Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/CVTxoP_KJkDU7fNvPooLGjPG2rE.roa
File:                     CVTxoP_KJkDU7fNvPooLGjPG2rE.roa (raw, json)
Hash identifier:          79oXGvlJBmIMo7hR1C/lZsYh1py0mV+kjk3oYt0HEbg=
Subject key identifier:   09:54:F1:A0:FF:CA:26:40:D4:ED:F3:6F:3E:8A:0B:1A:33:C6:DA:B1
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019E1DBEB155661755D1BAB0B9E26BF73EA0
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/CVTxoP_KJkDU7fNvPooLGjPG2rE.roa
Signing time:             Tue 12 May 2026 19:51:36 +0000
ROA not before:           Tue 12 May 2026 19:51:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47007
IP address blocks:        194.93.4.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:51:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1d:be:b1:55:66:17:55:d1:ba:b0:b9:e2:6b:f7:3e:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: May 12 19:51:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0954f1a0ffca2640d4edf36f3e8a0b1a33c6dab1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:7b:11:ea:c4:46:24:64:2e:79:1a:72:de:83:
                    df:d8:e8:1b:02:50:0b:ef:08:55:c3:67:e0:94:68:
                    49:b1:96:d7:60:51:e4:66:58:e9:43:d8:84:b1:ef:
                    03:10:aa:a4:53:e1:75:36:6e:20:35:f9:23:09:88:
                    3c:e4:95:c3:b9:b7:c6:50:cd:16:da:70:16:21:78:
                    f8:d5:d5:ae:7b:47:b1:5c:b6:9a:e7:4b:ef:f1:a7:
                    e7:40:f2:55:55:ff:d1:f0:c5:d4:96:c3:61:a0:28:
                    44:f4:0e:0f:fb:04:7c:23:bf:ce:6a:59:b5:07:37:
                    14:7a:ad:87:15:3d:cc:46:41:15:1e:36:fc:08:67:
                    5e:f5:82:a9:3d:56:f6:84:56:5e:ff:d5:83:51:72:
                    37:67:4f:af:ec:ed:e8:62:53:1a:b8:68:99:8d:e5:
                    34:9a:5d:78:d1:d4:8f:d7:c4:24:6f:ba:8b:1b:8f:
                    e5:1b:85:e0:72:44:e8:54:b6:76:5e:3a:03:6f:fe:
                    84:1f:3f:f8:72:75:c4:44:c7:c4:69:94:4a:d6:93:
                    f6:cf:b0:b9:e2:7f:61:3b:21:af:f8:ce:08:23:e2:
                    f2:31:c3:47:90:46:3f:73:92:4b:99:c7:dd:dc:c3:
                    b9:47:71:12:8d:2c:7f:aa:1d:b0:54:55:d3:ff:c6:
                    a1:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:54:F1:A0:FF:CA:26:40:D4:ED:F3:6F:3E:8A:0B:1A:33:C6:DA:B1
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/CVTxoP_KJkDU7fNvPooLGjPG2rE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.93.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:a5:aa:fc:61:52:78:14:0d:13:93:e9:1f:5d:b8:87:02:08:
         bd:40:10:f9:41:1e:c7:4f:f4:7d:d4:ab:4a:0d:82:a5:e0:d2:
         de:06:92:c4:46:6b:4b:92:9e:cc:3e:e6:35:f6:46:88:3e:e2:
         8d:4d:89:4d:31:6d:c0:d0:2c:ea:e9:d5:b1:8d:58:19:56:f8:
         fb:e9:0f:b8:04:98:29:8d:71:36:22:94:56:e3:05:72:6b:49:
         3e:1b:67:de:10:57:75:d7:d9:35:66:c9:e5:6d:c3:d6:a8:e7:
         9d:60:52:f3:35:d0:ba:81:dd:a0:d1:fa:fd:b9:eb:a4:48:2f:
         23:3c:10:6c:00:56:f3:9a:85:e5:8f:86:c7:b6:c5:12:cb:90:
         46:d9:62:0b:0f:19:25:45:91:9b:d2:ff:7e:15:1b:ae:57:75:
         f5:ff:88:a3:35:f5:4a:13:26:a7:9a:52:79:3a:1d:56:6d:67:
         f6:46:1a:2b:3d:53:8d:e1:df:c1:75:b7:fe:47:9f:50:04:99:
         87:02:ca:30:c8:14:0e:c3:4c:74:ba:e4:48:15:5c:c9:11:f4:
         d1:04:43:71:24:b6:b0:d3:37:c5:1a:76:a8:6f:bc:8e:30:dd:
         b5:4d:f8:6d:29:29:db:1b:1f:4c:e2:eb:db:81:b1:19:d0:ae:
         5e:95:c6:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4dvrFVZhdV0bqwueJr9z6gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNTEyMTk1MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTU0ZjFhMGZmY2EyNjQwZDRlZGYzNmYzZThhMGIxYTMzYzZkYWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHsR6sRGJGQueRpy3oPf2OgbAlAL
7whVw2fglGhJsZbXYFHkZljpQ9iEse8DEKqkU+F1Nm4gNfkjCYg85JXDubfGUM0W
2nAWIXj41dWue0exXLaa50vv8afnQPJVVf/R8MXUlsNhoChE9A4P+wR8I7/Oalm1
BzcUeq2HFT3MRkEVHjb8CGde9YKpPVb2hFZe/9WDUXI3Z0+v7O3oYlMauGiZjeU0
ml140dSP18Qkb7qLG4/lG4XgckToVLZ2XjoDb/6EHz/4cnXERMfEaZRK1pP2z7C5
4n9hOyGv+M4II+LyMcNHkEY/c5JLmcfd3MO5R3ESjSx/qh2wVFXT/8ahlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlU8aD/yiZA1O3zbz6KCxozxtqxMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvQ1ZUeG9QX0tKa0RVN2ZOdlBvb0xHalBHMnJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwl0EMA0G
CSqGSIb3DQEBCwUAA4IBAQAhpar8YVJ4FA0Tk+kfXbiHAgi9QBD5QR7HT/R91KtK
DYKl4NLeBpLERmtLkp7MPuY19kaIPuKNTYlNMW3A0Czq6dWxjVgZVvj76Q+4BJgp
jXE2IpRW4wVya0k+G2feEFd119k1ZsnlbcPWqOedYFLzNdC6gd2g0fr9ueukSC8j
PBBsAFbzmoXlj4bHtsUSy5BG2WILDxklRZGb0v9+FRuuV3X1/4ijNfVKEyanmlJ5
Oh1WbWf2RhorPVON4d/Bdbf+R59QBJmHAsowyBQOw0x0uuRIFVzJEfTRBENxJLaw
0zfFGnaob7yOMN21TfhtKSnbGx9M4uvbgbEZ0K5elcap
-----END CERTIFICATE-----