Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Eeoq0B51TUlG9ia7lUevGhIEFnc.roa
File:                     Eeoq0B51TUlG9ia7lUevGhIEFnc.roa (raw, json)
Hash identifier:          CyQ1LIuhNXFdWfAlW4VBkUglL1yVMugHZabDgqPEDz4=
Subject key identifier:   11:EA:2A:D0:1E:75:4D:49:46:F6:26:BB:95:47:AF:1A:12:04:16:77
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       019CF8C201601AB89B651C15070C024CAAC6
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Eeoq0B51TUlG9ia7lUevGhIEFnc.roa
Signing time:             Mon 16 Mar 2026 22:26:29 +0000
ROA not before:           Mon 16 Mar 2026 22:26:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62172
IP address blocks:        128.0.117.0/24 maxlen: 32
                          185.120.15.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Mar 2026 14:33:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f8:c2:01:60:1a:b8:9b:65:1c:15:07:0c:02:4c:aa:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Mar 16 22:26:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=11ea2ad01e754d4946f626bb9547af1a12041677
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:5f:f8:c1:21:93:bc:0d:04:8f:e9:f5:49:95:
                    54:fa:8f:54:a8:13:a8:d7:a0:17:61:0b:bc:e3:25:
                    96:9c:6d:6e:bb:84:0d:45:0b:3e:3f:c9:e4:51:f5:
                    de:c8:60:07:9a:6e:3a:3b:9a:99:16:3e:2d:52:c5:
                    0f:ad:3f:d6:7d:fa:bb:9d:58:cc:24:45:5c:e6:11:
                    a6:a0:12:cb:22:ac:20:30:d0:f0:65:7d:ab:27:e3:
                    5a:7c:8f:cd:fa:c1:80:ae:b6:4e:bd:88:0b:16:72:
                    d1:c7:28:a5:72:c5:dd:53:17:05:70:ce:6e:b7:7c:
                    71:89:12:54:75:c8:a8:56:82:2c:a8:7f:20:7c:85:
                    76:7e:9d:af:5f:3c:d6:59:ab:f1:79:b9:3a:b2:da:
                    cc:0a:3b:48:d1:3e:ca:cf:99:93:60:b0:b0:81:fd:
                    c4:07:ce:61:c8:ca:85:ec:18:33:f6:dc:e9:08:2d:
                    c3:f1:79:56:35:43:69:e9:d7:0c:09:72:32:a8:7c:
                    0f:14:cf:b8:8b:ca:fe:c0:24:2b:ae:f2:47:23:f6:
                    12:53:99:af:cd:37:cd:04:bf:19:97:97:94:22:49:
                    fe:e2:c8:f7:e9:e5:7b:cc:7c:f7:7c:37:da:ea:a8:
                    8a:2e:7b:80:39:69:92:a9:da:c2:34:c1:d1:30:86:
                    95:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:EA:2A:D0:1E:75:4D:49:46:F6:26:BB:95:47:AF:1A:12:04:16:77
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Eeoq0B51TUlG9ia7lUevGhIEFnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.0.117.0/24
                  185.120.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:86:64:ba:69:da:6e:7d:70:0e:1f:13:11:e7:da:36:8f:cc:
         99:33:73:e0:bf:77:44:6c:b2:32:eb:d9:3f:00:34:40:36:2e:
         c8:78:43:8c:2f:6f:9e:80:03:a8:b0:8e:46:e6:92:5a:63:db:
         5b:de:6a:04:b5:d1:e1:f9:96:13:50:68:16:3d:59:7a:18:65:
         28:5d:85:e4:b3:86:ee:a1:e1:cf:28:bb:97:42:b5:5b:26:75:
         50:0d:23:ba:d3:06:e4:80:2a:6d:1a:43:30:57:f9:9a:af:0b:
         15:85:2c:43:0f:20:6e:79:0c:cc:94:1c:e9:36:c2:a1:44:10:
         c6:02:a5:8a:45:6e:54:99:31:c5:19:d1:cd:cd:48:cf:9b:f3:
         f6:8b:a5:0f:d1:b6:08:5c:46:54:73:3e:37:8c:9c:93:5e:24:
         0e:cf:4e:6a:15:de:b0:d3:ae:45:3f:6f:fd:65:63:2a:20:82:
         c8:6d:7b:20:31:4c:e9:62:57:8b:0c:28:6a:f9:99:89:d2:a8:
         54:8b:02:3a:e3:e5:a3:47:c6:9f:aa:e5:2b:b5:db:3f:b3:d2:
         62:44:bc:46:1a:67:e9:45:82:19:d6:38:ca:b2:8e:39:23:c2:
         bd:74:c0:4e:d2:84:5c:e7:43:8f:a3:d2:ea:c9:dd:1f:a2:63:
         8c:40:04:05
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZz4wgFgGribZRwVBwwCTKrGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjYwMzE2MjIyNjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWVhMmFkMDFlNzU0ZDQ5NDZmNjI2YmI5NTQ3YWYxYTEyMDQxNjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzl/4wSGTvA0Ej+n1SZVU+o9UqBOo
16AXYQu84yWWnG1uu4QNRQs+P8nkUfXeyGAHmm46O5qZFj4tUsUPrT/Wffq7nVjM
JEVc5hGmoBLLIqwgMNDwZX2rJ+NafI/N+sGArrZOvYgLFnLRxyilcsXdUxcFcM5u
t3xxiRJUdcioVoIsqH8gfIV2fp2vXzzWWavxebk6strMCjtI0T7Kz5mTYLCwgf3E
B85hyMqF7Bgz9tzpCC3D8XlWNUNp6dcMCXIyqHwPFM+4i8r+wCQrrvJHI/YSU5mv
zTfNBL8Zl5eUIkn+4sj36eV7zHz3fDfa6qiKLnuAOWmSqdrCNMHRMIaVbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBHqKtAedU1JRvYmu5VHrxoSBBZ3MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvRWVvcTBCNTFUVWxHOWlhN2xVZXZHaElFRm5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAgAB1AwQA
uXgPMA0GCSqGSIb3DQEBCwUAA4IBAQBShmS6adpufXAOHxMR59o2j8yZM3Pgv3dE
bLIy69k/ADRANi7IeEOML2+egAOosI5G5pJaY9tb3moEtdHh+ZYTUGgWPVl6GGUo
XYXks4buoeHPKLuXQrVbJnVQDSO60wbkgCptGkMwV/marwsVhSxDDyBueQzMlBzp
NsKhRBDGAqWKRW5UmTHFGdHNzUjPm/P2i6UP0bYIXEZUcz43jJyTXiQOz05qFd6w
065FP2/9ZWMqIILIbXsgMUzpYleLDChq+ZmJ0qhUiwI64+WjR8afquUrtds/s9Ji
RLxGGmfpRYIZ1jjKso45I8K9dMBO0oRc50OPo9Lqyd0fomOMQAQF
-----END CERTIFICATE-----