Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/EAGzxbu2bvBqB_ul-seOTu_NH0k.roa
File:                     EAGzxbu2bvBqB_ul-seOTu_NH0k.roa (raw, json)
Hash identifier:          hrDccVmFblauUPcgej4xoxdTzldhmbvET53w49G5sT8=
Subject key identifier:   10:01:B3:C5:BB:B6:6E:F0:6A:07:FB:A5:FA:C7:8E:4E:EF:CD:1F:49
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019E731C2EC6F5D5FC0B0DCBABE8EC9E6052
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/EAGzxbu2bvBqB_ul-seOTu_NH0k.roa
Signing time:             Fri 29 May 2026 09:41:27 +0000
ROA not before:           Fri 29 May 2026 09:41:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8981
IP address blocks:        62.76.168.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 12:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:73:1c:2e:c6:f5:d5:fc:0b:0d:cb:ab:e8:ec:9e:60:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: May 29 09:41:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1001b3c5bbb66ef06a07fba5fac78e4eefcd1f49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:10:b3:2f:2b:85:c3:4f:c9:2e:b6:b3:6c:aa:
                    49:34:d5:2d:d3:79:a5:20:07:6c:cc:a6:47:1b:d6:
                    26:75:43:7c:98:2d:77:0e:83:e4:75:c0:4e:b7:9f:
                    ca:a7:e6:89:6b:82:41:0f:79:44:2a:2b:37:15:34:
                    6f:26:b9:79:35:8f:43:7f:c6:1f:24:5a:22:f3:22:
                    9f:b5:3e:bb:be:55:8a:ac:72:08:8a:9f:65:86:1a:
                    ed:c4:b4:6d:fe:59:1f:41:05:f1:07:36:f8:e1:c5:
                    c7:6a:d4:4b:ca:89:30:88:a5:8a:6d:b3:d6:3f:a9:
                    b8:74:06:4c:bf:97:89:6b:11:c3:e6:d8:46:12:2d:
                    ce:76:5e:80:80:52:48:fc:5a:14:fa:76:d3:31:30:
                    7e:e7:71:84:b4:80:b3:88:2d:8c:73:79:c1:ba:70:
                    ac:1c:8b:a0:47:08:6f:3c:f2:0f:d8:52:24:14:02:
                    19:31:de:f8:74:60:8d:f3:a7:d6:85:26:04:67:7b:
                    12:99:85:ce:49:13:ba:2e:ae:a8:82:5f:30:d9:1e:
                    f3:23:16:a1:df:81:76:f2:a4:17:b9:9e:6a:3c:d3:
                    ee:db:54:ac:8e:80:b6:2d:96:39:73:e3:5a:f0:c8:
                    d6:12:26:28:74:4a:f3:bd:04:6d:35:8e:3a:0e:a3:
                    a9:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:01:B3:C5:BB:B6:6E:F0:6A:07:FB:A5:FA:C7:8E:4E:EF:CD:1F:49
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/EAGzxbu2bvBqB_ul-seOTu_NH0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6a:fa:38:e3:22:34:fc:3e:ef:0f:41:22:0a:7d:3d:c4:1f:5a:
         76:d5:2a:21:b7:c6:67:e9:55:7b:a2:69:34:05:ed:b3:dc:55:
         f9:e1:9b:6a:31:bb:d6:2f:54:0d:24:b0:55:c0:3f:97:08:ca:
         1e:f1:b9:16:c4:e9:10:79:b8:86:0c:d4:3b:77:7e:e4:5d:08:
         05:83:22:fd:58:74:bc:4a:03:98:98:f0:e7:59:42:32:bb:31:
         22:74:0d:73:e8:93:8a:b0:32:a4:50:9b:41:d5:ad:23:f6:b6:
         c9:ea:d3:06:cc:05:95:cf:94:5a:9f:0a:2e:e3:84:01:6a:4c:
         fa:08:e5:82:46:c3:79:2d:73:b5:cc:d9:53:bf:8f:8f:bb:c8:
         5d:8f:d8:8f:18:8c:a4:6d:a2:ab:63:d1:47:6e:03:6b:07:63:
         23:86:be:a7:62:22:50:ea:65:8b:72:55:a5:f9:d3:80:96:da:
         49:28:ac:7e:0c:de:5e:a9:cf:12:ea:7e:93:3d:1a:05:98:40:
         c6:83:74:7e:ba:ee:36:6b:4f:df:52:d3:40:78:c4:6d:8a:b3:
         02:a1:6d:ee:e8:f4:0e:9f:12:de:8b:8f:b4:bd:0e:dd:d8:52:
         56:10:ce:84:89:42:45:d0:6f:e0:ad:0c:4b:a9:87:99:b6:25:
         77:0a:89:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5zHC7G9dX8Cw3Lq+jsnmBSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjYwNTI5MDk0MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDAxYjNjNWJiYjY2ZWYwNmEwN2ZiYTVmYWM3OGU0ZWVmY2QxZjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6hCzLyuFw0/JLrazbKpJNNUt03ml
IAdszKZHG9YmdUN8mC13DoPkdcBOt5/Kp+aJa4JBD3lEKis3FTRvJrl5NY9Df8Yf
JFoi8yKftT67vlWKrHIIip9lhhrtxLRt/lkfQQXxBzb44cXHatRLyokwiKWKbbPW
P6m4dAZMv5eJaxHD5thGEi3Odl6AgFJI/FoU+nbTMTB+53GEtICziC2Mc3nBunCs
HIugRwhvPPIP2FIkFAIZMd74dGCN86fWhSYEZ3sSmYXOSRO6Lq6ogl8w2R7zIxah
34F28qQXuZ5qPNPu21SsjoC2LZY5c+Na8MjWEiYodErzvQRtNY46DqOp1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBABs8W7tm7wagf7pfrHjk7vzR9JMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvRUFHenhidTJidkJxQl91bC1zZU9UdV9OSDBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPkyoMA0G
CSqGSIb3DQEBCwUAA4IBAQBq+jjjIjT8Pu8PQSIKfT3EH1p21Soht8Zn6VV7omk0
Be2z3FX54ZtqMbvWL1QNJLBVwD+XCMoe8bkWxOkQebiGDNQ7d37kXQgFgyL9WHS8
SgOYmPDnWUIyuzEidA1z6JOKsDKkUJtB1a0j9rbJ6tMGzAWVz5Ranwou44QBakz6
COWCRsN5LXO1zNlTv4+Pu8hdj9iPGIykbaKrY9FHbgNrB2Mjhr6nYiJQ6mWLclWl
+dOAltpJKKx+DN5eqc8S6n6TPRoFmEDGg3R+uu42a0/fUtNAeMRtirMCoW3u6PQO
nxLei4+0vQ7d2FJWEM6EiUJF0G/grQxLqYeZtiV3CokJ
-----END CERTIFICATE-----