Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/04CYHBavsctzoWw-0DlY0E8n4_E.roa
File:                     04CYHBavsctzoWw-0DlY0E8n4_E.roa (raw, json)
Hash identifier:          u0x/3cnpoFJq8ysGrrT6NvCdgfuMAhrJs0HNPCNewGQ=
Subject key identifier:   D3:80:98:1C:16:AF:B1:CB:73:A1:6C:3E:D0:39:58:D0:4F:27:E3:F1
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019D68D767BBFE6942FDDD6DEA4314A671CF
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/04CYHBavsctzoWw-0DlY0E8n4_E.roa
Signing time:             Tue 07 Apr 2026 16:47:20 +0000
ROA not before:           Tue 07 Apr 2026 16:47:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40352
IP address blocks:        77.111.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 17:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:68:d7:67:bb:fe:69:42:fd:dd:6d:ea:43:14:a6:71:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Apr  7 16:47:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d380981c16afb1cb73a16c3ed03958d04f27e3f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d8:56:0a:d9:e1:49:bd:fc:f3:10:1e:50:cc:
                    ef:5b:95:99:04:5b:18:71:4c:da:c0:eb:14:ab:a2:
                    29:73:c0:7e:40:3c:94:3c:66:7b:55:44:30:f7:20:
                    6f:5b:89:8b:d7:46:4b:c0:f9:02:e8:28:5d:1d:cf:
                    38:92:d4:2b:cc:e9:d0:4d:f2:f8:c0:e7:ae:ba:35:
                    15:04:c3:dd:3e:b1:d2:6a:00:cf:5d:03:ca:9c:c9:
                    e5:3b:7e:01:cf:7f:09:4e:99:4e:db:8c:53:7b:5f:
                    82:7b:cf:41:90:ea:bf:9d:4f:48:37:c8:24:da:24:
                    08:45:95:55:d1:a2:83:26:1f:e7:54:c2:60:ed:a4:
                    c2:4b:84:3e:3b:26:7a:e2:ce:e6:8e:d2:ae:e0:f5:
                    21:97:89:83:43:03:b7:33:40:cd:71:5d:d0:7d:f2:
                    95:e2:3f:6b:16:b7:9a:10:60:2e:c2:91:d4:5c:4c:
                    a5:f2:17:64:50:25:fc:98:15:81:cb:8d:b6:c1:12:
                    7b:d5:b2:f4:81:e5:2a:0d:db:a8:bf:83:16:95:ae:
                    6a:90:d3:6f:bf:29:74:bb:c1:0d:28:71:9b:16:50:
                    63:c4:cb:ba:00:a6:9b:ec:d0:f0:74:5d:2a:9a:e2:
                    33:4a:f2:58:99:5f:77:c7:cc:85:11:a3:d9:51:60:
                    ae:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:80:98:1C:16:AF:B1:CB:73:A1:6C:3E:D0:39:58:D0:4F:27:E3:F1
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/04CYHBavsctzoWw-0DlY0E8n4_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:ea:db:02:b1:9f:6a:33:1d:e5:61:4c:56:ea:6c:f6:39:22:
         73:30:7b:85:d4:f8:24:c6:39:2f:c9:e9:dd:ac:11:3e:e2:b2:
         27:1c:65:fc:46:cc:4e:cc:7d:10:17:2c:e6:41:f8:0e:68:d0:
         ca:b4:66:b0:6f:e6:f2:77:98:96:4f:d5:73:87:46:12:e4:01:
         25:45:81:49:4e:40:80:00:16:20:bd:cd:cf:1b:6b:c7:60:2d:
         76:c7:1c:80:99:63:64:8c:ff:9a:14:87:28:56:9b:84:10:81:
         59:6c:f1:b5:85:47:47:f6:85:3e:61:1e:fd:c5:14:51:34:d9:
         f7:3c:35:18:6d:7e:53:fb:94:4e:53:9e:63:a0:c2:6b:b7:d1:
         b8:e8:1d:aa:4b:b6:20:4a:e5:0d:a7:c5:6f:74:fe:c3:2d:88:
         98:fb:04:a4:e3:af:62:42:4a:b6:f2:39:ba:2f:23:5c:d3:6f:
         77:c1:c7:b0:75:3a:f2:73:b1:b7:61:c4:c9:4c:b9:d9:10:bd:
         d2:ed:25:c1:2e:c9:03:9b:e0:3c:d2:85:ad:54:46:62:05:f7:
         18:86:4a:63:ec:ae:64:cf:80:e8:31:7c:0d:ff:a0:d0:3f:4b:
         2f:70:af:ed:fa:61:c9:57:c2:ab:d9:ea:b5:20:e1:31:68:87:
         3b:99:6a:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1o12e7/mlC/d1t6kMUpnHPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNDA3MTY0NzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzgwOTgxYzE2YWZiMWNiNzNhMTZjM2VkMDM5NThkMDRmMjdlM2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9hWCtnhSb388xAeUMzvW5WZBFsY
cUzawOsUq6Ipc8B+QDyUPGZ7VUQw9yBvW4mL10ZLwPkC6ChdHc84ktQrzOnQTfL4
wOeuujUVBMPdPrHSagDPXQPKnMnlO34Bz38JTplO24xTe1+Ce89BkOq/nU9IN8gk
2iQIRZVV0aKDJh/nVMJg7aTCS4Q+OyZ64s7mjtKu4PUhl4mDQwO3M0DNcV3QffKV
4j9rFreaEGAuwpHUXEyl8hdkUCX8mBWBy422wRJ71bL0geUqDduov4MWla5qkNNv
vyl0u8ENKHGbFlBjxMu6AKab7NDwdF0qmuIzSvJYmV93x8yFEaPZUWCuQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNOAmBwWr7HLc6FsPtA5WNBPJ+PxMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvMDRDWUhCYXZzY3R6b1d3LTBEbFkwRThuNF9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATW9kMA0G
CSqGSIb3DQEBCwUAA4IBAQAn6tsCsZ9qMx3lYUxW6mz2OSJzMHuF1Pgkxjkvyend
rBE+4rInHGX8RsxOzH0QFyzmQfgOaNDKtGawb+byd5iWT9Vzh0YS5AElRYFJTkCA
ABYgvc3PG2vHYC12xxyAmWNkjP+aFIcoVpuEEIFZbPG1hUdH9oU+YR79xRRRNNn3
PDUYbX5T+5ROU55joMJrt9G46B2qS7YgSuUNp8VvdP7DLYiY+wSk469iQkq28jm6
LyNc0293wcewdTryc7G3YcTJTLnZEL3S7SXBLskDm+A80oWtVEZiBfcYhkpj7K5k
z4DoMXwN/6DQP0svcK/t+mHJV8Kr2eq1IOExaIc7mWpC
-----END CERTIFICATE-----