Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/2JlbQ0fBJi6V-7hmbFZWczcv6dE.roa
File:                     2JlbQ0fBJi6V-7hmbFZWczcv6dE.roa (raw, json)
Hash identifier:          u5kxF+wCUWqkfxcsd+bwrzuTzlPXtXhnlI1PkJLP6fU=
Subject key identifier:   D8:99:5B:43:47:C1:26:2E:95:FB:B8:66:6C:56:56:73:37:2F:E9:D1
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019ED0F76FC7E2318F07E5C2F4DFA752B20D
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/2JlbQ0fBJi6V-7hmbFZWczcv6dE.roa
Signing time:             Tue 16 Jun 2026 15:05:37 +0000
ROA not before:           Tue 16 Jun 2026 15:05:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204765
IP address blocks:        191.44.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 14:33:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d0:f7:6f:c7:e2:31:8f:07:e5:c2:f4:df:a7:52:b2:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jun 16 15:05:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8995b4347c1262e95fbb8666c565673372fe9d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ac:e0:ed:61:b3:2c:6f:96:87:be:bc:b2:c0:
                    4f:61:f0:c3:51:df:d7:75:a8:44:fd:cf:1d:c6:15:
                    3c:81:2d:33:19:64:4c:86:d0:7f:64:e6:4d:d4:6f:
                    4f:58:76:24:40:36:e6:b6:72:bb:79:da:25:88:ac:
                    14:d6:22:21:94:a0:45:ae:3f:51:58:fe:d6:64:2f:
                    21:18:75:f8:02:04:8e:8c:d5:76:dd:63:bf:95:e4:
                    9d:2e:31:4c:4f:02:bb:c7:d5:e5:2f:84:14:5b:ec:
                    91:b7:c0:1a:d9:b7:ca:c2:d4:7e:30:5d:22:31:f7:
                    d5:a2:18:a7:10:5a:61:eb:b3:40:15:f8:9d:85:78:
                    27:ba:b4:6a:a8:4e:96:05:11:a5:7b:cd:40:f3:b8:
                    cf:1f:0d:95:c9:ae:ba:76:7a:aa:46:53:b0:f6:19:
                    a3:39:cf:ee:9b:07:22:79:98:98:18:0c:75:72:17:
                    3c:2c:97:8c:b3:a0:cb:87:00:1b:d1:47:d5:df:3d:
                    4a:fe:86:df:93:2f:d4:0f:d1:2e:d1:21:c2:04:f0:
                    d6:a2:74:69:34:21:19:33:be:fd:0c:15:72:f7:70:
                    cb:d5:06:bd:01:a0:40:2c:dc:5f:a2:fe:3f:bd:99:
                    4c:e9:ef:cd:20:0e:38:76:3e:60:14:48:cd:51:fe:
                    b0:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:99:5B:43:47:C1:26:2E:95:FB:B8:66:6C:56:56:73:37:2F:E9:D1
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/2JlbQ0fBJi6V-7hmbFZWczcv6dE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.44.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:a5:00:35:df:ff:f8:02:25:4f:38:19:d2:e5:43:f4:ba:cd:
         11:b8:dd:fc:a7:1c:50:e8:cb:c1:8b:76:34:6d:14:cc:4b:cd:
         f1:62:09:d7:a5:67:cf:66:97:61:98:89:7e:05:98:91:ca:6d:
         e1:ca:02:b1:ff:b3:9f:88:2b:ee:91:b9:ac:e4:5c:93:a8:99:
         00:71:eb:2a:92:69:f2:fa:08:57:fa:92:ae:6d:20:74:98:dc:
         8e:74:10:6a:36:54:1b:70:66:64:79:91:f7:41:4b:6f:2c:1e:
         86:45:d7:d0:55:e4:b4:d0:69:6d:3c:49:56:c1:e9:fb:9c:8f:
         86:dc:78:e0:cd:1e:a7:04:72:e2:63:4f:02:29:fc:77:82:b5:
         23:ec:f9:6a:6d:a2:4b:9e:b5:a0:4c:b3:ed:49:fc:c7:13:4f:
         2c:40:ef:98:f8:76:a2:b3:10:ae:9a:4c:56:86:27:69:0a:cd:
         f9:6c:13:53:22:6b:cf:0a:fa:93:17:d4:b8:ce:e3:ad:a8:a2:
         f7:95:b4:7e:02:5a:99:aa:ef:42:21:89:3b:2a:7e:9e:64:e8:
         49:e3:16:da:b9:1a:6f:f0:c2:e4:48:79:80:0d:6f:e2:cf:5a:
         bc:58:a4:86:5a:c3:c4:5e:43:d5:48:0a:0f:da:25:22:92:f9:
         10:d7:b3:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7Q92/H4jGPB+XC9N+nUrINMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNjE2MTUwNTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODk5NWI0MzQ3YzEyNjJlOTVmYmI4NjY2YzU2NTY3MzM3MmZlOWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqzg7WGzLG+Wh768ssBPYfDDUd/X
dahE/c8dxhU8gS0zGWRMhtB/ZOZN1G9PWHYkQDbmtnK7edoliKwU1iIhlKBFrj9R
WP7WZC8hGHX4AgSOjNV23WO/leSdLjFMTwK7x9XlL4QUW+yRt8Aa2bfKwtR+MF0i
MffVohinEFph67NAFfidhXgnurRqqE6WBRGle81A87jPHw2Vya66dnqqRlOw9hmj
Oc/umwcieZiYGAx1chc8LJeMs6DLhwAb0UfV3z1K/obfky/UD9Eu0SHCBPDWonRp
NCEZM779DBVy93DL1Qa9AaBALNxfov4/vZlM6e/NIA44dj5gFEjNUf6wmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNiZW0NHwSYulfu4ZmxWVnM3L+nRMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvMkpsYlEwZkJKaTZWLTdobWJGWldjemN2NmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvywfMA0G
CSqGSIb3DQEBCwUAA4IBAQC2pQA13//4AiVPOBnS5UP0us0RuN38pxxQ6MvBi3Y0
bRTMS83xYgnXpWfPZpdhmIl+BZiRym3hygKx/7OfiCvukbms5FyTqJkAcesqkmny
+ghX+pKubSB0mNyOdBBqNlQbcGZkeZH3QUtvLB6GRdfQVeS00GltPElWwen7nI+G
3HjgzR6nBHLiY08CKfx3grUj7PlqbaJLnrWgTLPtSfzHE08sQO+Y+HaisxCumkxW
hidpCs35bBNTImvPCvqTF9S4zuOtqKL3lbR+AlqZqu9CIYk7Kn6eZOhJ4xbauRpv
8MLkSHmADW/iz1q8WKSGWsPEXkPVSAoP2iUikvkQ17Pa
-----END CERTIFICATE-----