Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/egC3zL2cUp3aaiXlJmcLBaMKSPs.roa
File:                     egC3zL2cUp3aaiXlJmcLBaMKSPs.roa (raw, json)
Hash identifier:          nmgmEZEfITuVSOVlvyFC+es/MNYC6x357MQARjsIMxw=
Subject key identifier:   7A:00:B7:CC:BD:9C:52:9D:DA:6A:25:E5:26:67:0B:05:A3:0A:48:FB
Certificate issuer:       /CN=0c05ca111c0093b56514215be467b515dda56c06
Certificate serial:       019E175A683F89B9DD14F89DAB643AE990B6
Authority key identifier: 0C:05:CA:11:1C:00:93:B5:65:14:21:5B:E4:67:B5:15:DD:A5:6C:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/egC3zL2cUp3aaiXlJmcLBaMKSPs.roa
Signing time:             Mon 11 May 2026 14:04:21 +0000
ROA not before:           Mon 11 May 2026 14:04:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215787
IP address blocks:        165.217.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:17:5a:68:3f:89:b9:dd:14:f8:9d:ab:64:3a:e9:90:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c05ca111c0093b56514215be467b515dda56c06
        Validity
            Not Before: May 11 14:04:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a00b7ccbd9c529dda6a25e526670b05a30a48fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:1b:69:7a:69:04:43:0b:c7:ff:49:dc:5f:93:
                    6a:ca:d6:5a:ef:96:15:78:2f:72:06:57:eb:68:86:
                    a2:4e:f2:43:fc:26:cd:72:83:7f:f3:b2:49:ca:1e:
                    7a:f5:8e:20:ec:17:fa:92:1b:d2:b3:07:36:eb:01:
                    f8:77:0b:21:fd:72:4d:12:ea:c9:06:60:67:1d:02:
                    cf:a4:09:1b:4a:a4:2e:dd:8c:b0:9e:1e:99:43:57:
                    ef:52:74:dd:a6:ae:34:96:9d:a1:76:6a:31:d6:a0:
                    59:f3:73:ab:00:68:7f:9f:24:64:4f:56:cf:eb:1d:
                    39:d9:fe:57:45:2f:14:d8:b8:df:d2:7f:53:c3:25:
                    2c:55:44:59:fc:3c:88:81:a7:96:a8:7e:ee:38:6d:
                    41:9c:71:ac:03:44:d5:1a:4c:38:23:6a:33:ad:88:
                    df:f1:91:e3:67:d8:cf:b2:3f:3e:83:70:d9:e3:c2:
                    d3:06:d1:86:96:56:23:3a:68:c0:21:2c:ba:42:99:
                    84:7e:4a:f7:e2:da:d5:5a:ec:45:f8:05:58:f9:af:
                    ab:d5:c4:72:4e:ac:f4:b7:5d:54:76:a4:80:0d:42:
                    95:72:42:c6:8d:a6:b1:c5:74:43:47:7a:d6:8a:18:
                    5a:7c:44:20:89:6f:c0:78:6c:07:22:27:9c:a6:25:
                    ae:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:00:B7:CC:BD:9C:52:9D:DA:6A:25:E5:26:67:0B:05:A3:0A:48:FB
            X509v3 Authority Key Identifier:
                keyid:0C:05:CA:11:1C:00:93:B5:65:14:21:5B:E4:67:B5:15:DD:A5:6C:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/egC3zL2cUp3aaiXlJmcLBaMKSPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.217.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:bc:33:9f:77:9d:8e:68:cd:58:c0:79:8b:9a:ea:9f:a8:c5:
         0c:dd:7c:65:ab:08:3b:49:27:70:5d:fc:e0:20:2e:f4:1c:78:
         ee:64:a0:8e:1b:1d:b3:f3:9e:cc:9b:d2:c1:86:11:1d:cc:ad:
         d2:5f:74:6d:9b:21:ac:3e:88:5a:41:27:38:f5:1b:06:c4:cc:
         0c:52:54:2e:61:62:f5:f4:c8:48:e6:3d:45:42:07:cd:5a:c4:
         cb:15:d8:ff:c7:77:df:6d:b9:ce:39:03:ea:a7:a0:25:1e:53:
         12:cd:bb:d0:d8:6a:da:37:20:e6:e4:ab:51:4b:16:e3:ed:0e:
         9e:cb:89:96:9e:21:1d:24:77:03:de:e2:fd:38:4e:34:51:ff:
         94:d6:f5:91:e5:f6:d2:d9:b1:82:53:b6:67:f1:23:dc:5f:e3:
         b9:ff:53:26:b2:b3:5d:38:fe:7f:11:9b:8c:62:71:d9:c2:8d:
         61:f9:f4:d5:94:d2:d5:72:73:6f:07:4f:ca:4a:bc:7c:30:b4:
         e2:60:f6:fd:b2:88:5c:a9:a6:16:41:f7:aa:86:21:9c:8e:65:
         15:b5:26:5f:75:25:25:4c:02:e6:00:6e:04:89:a5:3e:98:fc:
         8d:2a:84:46:9e:68:54:25:56:ae:3f:2f:cb:98:e9:c0:38:3f:
         37:1e:bb:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4XWmg/ibndFPidq2Q66ZC2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMDVjYTExMWMwMDkzYjU2NTE0MjE1YmU0NjdiNTE1ZGRh
NTZjMDYwHhcNMjYwNTExMTQwNDIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTAwYjdjY2JkOWM1MjlkZGE2YTI1ZTUyNjY3MGIwNWEzMGE0OGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhtpemkEQwvH/0ncX5NqytZa75YV
eC9yBlfraIaiTvJD/CbNcoN/87JJyh569Y4g7Bf6khvSswc26wH4dwsh/XJNEurJ
BmBnHQLPpAkbSqQu3Yywnh6ZQ1fvUnTdpq40lp2hdmox1qBZ83OrAGh/nyRkT1bP
6x052f5XRS8U2Ljf0n9TwyUsVURZ/DyIgaeWqH7uOG1BnHGsA0TVGkw4I2ozrYjf
8ZHjZ9jPsj8+g3DZ48LTBtGGllYjOmjAISy6QpmEfkr34trVWuxF+AVY+a+r1cRy
Tqz0t11UdqSADUKVckLGjaaxxXRDR3rWihhafEQgiW/AeGwHIiecpiWujwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHoAt8y9nFKd2mol5SZnCwWjCkj7MB8GA1UdIwQY
MBaAFAwFyhEcAJO1ZRQhW+RntRXdpWwGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREFYS0VSd0FrN1ZsRkNGYjVHZTFGZDJsYkFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wZmJmNDgtNWRiNy00OWZlLWJmNDQt
NmEzNjcwNWJiYTZmLzEvZWdDM3pMMmNVcDNhYWlYbEptY0xCYU1LU1BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wZmJmNDgtNWRiNy00OWZlLWJmNDQtNmEzNjcwNWJiYTZm
LzEvREFYS0VSd0FrN1ZsRkNGYjVHZTFGZDJsYkFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApdmhMA0G
CSqGSIb3DQEBCwUAA4IBAQBIvDOfd52OaM1YwHmLmuqfqMUM3Xxlqwg7SSdwXfzg
IC70HHjuZKCOGx2z857Mm9LBhhEdzK3SX3RtmyGsPohaQSc49RsGxMwMUlQuYWL1
9MhI5j1FQgfNWsTLFdj/x3ffbbnOOQPqp6AlHlMSzbvQ2GraNyDm5KtRSxbj7Q6e
y4mWniEdJHcD3uL9OE40Uf+U1vWR5fbS2bGCU7Zn8SPcX+O5/1MmsrNdOP5/EZuM
YnHZwo1h+fTVlNLVcnNvB0/KSrx8MLTiYPb9sohcqaYWQfeqhiGcjmUVtSZfdSUl
TALmAG4EiaU+mPyNKoRGnmhUJVauPy/LmOnAOD83Hrvl
-----END CERTIFICATE-----