Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/CwqBliUDh5BCFhQSAK8lYIhDD2M.roa
File:                     CwqBliUDh5BCFhQSAK8lYIhDD2M.roa (raw, json)
Hash identifier:          RYT9KVLpG016sgQlPrH1NTam62r6ZSi25GqPT7k9yxg=
Subject key identifier:   0B:0A:81:96:25:03:87:90:42:16:14:12:00:AF:25:60:88:43:0F:63
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019F282DD108140AADD4618530BC33855089
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/CwqBliUDh5BCFhQSAK8lYIhDD2M.roa
Signing time:             Fri 03 Jul 2026 13:31:59 +0000
ROA not before:           Fri 03 Jul 2026 13:31:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219393
IP address blocks:        189.12.50.0/24 maxlen: 24
                          189.12.53.0/24 maxlen: 24
                          189.12.58.0/24 maxlen: 24
                          191.44.24.0/24 maxlen: 24
                          191.44.27.0/24 maxlen: 24
                          191.44.30.0/24 maxlen: 24
                          191.222.44.0/24 maxlen: 24
                          191.222.243.0/24 maxlen: 24
                          200.102.88.0/24 maxlen: 24
                          200.102.90.0/24 maxlen: 24
                          200.181.85.0/24 maxlen: 24
                          201.14.208.0/24 maxlen: 24
                          201.14.213.0/24 maxlen: 24
                          201.14.221.0/24 maxlen: 24
                          201.24.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:28:2d:d1:08:14:0a:ad:d4:61:85:30:bc:33:85:50:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jul  3 13:31:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b0a8196250387904216141200af256088430f63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9f:2f:97:9f:18:6b:2a:1d:cf:7e:65:c9:79:
                    a7:78:67:22:88:a7:d6:19:46:99:9e:b4:e2:16:22:
                    9f:d2:dc:7a:52:96:45:97:89:3c:78:15:94:32:72:
                    4d:10:46:d5:79:23:e2:e7:5a:71:49:82:58:0f:5c:
                    bd:0f:96:c9:fb:29:56:43:4c:af:8e:a7:2f:c5:73:
                    ff:13:d7:45:17:27:c6:bb:37:85:89:79:b3:a8:a7:
                    31:da:98:08:b4:88:03:c4:12:e8:5d:66:dc:57:df:
                    22:91:cb:04:c5:fb:d6:81:75:a5:1c:84:02:40:bc:
                    f4:6b:0b:e5:4f:ab:ae:95:ee:34:15:5c:bd:30:48:
                    23:6f:10:c9:cf:45:0f:4f:c5:02:18:18:e2:41:37:
                    c1:32:45:6e:5e:09:f7:6b:1a:f7:f7:13:68:b5:6f:
                    66:c5:f9:69:1b:75:85:f1:dc:3d:9d:39:fc:1d:57:
                    cf:5f:0c:4e:d0:83:d3:e0:20:7e:76:6e:fe:c2:09:
                    3c:90:95:e7:a2:cb:da:21:e4:d2:66:5f:d5:8c:93:
                    2d:f9:8e:33:67:a9:45:fc:2d:8c:5e:12:bd:0d:7d:
                    0d:5d:f6:72:aa:8b:b0:de:2f:e9:a2:c9:55:c9:98:
                    c0:3f:fe:f7:04:ae:57:64:9a:1a:63:d1:59:e4:fb:
                    b3:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:0A:81:96:25:03:87:90:42:16:14:12:00:AF:25:60:88:43:0F:63
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/CwqBliUDh5BCFhQSAK8lYIhDD2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.12.50.0/24
                  189.12.53.0/24
                  189.12.58.0/24
                  191.44.24.0/24
                  191.44.27.0/24
                  191.44.30.0/24
                  191.222.44.0/24
                  191.222.243.0/24
                  200.102.88.0/24
                  200.102.90.0/24
                  200.181.85.0/24
                  201.14.208.0/24
                  201.14.213.0/24
                  201.14.221.0/24
                  201.24.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:7c:2a:03:00:52:1a:16:86:1d:42:80:4b:29:20:47:37:ff:
         ea:0b:d8:28:b2:a1:d7:bf:9f:9a:a1:96:e4:82:e1:a0:51:df:
         00:2b:45:0a:7e:ef:e4:32:d1:9d:e2:3d:0f:b8:f3:58:6a:b6:
         8c:90:04:14:29:f3:d8:40:19:01:9b:a0:ec:fe:e1:2c:70:03:
         a7:d3:74:ea:a8:62:f2:5e:44:a5:30:3a:32:ab:9b:68:f4:c5:
         29:a7:ff:e4:13:e4:89:06:d6:83:bb:55:87:b0:9d:b9:cb:5b:
         61:10:00:74:ac:0c:8c:6c:61:88:78:b3:72:db:b2:11:b0:56:
         da:86:5b:20:2c:78:d7:91:6f:5a:2e:09:2c:b0:dc:3d:4d:01:
         5b:f2:c0:39:ae:83:17:9d:16:42:dd:aa:53:4d:a0:40:db:5b:
         4b:d1:ee:4e:68:1a:45:ab:d5:60:01:0f:4a:bb:76:4b:74:3a:
         1c:0a:5a:43:51:87:87:ca:06:41:45:f8:29:ab:4e:93:86:f7:
         51:dd:bb:2e:1c:7d:3b:59:52:43:45:3a:e2:f1:6d:be:49:ec:
         75:d4:48:4f:dd:d3:b7:ba:18:4d:72:af:a7:cd:28:3b:17:ca:
         32:33:cc:37:a8:c4:c7:67:69:15:38:81:af:05:4b:f0:d3:bc:
         5e:47:84:89
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZ8oLdEIFAqt1GGFMLwzhVCJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNzAzMTMzMTU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjBhODE5NjI1MDM4NzkwNDIxNjE0MTIwMGFmMjU2MDg4NDMwZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJ8vl58Yayodz35lyXmneGciiKfW
GUaZnrTiFiKf0tx6UpZFl4k8eBWUMnJNEEbVeSPi51pxSYJYD1y9D5bJ+ylWQ0yv
jqcvxXP/E9dFFyfGuzeFiXmzqKcx2pgItIgDxBLoXWbcV98ikcsExfvWgXWlHIQC
QLz0awvlT6uule40FVy9MEgjbxDJz0UPT8UCGBjiQTfBMkVuXgn3axr39xNotW9m
xflpG3WF8dw9nTn8HVfPXwxO0IPT4CB+dm7+wgk8kJXnosvaIeTSZl/VjJMt+Y4z
Z6lF/C2MXhK9DX0NXfZyqouw3i/poslVyZjAP/73BK5XZJoaY9FZ5PuziQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFAsKgZYlA4eQQhYUEgCvJWCIQw9jMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvQ3dxQmxpVURoNUJDRmhRU0FLOGxZSWhERDJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQAvQwyAwQA
vQw1AwQAvQw6AwQAvywYAwQAvywbAwQAvyweAwQAv94sAwQAv97zAwQAyGZYAwQA
yGZaAwQAyLVVAwQAyQ7QAwQAyQ7VAwQAyQ7dAwQAyRjHMA0GCSqGSIb3DQEBCwUA
A4IBAQCyfCoDAFIaFoYdQoBLKSBHN//qC9gosqHXv5+aoZbkguGgUd8AK0UKfu/k
MtGd4j0PuPNYaraMkAQUKfPYQBkBm6Ds/uEscAOn03TqqGLyXkSlMDoyq5to9MUp
p//kE+SJBtaDu1WHsJ25y1thEAB0rAyMbGGIeLNy27IRsFbahlsgLHjXkW9aLgks
sNw9TQFb8sA5roMXnRZC3apTTaBA21tL0e5OaBpFq9VgAQ9Ku3ZLdDocClpDUYeH
ygZBRfgpq06ThvdR3bsuHH07WVJDRTri8W2+Sex11EhP3dO3uhhNcq+nzSg7F8oy
M8w3qMTHZ2kVOIGvBUvw07xeR4SJ
-----END CERTIFICATE-----
Generated at Fri Jul 3 19:56:20 2026 by rpki-client