Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/0xXbCURhYGAah-ub3QgpVnkd5sc.roa
File:                     0xXbCURhYGAah-ub3QgpVnkd5sc.roa (raw, json)
Hash identifier:          Q0oF/ybiwcu5gijOk6b+e5zoOovn/M1MtfwaMpdjGcE=
Subject key identifier:   D3:15:DB:09:44:61:60:60:1A:87:EB:9B:DD:08:29:56:79:1D:E6:C7
Certificate issuer:       /CN=2ecc5715c1676112eed6314594a59333c3d7e1e0
Certificate serial:       019DFF877D70808A9609DC2C4DF2681BAADF
Authority key identifier: 2E:CC:57:15:C1:67:61:12:EE:D6:31:45:94:A5:93:33:C3:D7:E1:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LsxXFcFnYRLu1jFFlKWTM8PX4eA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/0xXbCURhYGAah-ub3QgpVnkd5sc.roa
Signing time:             Wed 06 May 2026 23:02:42 +0000
ROA not before:           Wed 06 May 2026 23:02:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1299
IP address blocks:        109.104.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/LsxXFcFnYRLu1jFFlKWTM8PX4eA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/LsxXFcFnYRLu1jFFlKWTM8PX4eA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LsxXFcFnYRLu1jFFlKWTM8PX4eA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ff:87:7d:70:80:8a:96:09:dc:2c:4d:f2:68:1b:aa:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ecc5715c1676112eed6314594a59333c3d7e1e0
        Validity
            Not Before: May  6 23:02:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d315db09446160601a87eb9bdd082956791de6c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d1:60:8c:8f:61:09:46:fa:d3:7b:ba:04:0a:
                    82:b3:4f:7a:2c:b4:f1:30:58:53:e2:b0:f6:92:97:
                    34:11:10:36:c7:21:0d:ce:33:9e:c2:91:5d:77:7a:
                    cb:b1:4d:cb:9e:06:84:78:d6:a0:ae:4e:31:d0:a2:
                    45:0c:9d:cc:89:67:b6:43:73:1f:22:a3:c6:18:24:
                    5f:8a:ac:79:b4:3e:83:77:13:7b:13:e1:bc:31:7f:
                    bb:43:d5:29:1e:d4:df:d0:94:96:8f:23:39:2a:ab:
                    60:52:f6:5a:66:6d:9f:81:b2:1f:62:eb:2f:b7:4e:
                    94:ac:ac:4e:26:20:ad:1c:67:65:eb:4f:ef:19:57:
                    92:ba:68:a5:6c:69:d9:0a:30:f6:9d:c9:c0:5b:52:
                    9b:78:fe:c5:90:64:e0:ed:8c:f0:11:23:1c:0b:a6:
                    52:90:28:b8:2b:ce:54:d9:8d:68:af:03:db:ae:98:
                    8e:7c:78:9a:12:8d:fd:41:4a:fd:53:f8:fd:9b:fa:
                    85:d6:7f:30:ca:ce:b3:aa:a1:f1:fb:0d:bb:6e:df:
                    f1:c1:b1:be:2a:d0:7b:8b:37:8c:e5:c6:8a:02:d2:
                    50:15:43:ed:24:36:ff:7b:ab:3e:84:0d:29:09:ba:
                    db:5d:e3:4e:10:35:81:a2:ec:48:7c:cf:fc:a1:46:
                    67:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:15:DB:09:44:61:60:60:1A:87:EB:9B:DD:08:29:56:79:1D:E6:C7
            X509v3 Authority Key Identifier:
                keyid:2E:CC:57:15:C1:67:61:12:EE:D6:31:45:94:A5:93:33:C3:D7:E1:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LsxXFcFnYRLu1jFFlKWTM8PX4eA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/0xXbCURhYGAah-ub3QgpVnkd5sc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7ae10b-c5e1-4304-928b-36fd606d8d09/1/LsxXFcFnYRLu1jFFlKWTM8PX4eA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.104.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:ca:d6:c7:ca:04:ea:44:04:3d:cc:2a:d1:2e:2b:1e:a8:2c:
         0c:bf:52:21:ae:50:9c:a6:0e:61:04:19:84:60:de:ef:07:f1:
         d6:11:03:2a:b5:99:3c:ae:a2:0c:c8:13:9b:81:3f:2b:87:38:
         28:03:7a:84:92:cd:95:76:5a:c4:b0:53:b9:c3:06:b7:49:f2:
         ee:6c:2a:17:d6:fe:f0:cd:7a:df:53:a5:f6:97:1d:77:73:d0:
         dd:19:7e:67:d4:9d:7b:e6:67:76:f7:70:54:13:fe:b3:b3:80:
         31:cf:4f:52:eb:de:c8:2d:4d:cb:75:00:ad:ef:fa:a6:42:b3:
         1f:31:fa:40:5a:23:a6:84:a0:fc:a6:82:1c:a3:5e:05:2f:0e:
         fa:9d:e3:18:a3:8b:21:57:98:1c:98:13:cf:a0:a2:2d:d6:e2:
         16:31:4f:6c:4f:18:c6:15:70:fd:60:3c:fa:be:50:f4:57:20:
         90:22:db:c8:12:84:3c:a3:62:32:96:ab:b8:d0:76:0b:21:64:
         49:fa:ad:a9:2f:78:69:b3:ff:3a:b8:4e:d4:38:d8:93:b9:fa:
         41:58:81:82:b6:52:6f:29:94:1a:0a:6e:96:7f:81:42:66:d1:
         48:43:5d:9e:f5:4f:21:eb:f4:5c:15:f1:45:12:a5:c6:45:e2:
         8a:c9:9b:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3/h31wgIqWCdwsTfJoG6rfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlY2M1NzE1YzE2NzYxMTJlZWQ2MzE0NTk0YTU5MzMzYzNk
N2UxZTAwHhcNMjYwNTA2MjMwMjQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzE1ZGIwOTQ0NjE2MDYwMWE4N2ViOWJkZDA4Mjk1Njc5MWRlNmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndFgjI9hCUb603u6BAqCs096LLTx
MFhT4rD2kpc0ERA2xyENzjOewpFdd3rLsU3LngaEeNagrk4x0KJFDJ3MiWe2Q3Mf
IqPGGCRfiqx5tD6DdxN7E+G8MX+7Q9UpHtTf0JSWjyM5KqtgUvZaZm2fgbIfYusv
t06UrKxOJiCtHGdl60/vGVeSumilbGnZCjD2ncnAW1KbeP7FkGTg7YzwESMcC6ZS
kCi4K85U2Y1orwPbrpiOfHiaEo39QUr9U/j9m/qF1n8wys6zqqHx+w27bt/xwbG+
KtB7izeM5caKAtJQFUPtJDb/e6s+hA0pCbrbXeNOEDWBouxIfM/8oUZnrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMV2wlEYWBgGofrm90IKVZ5HebHMB8GA1UdIwQY
MBaAFC7MVxXBZ2ES7tYxRZSlkzPD1+HgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHN4WEZjRm5ZUkx1MWpGRmxLV1RNOFBYNGVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC83YWUxMGItYzVlMS00MzA0LTkyOGIt
MzZmZDYwNmQ4ZDA5LzEvMHhYYkNVUmhZR0FhaC11YjNRZ3BWbmtkNXNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC83YWUxMGItYzVlMS00MzA0LTkyOGItMzZmZDYwNmQ4ZDA5
LzEvTHN4WEZjRm5ZUkx1MWpGRmxLV1RNOFBYNGVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWh5MA0G
CSqGSIb3DQEBCwUAA4IBAQAPytbHygTqRAQ9zCrRLiseqCwMv1IhrlCcpg5hBBmE
YN7vB/HWEQMqtZk8rqIMyBObgT8rhzgoA3qEks2VdlrEsFO5wwa3SfLubCoX1v7w
zXrfU6X2lx13c9DdGX5n1J175md293BUE/6zs4Axz09S697ILU3LdQCt7/qmQrMf
MfpAWiOmhKD8poIco14FLw76neMYo4shV5gcmBPPoKIt1uIWMU9sTxjGFXD9YDz6
vlD0VyCQItvIEoQ8o2Iylqu40HYLIWRJ+q2pL3hps/86uE7UONiTufpBWIGCtlJv
KZQaCm6Wf4FCZtFIQ12e9U8h6/RcFfFFEqXGReKKyZvg
-----END CERTIFICATE-----