Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/eia_fV3J6QtXtodXFUIFD_wrfEg.roa
File:                     eia_fV3J6QtXtodXFUIFD_wrfEg.roa (raw, json)
Hash identifier:          7jzapu2eTtJ+Iinqi8HWyBmAR9+j2N/5EtKMMopdbAw=
Subject key identifier:   7A:26:BF:7D:5D:C9:E9:0B:57:B6:87:57:15:42:05:0F:FC:2B:7C:48
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       019EA902C701AE4AADEBD75D1869762BED57
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/eia_fV3J6QtXtodXFUIFD_wrfEg.roa
Signing time:             Mon 08 Jun 2026 20:53:11 +0000
ROA not before:           Mon 08 Jun 2026 20:53:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205007
IP address blocks:        132.243.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 10:27:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a9:02:c7:01:ae:4a:ad:eb:d7:5d:18:69:76:2b:ed:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Jun  8 20:53:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a26bf7d5dc9e90b57b687571542050ffc2b7c48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:23:16:c5:30:aa:54:10:34:87:10:04:a6:9c:
                    8c:2d:bc:0b:00:6b:dd:14:dc:a8:e1:a7:fd:19:d7:
                    84:d4:7b:ee:9c:cc:64:b6:b0:16:f7:79:0c:12:4a:
                    15:3b:a5:82:9f:24:4b:1f:dc:6c:e5:46:bf:de:fa:
                    ae:78:5a:8e:d9:ad:af:a5:cd:dd:7e:84:ab:af:b4:
                    a8:58:81:e5:8f:e1:11:83:ff:66:54:f2:9c:a7:c1:
                    11:7d:15:79:80:52:d7:18:84:e9:d9:0c:93:c6:64:
                    36:40:64:d0:bf:eb:77:dc:8c:de:01:65:9a:22:69:
                    7c:af:28:09:eb:1d:dc:be:49:e3:d6:3a:20:ed:8b:
                    62:e4:e3:ce:ee:4a:69:a5:e8:ee:22:24:18:61:86:
                    0f:11:ad:a7:25:33:e2:e1:dd:f5:58:f2:d8:89:e8:
                    cc:41:18:02:9a:0b:db:22:13:3e:a3:cc:14:11:4d:
                    b5:82:fa:a8:d4:f0:b9:33:c0:db:28:53:2e:36:0e:
                    af:c0:64:d4:6d:e3:49:bd:ad:d7:d1:55:f8:bc:5b:
                    21:75:23:0d:d8:db:27:6c:08:08:0a:15:74:6e:40:
                    b7:5f:c9:be:ca:c8:1f:8d:f7:01:56:0b:de:e2:41:
                    10:04:91:47:b4:4f:ad:15:e8:1e:98:06:a1:69:7f:
                    78:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:26:BF:7D:5D:C9:E9:0B:57:B6:87:57:15:42:05:0F:FC:2B:7C:48
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/eia_fV3J6QtXtodXFUIFD_wrfEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.243.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:b5:a4:46:d8:f6:5b:74:d2:40:97:4b:c5:3a:4c:72:6e:d0:
         e9:f0:9d:61:5d:cb:0e:08:24:02:1c:72:39:83:87:bf:d9:1b:
         2d:7f:9a:49:6f:5f:94:3a:14:24:9a:1e:4b:b0:d3:46:23:ac:
         e7:f8:32:b6:09:5b:9e:18:4c:3b:5b:60:28:b4:9a:71:f8:87:
         54:f9:90:2b:4b:7d:9a:96:50:25:8f:1f:65:1e:9a:43:99:6b:
         57:11:aa:f8:e6:da:c3:c3:07:37:67:60:1f:8e:05:5d:65:b8:
         c0:34:2a:07:8b:33:59:4b:b3:bc:8f:84:4a:51:b8:27:a8:33:
         f5:29:86:f0:11:52:da:98:96:b7:67:37:c0:82:f4:fd:3d:51:
         55:01:80:40:b8:9b:4b:a7:10:d7:34:06:6d:e4:51:1d:29:6a:
         1d:e0:bc:f1:d6:6f:86:60:71:95:e5:b5:0e:64:eb:82:ce:80:
         e3:ee:24:50:8b:a9:23:69:b0:ac:f7:ba:13:16:d8:86:5c:ec:
         b1:42:d5:cf:f5:68:c2:0f:91:27:da:05:3a:2a:73:20:ea:c1:
         47:65:b2:c5:73:a0:b2:c3:fb:96:4b:cd:44:0a:0c:77:c6:1f:
         17:00:1f:d0:10:28:cb:c8:43:fc:53:79:1e:d5:b9:2d:2c:7d:
         ec:2a:2d:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6pAscBrkqt69ddGGl2K+1XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwNjA4MjA1MzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTI2YmY3ZDVkYzllOTBiNTdiNjg3NTcxNTQyMDUwZmZjMmI3YzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySMWxTCqVBA0hxAEppyMLbwLAGvd
FNyo4af9GdeE1HvunMxktrAW93kMEkoVO6WCnyRLH9xs5Ua/3vqueFqO2a2vpc3d
foSrr7SoWIHlj+ERg/9mVPKcp8ERfRV5gFLXGITp2QyTxmQ2QGTQv+t33IzeAWWa
Iml8rygJ6x3cvknj1jog7Yti5OPO7kpppejuIiQYYYYPEa2nJTPi4d31WPLYiejM
QRgCmgvbIhM+o8wUEU21gvqo1PC5M8DbKFMuNg6vwGTUbeNJva3X0VX4vFshdSMN
2NsnbAgIChV0bkC3X8m+ysgfjfcBVgve4kEQBJFHtE+tFegemAahaX94NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHomv31dyekLV7aHVxVCBQ/8K3xIMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvZWlhX2ZWM0o2UXRYdG9kWEZVSUZEX3dyZkVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhPPcMA0G
CSqGSIb3DQEBCwUAA4IBAQCrtaRG2PZbdNJAl0vFOkxybtDp8J1hXcsOCCQCHHI5
g4e/2Rstf5pJb1+UOhQkmh5LsNNGI6zn+DK2CVueGEw7W2AotJpx+IdU+ZArS32a
llAljx9lHppDmWtXEar45trDwwc3Z2AfjgVdZbjANCoHizNZS7O8j4RKUbgnqDP1
KYbwEVLamJa3ZzfAgvT9PVFVAYBAuJtLpxDXNAZt5FEdKWod4Lzx1m+GYHGV5bUO
ZOuCzoDj7iRQi6kjabCs97oTFtiGXOyxQtXP9WjCD5En2gU6KnMg6sFHZbLFc6Cy
w/uWS81ECgx3xh8XAB/QECjLyEP8U3ke1bktLH3sKi3S
-----END CERTIFICATE-----