Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/UCZoxRlA7QYjRnc6usD5Vn9TTIc.roa
File:                     UCZoxRlA7QYjRnc6usD5Vn9TTIc.roa (raw, json)
Hash identifier:          qM+Mc9mxG96Az/kyR6+Vbs+z63AGRqliXG62VtscAVk=
Subject key identifier:   50:26:68:C5:19:40:ED:06:23:46:77:3A:BA:C0:F9:56:7F:53:4C:87
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019EF5204EC08A23EF03909E5B58B95E6904
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/UCZoxRlA7QYjRnc6usD5Vn9TTIc.roa
Signing time:             Tue 23 Jun 2026 15:36:35 +0000
ROA not before:           Tue 23 Jun 2026 15:36:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219476
IP address blocks:        191.222.243.0/24 maxlen: 24
                          201.24.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f5:20:4e:c0:8a:23:ef:03:90:9e:5b:58:b9:5e:69:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jun 23 15:36:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=502668c51940ed062346773abac0f9567f534c87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:31:59:d3:13:a6:cf:f6:b5:db:b0:f9:80:16:
                    dd:bc:6b:9f:a1:10:80:72:38:8c:e0:c9:56:9d:36:
                    26:27:32:d4:cb:ea:53:8f:4f:fe:40:80:7b:81:c2:
                    e0:82:34:9d:e4:76:fd:d0:92:48:52:2c:d7:35:e4:
                    ef:88:47:f3:8f:a1:8f:72:11:5c:b8:38:e7:22:4d:
                    dc:8a:39:f3:05:63:cd:76:82:93:65:18:8f:46:19:
                    d2:c6:4c:57:a3:19:b8:8a:c2:ba:48:2b:aa:60:1e:
                    ac:99:c7:78:a0:ae:df:05:71:02:e6:3e:be:9a:e4:
                    4b:77:f1:f9:6e:7f:1d:2d:57:22:15:a1:aa:0b:2d:
                    2b:8e:6c:bd:53:a5:26:a8:08:54:3d:97:1c:5e:fb:
                    1c:5b:2c:78:3b:90:f5:1a:ac:c9:c5:ea:03:f2:2d:
                    2e:11:15:ca:ac:d6:f7:d7:54:b7:15:fc:56:08:d4:
                    9f:3f:a7:a3:5f:e5:a4:fe:5f:80:e9:6e:73:bd:95:
                    8c:a2:a6:0e:b9:b0:46:d4:64:d3:f7:52:0c:d7:7c:
                    42:47:9d:75:bd:0d:b3:ff:1f:47:f0:31:29:49:70:
                    e1:6f:20:f8:c5:8c:32:dc:78:27:c7:06:71:44:ec:
                    e1:ca:97:6d:fa:2a:6e:96:6d:3d:df:72:ee:ba:fc:
                    bc:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:26:68:C5:19:40:ED:06:23:46:77:3A:BA:C0:F9:56:7F:53:4C:87
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/UCZoxRlA7QYjRnc6usD5Vn9TTIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.222.243.0/24
                  201.24.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:37:f7:0a:69:cf:35:89:f2:3c:4f:3a:1f:52:70:43:7b:74:
         94:e2:75:5f:ff:25:54:a1:96:98:0d:fc:b6:00:21:23:55:4d:
         b5:c3:1d:ef:29:37:de:cf:86:dd:8e:87:a4:be:61:2f:88:ce:
         49:4c:75:51:35:42:79:e1:e8:9b:93:6a:e2:84:38:a8:1a:7e:
         95:7d:f7:da:f0:5a:0c:db:c7:50:5d:fa:10:5a:68:04:df:6a:
         0c:e7:10:31:a1:35:50:1f:40:d1:a7:df:3e:c5:01:ea:21:9b:
         80:c4:bb:62:8c:aa:49:96:3f:96:17:71:e2:42:18:f8:3d:23:
         87:1d:83:d7:10:21:d1:f6:65:0e:ea:f3:fc:c6:dd:68:ca:28:
         bb:d4:e4:85:75:88:fb:02:18:48:dc:56:5e:74:22:ba:b7:83:
         0e:f1:b2:c1:ac:a8:b1:6a:c8:f3:2e:0b:8e:d8:97:b1:6a:87:
         f8:35:c9:7b:cc:e0:a0:2e:00:1d:34:b5:d6:e2:9c:fb:ea:24:
         34:1b:6f:74:e7:ec:74:a4:19:8b:a5:11:22:51:5c:02:83:f7:
         c9:a6:e0:14:21:6e:0d:4c:ee:23:70:61:a2:e0:51:72:eb:7c:
         90:45:b0:42:a9:d0:4f:5a:9d:05:c9:d1:e1:8e:e0:a9:d4:18:
         25:09:5d:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ71IE7AiiPvA5CeW1i5XmkEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNjIzMTUzNjM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDI2NjhjNTE5NDBlZDA2MjM0Njc3M2FiYWMwZjk1NjdmNTM0Yzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7zFZ0xOmz/a127D5gBbdvGufoRCA
cjiM4MlWnTYmJzLUy+pTj0/+QIB7gcLggjSd5Hb90JJIUizXNeTviEfzj6GPchFc
uDjnIk3cijnzBWPNdoKTZRiPRhnSxkxXoxm4isK6SCuqYB6smcd4oK7fBXEC5j6+
muRLd/H5bn8dLVciFaGqCy0rjmy9U6UmqAhUPZccXvscWyx4O5D1GqzJxeoD8i0u
ERXKrNb311S3FfxWCNSfP6ejX+Wk/l+A6W5zvZWMoqYOubBG1GTT91IM13xCR511
vQ2z/x9H8DEpSXDhbyD4xYwy3HgnxwZxROzhypdt+ipulm0933Luuvy8LwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFAmaMUZQO0GI0Z3OrrA+VZ/U0yHMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvVUNab3hSbEE3UVlqUm5jNnVzRDVWbjlUVEljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAv97zAwQA
yRjHMA0GCSqGSIb3DQEBCwUAA4IBAQAxN/cKac81ifI8TzofUnBDe3SU4nVf/yVU
oZaYDfy2ACEjVU21wx3vKTfez4bdjoekvmEviM5JTHVRNUJ54eibk2rihDioGn6V
fffa8FoM28dQXfoQWmgE32oM5xAxoTVQH0DRp98+xQHqIZuAxLtijKpJlj+WF3Hi
Qhj4PSOHHYPXECHR9mUO6vP8xt1oyii71OSFdYj7AhhI3FZedCK6t4MO8bLBrKix
asjzLguO2Jexaof4Ncl7zOCgLgAdNLXW4pz76iQ0G2905+x0pBmLpREiUVwCg/fJ
puAUIW4NTO4jcGGi4FFy63yQRbBCqdBPWp0FydHhjuCp1BglCV0X
-----END CERTIFICATE-----
Generated at Fri Jul 3 19:57:49 2026 by rpki-client