Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/931f81-c409-4d3a-95df-49098897ee4a/1/DJeaERHkmET5-eHHAlZRzWddnHY.roa
File:                     DJeaERHkmET5-eHHAlZRzWddnHY.roa (raw, json)
Hash identifier:          xrunQdxCV1231jVsKRShGLTYC9bF1uR6vdQtrsPx3Dc=
Subject key identifier:   0C:97:9A:11:11:E4:98:44:F9:F9:E1:C7:02:56:51:CD:67:5D:9C:76
Certificate issuer:       /CN=ebf760c05773c15d73676450344668fefb723447
Certificate serial:       019CB51A03D392155CCAA845EF170BD80B5E
Authority key identifier: EB:F7:60:C0:57:73:C1:5D:73:67:64:50:34:46:68:FE:FB:72:34:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_dgwFdzwV1zZ2RQNEZo_vtyNEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/931f81-c409-4d3a-95df-49098897ee4a/1/DJeaERHkmET5-eHHAlZRzWddnHY.roa
Signing time:             Tue 03 Mar 2026 19:08:26 +0000
ROA not before:           Tue 03 Mar 2026 19:08:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206611
IP address blocks:        185.98.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/931f81-c409-4d3a-95df-49098897ee4a/1/6_dgwFdzwV1zZ2RQNEZo_vtyNEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/931f81-c409-4d3a-95df-49098897ee4a/1/6_dgwFdzwV1zZ2RQNEZo_vtyNEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6_dgwFdzwV1zZ2RQNEZo_vtyNEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Mar 2026 00:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b5:1a:03:d3:92:15:5c:ca:a8:45:ef:17:0b:d8:0b:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebf760c05773c15d73676450344668fefb723447
        Validity
            Not Before: Mar  3 19:08:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0c979a1111e49844f9f9e1c7025651cd675d9c76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:be:03:2b:bf:2a:3b:ee:0b:95:15:01:1d:71:
                    40:6e:0f:e0:b4:53:42:e4:77:22:91:ad:57:e3:a6:
                    57:c1:4d:c1:ee:84:9c:4e:80:64:88:b9:39:10:f2:
                    93:e0:8e:6f:07:51:f1:4a:fc:e2:3d:91:48:16:fa:
                    01:28:29:13:7c:d4:dc:ae:0c:aa:3e:61:11:33:97:
                    68:47:0d:1b:02:e1:33:ec:29:aa:b5:5e:ea:cd:10:
                    74:ff:5b:33:ca:56:b4:52:b7:d5:6d:91:c3:8c:7c:
                    8e:30:d4:9d:ff:ed:60:82:95:b4:c5:ba:f2:9c:23:
                    97:24:8c:0b:d2:6d:4c:b7:fa:52:ed:1a:47:4d:e7:
                    29:75:31:f7:45:d9:fe:a9:3a:cd:31:d3:20:91:d4:
                    af:cb:a4:5c:58:b2:8c:ec:57:2d:f6:c0:47:1b:72:
                    25:a0:f1:e7:23:ae:1b:ac:d4:88:37:0e:96:1b:72:
                    7c:c4:90:f8:1a:21:23:6c:75:31:27:a3:9c:ca:b8:
                    1c:02:7d:10:a5:3e:30:36:18:01:84:fe:c4:01:11:
                    c0:0e:e2:08:9d:44:21:de:88:d2:d3:81:7b:34:85:
                    58:8f:79:86:9b:48:76:98:dc:90:76:bf:ca:1c:6a:
                    39:df:1a:fe:f4:7d:13:cf:51:4b:1b:8f:bf:64:f9:
                    ac:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:97:9A:11:11:E4:98:44:F9:F9:E1:C7:02:56:51:CD:67:5D:9C:76
            X509v3 Authority Key Identifier:
                keyid:EB:F7:60:C0:57:73:C1:5D:73:67:64:50:34:46:68:FE:FB:72:34:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_dgwFdzwV1zZ2RQNEZo_vtyNEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/931f81-c409-4d3a-95df-49098897ee4a/1/DJeaERHkmET5-eHHAlZRzWddnHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/931f81-c409-4d3a-95df-49098897ee4a/1/6_dgwFdzwV1zZ2RQNEZo_vtyNEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:35:a9:30:72:e9:9a:78:7c:92:0a:25:a2:e7:f2:ca:c2:75:
         b7:9c:e5:ae:be:84:ab:76:99:4c:b6:a8:4f:da:e1:71:8a:13:
         05:f3:ff:69:21:2e:26:50:ea:0c:ba:e5:66:34:85:6f:c2:58:
         3e:3d:fd:86:06:bb:be:7b:4e:4b:73:4f:df:2e:a7:d0:5a:e7:
         54:b5:56:d1:dd:69:bd:42:e6:36:25:85:1c:d5:f5:cd:b2:19:
         21:2b:aa:08:36:3a:2a:bc:8c:f3:de:e8:11:6a:3f:be:13:35:
         f9:5f:bc:42:0d:30:3b:31:2c:87:b5:e4:4d:9f:e7:fc:f9:f5:
         61:42:41:b6:0a:ab:ef:d7:b5:03:ff:77:90:d5:d7:b3:95:ba:
         6f:0c:da:3f:91:f7:58:81:c4:66:c7:d1:77:1e:78:23:ee:62:
         e9:d0:15:c7:76:ab:c1:01:ca:73:dd:9b:e8:b9:70:7a:80:32:
         33:a6:44:ff:2a:ce:ef:92:93:4b:0c:ed:50:62:8e:a3:fe:f6:
         3e:57:d4:7a:b3:4d:27:88:62:3f:39:69:5a:4e:fd:f1:71:85:
         f0:e0:11:9e:8a:91:44:11:02:ba:9e:57:88:c9:95:31:e0:61:
         c9:a0:d2:73:72:ca:f4:ec:b6:5b:dc:40:ae:d4:c9:42:0a:b2:
         8e:67:fa:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy1GgPTkhVcyqhF7xcL2AteMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZjc2MGMwNTc3M2MxNWQ3MzY3NjQ1MDM0NDY2OGZlZmI3
MjM0NDcwHhcNMjYwMzAzMTkwODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzk3OWExMTExZTQ5ODQ0ZjlmOWUxYzcwMjU2NTFjZDY3NWQ5Yzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAob4DK78qO+4LlRUBHXFAbg/gtFNC
5Hcika1X46ZXwU3B7oScToBkiLk5EPKT4I5vB1HxSvziPZFIFvoBKCkTfNTcrgyq
PmERM5doRw0bAuEz7CmqtV7qzRB0/1szyla0UrfVbZHDjHyOMNSd/+1ggpW0xbry
nCOXJIwL0m1Mt/pS7RpHTecpdTH3Rdn+qTrNMdMgkdSvy6RcWLKM7Fct9sBHG3Il
oPHnI64brNSINw6WG3J8xJD4GiEjbHUxJ6OcyrgcAn0QpT4wNhgBhP7EARHADuII
nUQh3ojS04F7NIVYj3mGm0h2mNyQdr/KHGo53xr+9H0Tz1FLG4+/ZPmsqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAyXmhER5JhE+fnhxwJWUc1nXZx2MB8GA1UdIwQY
MBaAFOv3YMBXc8Fdc2dkUDRGaP77cjRHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9kZ3dGZHp3VjF6WjJSUU5FWm9fdnR5TkVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy85MzFmODEtYzQwOS00ZDNhLTk1ZGYt
NDkwOTg4OTdlZTRhLzEvREplYUVSSGttRVQ1LWVISEFsWlJ6V2RkbkhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy85MzFmODEtYzQwOS00ZDNhLTk1ZGYtNDkwOTg4OTdlZTRh
LzEvNl9kZ3dGZHp3VjF6WjJSUU5FWm9fdnR5TkVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWKdMA0G
CSqGSIb3DQEBCwUAA4IBAQBcNakwcumaeHySCiWi5/LKwnW3nOWuvoSrdplMtqhP
2uFxihMF8/9pIS4mUOoMuuVmNIVvwlg+Pf2GBru+e05Lc0/fLqfQWudUtVbR3Wm9
QuY2JYUc1fXNshkhK6oINjoqvIzz3ugRaj++EzX5X7xCDTA7MSyHteRNn+f8+fVh
QkG2Cqvv17UD/3eQ1dezlbpvDNo/kfdYgcRmx9F3Hngj7mLp0BXHdqvBAcpz3Zvo
uXB6gDIzpkT/Ks7vkpNLDO1QYo6j/vY+V9R6s00niGI/OWlaTv3xcYXw4BGeipFE
EQK6nleIyZUx4GHJoNJzcsr07LZb3ECu1MlCCrKOZ/qc
-----END CERTIFICATE-----