Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/EPmcA7-Kgg2xAu-Ah92UUeaVH6o.roa
File:                     EPmcA7-Kgg2xAu-Ah92UUeaVH6o.roa (raw, json)
Hash identifier:          8eokZGGS1NxJl4Ok1FtzJnZyFDunzJpv1gdPoPQOIRk=
Subject key identifier:   10:F9:9C:03:BF:8A:82:0D:B1:02:EF:80:87:DD:94:51:E6:95:1F:AA
Certificate issuer:       /CN=00775d9471b85d963fef6d283590e2d942dd5c21
Certificate serial:       019E0D2B389D7381F56F9C5542D75A19DAE1
Authority key identifier: 00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/EPmcA7-Kgg2xAu-Ah92UUeaVH6o.roa
Signing time:             Sat 09 May 2026 14:36:36 +0000
ROA not before:           Sat 09 May 2026 14:36:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214735
IP address blocks:        81.12.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:0d:2b:38:9d:73:81:f5:6f:9c:55:42:d7:5a:19:da:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00775d9471b85d963fef6d283590e2d942dd5c21
        Validity
            Not Before: May  9 14:36:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=10f99c03bf8a820db102ef8087dd9451e6951faa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f6:b0:fc:dc:b5:e8:e5:fc:b8:92:64:6b:fa:
                    92:cc:c5:5a:26:65:98:af:f8:93:e7:33:77:e6:68:
                    7f:05:6a:97:ba:8d:d8:87:c5:c9:7d:a8:85:f3:8d:
                    16:c9:59:d5:05:81:60:88:c4:be:46:b7:a1:dc:c3:
                    5c:a4:b3:2f:da:71:ba:7c:2b:09:e6:69:9e:cb:2a:
                    5a:e2:e6:85:34:9d:fa:1d:ad:be:af:8e:1d:0f:89:
                    ba:b0:8c:36:c0:06:65:75:0d:9d:cc:15:d1:63:98:
                    14:ef:70:27:0c:18:d8:00:ba:f1:a3:87:48:87:a3:
                    24:cb:d8:62:0a:07:04:00:0b:5f:7f:21:32:cc:2a:
                    12:74:f9:c8:bd:c8:69:5a:95:03:5d:4b:92:f8:eb:
                    bf:19:c0:62:24:bd:22:de:2e:cf:b7:01:4a:61:f0:
                    07:13:33:c8:76:49:0d:e9:d2:ae:46:df:bf:f0:ea:
                    12:a8:60:70:07:5e:3b:fb:42:2b:eb:5c:01:a9:90:
                    cd:e1:e7:57:ef:91:82:0d:59:10:c7:73:3c:b9:c5:
                    7f:83:fc:f9:3c:c1:66:5e:77:8b:c6:ad:a4:fa:cb:
                    5b:fc:43:ce:92:73:7a:77:15:3e:11:48:d0:d3:41:
                    a5:52:f0:53:40:c9:28:33:d2:7f:5c:0e:27:5c:66:
                    7d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:F9:9C:03:BF:8A:82:0D:B1:02:EF:80:87:DD:94:51:E6:95:1F:AA
            X509v3 Authority Key Identifier:
                keyid:00:77:5D:94:71:B8:5D:96:3F:EF:6D:28:35:90:E2:D9:42:DD:5C:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AHddlHG4XZY_720oNZDi2ULdXCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/EPmcA7-Kgg2xAu-Ah92UUeaVH6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/63760c-e21b-4baf-a9a4-76b33e4ce821/1/AHddlHG4XZY_720oNZDi2ULdXCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.12.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:82:0e:93:2c:92:76:95:dc:db:a0:ec:ae:d3:7a:60:20:c4:
         d8:96:08:a2:40:26:de:2c:d3:0f:f7:50:32:0f:dc:32:4e:8f:
         44:92:9e:9a:54:d3:a9:3a:08:14:13:3f:7b:06:f4:e6:89:3a:
         8c:0d:b6:a7:d1:4a:54:71:e2:5e:23:bd:b3:bb:07:a3:1f:7d:
         2c:6d:b5:c8:6f:cc:5f:74:bd:0f:8e:e6:43:ee:8a:70:5e:74:
         3c:b5:72:87:71:52:9c:fe:8b:59:47:5c:a9:f1:db:69:28:9f:
         82:1d:2e:4a:e2:4a:44:9d:53:96:dd:33:97:0f:76:f1:dc:eb:
         03:2a:37:2a:59:e0:ee:18:aa:e9:09:4b:34:7a:d8:7d:1e:19:
         b2:2e:82:a0:08:97:3a:aa:1f:b9:02:14:ab:ff:74:dc:90:d1:
         c2:35:8e:95:9b:f1:6c:ec:0d:95:aa:e9:a9:e2:01:a2:f9:25:
         95:0d:ae:37:78:b7:9f:e0:37:ff:2b:81:a1:c1:83:00:4d:b0:
         a0:40:13:2e:47:30:58:b4:25:8e:72:1f:15:c6:2e:9f:22:01:
         ec:0c:73:48:0d:2c:ef:91:7c:24:c6:69:32:a0:9e:c9:98:c7:
         0e:0b:08:7d:d6:d9:c3:56:fd:39:94:d2:97:d8:c3:96:6c:04:
         ba:16:df:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4NKzidc4H1b5xVQtdaGdrhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNzc1ZDk0NzFiODVkOTYzZmVmNmQyODM1OTBlMmQ5NDJk
ZDVjMjEwHhcNMjYwNTA5MTQzNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGY5OWMwM2JmOGE4MjBkYjEwMmVmODA4N2RkOTQ1MWU2OTUxZmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvaw/Ny16OX8uJJka/qSzMVaJmWY
r/iT5zN35mh/BWqXuo3Yh8XJfaiF840WyVnVBYFgiMS+Rreh3MNcpLMv2nG6fCsJ
5mmeyypa4uaFNJ36Ha2+r44dD4m6sIw2wAZldQ2dzBXRY5gU73AnDBjYALrxo4dI
h6Mky9hiCgcEAAtffyEyzCoSdPnIvchpWpUDXUuS+Ou/GcBiJL0i3i7PtwFKYfAH
EzPIdkkN6dKuRt+/8OoSqGBwB147+0Ir61wBqZDN4edX75GCDVkQx3M8ucV/g/z5
PMFmXneLxq2k+stb/EPOknN6dxU+EUjQ00GlUvBTQMkoM9J/XA4nXGZ90QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBD5nAO/ioINsQLvgIfdlFHmlR+qMB8GA1UdIwQY
MBaAFAB3XZRxuF2WP+9tKDWQ4tlC3VwhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQt
NzZiMzNlNGNlODIxLzEvRVBtY0E3LUtnZzJ4QXUtQWg5MlVVZWFWSDZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82Mzc2MGMtZTIxYi00YmFmLWE5YTQtNzZiMzNlNGNlODIx
LzEvQUhkZGxIRzRYWllfNzIwb05aRGkyVUxkWENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUQwZMA0G
CSqGSIb3DQEBCwUAA4IBAQALgg6TLJJ2ldzboOyu03pgIMTYlgiiQCbeLNMP91Ay
D9wyTo9Ekp6aVNOpOggUEz97BvTmiTqMDban0UpUceJeI72zuwejH30sbbXIb8xf
dL0PjuZD7opwXnQ8tXKHcVKc/otZR1yp8dtpKJ+CHS5K4kpEnVOW3TOXD3bx3OsD
KjcqWeDuGKrpCUs0eth9HhmyLoKgCJc6qh+5AhSr/3TckNHCNY6Vm/Fs7A2Vqump
4gGi+SWVDa43eLef4Df/K4GhwYMATbCgQBMuRzBYtCWOch8Vxi6fIgHsDHNIDSzv
kXwkxmkyoJ7JmMcOCwh91tnDVv05lNKX2MOWbAS6Ft8s
-----END CERTIFICATE-----