Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/fHvAQlgoQll4Iyi9foVPLm8SGNI.roa
File:                     fHvAQlgoQll4Iyi9foVPLm8SGNI.roa (raw, json)
Hash identifier:          VR9MhEHYdV6uEyMAd4ZV2wYVadI7rtlzneRQDdKvrok=
Subject key identifier:   7C:7B:C0:42:58:28:42:59:78:23:28:BD:7E:85:4F:2E:6F:12:18:D2
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019ED0F76EB8D3879229079201051A68B87E
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/fHvAQlgoQll4Iyi9foVPLm8SGNI.roa
Signing time:             Tue 16 Jun 2026 15:05:36 +0000
ROA not before:           Tue 16 Jun 2026 15:05:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43094
IP address blocks:        200.165.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 14:33:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d0:f7:6e:b8:d3:87:92:29:07:92:01:05:1a:68:b8:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jun 16 15:05:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c7bc04258284259782328bd7e854f2e6f1218d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:31:61:ea:cf:ab:07:68:a4:ec:23:6a:18:b9:
                    c0:b9:ff:aa:7c:66:8b:80:d5:2b:df:69:05:33:be:
                    4f:95:be:60:34:e8:11:9c:fa:20:a4:75:4a:b2:b9:
                    76:67:5e:91:41:97:09:be:06:f4:b0:8c:db:e3:9d:
                    bd:8e:3f:ad:0e:07:5c:82:cb:31:a5:6a:66:d6:a7:
                    ba:34:c2:4e:66:92:90:07:35:ef:24:15:e0:e9:a4:
                    3b:41:00:09:7a:dd:d9:34:39:71:af:5e:8f:d9:92:
                    66:2b:d0:c6:89:93:06:72:9d:1d:5d:47:75:6c:27:
                    c8:64:d1:4a:5a:19:03:b9:db:4e:44:83:41:dd:79:
                    be:77:fc:ae:28:7d:04:b4:cf:9c:f9:4b:39:02:1d:
                    f3:56:69:7d:f6:00:7c:2d:31:8d:bc:11:53:ec:1b:
                    91:68:bf:7b:07:fa:bf:98:fc:92:28:ce:a4:dd:71:
                    cf:ab:7b:79:3c:ba:04:b7:23:13:68:67:ea:3f:ec:
                    f7:c9:3e:51:8b:22:51:bf:f6:51:e1:3b:33:f8:ca:
                    73:08:7a:7a:59:02:cc:24:2c:72:9a:3e:2b:70:e1:
                    d8:ad:34:30:fd:2a:e2:34:cd:15:52:df:b0:25:17:
                    4d:ba:12:f9:1d:a5:14:47:d0:1c:b6:24:d6:1c:58:
                    df:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:7B:C0:42:58:28:42:59:78:23:28:BD:7E:85:4F:2E:6F:12:18:D2
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/fHvAQlgoQll4Iyi9foVPLm8SGNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.165.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:dd:34:c6:97:7a:02:84:3f:37:94:96:97:df:fd:23:1e:16:
         2b:90:ee:c4:f2:4b:59:12:d9:a2:72:07:ff:f4:a8:dd:19:eb:
         ed:c4:6f:58:65:d1:b1:91:86:61:4a:2d:4c:05:ee:d1:c2:38:
         34:86:ae:7a:e9:d0:a5:87:ed:88:1b:72:e2:cb:1c:6d:23:37:
         18:3e:12:b8:39:8c:77:dd:a9:7c:e8:df:00:f1:7c:c4:f8:c3:
         9a:a4:9b:d9:6e:df:7a:1e:2f:64:b4:a9:d6:1e:5c:51:71:39:
         88:c5:56:4f:db:ce:57:1f:57:97:d7:6b:2d:2a:45:d4:3f:34:
         be:05:06:f9:6a:2d:9c:4a:fd:7d:71:94:ab:bc:3e:86:17:ad:
         2b:9f:c5:e0:32:94:2c:7a:8d:72:f6:21:e2:33:ec:96:15:61:
         9e:a9:28:d2:8c:98:ed:95:66:e4:a5:3d:4a:8f:94:33:e8:a2:
         05:09:89:9f:61:12:5c:ea:38:8b:86:9f:ca:1e:3b:7e:52:58:
         b3:64:24:d4:4f:29:96:a3:cb:46:68:4d:42:dd:a3:36:95:f6:
         bc:04:c6:4c:38:e5:e2:8d:29:51:6e:3b:2f:e9:34:bd:fc:56:
         7f:86:18:6f:d9:c1:9f:44:d3:7d:f1:2b:9e:3b:ad:12:14:e0:
         75:cb:aa:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7Q926404eSKQeSAQUaaLh+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNjE2MTUwNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzdiYzA0MjU4Mjg0MjU5NzgyMzI4YmQ3ZTg1NGYyZTZmMTIxOGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzFh6s+rB2ik7CNqGLnAuf+qfGaL
gNUr32kFM75Plb5gNOgRnPogpHVKsrl2Z16RQZcJvgb0sIzb4529jj+tDgdcgssx
pWpm1qe6NMJOZpKQBzXvJBXg6aQ7QQAJet3ZNDlxr16P2ZJmK9DGiZMGcp0dXUd1
bCfIZNFKWhkDudtORINB3Xm+d/yuKH0EtM+c+Us5Ah3zVml99gB8LTGNvBFT7BuR
aL97B/q/mPySKM6k3XHPq3t5PLoEtyMTaGfqP+z3yT5RiyJRv/ZR4Tsz+MpzCHp6
WQLMJCxymj4rcOHYrTQw/SriNM0VUt+wJRdNuhL5HaUUR9ActiTWHFjfmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHx7wEJYKEJZeCMovX6FTy5vEhjSMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvZkh2QVFsZ29RbGw0SXlpOWZvVlBMbThTR05JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyKUQMA0G
CSqGSIb3DQEBCwUAA4IBAQAn3TTGl3oChD83lJaX3/0jHhYrkO7E8ktZEtmicgf/
9KjdGevtxG9YZdGxkYZhSi1MBe7Rwjg0hq566dClh+2IG3LiyxxtIzcYPhK4OYx3
3al86N8A8XzE+MOapJvZbt96Hi9ktKnWHlxRcTmIxVZP285XH1eX12stKkXUPzS+
BQb5ai2cSv19cZSrvD6GF60rn8XgMpQseo1y9iHiM+yWFWGeqSjSjJjtlWbkpT1K
j5Qz6KIFCYmfYRJc6jiLhp/KHjt+UlizZCTUTymWo8tGaE1C3aM2lfa8BMZMOOXi
jSlRbjsv6TS9/FZ/hhhv2cGfRNN98SueO60SFOB1y6pq
-----END CERTIFICATE-----