvUWE=
-----END CERTIFICATE-----