Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/0e5711-2fd4-40ca-9136-6f4e6585b54b/1/xeGrXuDwQsria6nGQpdYDNVKb7o.roa
File:                     xeGrXuDwQsria6nGQpdYDNVKb7o.roa (raw, json)
Hash identifier:          dpzz3V+4W0QhRNb+9ncCF/mKR7tT1zRFVnqQN36PbDg=
Subject key identifier:   C5:E1:AB:5E:E0:F0:42:CA:E2:6B:A9:C6:42:97:58:0C:D5:4A:6F:BA
Certificate issuer:       /CN=110e56177308c20c42fbf42f310f4c0ef6b27890
Certificate serial:       019EFF2055B9B93172D3C67B3F3B751A8AF6
Authority key identifier: 11:0E:56:17:73:08:C2:0C:42:FB:F4:2F:31:0F:4C:0E:F6:B2:78:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EQ5WF3MIwgxC-_QvMQ9MDvayeJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/0e5711-2fd4-40ca-9136-6f4e6585b54b/1/xeGrXuDwQsria6nGQpdYDNVKb7o.roa
Signing time:             Thu 25 Jun 2026 14:12:49 +0000
ROA not before:           Thu 25 Jun 2026 14:12:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36351
IP address blocks:        91.206.64.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/0e5711-2fd4-40ca-9136-6f4e6585b54b/1/EQ5WF3MIwgxC-_QvMQ9MDvayeJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/0e5711-2fd4-40ca-9136-6f4e6585b54b/1/EQ5WF3MIwgxC-_QvMQ9MDvayeJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EQ5WF3MIwgxC-_QvMQ9MDvayeJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 20:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ff:20:55:b9:b9:31:72:d3:c6:7b:3f:3b:75:1a:8a:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=110e56177308c20c42fbf42f310f4c0ef6b27890
        Validity
            Not Before: Jun 25 14:12:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c5e1ab5ee0f042cae26ba9c64297580cd54a6fba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:19:a9:cf:47:ec:ad:aa:25:f2:e3:1f:78:09:
                    a7:44:b1:00:7a:d3:81:f6:ec:68:b9:1c:0d:f5:37:
                    07:06:1b:ee:a9:a0:56:70:fa:a9:70:76:97:28:3c:
                    ff:63:62:18:8d:08:f4:75:ef:00:d6:f5:ab:88:1c:
                    d3:2d:65:5c:b2:6f:13:d2:d5:5b:8b:b4:cf:60:b6:
                    b0:59:e7:ba:8f:ad:3f:16:24:3e:c9:37:6d:4e:12:
                    93:2d:29:56:2f:5b:27:3e:25:0a:3b:98:63:2b:9d:
                    41:7e:14:67:07:22:53:85:30:4d:51:8e:30:9f:cf:
                    17:94:a9:f2:1b:cd:ed:a5:d1:a9:3a:62:91:ed:a5:
                    92:51:be:a4:da:22:d7:09:c0:65:54:db:d4:da:1f:
                    f5:b2:7e:71:fe:af:5a:bf:ad:6f:67:80:e0:a2:4a:
                    3b:0c:01:61:ab:08:24:39:4b:c0:d3:63:ec:53:97:
                    f9:5e:45:53:5a:66:3a:73:47:69:de:98:13:16:2f:
                    70:df:47:bc:fb:bd:23:b9:9b:64:af:36:a9:2a:e8:
                    c9:c7:ad:b2:bd:38:13:44:7b:bc:8f:5a:20:08:d7:
                    6e:ba:bb:d9:2a:e8:36:8d:f2:f4:1f:ca:f8:fe:13:
                    1c:4e:4e:3f:fd:10:b2:6a:f8:ce:1d:a6:c0:48:fc:
                    0f:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:E1:AB:5E:E0:F0:42:CA:E2:6B:A9:C6:42:97:58:0C:D5:4A:6F:BA
            X509v3 Authority Key Identifier:
                keyid:11:0E:56:17:73:08:C2:0C:42:FB:F4:2F:31:0F:4C:0E:F6:B2:78:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EQ5WF3MIwgxC-_QvMQ9MDvayeJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/0e5711-2fd4-40ca-9136-6f4e6585b54b/1/xeGrXuDwQsria6nGQpdYDNVKb7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/0e5711-2fd4-40ca-9136-6f4e6585b54b/1/EQ5WF3MIwgxC-_QvMQ9MDvayeJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:3f:ea:9f:b5:b2:ce:62:12:84:cf:db:57:5c:84:88:ad:ea:
         e0:0e:f2:11:80:93:7c:30:0d:df:a0:6b:f0:e8:3d:0e:98:42:
         c6:5b:11:49:80:a6:65:08:5d:ad:83:be:fe:02:16:fb:3b:03:
         ad:07:e7:aa:81:aa:ce:94:95:b3:c0:72:cc:0f:fc:03:72:6c:
         6f:c6:80:45:e4:28:00:86:da:70:67:5e:00:a0:d8:12:26:00:
         b7:46:52:8d:00:5d:7a:ff:00:8d:0e:c4:ea:eb:77:75:46:0c:
         e9:63:92:a7:9c:9b:2a:11:04:ba:2a:43:24:70:37:8b:cf:bf:
         c0:6c:9f:ea:8b:04:4b:de:73:de:46:fc:b3:71:6a:45:3c:68:
         e9:69:ed:f7:04:17:44:36:1c:28:23:ab:19:6a:7d:76:0a:89:
         ea:3a:53:08:b2:6d:80:3d:36:39:a9:f3:b8:0e:fe:a0:93:3b:
         c1:3e:81:31:34:a3:a3:5a:1a:15:a8:90:06:9c:0d:ee:90:fe:
         72:97:b8:8f:eb:e0:43:f9:0b:b5:3f:2e:76:d8:e1:5e:89:07:
         36:37:8f:28:7a:0b:66:98:d7:60:a9:dd:51:c4:8c:16:30:55:
         89:05:2d:15:4b:08:9c:bc:a4:69:f9:90:cd:1a:d9:0a:5f:01:
         37:01:10:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7/IFW5uTFy08Z7Pzt1Gor2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMGU1NjE3NzMwOGMyMGM0MmZiZjQyZjMxMGY0YzBlZjZi
Mjc4OTAwHhcNMjYwNjI1MTQxMjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWUxYWI1ZWUwZjA0MmNhZTI2YmE5YzY0Mjk3NTgwY2Q1NGE2ZmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBmpz0fsraol8uMfeAmnRLEAetOB
9uxouRwN9TcHBhvuqaBWcPqpcHaXKDz/Y2IYjQj0de8A1vWriBzTLWVcsm8T0tVb
i7TPYLawWee6j60/FiQ+yTdtThKTLSlWL1snPiUKO5hjK51BfhRnByJThTBNUY4w
n88XlKnyG83tpdGpOmKR7aWSUb6k2iLXCcBlVNvU2h/1sn5x/q9av61vZ4Dgoko7
DAFhqwgkOUvA02PsU5f5XkVTWmY6c0dp3pgTFi9w30e8+70juZtkrzapKujJx62y
vTgTRHu8j1ogCNduurvZKug2jfL0H8r4/hMcTk4//RCyavjOHabASPwPzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXhq17g8ELK4mupxkKXWAzVSm+6MB8GA1UdIwQY
MBaAFBEOVhdzCMIMQvv0LzEPTA72sniQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVE1V0YzTUl3Z3hDLV9Rdk1ROU1EdmF5ZUpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8wZTU3MTEtMmZkNC00MGNhLTkxMzYt
NmY0ZTY1ODViNTRiLzEveGVHclh1RHdRc3JpYTZuR1FwZFlETlZLYjdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8wZTU3MTEtMmZkNC00MGNhLTkxMzYtNmY0ZTY1ODViNTRi
LzEvRVE1V0YzTUl3Z3hDLV9Rdk1ROU1EdmF5ZUpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW85AMA0G
CSqGSIb3DQEBCwUAA4IBAQCCP+qftbLOYhKEz9tXXISIrergDvIRgJN8MA3foGvw
6D0OmELGWxFJgKZlCF2tg77+Ahb7OwOtB+eqgarOlJWzwHLMD/wDcmxvxoBF5CgA
htpwZ14AoNgSJgC3RlKNAF16/wCNDsTq63d1RgzpY5KnnJsqEQS6KkMkcDeLz7/A
bJ/qiwRL3nPeRvyzcWpFPGjpae33BBdENhwoI6sZan12ConqOlMIsm2APTY5qfO4
Dv6gkzvBPoExNKOjWhoVqJAGnA3ukP5yl7iP6+BD+Qu1Py522OFeiQc2N48oegtm
mNdgqd1RxIwWMFWJBS0VSwicvKRp+ZDNGtkKXwE3ARBi
-----END CERTIFICATE-----
Generated at Wed Jul 1 01:34:32 2026 by rpki-client