Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/EJ7XZcMduM_6m4MJ_8OSEk7_iec.roa
File:                     EJ7XZcMduM_6m4MJ_8OSEk7_iec.roa (raw, json)
Hash identifier:          PELJ1JniknHvTLc6vO0AJ9J9GNmTsKNT2XJBWXo5NtM=
Subject key identifier:   10:9E:D7:65:C3:1D:B8:CF:FA:9B:83:09:FF:C3:92:12:4E:FF:89:E7
Certificate issuer:       /CN=93e272611139f15d037d7a4be545696cd2853867
Certificate serial:       019EB8396D04C8E159FF16750124ADA79F6D
Authority key identifier: 93:E2:72:61:11:39:F1:5D:03:7D:7A:4B:E5:45:69:6C:D2:85:38:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/EJ7XZcMduM_6m4MJ_8OSEk7_iec.roa
Signing time:             Thu 11 Jun 2026 19:47:11 +0000
ROA not before:           Thu 11 Jun 2026 19:47:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153663
IP address blocks:        209.248.32.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 19:47:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b8:39:6d:04:c8:e1:59:ff:16:75:01:24:ad:a7:9f:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e272611139f15d037d7a4be545696cd2853867
        Validity
            Not Before: Jun 11 19:47:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=109ed765c31db8cffa9b8309ffc392124eff89e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7c:06:97:26:a7:90:84:86:d0:1d:99:de:db:
                    b6:a9:a4:67:99:24:78:5c:05:c2:28:7e:ed:6b:da:
                    9e:aa:4f:cc:0f:c1:e9:fe:81:2e:44:32:02:72:aa:
                    c0:58:20:c9:8e:9d:3d:c1:68:70:f3:c7:68:a9:45:
                    bf:72:0d:47:01:fa:f2:18:f2:6f:03:da:97:2b:34:
                    1f:59:c8:b3:42:ca:83:3b:b2:72:f2:6d:ac:98:53:
                    ba:7e:d0:6e:d5:54:4b:eb:47:c8:7a:8c:c3:a4:b3:
                    9c:fb:0c:2b:f5:d2:a2:8c:f8:a3:df:c3:0a:26:4f:
                    33:9d:6d:3b:ff:0a:a3:e4:6e:2f:c7:6b:1d:06:6e:
                    ac:5e:b3:22:b6:04:b1:28:b4:a3:ab:3d:4c:94:ed:
                    a7:07:3d:60:a5:77:39:ea:d6:1a:9e:d3:d4:e1:20:
                    b8:a6:03:55:97:18:d6:20:ae:0f:36:91:c3:71:a9:
                    a5:42:48:41:ee:ed:5a:e9:e1:af:2c:3a:ae:3c:d5:
                    40:fe:84:ab:bc:67:db:4a:06:f1:54:f4:f9:56:54:
                    48:74:f7:2c:12:23:b7:36:ad:4e:a9:44:ef:75:af:
                    4d:19:27:d3:92:98:17:a0:11:bc:ef:7b:4f:48:80:
                    ff:96:a4:d3:cf:b7:d6:c9:40:dd:48:2b:d5:06:f5:
                    f0:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:9E:D7:65:C3:1D:B8:CF:FA:9B:83:09:FF:C3:92:12:4E:FF:89:E7
            X509v3 Authority Key Identifier:
                keyid:93:E2:72:61:11:39:F1:5D:03:7D:7A:4B:E5:45:69:6C:D2:85:38:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/EJ7XZcMduM_6m4MJ_8OSEk7_iec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.248.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         80:e1:b9:b1:bf:7f:11:6e:25:c0:8f:ec:3a:1c:0e:dd:ec:0d:
         98:5d:61:10:15:cb:cd:25:be:2a:d1:bb:35:67:19:84:81:30:
         98:79:f7:c7:a6:17:58:ca:73:b7:0f:15:c4:8e:e3:68:93:07:
         66:e8:41:15:1d:28:43:bf:14:e5:e5:36:39:11:88:3a:0d:4a:
         02:2d:6f:9d:af:39:ab:ab:15:51:42:a1:58:24:c8:2c:e6:1d:
         bd:b4:28:c0:ff:74:6f:58:d2:52:8d:5f:07:e6:5f:84:b7:7c:
         7d:f6:b4:d2:dc:18:65:8b:05:97:a2:62:43:dc:b1:bf:cc:bd:
         1c:05:91:8a:73:7e:24:5f:ee:04:3f:52:36:a7:02:ac:b3:d1:
         6d:a9:b7:43:7a:7e:9b:81:c1:c3:7f:1a:ec:2f:d6:3c:5c:64:
         5e:9a:74:37:54:1f:e9:be:f1:7f:d6:1f:36:f3:2f:7e:73:7d:
         b7:9e:be:5b:f4:cf:90:49:a7:f4:3d:d1:34:5d:7c:4d:c7:54:
         17:11:23:37:42:c5:3a:31:84:0a:ea:de:77:41:99:18:53:a8:
         7e:4c:b0:2b:de:1c:40:17:24:80:dd:08:0a:20:32:18:9d:00:
         3c:74:50:90:fb:c1:61:2d:d6:85:eb:d5:48:7b:e4:9c:0a:a0:
         cb:39:a3:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ64OW0EyOFZ/xZ1ASStp59tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZTI3MjYxMTEzOWYxNWQwMzdkN2E0YmU1NDU2OTZjZDI4
NTM4NjcwHhcNMjYwNjExMTk0NzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDllZDc2NWMzMWRiOGNmZmE5YjgzMDlmZmMzOTIxMjRlZmY4OWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXwGlyankISG0B2Z3tu2qaRnmSR4
XAXCKH7ta9qeqk/MD8Hp/oEuRDICcqrAWCDJjp09wWhw88doqUW/cg1HAfryGPJv
A9qXKzQfWcizQsqDO7Jy8m2smFO6ftBu1VRL60fIeozDpLOc+wwr9dKijPij38MK
Jk8znW07/wqj5G4vx2sdBm6sXrMitgSxKLSjqz1MlO2nBz1gpXc56tYantPU4SC4
pgNVlxjWIK4PNpHDcamlQkhB7u1a6eGvLDquPNVA/oSrvGfbSgbxVPT5VlRIdPcs
EiO3Nq1OqUTvda9NGSfTkpgXoBG873tPSID/lqTTz7fWyUDdSCvVBvXw2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBCe12XDHbjP+puDCf/DkhJO/4nnMB8GA1UdIwQY
MBaAFJPicmEROfFdA316S+VFaWzShThnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1KeVlSRTU4VjBEZlhwTDVVVnBiTktGT0djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9kYjQyYWItNDljYy00MjdkLTg2Y2Et
NDdhMmMyNTBlNWFhLzEvRUo3WFpjTWR1TV82bTRNSl84T1NFazdfaWVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9kYjQyYWItNDljYy00MjdkLTg2Y2EtNDdhMmMyNTBlNWFh
LzEvay1KeVlSRTU4VjBEZlhwTDVVVnBiTktGT0djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF0fggMA0G
CSqGSIb3DQEBCwUAA4IBAQCA4bmxv38RbiXAj+w6HA7d7A2YXWEQFcvNJb4q0bs1
ZxmEgTCYeffHphdYynO3DxXEjuNokwdm6EEVHShDvxTl5TY5EYg6DUoCLW+drzmr
qxVRQqFYJMgs5h29tCjA/3RvWNJSjV8H5l+Et3x99rTS3BhliwWXomJD3LG/zL0c
BZGKc34kX+4EP1I2pwKss9FtqbdDen6bgcHDfxrsL9Y8XGRemnQ3VB/pvvF/1h82
8y9+c323nr5b9M+QSaf0PdE0XXxNx1QXESM3QsU6MYQK6t53QZkYU6h+TLAr3hxA
FySA3QgKIDIYnQA8dFCQ+8FhLdaF69VIe+ScCqDLOaOT
-----END CERTIFICATE-----