Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/03affa-4029-4ad7-979f-fd8b91ef53eb/1/_Ef8SeBp3ruAkA6qeKEIJMt7sHw.roa
File:                     _Ef8SeBp3ruAkA6qeKEIJMt7sHw.roa (raw, json)
Hash identifier:          hLdHiEsuMtIvVzUZs/wSgsPSZZFFyxjS22x4zUMaD44=
Subject key identifier:   FC:47:FC:49:E0:69:DE:BB:80:90:0E:AA:78:A1:08:24:CB:7B:B0:7C
Certificate issuer:       /CN=116dc9e18c5020291759cf92d53b037d3017fbe6
Certificate serial:       019ECD86A5003C9041A0C80D9FF36EBD9076
Authority key identifier: 11:6D:C9:E1:8C:50:20:29:17:59:CF:92:D5:3B:03:7D:30:17:FB:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EW3J4YxQICkXWc-S1TsDfTAX--Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/03affa-4029-4ad7-979f-fd8b91ef53eb/1/_Ef8SeBp3ruAkA6qeKEIJMt7sHw.roa
Signing time:             Mon 15 Jun 2026 23:03:33 +0000
ROA not before:           Mon 15 Jun 2026 23:03:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219466
IP address blocks:        91.199.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/03affa-4029-4ad7-979f-fd8b91ef53eb/1/EW3J4YxQICkXWc-S1TsDfTAX--Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/03affa-4029-4ad7-979f-fd8b91ef53eb/1/EW3J4YxQICkXWc-S1TsDfTAX--Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EW3J4YxQICkXWc-S1TsDfTAX--Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cd:86:a5:00:3c:90:41:a0:c8:0d:9f:f3:6e:bd:90:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=116dc9e18c5020291759cf92d53b037d3017fbe6
        Validity
            Not Before: Jun 15 23:03:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fc47fc49e069debb80900eaa78a10824cb7bb07c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f4:c2:94:6d:59:e2:f4:3f:4d:30:b1:64:eb:
                    9b:db:54:e7:72:fb:9a:21:af:9a:30:3f:38:b9:1d:
                    9b:f5:15:57:e2:e0:27:1d:2e:87:fd:6b:0b:9f:25:
                    18:03:c7:39:7d:88:1f:0d:82:06:ed:fe:c0:4f:4d:
                    30:75:e1:56:93:44:ae:e7:ef:6f:51:c6:34:94:dd:
                    d3:ea:1e:a4:b9:ed:7e:96:a4:3c:01:3e:64:f1:9d:
                    18:3b:da:75:f5:01:5f:61:4c:77:aa:e3:00:8c:54:
                    12:49:4c:11:90:7d:d6:42:c7:30:c5:c8:b2:c6:8e:
                    fc:80:75:63:49:3d:8d:72:57:fe:a7:f7:c5:07:9a:
                    cc:53:58:da:4e:8b:9d:ab:85:1e:7a:99:1c:85:fe:
                    7f:cf:f2:cd:4d:ec:c4:a5:a3:e1:22:d1:61:6a:28:
                    5f:7c:b2:af:97:ed:fa:0d:56:63:77:47:2e:70:6c:
                    ce:e6:82:36:c0:a1:92:b4:39:fc:a4:42:c6:c1:d3:
                    93:30:ee:a1:ff:29:7d:a4:4e:d4:b0:3e:fa:96:13:
                    8e:2b:cd:fb:5e:8e:1a:03:50:1b:02:4e:71:7e:39:
                    1b:f6:f8:10:05:69:2b:0a:ae:6a:0c:57:e1:97:a3:
                    bf:22:ac:8d:b1:8c:dc:fb:d1:2b:9e:ea:56:b7:2d:
                    6d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:47:FC:49:E0:69:DE:BB:80:90:0E:AA:78:A1:08:24:CB:7B:B0:7C
            X509v3 Authority Key Identifier:
                keyid:11:6D:C9:E1:8C:50:20:29:17:59:CF:92:D5:3B:03:7D:30:17:FB:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EW3J4YxQICkXWc-S1TsDfTAX--Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/03affa-4029-4ad7-979f-fd8b91ef53eb/1/_Ef8SeBp3ruAkA6qeKEIJMt7sHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/03affa-4029-4ad7-979f-fd8b91ef53eb/1/EW3J4YxQICkXWc-S1TsDfTAX--Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:01:67:ad:db:d1:e4:33:36:1d:de:b0:49:7d:05:21:7c:75:
         b7:3b:af:b7:2e:d4:76:bb:51:9f:dd:c2:18:42:d3:a9:fa:e3:
         55:6d:d8:b4:d7:90:d7:c5:da:97:88:b9:7d:d3:81:88:dc:34:
         88:c1:b9:81:6e:24:67:62:cd:a1:ff:7a:ce:a8:20:0f:e3:b1:
         19:7a:bd:f9:35:7f:5c:a8:fe:7d:42:95:51:bf:5f:92:c9:49:
         b1:ba:91:8c:34:6a:7b:8f:97:e5:6a:6e:20:04:f1:68:32:9d:
         fc:bd:56:c7:ad:3a:13:be:26:2e:2c:52:74:5d:52:a8:cc:c1:
         f2:ac:17:4e:e0:b0:21:55:2e:1f:fb:7b:63:da:26:82:aa:4b:
         ed:ad:6f:87:28:2a:6c:36:19:0f:e1:6c:48:c6:f0:4f:3c:97:
         10:a9:d1:63:9d:c0:81:64:b6:95:dd:6e:10:d9:d9:7d:79:ca:
         be:56:9f:ae:3e:d1:28:b2:40:d0:c6:1f:95:2e:3f:bf:4e:99:
         da:22:9d:4b:81:e7:ec:a8:d3:78:48:4e:2f:e0:bd:72:a2:9f:
         ba:7a:e7:81:3d:cc:53:cd:36:c1:27:4e:b2:fc:73:cc:ca:eb:
         c3:6e:84:c8:5a:5d:e4:4a:02:97:19:73:65:0c:a1:32:f1:29:
         7a:e8:61:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7NhqUAPJBBoMgNn/NuvZB2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNmRjOWUxOGM1MDIwMjkxNzU5Y2Y5MmQ1M2IwMzdkMzAx
N2ZiZTYwHhcNMjYwNjE1MjMwMzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzQ3ZmM0OWUwNjlkZWJiODA5MDBlYWE3OGExMDgyNGNiN2JiMDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfTClG1Z4vQ/TTCxZOub21Tncvua
Ia+aMD84uR2b9RVX4uAnHS6H/WsLnyUYA8c5fYgfDYIG7f7AT00wdeFWk0Su5+9v
UcY0lN3T6h6kue1+lqQ8AT5k8Z0YO9p19QFfYUx3quMAjFQSSUwRkH3WQscwxciy
xo78gHVjST2Nclf+p/fFB5rMU1jaToudq4Ueepkchf5/z/LNTezEpaPhItFhaihf
fLKvl+36DVZjd0cucGzO5oI2wKGStDn8pELGwdOTMO6h/yl9pE7UsD76lhOOK837
Xo4aA1AbAk5xfjkb9vgQBWkrCq5qDFfhl6O/IqyNsYzc+9ErnupWty1tgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxH/Engad67gJAOqnihCCTLe7B8MB8GA1UdIwQY
MBaAFBFtyeGMUCApF1nPktU7A30wF/vmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVczSjRZeFFJQ2tYV2MtUzFUc0RmVEFYLS1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8wM2FmZmEtNDAyOS00YWQ3LTk3OWYt
ZmQ4YjkxZWY1M2ViLzEvX0VmOFNlQnAzcnVBa0E2cWVLRUlKTXQ3c0h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8wM2FmZmEtNDAyOS00YWQ3LTk3OWYtZmQ4YjkxZWY1M2Vi
LzEvRVczSjRZeFFJQ2tYV2MtUzFUc0RmVEFYLS1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8cTMA0G
CSqGSIb3DQEBCwUAA4IBAQAGAWet29HkMzYd3rBJfQUhfHW3O6+3LtR2u1Gf3cIY
QtOp+uNVbdi015DXxdqXiLl904GI3DSIwbmBbiRnYs2h/3rOqCAP47EZer35NX9c
qP59QpVRv1+SyUmxupGMNGp7j5flam4gBPFoMp38vVbHrToTviYuLFJ0XVKozMHy
rBdO4LAhVS4f+3tj2iaCqkvtrW+HKCpsNhkP4WxIxvBPPJcQqdFjncCBZLaV3W4Q
2dl9ecq+Vp+uPtEoskDQxh+VLj+/TpnaIp1LgefsqNN4SE4v4L1yop+6eueBPcxT
zTbBJ06y/HPMyuvDboTIWl3kSgKXGXNlDKEy8Sl66GGM
-----END CERTIFICATE-----