Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/x-EgX77ZWLoon_bIDGwpxjZI_4U.roa
File:                     x-EgX77ZWLoon_bIDGwpxjZI_4U.roa (raw, json)
Hash identifier:          +d5+fMdlc7lzQ8j9gBe5lZgGaOFjBIaIyOsh5h30zSI=
Subject key identifier:   C7:E1:20:5F:BE:D9:58:BA:28:9F:F6:C8:0C:6C:29:C6:36:48:FF:85
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019CDD88BF8638FEA49630A405CBC731179A
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/x-EgX77ZWLoon_bIDGwpxjZI_4U.roa
Signing time:             Wed 11 Mar 2026 15:34:12 +0000
ROA not before:           Wed 11 Mar 2026 15:34:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213268
IP address blocks:        185.202.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 09:11:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dd:88:bf:86:38:fe:a4:96:30:a4:05:cb:c7:31:17:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar 11 15:34:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c7e1205fbed958ba289ff6c80c6c29c63648ff85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:34:b2:ee:08:56:88:0c:ff:01:0c:e0:d3:8e:
                    bc:c1:c5:99:e8:80:73:e0:45:b4:de:4f:8a:c9:38:
                    25:85:41:7c:f3:9a:b8:b0:1d:a9:81:dc:f2:bd:2d:
                    ba:8e:11:7c:49:7d:22:ab:65:a3:08:5c:62:c9:2a:
                    0c:8b:fe:bb:79:65:fe:b3:8d:54:5b:35:de:ff:d5:
                    47:e3:8e:0b:db:fc:a4:7d:36:61:0e:10:01:0f:4e:
                    e0:36:67:2f:65:78:1d:59:b1:88:80:69:47:bd:56:
                    5c:29:22:75:47:90:07:a5:57:27:63:55:37:d0:f7:
                    c8:b3:bc:a2:72:14:94:0a:a8:27:b5:c3:2e:7e:df:
                    3c:0e:5b:34:1c:f7:41:6c:30:34:26:af:fb:93:65:
                    a0:58:28:79:cd:4a:4b:38:94:34:69:5e:48:63:3f:
                    ad:e9:48:41:c4:9f:69:76:13:a9:00:b3:6c:71:d4:
                    07:2e:bb:b0:a0:08:53:e4:c1:6f:8e:00:87:6c:41:
                    c6:7e:53:ba:0e:1a:d1:cc:fd:44:f3:9b:09:bf:5f:
                    67:5b:04:52:f8:d9:39:f8:9d:c8:f5:75:0c:f0:ed:
                    82:08:67:ae:03:37:92:80:87:ff:00:0a:59:aa:7e:
                    50:e3:4e:f0:b7:f2:c6:d5:4b:7c:07:87:d9:1d:05:
                    c7:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:E1:20:5F:BE:D9:58:BA:28:9F:F6:C8:0C:6C:29:C6:36:48:FF:85
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/x-EgX77ZWLoon_bIDGwpxjZI_4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:b5:05:d2:24:f6:f9:fb:47:e4:d8:44:66:75:aa:60:6a:65:
         6f:42:0b:47:4b:b7:cb:1b:fe:73:0a:60:e6:aa:21:fb:93:73:
         06:6f:7b:e3:3a:5d:4a:16:57:c8:66:8b:72:f5:71:e1:07:92:
         a1:2e:e4:77:16:6e:88:4b:17:fc:6d:ab:41:76:e9:e9:64:06:
         54:3f:75:6f:c8:0a:35:5b:5a:20:dd:b3:93:87:50:02:91:81:
         5e:a6:55:40:c7:eb:8f:d6:85:0c:2d:af:c8:ce:74:ba:7f:4d:
         ab:97:66:a1:61:b9:3a:c3:26:9d:72:0c:77:1d:1d:9f:3c:ed:
         90:c1:1b:58:92:1f:7c:9a:ca:44:4d:e9:c7:ef:91:2e:89:c6:
         0f:8b:fa:64:82:bb:21:e7:a5:44:5d:1c:54:f2:6f:5d:c6:64:
         99:1c:ab:9d:7a:d1:fb:e3:d0:22:94:c9:fd:17:73:36:a4:60:
         3f:42:46:a8:62:87:98:76:55:b1:83:da:a3:b4:13:00:6c:af:
         39:e9:a3:93:0e:7a:b0:f4:1f:77:8d:80:0d:b8:e7:c0:ce:ac:
         f5:fa:b5:8d:6a:65:c2:ff:6d:01:30:22:76:54:bd:28:1a:62:
         eb:b1:82:c5:5e:6e:a6:06:5a:c0:31:dd:c4:c3:28:7d:70:5a:
         75:ce:9f:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzdiL+GOP6kljCkBcvHMReaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMzExMTUzNDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2UxMjA1ZmJlZDk1OGJhMjg5ZmY2YzgwYzZjMjljNjM2NDhmZjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6zSy7ghWiAz/AQzg0468wcWZ6IBz
4EW03k+KyTglhUF885q4sB2pgdzyvS26jhF8SX0iq2WjCFxiySoMi/67eWX+s41U
WzXe/9VH444L2/ykfTZhDhABD07gNmcvZXgdWbGIgGlHvVZcKSJ1R5AHpVcnY1U3
0PfIs7yichSUCqgntcMuft88Dls0HPdBbDA0Jq/7k2WgWCh5zUpLOJQ0aV5IYz+t
6UhBxJ9pdhOpALNscdQHLruwoAhT5MFvjgCHbEHGflO6DhrRzP1E85sJv19nWwRS
+Nk5+J3I9XUM8O2CCGeuAzeSgIf/AApZqn5Q407wt/LG1Ut8B4fZHQXHMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMfhIF++2Vi6KJ/2yAxsKcY2SP+FMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEveC1FZ1g3N1pXTG9vbl9iSURHd3B4alpJXzRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucrMMA0G
CSqGSIb3DQEBCwUAA4IBAQBltQXSJPb5+0fk2ERmdapgamVvQgtHS7fLG/5zCmDm
qiH7k3MGb3vjOl1KFlfIZoty9XHhB5KhLuR3Fm6ISxf8batBdunpZAZUP3VvyAo1
W1og3bOTh1ACkYFeplVAx+uP1oUMLa/IznS6f02rl2ahYbk6wyadcgx3HR2fPO2Q
wRtYkh98mspETenH75EuicYPi/pkgrsh56VEXRxU8m9dxmSZHKudetH749AilMn9
F3M2pGA/QkaoYoeYdlWxg9qjtBMAbK856aOTDnqw9B93jYANuOfAzqz1+rWNamXC
/20BMCJ2VL0oGmLrsYLFXm6mBlrAMd3Ewyh9cFp1zp8Q
-----END CERTIFICATE-----