Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/EU9jf8Qkyx6ZRRYp_E67igQBBbY.roa
File:                     EU9jf8Qkyx6ZRRYp_E67igQBBbY.roa (raw, json)
Hash identifier:          tJu6p0hZNeDVWHGv3nAhTyT32Cvio8bwLtHP18fUaMc=
Subject key identifier:   11:4F:63:7F:C4:24:CB:1E:99:45:16:29:FC:4E:BB:8A:04:01:05:B6
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       019E2A43F310F676CEDC470A44F8B85A084C
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/EU9jf8Qkyx6ZRRYp_E67igQBBbY.roa
Signing time:             Fri 15 May 2026 06:12:36 +0000
ROA not before:           Fri 15 May 2026 06:12:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        185.251.80.0/23 maxlen: 24
                          185.251.82.0/23 maxlen: 24
                          194.4.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 19 May 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2a:43:f3:10:f6:76:ce:dc:47:0a:44:f8:b8:5a:08:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: May 15 06:12:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=114f637fc424cb1e99451629fc4ebb8a040105b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ab:73:d2:9e:57:d2:09:15:6f:4e:6d:7e:e2:
                    61:1b:3c:30:ea:82:a6:6c:dd:ba:51:93:f4:67:f4:
                    87:78:0c:0c:a4:d3:cb:9d:e2:85:e8:c7:2b:f7:1f:
                    91:be:f1:ae:ed:80:c8:21:2a:29:bb:5a:26:b3:05:
                    c6:68:05:69:ce:ac:e7:6c:fc:1c:53:14:44:4e:71:
                    c0:11:2e:05:2b:25:e5:0d:64:2c:68:c2:85:35:49:
                    6a:98:31:99:5b:78:48:36:12:3f:f6:02:ee:62:01:
                    3b:a1:4b:68:84:2d:bd:0d:88:0c:4d:9e:74:72:a4:
                    7e:2d:6e:af:37:95:01:be:8e:39:80:24:d0:16:14:
                    eb:c8:b6:02:90:de:70:48:ca:b1:7d:87:3a:7c:03:
                    2c:c1:51:89:75:26:fa:7a:eb:6c:67:38:68:e5:09:
                    5d:74:17:c3:36:4a:c3:a9:1f:bc:55:f3:16:d3:31:
                    ee:d7:6e:d1:33:a4:31:9e:c5:bd:45:a1:f6:57:0c:
                    97:7b:9d:0b:c9:37:d4:29:d1:bd:bc:32:f8:62:4c:
                    52:a0:04:c3:5f:6e:97:2f:0e:33:72:01:dd:b9:66:
                    a8:ec:59:fe:df:74:14:a5:b5:f1:55:c0:a5:22:54:
                    2b:22:ce:46:64:c3:a2:ec:fb:8f:44:4c:5c:1c:79:
                    5e:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:4F:63:7F:C4:24:CB:1E:99:45:16:29:FC:4E:BB:8A:04:01:05:B6
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/EU9jf8Qkyx6ZRRYp_E67igQBBbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.80.0/22
                  194.4.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:08:8d:49:f6:93:ec:c3:5a:de:68:e8:bc:5f:a5:3c:02:8e:
         b3:63:af:66:16:08:77:9b:29:f4:0a:7c:bf:7b:3e:5a:db:e1:
         91:c2:ba:26:58:f3:09:02:88:37:ad:10:ee:d3:62:1b:65:84:
         8c:5a:06:1a:e1:00:6c:79:c1:f4:ba:4c:05:c6:80:04:af:8c:
         f7:92:4e:55:4f:63:c2:07:5e:57:d1:16:b0:a2:ab:8a:ad:49:
         68:8d:d6:0c:34:79:4e:d0:06:ef:c8:7d:9f:c7:76:d9:1b:1d:
         14:8d:6f:72:6f:51:1f:0c:df:8a:ac:75:44:c9:a2:80:7f:45:
         2b:24:92:ed:6c:f5:b0:ff:f2:71:13:40:b2:43:70:05:98:59:
         d6:0d:20:7a:3f:22:31:a1:b8:3d:e9:69:b6:69:59:d9:d8:e6:
         5a:17:2f:09:c0:01:12:fe:a6:9b:df:ec:fc:42:76:61:26:6e:
         16:fd:b7:7b:13:d5:01:e2:ab:c7:1c:5e:3b:0b:7f:d0:c9:6e:
         96:0f:c1:10:42:e2:f2:cb:d9:90:1c:4b:9d:7d:69:30:e7:5b:
         4c:bd:31:a1:b5:0c:48:f9:19:50:3a:07:2a:57:28:a7:ec:f1:
         79:55:53:35:0c:cd:4c:90:37:8e:59:b8:7d:df:83:16:24:60:
         be:07:5b:22
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4qQ/MQ9nbO3EcKRPi4WghMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjYwNTE1MDYxMjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTRmNjM3ZmM0MjRjYjFlOTk0NTE2MjlmYzRlYmI4YTA0MDEwNWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqtz0p5X0gkVb05tfuJhGzww6oKm
bN26UZP0Z/SHeAwMpNPLneKF6Mcr9x+RvvGu7YDIISopu1omswXGaAVpzqznbPwc
UxRETnHAES4FKyXlDWQsaMKFNUlqmDGZW3hINhI/9gLuYgE7oUtohC29DYgMTZ50
cqR+LW6vN5UBvo45gCTQFhTryLYCkN5wSMqxfYc6fAMswVGJdSb6eutsZzho5Qld
dBfDNkrDqR+8VfMW0zHu127RM6QxnsW9RaH2VwyXe50LyTfUKdG9vDL4YkxSoATD
X26XLw4zcgHduWao7Fn+33QUpbXxVcClIlQrIs5GZMOi7PuPRExcHHlelQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBFPY3/EJMsemUUWKfxOu4oEAQW2MB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEvRVU5amY4UWt5eDZaUlJZcF9FNjdpZ1FCQmJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuftQAwQA
wgQ3MA0GCSqGSIb3DQEBCwUAA4IBAQCgCI1J9pPsw1reaOi8X6U8Ao6zY69mFgh3
myn0Cny/ez5a2+GRwromWPMJAog3rRDu02IbZYSMWgYa4QBsecH0ukwFxoAEr4z3
kk5VT2PCB15X0RawoquKrUlojdYMNHlO0AbvyH2fx3bZGx0UjW9yb1EfDN+KrHVE
yaKAf0UrJJLtbPWw//JxE0CyQ3AFmFnWDSB6PyIxobg96Wm2aVnZ2OZaFy8JwAES
/qab3+z8QnZhJm4W/bd7E9UB4qvHHF47C3/QyW6WD8EQQuLyy9mQHEudfWkw51tM
vTGhtQxI+RlQOgcqVyin7PF5VVM1DM1MkDeOWbh934MWJGC+B1si
-----END CERTIFICATE-----