Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/EozSJCiP9Cygcyge5GyOuN1Brck.roa
File:                     EozSJCiP9Cygcyge5GyOuN1Brck.roa (raw, json)
Hash identifier:          FC5zsNMnxd0ekJD3hWuMDKKtr4NZV7IGmew1wZKk3hk=
Subject key identifier:   12:8C:D2:24:28:8F:F4:2C:A0:73:28:1E:E4:6C:8E:B8:DD:41:AD:C9
Certificate issuer:       /CN=8d4f3f8ba7dcf5894f2f611d7dfab53d4a63c0a9
Certificate serial:       019DD8D93E70432CB69D444BC41173826788
Authority key identifier: 8D:4F:3F:8B:A7:DC:F5:89:4F:2F:61:1D:7D:FA:B5:3D:4A:63:C0:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jU8_i6fc9YlPL2Edffq1PUpjwKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/EozSJCiP9Cygcyge5GyOuN1Brck.roa
Signing time:             Wed 29 Apr 2026 10:46:49 +0000
ROA not before:           Wed 29 Apr 2026 10:46:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12346
IP address blocks:        192.188.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/jU8_i6fc9YlPL2Edffq1PUpjwKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/jU8_i6fc9YlPL2Edffq1PUpjwKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jU8_i6fc9YlPL2Edffq1PUpjwKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d8:d9:3e:70:43:2c:b6:9d:44:4b:c4:11:73:82:67:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d4f3f8ba7dcf5894f2f611d7dfab53d4a63c0a9
        Validity
            Not Before: Apr 29 10:46:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=128cd224288ff42ca073281ee46c8eb8dd41adc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:41:04:ef:b6:49:f1:23:86:79:af:45:e4:e5:
                    b8:37:7d:c1:ef:af:0c:54:15:c4:b1:ee:71:82:90:
                    43:45:9c:26:32:66:26:8f:68:96:d1:51:67:71:46:
                    fd:97:72:46:a5:d8:95:dc:4f:2b:29:0b:92:5c:ab:
                    12:79:47:c0:17:49:0e:44:15:8f:a2:9d:e0:c7:75:
                    28:54:4d:6d:85:17:27:e2:0d:aa:0f:4d:7e:f8:2c:
                    4a:b6:23:f6:1b:29:18:53:e9:97:ea:1c:fd:bc:20:
                    48:35:e9:d6:aa:67:ce:8c:f6:3c:a6:6f:83:72:76:
                    44:aa:de:c2:ea:0d:b5:2a:bb:41:25:24:89:de:60:
                    90:c6:e9:5c:89:10:4c:20:41:aa:bc:dd:07:a7:d4:
                    4c:d8:7f:d6:6f:f4:16:54:21:a2:71:3e:75:0a:f2:
                    d9:b4:86:b1:6f:c8:cf:1c:e5:1e:c1:2d:85:90:9b:
                    57:cc:d6:4f:1d:92:55:96:18:c4:61:55:43:34:74:
                    9c:d6:5b:a6:3f:ec:f9:0c:ea:5c:69:18:ae:b2:4d:
                    f8:79:98:c2:d0:f6:4a:d3:39:7c:bb:78:d6:91:82:
                    66:d9:eb:96:a1:fd:0d:23:8a:26:c2:83:c6:5d:19:
                    64:84:cd:bc:bf:58:28:8d:59:18:6b:92:6d:d8:c3:
                    2c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:8C:D2:24:28:8F:F4:2C:A0:73:28:1E:E4:6C:8E:B8:DD:41:AD:C9
            X509v3 Authority Key Identifier:
                keyid:8D:4F:3F:8B:A7:DC:F5:89:4F:2F:61:1D:7D:FA:B5:3D:4A:63:C0:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jU8_i6fc9YlPL2Edffq1PUpjwKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/EozSJCiP9Cygcyge5GyOuN1Brck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/jU8_i6fc9YlPL2Edffq1PUpjwKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.188.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:ed:0f:5b:7f:db:f4:13:f2:d6:d8:1d:7c:e3:3c:eb:1c:b3:
         61:c6:b3:a1:44:57:36:bd:13:7a:03:dc:03:9b:0d:5a:3c:d1:
         11:3e:a3:b8:bb:51:af:05:56:1c:d0:07:e2:40:43:86:35:85:
         eb:8f:5e:7f:77:10:82:9b:7a:a6:74:16:8b:f0:aa:0e:1b:9e:
         07:ce:d2:dc:d8:cc:8a:60:a7:37:11:a0:77:4a:e6:28:e3:09:
         7f:4d:3c:d6:75:d3:e4:cb:f2:12:56:31:34:8f:d6:ec:47:ea:
         40:0d:c4:76:86:3f:96:d9:26:2c:dc:f7:7b:39:20:cb:b3:16:
         5c:1b:dd:02:c8:44:4a:a4:30:4b:49:f2:09:a1:13:1d:19:97:
         c3:33:a9:fb:5d:c0:2e:54:88:1d:28:f0:67:74:0f:b0:e9:0e:
         56:14:72:61:e8:4a:5c:37:2c:89:51:8c:3a:83:97:ed:ab:6e:
         98:82:0a:43:b4:d1:74:b8:2b:9c:ac:d0:29:5d:dd:2e:55:3a:
         45:f1:c2:66:1b:e7:5f:65:e0:36:fb:e0:65:dc:91:14:fe:7e:
         89:37:dc:db:57:1e:94:86:81:0e:03:3b:ae:ab:f0:6b:02:30:
         fe:d9:e5:42:c1:c6:75:93:04:68:1b:a7:c8:ab:fa:8c:39:c9:
         5b:ba:8d:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3Y2T5wQyy2nURLxBFzgmeIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNGYzZjhiYTdkY2Y1ODk0ZjJmNjExZDdkZmFiNTNkNGE2
M2MwYTkwHhcNMjYwNDI5MTA0NjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjhjZDIyNDI4OGZmNDJjYTA3MzI4MWVlNDZjOGViOGRkNDFhZGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEEE77ZJ8SOGea9F5OW4N33B768M
VBXEse5xgpBDRZwmMmYmj2iW0VFncUb9l3JGpdiV3E8rKQuSXKsSeUfAF0kORBWP
op3gx3UoVE1thRcn4g2qD01++CxKtiP2GykYU+mX6hz9vCBINenWqmfOjPY8pm+D
cnZEqt7C6g21KrtBJSSJ3mCQxulciRBMIEGqvN0Hp9RM2H/Wb/QWVCGicT51CvLZ
tIaxb8jPHOUewS2FkJtXzNZPHZJVlhjEYVVDNHSc1lumP+z5DOpcaRiusk34eZjC
0PZK0zl8u3jWkYJm2euWof0NI4omwoPGXRlkhM28v1gojVkYa5Jt2MMsQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKM0iQoj/QsoHMoHuRsjrjdQa3JMB8GA1UdIwQY
MBaAFI1PP4un3PWJTy9hHX36tT1KY8CpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalU4X2k2ZmM5WWxQTDJFZGZmcTFQVXBqd0trLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy81NTIyOWMtZTI4Mi00YTg1LWI3YTQt
OGFjYmZlYTJlY2ZhLzEvRW96U0pDaVA5Q3lnY3lnZTVHeU91TjFCcmNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy81NTIyOWMtZTI4Mi00YTg1LWI3YTQtOGFjYmZlYTJlY2Zh
LzEvalU4X2k2ZmM5WWxQTDJFZGZmcTFQVXBqd0trLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwLzrMA0G
CSqGSIb3DQEBCwUAA4IBAQBr7Q9bf9v0E/LW2B184zzrHLNhxrOhRFc2vRN6A9wD
mw1aPNERPqO4u1GvBVYc0AfiQEOGNYXrj15/dxCCm3qmdBaL8KoOG54HztLc2MyK
YKc3EaB3SuYo4wl/TTzWddPky/ISVjE0j9bsR+pADcR2hj+W2SYs3Pd7OSDLsxZc
G90CyERKpDBLSfIJoRMdGZfDM6n7XcAuVIgdKPBndA+w6Q5WFHJh6EpcNyyJUYw6
g5ftq26YggpDtNF0uCucrNApXd0uVTpF8cJmG+dfZeA2++Bl3JEU/n6JN9zbVx6U
hoEOAzuuq/BrAjD+2eVCwcZ1kwRoG6fIq/qMOclbuo37
-----END CERTIFICATE-----