Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/494bc5-1aeb-4565-aad7-f69b7e266233/1/eQNIWynZW9H_qCeB8qolsHaPfjw.roa
File:                     eQNIWynZW9H_qCeB8qolsHaPfjw.roa (raw, json)
Hash identifier:          O4+sT4oKTnI0KGCx4zdCXIP/OZGHX6I3BYLvLb9KuB4=
Subject key identifier:   79:03:48:5B:29:D9:5B:D1:FF:A8:27:81:F2:AA:25:B0:76:8F:7E:3C
Certificate issuer:       /CN=1dc5d3bcc91e4a31a208361af0a93a62f62d8270
Certificate serial:       019E1DF1F6AC6E77B4B8BB6943658555304A
Authority key identifier: 1D:C5:D3:BC:C9:1E:4A:31:A2:08:36:1A:F0:A9:3A:62:F6:2D:82:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HcXTvMkeSjGiCDYa8Kk6YvYtgnA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/494bc5-1aeb-4565-aad7-f69b7e266233/1/eQNIWynZW9H_qCeB8qolsHaPfjw.roa
Signing time:             Tue 12 May 2026 20:47:37 +0000
ROA not before:           Tue 12 May 2026 20:47:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.28.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/494bc5-1aeb-4565-aad7-f69b7e266233/1/HcXTvMkeSjGiCDYa8Kk6YvYtgnA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/494bc5-1aeb-4565-aad7-f69b7e266233/1/HcXTvMkeSjGiCDYa8Kk6YvYtgnA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HcXTvMkeSjGiCDYa8Kk6YvYtgnA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 May 2026 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1d:f1:f6:ac:6e:77:b4:b8:bb:69:43:65:85:55:30:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1dc5d3bcc91e4a31a208361af0a93a62f62d8270
        Validity
            Not Before: May 12 20:47:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7903485b29d95bd1ffa82781f2aa25b0768f7e3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e9:3e:dd:e3:ba:71:5f:d3:11:4c:49:b0:80:
                    0a:a8:0a:7e:25:f5:7f:bf:cd:5c:ae:01:83:d6:27:
                    5a:bb:88:c3:9e:5e:bd:b4:99:59:c8:85:33:03:c3:
                    9c:dd:ef:1a:80:61:72:de:41:d1:00:d8:ee:99:59:
                    c9:a4:e6:90:04:bf:d2:4b:fb:c5:05:b0:88:91:4e:
                    80:7c:52:cc:f3:ab:da:40:d8:dc:a2:5c:1d:2b:40:
                    11:f3:5d:a4:c6:d1:7e:ac:00:9c:fb:b7:d2:db:80:
                    12:55:c7:05:83:48:a9:cd:ed:92:cf:41:e4:b1:76:
                    c1:2e:25:5b:f0:dd:47:58:b0:12:ad:ba:f0:be:bb:
                    45:4b:49:a0:99:90:4f:6e:76:29:1f:7e:33:d7:8c:
                    73:8d:e0:3e:f3:f0:dc:ec:2e:22:b2:16:31:6c:cf:
                    b9:ec:4a:59:6d:93:08:be:65:5a:4d:e0:d0:d5:b8:
                    0c:2f:92:d8:f4:a1:58:1e:8a:a2:6c:3e:55:c6:6f:
                    a1:b3:4f:1b:a6:9c:b7:e8:5e:e9:80:50:73:92:af:
                    1c:37:e5:61:0f:b8:f2:e4:62:95:4f:f9:de:f8:1d:
                    86:4d:dc:dd:66:08:8b:b6:36:24:b6:ed:88:2c:d1:
                    69:1c:5e:ff:dc:b7:e7:1f:0f:73:4f:ac:bf:e9:89:
                    23:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:03:48:5B:29:D9:5B:D1:FF:A8:27:81:F2:AA:25:B0:76:8F:7E:3C
            X509v3 Authority Key Identifier:
                keyid:1D:C5:D3:BC:C9:1E:4A:31:A2:08:36:1A:F0:A9:3A:62:F6:2D:82:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HcXTvMkeSjGiCDYa8Kk6YvYtgnA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/494bc5-1aeb-4565-aad7-f69b7e266233/1/eQNIWynZW9H_qCeB8qolsHaPfjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/494bc5-1aeb-4565-aad7-f69b7e266233/1/HcXTvMkeSjGiCDYa8Kk6YvYtgnA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:77:b7:93:e4:ba:18:5b:4f:de:0f:a3:c7:85:3a:d7:a6:9d:
         bb:bb:2f:f7:31:9b:c4:c7:48:c6:29:80:bc:b1:17:8a:a8:f3:
         75:67:21:8b:e5:f8:04:46:bf:4e:1f:70:ad:c4:1d:69:47:8a:
         8b:16:b2:35:43:be:6a:54:3c:4a:1a:18:33:14:f0:11:6b:ea:
         b2:78:69:c4:67:f7:da:32:6e:20:2d:e6:4b:d5:c0:46:ae:c4:
         fc:03:77:48:eb:cf:d4:c6:49:e5:ea:fb:97:cc:5f:f4:e1:1c:
         9e:5c:23:ea:b6:5c:0e:cd:f8:bb:c6:77:6e:f0:2d:1c:54:b2:
         6b:4b:53:c1:f8:fd:60:ed:c8:54:4b:8e:ca:02:b2:8a:65:43:
         9e:d4:90:3a:35:4c:c6:5f:e5:59:9f:aa:3f:79:66:f7:18:69:
         3b:41:b0:f6:fa:6d:a3:9d:65:45:ab:31:2f:33:5b:38:16:53:
         79:00:2d:e1:da:d3:bf:a4:62:9c:a3:b2:b3:a0:85:30:4c:c0:
         fc:bc:82:b0:03:76:59:ab:33:7e:d0:0e:ba:fb:5c:f8:80:94:
         a2:5b:25:08:be:64:77:0e:35:22:db:3f:b9:d5:e8:22:07:3f:
         f9:22:70:73:aa:8d:1e:67:26:31:86:7d:22:2b:e9:41:ea:df:
         70:67:59:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4d8fasbne0uLtpQ2WFVTBKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYzVkM2JjYzkxZTRhMzFhMjA4MzYxYWYwYTkzYTYyZjYy
ZDgyNzAwHhcNMjYwNTEyMjA0NzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTAzNDg1YjI5ZDk1YmQxZmZhODI3ODFmMmFhMjViMDc2OGY3ZTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+k+3eO6cV/TEUxJsIAKqAp+JfV/
v81crgGD1idau4jDnl69tJlZyIUzA8Oc3e8agGFy3kHRANjumVnJpOaQBL/SS/vF
BbCIkU6AfFLM86vaQNjcolwdK0AR812kxtF+rACc+7fS24ASVccFg0ipze2Sz0Hk
sXbBLiVb8N1HWLASrbrwvrtFS0mgmZBPbnYpH34z14xzjeA+8/Dc7C4ishYxbM+5
7EpZbZMIvmVaTeDQ1bgML5LY9KFYHoqibD5Vxm+hs08bppy36F7pgFBzkq8cN+Vh
D7jy5GKVT/ne+B2GTdzdZgiLtjYktu2ILNFpHF7/3LfnHw9zT6y/6YkjlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHkDSFsp2VvR/6gngfKqJbB2j348MB8GA1UdIwQY
MBaAFB3F07zJHkoxogg2GvCpOmL2LYJwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGNYVHZNa2VTakdpQ0RZYThLazZZdll0Z25BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy80OTRiYzUtMWFlYi00NTY1LWFhZDct
ZjY5YjdlMjY2MjMzLzEvZVFOSVd5blpXOUhfcUNlQjhxb2xzSGFQZmp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy80OTRiYzUtMWFlYi00NTY1LWFhZDctZjY5YjdlMjY2MjMz
LzEvSGNYVHZNa2VTakdpQ0RZYThLazZZdll0Z25BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRzEMA0G
CSqGSIb3DQEBCwUAA4IBAQAsd7eT5LoYW0/eD6PHhTrXpp27uy/3MZvEx0jGKYC8
sReKqPN1ZyGL5fgERr9OH3CtxB1pR4qLFrI1Q75qVDxKGhgzFPARa+qyeGnEZ/fa
Mm4gLeZL1cBGrsT8A3dI68/Uxknl6vuXzF/04RyeXCPqtlwOzfi7xndu8C0cVLJr
S1PB+P1g7chUS47KArKKZUOe1JA6NUzGX+VZn6o/eWb3GGk7QbD2+m2jnWVFqzEv
M1s4FlN5AC3h2tO/pGKco7KzoIUwTMD8vIKwA3ZZqzN+0A66+1z4gJSiWyUIvmR3
DjUi2z+51egiBz/5InBzqo0eZyYxhn0iK+lB6t9wZ1kA
-----END CERTIFICATE-----