Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/EhZvT_YVEFPeDgZ8U9jnyE6mPno.roa
File:                     EhZvT_YVEFPeDgZ8U9jnyE6mPno.roa (raw, json)
Hash identifier:          6gXrx1jxXCkoJco5BAWD2RZmXAkZMpL47qbL9axP84k=
Subject key identifier:   12:16:6F:4F:F6:15:10:53:DE:0E:06:7C:53:D8:E7:C8:4E:A6:3E:7A
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019DF78B3811E08979D4BC7FB81D155E6B7C
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/EhZvT_YVEFPeDgZ8U9jnyE6mPno.roa
Signing time:             Tue 05 May 2026 09:49:49 +0000
ROA not before:           Tue 05 May 2026 09:49:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207083
IP address blocks:        104.222.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f7:8b:38:11:e0:89:79:d4:bc:7f:b8:1d:15:5e:6b:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: May  5 09:49:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=12166f4ff6151053de0e067c53d8e7c84ea63e7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:41:b8:3a:b3:27:2f:bb:af:34:b1:7a:bd:b5:
                    c0:83:88:0a:e5:65:59:8e:8a:8d:f5:4c:1f:06:ce:
                    15:7a:48:60:16:e3:36:f5:44:f1:a7:43:14:08:e4:
                    61:cb:81:66:53:0b:a0:bc:51:69:fd:07:8b:c0:7b:
                    d0:c6:6d:2a:a0:5c:28:04:d0:55:8d:90:b9:a6:68:
                    01:60:14:c4:7b:b3:8a:15:47:03:bd:d3:8b:59:1e:
                    fe:21:ae:49:2f:9b:cb:87:be:95:52:5a:01:1a:19:
                    8d:d5:1c:aa:27:49:b6:1c:34:11:eb:e7:09:53:5f:
                    17:b4:b2:24:15:ff:b8:9c:7d:47:65:1d:ac:b1:ca:
                    ef:1d:6d:c7:2c:9c:60:5a:f3:33:84:1a:24:ce:02:
                    13:2a:cb:7e:1c:ea:a4:f2:9f:ef:57:cd:58:ed:ab:
                    bb:ce:10:b9:bc:42:e2:48:a0:dd:6d:d6:98:85:6a:
                    a1:8a:b9:7c:b4:70:c3:46:f5:13:50:56:89:77:63:
                    6d:a2:52:d2:89:5b:d2:cb:21:b8:17:54:f7:8b:d2:
                    f1:dd:79:09:be:c6:34:ad:c7:2d:3f:5a:72:e0:a6:
                    84:69:62:cf:4b:a1:e0:1d:51:23:19:07:ae:8b:e3:
                    13:6d:e8:87:7f:65:ae:60:48:44:f6:d2:cb:f7:c3:
                    ec:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:16:6F:4F:F6:15:10:53:DE:0E:06:7C:53:D8:E7:C8:4E:A6:3E:7A
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/EhZvT_YVEFPeDgZ8U9jnyE6mPno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.222.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:23:6a:ff:17:26:68:b2:cf:58:e9:a9:8b:a9:0a:0d:45:f5:
         69:d7:e6:31:17:f4:46:79:80:ad:5e:74:be:79:b0:74:08:f3:
         c1:b9:b2:49:dc:9a:ce:29:2f:1d:4d:bb:d7:16:30:a0:31:5a:
         d0:08:e1:0a:bd:b0:0b:ef:94:cb:43:89:bd:96:06:b2:90:3f:
         70:50:70:76:31:51:b1:29:15:29:62:e3:8e:a0:ad:c4:24:20:
         b3:b6:54:0d:6e:48:f9:80:b6:97:6c:6e:79:68:fc:7f:4e:e3:
         31:61:da:cb:cc:ab:11:f2:13:84:15:87:31:94:4f:ad:2f:e3:
         17:e0:24:8a:29:30:c2:dc:e4:94:1b:ea:7d:1e:80:e6:e6:99:
         6e:33:11:ba:fd:4c:b1:3d:b0:90:03:a0:d9:7f:0a:8e:a1:de:
         e8:32:f8:cf:58:a5:16:fc:a0:a0:71:df:21:9b:c0:9b:22:18:
         fa:82:95:d6:9e:73:d9:fe:f2:d3:82:b4:02:93:4c:4e:28:45:
         d8:34:1c:ac:03:28:91:13:a4:99:be:f0:19:32:e9:01:33:6c:
         73:6b:d7:77:6f:cd:20:32:78:2d:c2:d3:f6:7d:24:1d:eb:b5:
         67:84:ad:60:4e:9f:02:ca:ed:7b:b5:9e:53:c1:ee:14:50:57:
         07:d1:30:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ33izgR4Il51Lx/uB0VXmt8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwNTA1MDk0OTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjE2NmY0ZmY2MTUxMDUzZGUwZTA2N2M1M2Q4ZTdjODRlYTYzZTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkG4OrMnL7uvNLF6vbXAg4gK5WVZ
joqN9UwfBs4VekhgFuM29UTxp0MUCORhy4FmUwugvFFp/QeLwHvQxm0qoFwoBNBV
jZC5pmgBYBTEe7OKFUcDvdOLWR7+Ia5JL5vLh76VUloBGhmN1RyqJ0m2HDQR6+cJ
U18XtLIkFf+4nH1HZR2sscrvHW3HLJxgWvMzhBokzgITKst+HOqk8p/vV81Y7au7
zhC5vELiSKDdbdaYhWqhirl8tHDDRvUTUFaJd2NtolLSiVvSyyG4F1T3i9Lx3XkJ
vsY0rcctP1py4KaEaWLPS6HgHVEjGQeui+MTbeiHf2WuYEhE9tLL98PsvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBIWb0/2FRBT3g4GfFPY58hOpj56MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvRWhadlRfWVZFRlBlRGdaOFU5am55RTZtUG5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaN6zMA0G
CSqGSIb3DQEBCwUAA4IBAQB7I2r/FyZoss9Y6amLqQoNRfVp1+YxF/RGeYCtXnS+
ebB0CPPBubJJ3JrOKS8dTbvXFjCgMVrQCOEKvbAL75TLQ4m9lgaykD9wUHB2MVGx
KRUpYuOOoK3EJCCztlQNbkj5gLaXbG55aPx/TuMxYdrLzKsR8hOEFYcxlE+tL+MX
4CSKKTDC3OSUG+p9HoDm5pluMxG6/UyxPbCQA6DZfwqOod7oMvjPWKUW/KCgcd8h
m8CbIhj6gpXWnnPZ/vLTgrQCk0xOKEXYNBysAyiRE6SZvvAZMukBM2xza9d3b80g
MngtwtP2fSQd67VnhK1gTp8Cyu17tZ5Twe4UUFcH0TDZ
-----END CERTIFICATE-----