Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/EiYThmB1TZh-Q3MtgunhGJ8vXMc.roa
File:                     EiYThmB1TZh-Q3MtgunhGJ8vXMc.roa (raw, json)
Hash identifier:          /0Qqk1k3AYpUwI2TJEwk3Czp2CbuDkCsrfgW49iT4M4=
Subject key identifier:   12:26:13:86:60:75:4D:98:7E:43:73:2D:82:E9:E1:18:9F:2F:5C:C7
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019D24E680D71D07D8629B763162DEFC0563
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/EiYThmB1TZh-Q3MtgunhGJ8vXMc.roa
Signing time:             Wed 25 Mar 2026 12:09:39 +0000
ROA not before:           Wed 25 Mar 2026 12:09:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204773
IP address blocks:        185.182.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:e6:80:d7:1d:07:d8:62:9b:76:31:62:de:fc:05:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Mar 25 12:09:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1226138660754d987e43732d82e9e1189f2f5cc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:2f:5d:a6:99:6a:b2:47:c4:1d:94:54:25:8b:
                    de:55:8f:4b:46:f5:e6:73:85:9e:98:e4:85:76:ca:
                    78:44:8a:ee:e3:e4:a8:83:6d:50:d4:7f:11:2c:13:
                    04:48:c5:d1:55:b6:ef:bb:3a:c3:bb:12:8a:c6:c5:
                    d5:91:59:e3:8a:f8:cb:e9:49:a5:23:0f:33:04:db:
                    bf:21:e8:46:07:3d:b7:9b:cb:a4:96:be:00:d2:1e:
                    d3:eb:60:18:89:f4:c7:ef:57:72:ef:57:31:02:0a:
                    3f:f2:7d:f9:67:4b:04:98:0d:dc:c6:24:a2:20:8c:
                    1a:26:6b:19:3d:22:c5:b9:c4:ba:5b:13:b5:c6:cd:
                    9e:02:e9:99:01:fc:ad:6d:8b:ff:67:6c:32:e9:3e:
                    a3:13:d0:cd:17:11:22:c5:49:5b:4c:2b:25:05:c0:
                    55:03:80:e9:b5:8c:9e:0f:6c:e5:20:75:67:10:f3:
                    44:72:6b:a6:26:ab:0b:a5:b0:74:e6:4b:24:78:f1:
                    54:22:1b:b8:67:ce:2c:9d:ee:51:02:3c:ba:b9:63:
                    68:37:ff:3f:8f:36:ab:5f:f2:35:71:2f:9b:27:4a:
                    af:9f:4a:59:8d:b9:c1:9e:18:0b:ef:64:bc:07:dd:
                    dd:53:21:22:82:2a:41:46:26:fe:ef:d0:0e:fd:97:
                    2d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:26:13:86:60:75:4D:98:7E:43:73:2D:82:E9:E1:18:9F:2F:5C:C7
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/EiYThmB1TZh-Q3MtgunhGJ8vXMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:af:9e:ba:2c:1a:07:aa:4c:0b:a8:3c:f2:ef:57:12:77:af:
         c0:28:59:99:ce:e0:88:51:16:98:95:4b:ed:e7:72:0a:6c:13:
         39:ec:e4:b6:bf:d1:85:e0:60:f5:46:d9:5c:4e:45:8a:55:35:
         40:b1:38:7b:e9:ef:c5:d9:e6:34:a0:ac:7b:bf:9b:39:3e:a6:
         ec:1f:4c:01:25:18:d9:b1:bc:02:e0:4d:76:c0:03:7c:29:0e:
         f9:cb:58:93:4c:31:87:6d:12:1b:b1:8b:69:05:9a:79:41:5e:
         b0:3d:c4:d0:08:92:69:a5:92:39:aa:6b:7f:2e:a0:7e:b8:0c:
         5a:9a:f9:e2:b5:8d:75:94:d0:0f:c0:05:0d:bd:6b:05:61:93:
         70:54:0c:8e:4d:8b:9d:0f:64:ec:8a:0d:e2:69:49:97:22:e7:
         79:c1:47:cf:13:db:9f:7d:5d:da:c8:dc:d9:ae:53:a7:7f:ad:
         d9:60:e8:51:33:85:48:07:22:b5:5e:3c:a9:f6:8c:5a:f9:56:
         34:27:2d:92:a1:02:25:89:a5:cf:7d:7e:46:7b:c5:24:75:f0:
         49:81:bf:6f:97:11:06:1a:f2:78:2f:ca:d9:41:c9:da:23:73:
         d5:47:17:0d:00:a9:60:4f:4e:61:cd:90:29:68:91:7a:d4:0c:
         76:37:10:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0k5oDXHQfYYpt2MWLe/AVjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMzI1MTIwOTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjI2MTM4NjYwNzU0ZDk4N2U0MzczMmQ4MmU5ZTExODlmMmY1Y2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyS9dpplqskfEHZRUJYveVY9LRvXm
c4WemOSFdsp4RIru4+Sog21Q1H8RLBMESMXRVbbvuzrDuxKKxsXVkVnjivjL6Uml
Iw8zBNu/IehGBz23m8uklr4A0h7T62AYifTH71dy71cxAgo/8n35Z0sEmA3cxiSi
IIwaJmsZPSLFucS6WxO1xs2eAumZAfytbYv/Z2wy6T6jE9DNFxEixUlbTCslBcBV
A4DptYyeD2zlIHVnEPNEcmumJqsLpbB05kskePFUIhu4Z84sne5RAjy6uWNoN/8/
jzarX/I1cS+bJ0qvn0pZjbnBnhgL72S8B93dUyEigipBRib+79AO/ZctDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBImE4ZgdU2YfkNzLYLp4RifL1zHMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvRWlZVGhtQjFUWmgtUTNNdGd1bmhHSjh2WE1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubZDMA0G
CSqGSIb3DQEBCwUAA4IBAQCNr566LBoHqkwLqDzy71cSd6/AKFmZzuCIURaYlUvt
53IKbBM57OS2v9GF4GD1RtlcTkWKVTVAsTh76e/F2eY0oKx7v5s5PqbsH0wBJRjZ
sbwC4E12wAN8KQ75y1iTTDGHbRIbsYtpBZp5QV6wPcTQCJJppZI5qmt/LqB+uAxa
mvnitY11lNAPwAUNvWsFYZNwVAyOTYudD2Tsig3iaUmXIud5wUfPE9uffV3ayNzZ
rlOnf63ZYOhRM4VIByK1Xjyp9oxa+VY0Jy2SoQIliaXPfX5Ge8UkdfBJgb9vlxEG
GvJ4L8rZQcnaI3PVRxcNAKlgT05hzZApaJF61Ax2NxAU
-----END CERTIFICATE-----