Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/EerEbo6dEgHiwfgFLCrAnWDppgo.roa
File:                     EerEbo6dEgHiwfgFLCrAnWDppgo.roa (raw, json)
Hash identifier:          6Lz61K63KtUQqm0ALtF5HndpRmjb7aGgv3XeEAtY0Gc=
Subject key identifier:   11:EA:C4:6E:8E:9D:12:01:E2:C1:F8:05:2C:2A:C0:9D:60:E9:A6:0A
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       019D1ADF394AE98D6F29EA0CB79630B93871
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/EerEbo6dEgHiwfgFLCrAnWDppgo.roa
Signing time:             Mon 23 Mar 2026 13:25:29 +0000
ROA not before:           Mon 23 Mar 2026 13:25:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25160
IP address blocks:        195.216.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1a:df:39:4a:e9:8d:6f:29:ea:0c:b7:96:30:b9:38:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Mar 23 13:25:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=11eac46e8e9d1201e2c1f8052c2ac09d60e9a60a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ca:63:6b:f5:b9:50:1b:5d:5a:35:11:47:53:
                    e8:59:4e:25:22:fa:ad:69:99:bb:73:66:ca:46:3c:
                    38:20:eb:1c:b8:d1:1f:59:ec:72:6b:fd:5a:79:8d:
                    da:2d:5c:73:0f:fe:cc:e2:8b:91:e8:e0:4f:99:29:
                    2c:c4:ae:89:32:90:95:ad:43:95:ad:6d:25:32:4d:
                    8c:73:6d:a8:bf:65:0a:6f:98:85:a2:07:09:1c:10:
                    8f:a5:6d:7e:1e:c5:5a:90:d0:ef:f4:fe:fe:8a:03:
                    02:87:2d:8c:47:b4:31:ac:b1:90:05:8a:dc:a8:3a:
                    53:a4:bf:7f:59:cf:99:a7:93:c4:98:65:9f:4e:f9:
                    1e:d0:23:f3:d7:59:93:56:89:2f:72:1b:66:d2:c7:
                    87:1c:44:dd:4e:07:de:47:33:9f:d8:6f:17:8e:3e:
                    3e:2f:c2:e8:79:1b:63:2b:1d:27:68:36:cf:47:af:
                    f6:e5:58:72:7a:05:3f:2f:3d:34:67:53:ab:34:df:
                    e5:e9:e0:83:8c:73:78:e7:0e:25:7f:26:c1:b7:ac:
                    0b:f9:c7:da:62:ea:77:75:bb:d3:46:78:11:ac:e3:
                    5e:62:bc:1e:a6:ff:9f:d6:86:2f:20:dc:9d:eb:3c:
                    0b:dd:12:0e:40:77:a8:6b:ee:68:9d:91:37:1a:0f:
                    7b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:EA:C4:6E:8E:9D:12:01:E2:C1:F8:05:2C:2A:C0:9D:60:E9:A6:0A
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/EerEbo6dEgHiwfgFLCrAnWDppgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:09:06:46:31:89:19:f0:9f:7e:0e:f3:5f:81:78:de:f0:6b:
         7e:3a:91:13:51:65:6b:07:64:66:51:dd:66:c1:0d:b4:c7:3f:
         7d:61:1b:ca:03:a2:63:b8:2b:9e:18:c7:4a:f4:06:0b:4f:e4:
         b5:6f:39:89:6c:04:56:77:5e:99:cf:6a:b0:ea:0c:ab:ad:b0:
         ed:62:c8:f2:99:4e:f3:20:d8:3e:00:5e:9f:b1:93:f2:61:13:
         39:81:fe:b8:64:d8:c7:3a:1c:9b:c2:55:e3:20:77:f0:77:16:
         f9:23:0c:7b:99:51:60:56:cd:91:d8:2b:17:fe:15:9e:54:30:
         e4:3f:40:b8:42:6e:33:6e:4f:71:a6:0b:c2:ed:6a:17:56:86:
         91:ea:8d:d5:f1:42:98:ca:7a:ab:d9:bc:9f:36:c0:6b:79:32:
         69:7e:96:02:75:19:06:61:eb:64:e8:0a:1a:6e:db:a2:7d:46:
         5f:87:95:c2:19:86:46:40:aa:58:19:cc:7d:3a:a8:12:62:92:
         10:39:06:97:e8:fe:09:56:fb:d4:b4:c0:05:b2:e5:e3:af:cd:
         a7:6e:0e:18:8b:57:a4:39:20:cd:ed:9e:46:d1:b4:3b:c8:c1:
         82:b0:99:11:e0:3f:0e:9b:f4:ab:a0:68:41:d3:76:a8:7d:d5:
         55:28:9c:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0a3zlK6Y1vKeoMt5YwuThxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjYwMzIzMTMyNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWVhYzQ2ZThlOWQxMjAxZTJjMWY4MDUyYzJhYzA5ZDYwZTlhNjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcpja/W5UBtdWjURR1PoWU4lIvqt
aZm7c2bKRjw4IOscuNEfWexya/1aeY3aLVxzD/7M4ouR6OBPmSksxK6JMpCVrUOV
rW0lMk2Mc22ov2UKb5iFogcJHBCPpW1+HsVakNDv9P7+igMChy2MR7QxrLGQBYrc
qDpTpL9/Wc+Zp5PEmGWfTvke0CPz11mTVokvchtm0seHHETdTgfeRzOf2G8Xjj4+
L8LoeRtjKx0naDbPR6/25VhyegU/Lz00Z1OrNN/l6eCDjHN45w4lfybBt6wL+cfa
Yup3dbvTRngRrONeYrwepv+f1oYvINyd6zwL3RIOQHeoa+5onZE3Gg97JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBHqxG6OnRIB4sH4BSwqwJ1g6aYKMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvRWVyRWJvNmRFZ0hpd2ZnRkxDckFuV0RwcGdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9i/MA0G
CSqGSIb3DQEBCwUAA4IBAQAECQZGMYkZ8J9+DvNfgXje8Gt+OpETUWVrB2RmUd1m
wQ20xz99YRvKA6JjuCueGMdK9AYLT+S1bzmJbARWd16Zz2qw6gyrrbDtYsjymU7z
INg+AF6fsZPyYRM5gf64ZNjHOhybwlXjIHfwdxb5Iwx7mVFgVs2R2CsX/hWeVDDk
P0C4Qm4zbk9xpgvC7WoXVoaR6o3V8UKYynqr2byfNsBreTJpfpYCdRkGYetk6Aoa
btuifUZfh5XCGYZGQKpYGcx9OqgSYpIQOQaX6P4JVvvUtMAFsuXjr82nbg4Yi1ek
OSDN7Z5G0bQ7yMGCsJkR4D8Om/SroGhB03aofdVVKJwS
-----END CERTIFICATE-----