Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/FkEb5kOUXDoGU9cxFEEw4ugM9BA.roa
File:                     FkEb5kOUXDoGU9cxFEEw4ugM9BA.roa (raw, json)
Hash identifier:          /kWXhxGuhCtfEhClmF/17Gg2m/KWVGVNQheqGsF0Sqc=
Subject key identifier:   16:41:1B:E6:43:94:5C:3A:06:53:D7:31:14:41:30:E2:E8:0C:F4:10
Certificate issuer:       /CN=ebc66403ad0c4537af9c32b0def0c52ac2aab104
Certificate serial:       019D18AA572C8FE3E519F70F508FE4C3D794
Authority key identifier: EB:C6:64:03:AD:0C:45:37:AF:9C:32:B0:DE:F0:C5:2A:C2:AA:B1:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/68ZkA60MRTevnDKw3vDFKsKqsQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/FkEb5kOUXDoGU9cxFEEw4ugM9BA.roa
Signing time:             Mon 23 Mar 2026 03:08:29 +0000
ROA not before:           Mon 23 Mar 2026 03:08:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4766
IP address blocks:        185.33.92.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/68ZkA60MRTevnDKw3vDFKsKqsQQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/68ZkA60MRTevnDKw3vDFKsKqsQQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/68ZkA60MRTevnDKw3vDFKsKqsQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:18:aa:57:2c:8f:e3:e5:19:f7:0f:50:8f:e4:c3:d7:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebc66403ad0c4537af9c32b0def0c52ac2aab104
        Validity
            Not Before: Mar 23 03:08:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=16411be643945c3a0653d731144130e2e80cf410
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0d:4b:a2:2f:f6:95:cf:9a:8c:18:47:3d:14:
                    00:25:c8:cc:02:b8:77:7b:10:2d:0b:68:84:ce:0c:
                    4e:3f:5a:a5:29:91:0b:7f:5d:18:03:d6:e5:a9:c0:
                    d1:c6:14:1b:8e:2b:82:43:ad:1e:cb:25:e3:67:5c:
                    a3:dd:3b:9c:99:11:31:8d:00:79:b3:9e:54:f2:cd:
                    21:0e:49:84:8b:b7:b0:28:ba:63:0d:83:dc:b0:0d:
                    8b:af:5e:61:65:0d:de:c8:81:cc:34:56:12:e9:42:
                    d6:9b:0c:a7:e9:0b:70:9e:77:60:a7:ed:00:cd:3f:
                    cb:8d:cc:34:6d:0f:04:54:25:6e:d9:a0:f9:a3:e9:
                    f0:20:59:93:33:5c:0d:65:4a:9a:14:ef:a5:d7:82:
                    a7:83:67:ae:7b:3d:b7:bc:dc:c3:90:81:39:f9:88:
                    de:46:d6:9d:16:e9:29:f7:0f:38:c0:7f:fd:f1:ca:
                    33:14:35:00:91:9b:d0:30:82:1d:1e:e0:a2:ea:ee:
                    99:f4:19:1d:a9:87:65:28:8a:e8:3f:4c:1f:a4:5c:
                    54:7f:ad:ab:bf:fc:84:78:3e:2b:8a:7e:cd:2f:25:
                    4a:18:b9:f6:ff:c0:b4:b2:ca:bb:0c:6e:1e:69:94:
                    35:43:18:0c:41:55:25:d1:b3:76:5c:47:b9:e6:f3:
                    68:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:41:1B:E6:43:94:5C:3A:06:53:D7:31:14:41:30:E2:E8:0C:F4:10
            X509v3 Authority Key Identifier:
                keyid:EB:C6:64:03:AD:0C:45:37:AF:9C:32:B0:DE:F0:C5:2A:C2:AA:B1:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/68ZkA60MRTevnDKw3vDFKsKqsQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/FkEb5kOUXDoGU9cxFEEw4ugM9BA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/7281da-0eb0-40a8-9983-d1a9da4a130d/1/68ZkA60MRTevnDKw3vDFKsKqsQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:4c:c1:ce:ea:1d:d9:8c:e6:4d:91:71:e6:a2:78:d4:0e:dd:
         9f:7f:67:2d:5a:13:89:f5:97:de:a3:88:4d:f3:a3:bc:1b:20:
         32:43:bb:f5:f2:52:c9:c1:17:b1:bc:61:b2:39:ec:51:c1:59:
         20:e5:ad:b9:e5:82:96:8a:a5:22:27:8f:00:f1:e2:12:bc:13:
         df:03:ed:0b:82:94:81:ff:4e:1c:1f:90:24:41:e4:51:7b:27:
         c9:56:b7:bb:12:a3:d5:43:34:43:e9:2c:76:63:b1:23:20:d0:
         d4:04:6f:07:f2:65:fa:18:03:28:6f:5e:c8:12:5b:b1:bc:1a:
         34:26:88:fc:58:27:70:ce:44:fc:78:df:92:36:e6:e9:a8:42:
         91:ab:bf:83:cf:c4:4f:4b:82:61:58:1d:2f:33:d6:47:f7:e9:
         39:6d:0d:f7:c5:c3:76:67:87:1e:c5:df:a5:66:74:4a:58:c2:
         15:aa:56:dd:dc:2d:cf:d8:c1:da:e8:25:c9:1e:1a:1d:af:2f:
         65:3a:40:67:4d:80:be:6c:b4:19:2b:a0:91:70:36:bd:a9:22:
         58:0a:1d:6e:92:65:27:d9:b1:eb:92:97:37:eb:f1:4f:e2:25:
         57:b1:26:23:54:cd:27:9e:53:7a:d0:56:56:66:51:e5:1d:c1:
         d5:1f:30:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0Yqlcsj+PlGfcPUI/kw9eUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYzY2NDAzYWQwYzQ1MzdhZjljMzJiMGRlZjBjNTJhYzJh
YWIxMDQwHhcNMjYwMzIzMDMwODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjQxMWJlNjQzOTQ1YzNhMDY1M2Q3MzExNDQxMzBlMmU4MGNmNDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsA1Loi/2lc+ajBhHPRQAJcjMArh3
exAtC2iEzgxOP1qlKZELf10YA9blqcDRxhQbjiuCQ60eyyXjZ1yj3TucmRExjQB5
s55U8s0hDkmEi7ewKLpjDYPcsA2Lr15hZQ3eyIHMNFYS6ULWmwyn6Qtwnndgp+0A
zT/Ljcw0bQ8EVCVu2aD5o+nwIFmTM1wNZUqaFO+l14Kng2euez23vNzDkIE5+Yje
RtadFukp9w84wH/98cozFDUAkZvQMIIdHuCi6u6Z9BkdqYdlKIroP0wfpFxUf62r
v/yEeD4rin7NLyVKGLn2/8C0ssq7DG4eaZQ1QxgMQVUl0bN2XEe55vNomwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZBG+ZDlFw6BlPXMRRBMOLoDPQQMB8GA1UdIwQY
MBaAFOvGZAOtDEU3r5wysN7wxSrCqrEEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjhaa0E2ME1SVGV2bkRLdzN2REZLc0txc1FRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi83MjgxZGEtMGViMC00MGE4LTk5ODMt
ZDFhOWRhNGExMzBkLzEvRmtFYjVrT1VYRG9HVTljeEZFRXc0dWdNOUJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi83MjgxZGEtMGViMC00MGE4LTk5ODMtZDFhOWRhNGExMzBk
LzEvNjhaa0E2ME1SVGV2bkRLdzN2REZLc0txc1FRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSFcMA0G
CSqGSIb3DQEBCwUAA4IBAQAgTMHO6h3ZjOZNkXHmonjUDt2ff2ctWhOJ9Zfeo4hN
86O8GyAyQ7v18lLJwRexvGGyOexRwVkg5a255YKWiqUiJ48A8eISvBPfA+0LgpSB
/04cH5AkQeRReyfJVre7EqPVQzRD6Sx2Y7EjINDUBG8H8mX6GAMob17IEluxvBo0
Joj8WCdwzkT8eN+SNubpqEKRq7+Dz8RPS4JhWB0vM9ZH9+k5bQ33xcN2Z4cexd+l
ZnRKWMIVqlbd3C3P2MHa6CXJHhodry9lOkBnTYC+bLQZK6CRcDa9qSJYCh1ukmUn
2bHrkpc36/FP4iVXsSYjVM0nnlN60FZWZlHlHcHVHzDp
-----END CERTIFICATE-----