Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/hOoRyzlZK7qgbEOl5CSLNg4HAGk.roa
File:                     hOoRyzlZK7qgbEOl5CSLNg4HAGk.roa (raw, json)
Hash identifier:          t7pdTi6UR378Z+HlTt7ZUgfHbpKhzSijTD1M2Smxg/Y=
Subject key identifier:   84:EA:11:CB:39:59:2B:BA:A0:6C:43:A5:E4:24:8B:36:0E:07:00:69
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019EC8B5186B1CAE24CE41A72151DDF02BEE
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/hOoRyzlZK7qgbEOl5CSLNg4HAGk.roa
Signing time:             Mon 15 Jun 2026 00:36:11 +0000
ROA not before:           Mon 15 Jun 2026 00:36:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135754
IP address blocks:        200.181.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 14:33:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c8:b5:18:6b:1c:ae:24:ce:41:a7:21:51:dd:f0:2b:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jun 15 00:36:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84ea11cb39592bbaa06c43a5e4248b360e070069
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:7f:c3:34:1f:5f:4c:4d:c4:11:67:a2:72:50:
                    82:ed:a2:83:85:92:44:39:a8:da:24:ef:fb:9d:2d:
                    2f:2e:7d:1a:3a:6c:cd:9f:ee:14:32:9b:7b:5b:45:
                    ef:67:71:fe:1e:22:fe:88:45:5d:bb:19:f8:83:11:
                    76:a0:b8:f5:c9:c0:7c:e8:e7:39:94:02:1c:fe:ca:
                    8b:45:83:e9:ef:3f:92:fc:19:be:f2:2e:9a:32:b3:
                    9c:0b:bb:80:0c:5b:7e:2f:86:dc:65:66:31:a9:3d:
                    96:20:1a:31:c3:ec:35:80:15:20:30:28:b6:5f:bb:
                    67:a5:b6:f4:cc:be:09:de:99:53:c5:cf:11:c4:04:
                    45:4d:f5:b7:0c:71:39:38:c5:d2:60:71:c0:9b:20:
                    ef:99:21:a5:57:04:2c:b4:61:13:ce:1e:32:65:96:
                    45:8a:ae:e0:31:39:82:d2:b2:a7:31:20:18:8a:1d:
                    6b:71:0f:e0:8a:74:13:22:8f:6f:98:b0:00:9c:80:
                    f0:8e:f1:a9:af:ee:77:f6:32:5d:50:89:e9:e3:0a:
                    ad:63:eb:c0:b1:5f:8b:aa:5b:10:bf:aa:1b:3c:fe:
                    ec:f5:b0:39:ce:fe:e7:c4:a4:37:75:f4:f4:ac:c7:
                    da:dc:07:5a:9e:41:07:55:79:ce:e7:16:9b:77:22:
                    da:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:EA:11:CB:39:59:2B:BA:A0:6C:43:A5:E4:24:8B:36:0E:07:00:69
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/hOoRyzlZK7qgbEOl5CSLNg4HAGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.181.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:36:66:f6:52:0d:d5:54:27:02:31:50:a5:53:f4:15:a8:85:
         04:10:5c:1a:31:7c:20:eb:77:26:09:1f:bf:cc:a3:aa:19:95:
         b4:35:6b:e3:b4:7f:77:ce:96:7e:d9:8c:d7:34:76:73:56:22:
         45:32:e5:a8:ab:27:98:d7:7c:96:97:fd:9e:f7:0f:ad:cb:00:
         c9:7f:9c:88:83:d4:f0:89:0a:ca:a9:0c:48:a1:82:4d:76:62:
         b5:19:b7:59:5c:b4:ff:4a:ad:dc:4a:cf:08:41:f7:79:9d:c5:
         60:d9:e3:43:0e:cc:dc:c1:4d:65:47:5e:83:ed:ac:09:5b:a6:
         fa:08:c3:7a:dd:81:a2:f2:92:0d:32:3b:61:02:2e:1d:6f:1a:
         c2:ed:a4:21:f7:fe:15:bd:96:dd:91:c6:73:22:66:6d:54:bf:
         4b:7c:d1:2d:52:f0:52:83:55:12:ee:b5:7d:7e:cc:07:98:8f:
         97:e1:90:fc:21:ff:34:21:8b:28:62:40:f1:82:cd:4f:35:16:
         2f:96:d6:44:99:4b:fd:d0:fb:88:16:b2:70:d0:62:89:dc:9b:
         4b:85:ce:c0:9c:f3:86:84:9d:ac:f6:e5:ae:22:8e:a5:75:0f:
         62:59:27:d2:17:27:08:12:85:5a:86:42:14:41:e2:20:ca:4c:
         16:a8:fd:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7ItRhrHK4kzkGnIVHd8CvuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNjE1MDAzNjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGVhMTFjYjM5NTkyYmJhYTA2YzQzYTVlNDI0OGIzNjBlMDcwMDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxH/DNB9fTE3EEWeiclCC7aKDhZJE
OajaJO/7nS0vLn0aOmzNn+4UMpt7W0XvZ3H+HiL+iEVduxn4gxF2oLj1ycB86Oc5
lAIc/sqLRYPp7z+S/Bm+8i6aMrOcC7uADFt+L4bcZWYxqT2WIBoxw+w1gBUgMCi2
X7tnpbb0zL4J3plTxc8RxARFTfW3DHE5OMXSYHHAmyDvmSGlVwQstGETzh4yZZZF
iq7gMTmC0rKnMSAYih1rcQ/ginQTIo9vmLAAnIDwjvGpr+539jJdUInp4wqtY+vA
sV+LqlsQv6obPP7s9bA5zv7nxKQ3dfT0rMfa3AdankEHVXnO5xabdyLa8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFITqEcs5WSu6oGxDpeQkizYOBwBpMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvaE9vUnl6bFpLN3FnYkVPbDVDU0xOZzRIQUdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyLVRMA0G
CSqGSIb3DQEBCwUAA4IBAQA6Nmb2Ug3VVCcCMVClU/QVqIUEEFwaMXwg63cmCR+/
zKOqGZW0NWvjtH93zpZ+2YzXNHZzViJFMuWoqyeY13yWl/2e9w+tywDJf5yIg9Tw
iQrKqQxIoYJNdmK1GbdZXLT/Sq3cSs8IQfd5ncVg2eNDDszcwU1lR16D7awJW6b6
CMN63YGi8pINMjthAi4dbxrC7aQh9/4VvZbdkcZzImZtVL9LfNEtUvBSg1US7rV9
fswHmI+X4ZD8If80IYsoYkDxgs1PNRYvltZEmUv90PuIFrJw0GKJ3JtLhc7AnPOG
hJ2s9uWuIo6ldQ9iWSfSFycIEoVahkIUQeIgykwWqP30
-----END CERTIFICATE-----