Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/D3LfDap49d06gOLu4Kkp5n9Su0M.roa
File:                     D3LfDap49d06gOLu4Kkp5n9Su0M.roa (raw, json)
Hash identifier:          mJkJ3mMPS2U5qDlitJNycirNMxDoi5DnsjAwWEOwdfQ=
Subject key identifier:   0F:72:DF:0D:AA:78:F5:DD:3A:80:E2:EE:E0:A9:29:E6:7F:52:BB:43
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019E4BC1DF70453B9F38F4731205E3824AF1
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/D3LfDap49d06gOLu4Kkp5n9Su0M.roa
Signing time:             Thu 21 May 2026 18:17:37 +0000
ROA not before:           Thu 21 May 2026 18:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48347
IP address blocks:        80.64.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4b:c1:df:70:45:3b:9f:38:f4:73:12:05:e3:82:4a:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: May 21 18:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0f72df0daa78f5dd3a80e2eee0a929e67f52bb43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:15:75:4f:e8:30:44:5c:f7:3f:64:c9:bb:e6:
                    32:2c:15:2c:47:ac:78:af:70:e4:4a:44:ae:b1:1f:
                    58:72:ed:98:a2:e0:ea:4d:5d:a7:42:50:aa:b5:ff:
                    c1:af:bb:d1:eb:ff:80:08:74:b9:a7:bf:11:42:45:
                    75:ec:42:52:2d:31:52:b6:32:07:58:31:ee:88:71:
                    7d:58:63:9f:b4:24:f1:18:7b:f6:e6:f0:3d:8c:1e:
                    e0:f3:c3:c8:1b:44:1c:3f:b0:a3:ed:a4:1e:e7:1d:
                    af:52:fa:4d:66:21:e7:2d:16:da:3b:e5:b6:60:62:
                    e9:15:58:cb:b8:30:e6:af:f9:08:e4:16:69:36:10:
                    1a:56:93:c4:f7:ce:ed:50:a8:18:f6:89:76:7c:81:
                    80:bb:1c:58:53:fc:99:30:d4:c6:4c:72:ec:fb:7a:
                    08:81:d2:16:e3:b6:5c:7c:33:5d:7f:e3:a3:32:b2:
                    58:6c:0b:20:a1:2f:4b:1d:03:22:10:b3:3b:96:f8:
                    fc:21:2f:c9:e2:44:14:ed:b7:1b:12:38:91:5d:0b:
                    1d:55:bc:60:fe:71:7f:a4:41:ab:2a:51:99:89:76:
                    fb:96:b4:32:f3:5c:bb:5d:43:ac:6d:d8:ac:e9:c6:
                    83:e2:a2:81:81:22:f9:56:d7:f9:8b:4e:ec:98:d1:
                    2e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:72:DF:0D:AA:78:F5:DD:3A:80:E2:EE:E0:A9:29:E6:7F:52:BB:43
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/D3LfDap49d06gOLu4Kkp5n9Su0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:39:e9:3d:7f:2c:b6:7b:2f:8c:06:ea:85:24:81:1f:a0:7e:
         08:75:9c:55:74:af:e5:61:2b:c6:09:98:72:ba:2b:39:1b:2a:
         ed:6e:66:6c:31:f4:82:f7:4c:62:90:66:10:83:7e:a5:9a:c6:
         98:ef:d4:6b:09:dc:af:88:1c:02:4f:86:37:e3:76:31:e5:54:
         5a:a6:58:59:e2:70:d6:42:e8:95:a9:67:2a:f1:cb:36:b6:82:
         e1:e5:6a:63:85:39:f9:f5:d6:0c:b2:2e:91:d5:14:72:ff:47:
         41:a5:4c:21:bc:40:90:5b:b8:70:86:77:5d:4b:c1:55:48:f2:
         21:c6:cc:73:d5:c0:5b:87:c2:1c:92:57:6e:41:6b:51:ea:12:
         82:00:41:36:9b:9b:1c:b3:34:7d:1c:d5:ef:7f:bf:59:c9:c2:
         57:a7:5f:5f:32:8b:7c:7a:ba:53:45:97:fc:90:40:15:9d:49:
         79:69:3a:c5:17:c7:e6:27:80:63:b7:df:a2:d9:9f:15:b4:f4:
         c2:11:61:d8:00:c6:a5:ff:a1:1e:23:4d:af:48:18:b5:7f:c4:
         b0:88:23:27:52:e1:7c:92:a5:c7:fa:b9:67:57:3c:1d:dc:09:
         f1:a9:a7:c7:f7:65:4e:99:30:ba:cb:a7:bf:3e:9f:91:95:6e:
         52:38:0e:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5Lwd9wRTufOPRzEgXjgkrxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjYwNTIxMTgxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjcyZGYwZGFhNzhmNWRkM2E4MGUyZWVlMGE5MjllNjdmNTJiYjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1BV1T+gwRFz3P2TJu+YyLBUsR6x4
r3DkSkSusR9Ycu2YouDqTV2nQlCqtf/Br7vR6/+ACHS5p78RQkV17EJSLTFStjIH
WDHuiHF9WGOftCTxGHv25vA9jB7g88PIG0QcP7Cj7aQe5x2vUvpNZiHnLRbaO+W2
YGLpFVjLuDDmr/kI5BZpNhAaVpPE987tUKgY9ol2fIGAuxxYU/yZMNTGTHLs+3oI
gdIW47ZcfDNdf+OjMrJYbAsgoS9LHQMiELM7lvj8IS/J4kQU7bcbEjiRXQsdVbxg
/nF/pEGrKlGZiXb7lrQy81y7XUOsbdis6caD4qKBgSL5Vtf5i07smNEu2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9y3w2qePXdOoDi7uCpKeZ/UrtDMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvRDNMZkRhcDQ5ZDA2Z09MdTRLa3A1bjlTdTBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEAfMA0G
CSqGSIb3DQEBCwUAA4IBAQB7Oek9fyy2ey+MBuqFJIEfoH4IdZxVdK/lYSvGCZhy
uis5GyrtbmZsMfSC90xikGYQg36lmsaY79RrCdyviBwCT4Y343Yx5VRaplhZ4nDW
QuiVqWcq8cs2toLh5WpjhTn59dYMsi6R1RRy/0dBpUwhvECQW7hwhnddS8FVSPIh
xsxz1cBbh8IcklduQWtR6hKCAEE2m5scszR9HNXvf79ZycJXp19fMot8erpTRZf8
kEAVnUl5aTrFF8fmJ4Bjt9+i2Z8VtPTCEWHYAMal/6EeI02vSBi1f8SwiCMnUuF8
kqXH+rlnVzwd3AnxqafH92VOmTC6y6e/Pp+RlW5SOA6V
-----END CERTIFICATE-----