Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/tpMVRaU4Er5-Fvs67ppWpjXliFA.roa
File:                     tpMVRaU4Er5-Fvs67ppWpjXliFA.roa (raw, json)
Hash identifier:          IX/7ik2BxKB9CBWcotfxcx6M257XhGg6xswtTCif294=
Subject key identifier:   B6:93:15:45:A5:38:12:BE:7E:16:FB:3A:EE:9A:56:A6:35:E5:88:50
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019EBD44530EF68DE7CAF902668779206CFF
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/tpMVRaU4Er5-Fvs67ppWpjXliFA.roa
Signing time:             Fri 12 Jun 2026 19:17:11 +0000
ROA not before:           Fri 12 Jun 2026 19:17:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     142199
IP address blocks:        200.181.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 16:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bd:44:53:0e:f6:8d:e7:ca:f9:02:66:87:79:20:6c:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jun 12 19:17:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b6931545a53812be7e16fb3aee9a56a635e58850
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:92:71:a2:68:cf:b0:af:da:0d:f9:bc:8d:e5:
                    8e:85:24:38:01:04:12:45:21:fa:f3:d3:2a:0a:27:
                    5b:7b:c7:63:60:e1:76:fe:f1:fc:5f:1b:97:38:c7:
                    2c:ed:31:f2:3e:ee:5c:c8:c6:88:95:0e:4f:ac:14:
                    61:c3:f0:38:9f:af:cc:13:49:9f:e2:62:24:17:e7:
                    b0:dd:d8:7c:0b:00:e6:b3:0f:79:7f:e3:d4:87:35:
                    a0:3f:17:06:7a:66:63:a0:a9:0b:b9:4c:b2:e8:ae:
                    9a:da:76:e2:f6:45:b3:d2:7c:f4:00:85:08:3f:1a:
                    f0:c3:8f:fe:0e:ef:1a:79:b9:75:c4:45:e3:53:c6:
                    32:42:ba:4a:da:ab:bc:af:e8:27:0a:da:a4:16:bb:
                    4e:2d:dc:8f:6e:24:5b:73:51:1c:e1:f2:a4:e5:3b:
                    66:14:01:13:37:91:dc:db:e9:e1:f8:6e:7a:ca:8f:
                    2d:d4:af:f1:51:83:e6:a7:cf:d0:05:3d:0c:6f:a5:
                    fa:f7:bf:68:80:bc:69:84:3c:22:08:b6:e1:d3:96:
                    23:07:4a:3f:8f:cf:eb:ff:46:b8:90:c6:3f:12:19:
                    c5:6e:8f:0c:f7:4a:9d:d5:19:46:35:36:7f:0b:87:
                    af:8d:21:a4:88:fe:7f:c8:2e:04:35:33:d1:99:e6:
                    5d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:93:15:45:A5:38:12:BE:7E:16:FB:3A:EE:9A:56:A6:35:E5:88:50
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/tpMVRaU4Er5-Fvs67ppWpjXliFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.181.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:64:38:a5:ec:a5:3a:88:1c:f8:ad:b9:97:02:0e:5f:c4:b0:
         a9:e1:b4:05:fc:c1:3d:f7:e8:cb:6c:e2:e9:e5:56:fd:3d:7f:
         4a:a2:8b:d1:8d:69:42:37:5c:44:69:dd:46:a7:7c:f3:57:41:
         24:76:04:39:8b:c2:9e:38:b9:2c:f8:71:c9:d4:3b:3e:6e:a5:
         ed:d8:36:af:ea:c3:02:39:6f:48:b6:4b:20:80:ae:d7:ee:e5:
         80:12:7f:73:bf:d8:a7:c2:a9:b7:a8:43:bf:82:c9:fe:d2:37:
         5b:2d:0e:dc:1c:b7:a9:20:98:c5:89:42:cf:a3:fe:a8:85:e2:
         d6:21:47:56:59:8b:c1:33:ba:ef:39:7c:0f:e1:fe:20:90:81:
         2b:c2:78:8a:f0:ea:8a:d5:27:e9:72:58:98:c3:35:a7:fa:16:
         da:2e:48:e7:86:64:f3:85:7a:4f:10:13:91:f4:3a:ae:f7:3c:
         96:65:83:fb:f9:e8:7d:42:21:2d:53:9b:73:1d:ec:3e:0b:6c:
         aa:78:2c:41:b1:52:1f:20:d2:e3:47:03:95:0a:37:74:bb:fa:
         ac:2d:4f:47:e2:e0:d4:2b:7f:cd:2b:76:33:81:51:04:1e:68:
         f4:6c:03:6c:2f:e0:a8:d1:49:3d:a7:c2:f7:10:7d:de:02:e2:
         9c:60:91:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ69RFMO9o3nyvkCZod5IGz/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNjEyMTkxNzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjkzMTU0NWE1MzgxMmJlN2UxNmZiM2FlZTlhNTZhNjM1ZTU4ODUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJJxomjPsK/aDfm8jeWOhSQ4AQQS
RSH689MqCidbe8djYOF2/vH8XxuXOMcs7THyPu5cyMaIlQ5PrBRhw/A4n6/ME0mf
4mIkF+ew3dh8CwDmsw95f+PUhzWgPxcGemZjoKkLuUyy6K6a2nbi9kWz0nz0AIUI
Pxrww4/+Du8aebl1xEXjU8YyQrpK2qu8r+gnCtqkFrtOLdyPbiRbc1Ec4fKk5Ttm
FAETN5Hc2+nh+G56yo8t1K/xUYPmp8/QBT0Mb6X6979ogLxphDwiCLbh05YjB0o/
j8/r/0a4kMY/EhnFbo8M90qd1RlGNTZ/C4evjSGkiP5/yC4ENTPRmeZdQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLaTFUWlOBK+fhb7Ou6aVqY15YhQMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvdHBNVlJhVTRFcjUtRnZzNjdwcFdwalhsaUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyLVZMA0G
CSqGSIb3DQEBCwUAA4IBAQBQZDil7KU6iBz4rbmXAg5fxLCp4bQF/ME99+jLbOLp
5Vb9PX9KoovRjWlCN1xEad1Gp3zzV0EkdgQ5i8KeOLks+HHJ1Ds+bqXt2Dav6sMC
OW9ItksggK7X7uWAEn9zv9inwqm3qEO/gsn+0jdbLQ7cHLepIJjFiULPo/6oheLW
IUdWWYvBM7rvOXwP4f4gkIErwniK8OqK1SfpcliYwzWn+hbaLkjnhmTzhXpPEBOR
9Dqu9zyWZYP7+eh9QiEtU5tzHew+C2yqeCxBsVIfINLjRwOVCjd0u/qsLU9H4uDU
K3/NK3YzgVEEHmj0bANsL+Co0Uk9p8L3EH3eAuKcYJHv
-----END CERTIFICATE-----