Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/ezdEdcWRJCsgcDn_h_vHY5ql2OA.roa
File:                     ezdEdcWRJCsgcDn_h_vHY5ql2OA.roa (raw, json)
Hash identifier:          62UG+xnKYTXQWzqTXe9v4fS1uJsLYXFYJa2n8Hu7umU=
Subject key identifier:   7B:37:44:75:C5:91:24:2B:20:70:39:FF:87:FB:C7:63:9A:A5:D8:E0
Certificate issuer:       /CN=5975d519de239cf164cb94a6660c2530ceaef254
Certificate serial:       019D295A5417A07E721F85DE8C6F1AEFBBA8
Authority key identifier: 59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/ezdEdcWRJCsgcDn_h_vHY5ql2OA.roa
Signing time:             Thu 26 Mar 2026 08:54:38 +0000
ROA not before:           Thu 26 Mar 2026 08:54:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        85.11.163.0/24 maxlen: 24
                          85.11.180.0/24 maxlen: 24
                          85.11.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Apr 2026 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:5a:54:17:a0:7e:72:1f:85:de:8c:6f:1a:ef:bb:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5975d519de239cf164cb94a6660c2530ceaef254
        Validity
            Not Before: Mar 26 08:54:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7b374475c591242b207039ff87fbc7639aa5d8e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:68:8a:5d:90:e4:26:78:03:95:fe:e2:56:19:
                    b9:56:6d:eb:b2:80:e4:0e:a2:9d:81:c6:cb:eb:35:
                    7b:b3:3e:3d:79:bc:36:ac:0f:ef:d3:0f:a1:f6:ed:
                    6e:ab:47:1e:b3:d4:35:19:b0:01:cb:6b:8a:3e:a3:
                    34:1d:33:1f:19:66:d1:b3:dc:2e:03:96:d2:15:31:
                    31:89:f3:f9:2b:cf:83:ba:a0:5a:e1:b7:b2:5d:a5:
                    4a:d2:0c:6c:10:c8:3a:fd:a1:fd:63:a7:a8:49:a6:
                    8b:e1:c7:b8:23:09:e1:ba:ff:89:3f:76:f9:46:c0:
                    fd:4a:6e:9f:19:cf:50:70:b9:44:7a:7a:61:9f:6d:
                    83:55:d7:84:2d:7a:3e:a3:03:17:3d:b9:77:0c:67:
                    8d:45:10:ff:4b:a8:85:52:ae:5e:ff:76:39:3a:51:
                    77:26:1d:c9:5c:15:cf:49:50:e1:f8:5e:b9:65:36:
                    3d:e1:88:a2:52:62:2f:04:21:5a:80:aa:03:d7:8a:
                    85:74:66:b3:2d:6e:f2:36:4b:17:22:c2:45:ae:97:
                    2e:91:d9:ab:62:5b:aa:f5:60:26:ca:1d:37:e9:4e:
                    1a:17:c0:19:c2:a1:2f:3a:8b:20:65:b9:1b:4a:da:
                    95:93:fb:01:b7:66:61:1c:9a:b0:d5:be:93:42:5b:
                    fa:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:37:44:75:C5:91:24:2B:20:70:39:FF:87:FB:C7:63:9A:A5:D8:E0
            X509v3 Authority Key Identifier:
                keyid:59:75:D5:19:DE:23:9C:F1:64:CB:94:A6:66:0C:25:30:CE:AE:F2:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXXVGd4jnPFky5SmZgwlMM6u8lQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/ezdEdcWRJCsgcDn_h_vHY5ql2OA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/0c0c37-b401-401b-aa65-2cc675726975/1/WXXVGd4jnPFky5SmZgwlMM6u8lQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.11.163.0/24
                  85.11.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:3a:78:62:fb:f2:3f:0a:5e:fc:8e:ea:ef:15:95:13:ec:54:
         bb:4a:e9:c3:fb:47:e8:e3:da:67:cb:bb:c7:e6:3f:dc:96:d4:
         8b:d5:eb:0f:3b:bb:77:94:3c:a6:60:f0:12:d7:73:c7:ef:00:
         ea:e7:00:ad:39:d8:90:8e:71:60:75:77:f3:be:0e:42:45:af:
         7a:52:12:fc:19:3a:03:55:66:2f:cc:b7:b7:a9:04:5b:6f:39:
         f0:c1:76:1d:1c:bb:45:dd:98:14:ca:a1:e0:6f:88:7f:7f:8d:
         cc:d5:8b:56:66:9c:f2:52:86:d9:78:d1:49:71:45:36:b4:e2:
         31:ad:cf:5e:e8:33:b4:cb:b8:9e:40:9c:7d:1a:61:e7:3f:89:
         09:10:52:1c:ea:57:39:bf:4b:45:55:ba:e5:1b:14:97:f0:66:
         b8:f9:70:20:c7:04:3c:5d:14:8d:b7:ca:de:23:aa:65:70:ec:
         b2:bf:71:27:30:62:b1:2f:27:c4:9e:cf:dd:69:54:d7:fe:6c:
         b6:bc:f8:69:64:cf:09:74:15:4f:7a:3f:0f:99:07:d4:d4:db:
         2d:a1:92:fd:f2:c0:a9:2a:fd:cf:4b:dd:33:bb:fd:70:7e:62:
         16:ee:ad:6f:1c:c8:fe:bf:9d:d6:7e:ec:98:a7:ab:58:7a:43:
         fc:48:76:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0pWlQXoH5yH4XejG8a77uoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NzVkNTE5ZGUyMzljZjE2NGNiOTRhNjY2MGMyNTMwY2Vh
ZWYyNTQwHhcNMjYwMzI2MDg1NDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjM3NDQ3NWM1OTEyNDJiMjA3MDM5ZmY4N2ZiYzc2MzlhYTVkOGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmiKXZDkJngDlf7iVhm5Vm3rsoDk
DqKdgcbL6zV7sz49ebw2rA/v0w+h9u1uq0ces9Q1GbABy2uKPqM0HTMfGWbRs9wu
A5bSFTExifP5K8+DuqBa4beyXaVK0gxsEMg6/aH9Y6eoSaaL4ce4Iwnhuv+JP3b5
RsD9Sm6fGc9QcLlEenphn22DVdeELXo+owMXPbl3DGeNRRD/S6iFUq5e/3Y5OlF3
Jh3JXBXPSVDh+F65ZTY94YiiUmIvBCFagKoD14qFdGazLW7yNksXIsJFrpcukdmr
Yluq9WAmyh036U4aF8AZwqEvOosgZbkbStqVk/sBt2ZhHJqw1b6TQlv6gwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHs3RHXFkSQrIHA5/4f7x2OapdjgMB8GA1UdIwQY
MBaAFFl11RneI5zxZMuUpmYMJTDOrvJUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUt
MmNjNjc1NzI2OTc1LzEvZXpkRWRjV1JKQ3NnY0RuX2hfdkhZNXFsMk9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8wYzBjMzctYjQwMS00MDFiLWFhNjUtMmNjNjc1NzI2OTc1
LzEvV1hYVkdkNGpuUEZreTVTbVpnd2xNTTZ1OGxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVQujAwQB
VQu0MA0GCSqGSIb3DQEBCwUAA4IBAQBeOnhi+/I/Cl78jurvFZUT7FS7SunD+0fo
49pny7vH5j/cltSL1esPO7t3lDymYPAS13PH7wDq5wCtOdiQjnFgdXfzvg5CRa96
UhL8GToDVWYvzLe3qQRbbznwwXYdHLtF3ZgUyqHgb4h/f43M1YtWZpzyUobZeNFJ
cUU2tOIxrc9e6DO0y7ieQJx9GmHnP4kJEFIc6lc5v0tFVbrlGxSX8Ga4+XAgxwQ8
XRSNt8reI6plcOyyv3EnMGKxLyfEns/daVTX/my2vPhpZM8JdBVPej8PmQfU1Nst
oZL98sCpKv3PS90zu/1wfmIW7q1vHMj+v53WfuyYp6tYekP8SHbA
-----END CERTIFICATE-----