Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/DjQ-qqdGLyk0J0-Q6KE8QTK1l5I.roa
File:                     DjQ-qqdGLyk0J0-Q6KE8QTK1l5I.roa (raw, json)
Hash identifier:          2kspOMks74vGM2U9gOOhBlTddSye/4LpI+4FBaV1VPI=
Subject key identifier:   0E:34:3E:AA:A7:46:2F:29:34:27:4F:90:E8:A1:3C:41:32:B5:97:92
Certificate issuer:       /CN=31683805b23d8b787d6921053d7ebae970408a19
Certificate serial:       019E0C4F7ED5A75B9595A706CDE5C088D8F9
Authority key identifier: 31:68:38:05:B2:3D:8B:78:7D:69:21:05:3D:7E:BA:E9:70:40:8A:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MWg4BbI9i3h9aSEFPX666XBAihk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/DjQ-qqdGLyk0J0-Q6KE8QTK1l5I.roa
Signing time:             Sat 09 May 2026 10:36:36 +0000
ROA not before:           Sat 09 May 2026 10:36:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214735
IP address blocks:        194.156.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/MWg4BbI9i3h9aSEFPX666XBAihk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/MWg4BbI9i3h9aSEFPX666XBAihk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MWg4BbI9i3h9aSEFPX666XBAihk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:0c:4f:7e:d5:a7:5b:95:95:a7:06:cd:e5:c0:88:d8:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31683805b23d8b787d6921053d7ebae970408a19
        Validity
            Not Before: May  9 10:36:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0e343eaaa7462f2934274f90e8a13c4132b59792
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:2e:6c:31:e1:d5:76:bb:c7:2e:70:2e:0a:3f:
                    7b:3e:d8:1e:06:e3:e6:fa:33:29:96:37:2d:e5:0a:
                    68:ca:e4:4a:6c:17:43:03:aa:b9:9c:7f:76:f5:95:
                    04:95:4e:00:f0:5e:d5:02:af:a6:62:5e:b9:a3:0a:
                    10:b7:9c:d7:b2:2f:7d:bd:69:20:cf:c6:2c:a8:98:
                    54:c2:d2:7d:d6:f2:7e:7c:04:c1:d2:e8:ac:36:1d:
                    d4:58:9a:9a:01:a4:fd:0e:bd:f2:6f:65:38:85:ed:
                    ec:9c:7d:3e:19:9b:00:88:c4:e2:2e:79:3b:3f:db:
                    3e:7e:f3:cb:18:89:0d:ad:6d:a2:1b:c0:7a:e1:05:
                    31:cb:82:11:f3:df:4d:d3:c4:8f:07:25:5e:12:43:
                    79:39:88:43:25:1a:b5:bd:3f:64:bf:c2:8f:9e:e9:
                    13:08:14:7b:26:ef:b3:63:83:9a:f6:eb:bb:a8:b7:
                    03:9a:9a:98:52:28:e0:26:f1:a8:ef:8d:99:de:79:
                    74:7c:89:7e:bc:d3:88:ef:1e:25:0e:b6:e9:97:bc:
                    d7:87:41:68:15:59:98:44:49:73:18:b7:41:9d:47:
                    01:55:57:7f:d2:23:1c:dc:4e:aa:74:19:ab:c9:bf:
                    15:11:20:45:49:b9:83:91:08:3b:3b:1d:8c:f3:5f:
                    dc:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:34:3E:AA:A7:46:2F:29:34:27:4F:90:E8:A1:3C:41:32:B5:97:92
            X509v3 Authority Key Identifier:
                keyid:31:68:38:05:B2:3D:8B:78:7D:69:21:05:3D:7E:BA:E9:70:40:8A:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MWg4BbI9i3h9aSEFPX666XBAihk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/DjQ-qqdGLyk0J0-Q6KE8QTK1l5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/ea3528-45b9-47a4-9612-2a456fd096ab/1/MWg4BbI9i3h9aSEFPX666XBAihk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:0a:fb:f8:ec:26:6d:c3:66:b2:de:e9:33:2e:a3:6f:9c:ca:
         35:d5:aa:30:b2:f7:4d:63:69:8b:41:69:a2:b2:08:d7:fc:12:
         52:33:05:ad:ef:40:8a:cf:42:e4:78:78:09:75:a3:d1:8b:e8:
         03:54:3f:0c:c1:2b:cb:28:b7:92:e0:66:ab:f9:85:dd:c3:3a:
         9d:2b:f9:f9:ce:25:20:e0:c9:b1:2d:17:b3:31:4e:01:07:38:
         ff:7b:f9:7a:21:be:db:17:f1:95:ff:20:9b:68:0a:30:ef:ad:
         67:b2:b9:0f:c0:4a:ff:30:ae:28:c7:bd:e4:97:08:aa:31:dc:
         76:75:44:83:67:d1:f0:ed:2c:ee:6a:70:92:fe:5d:1f:21:a3:
         66:7f:a7:1c:b5:ae:2f:83:2f:3d:2e:23:08:d3:63:c5:25:3d:
         cc:ad:fc:63:1f:2c:50:0a:2f:54:cb:db:23:ca:15:5d:ff:a0:
         83:af:bd:3a:2c:3b:94:15:ff:76:b2:32:6a:2e:bc:9b:12:c0:
         5e:c0:83:8c:34:31:31:c3:4c:ad:82:04:75:b4:1c:0a:45:89:
         63:98:d8:ee:07:b4:ac:e4:a6:2e:1c:87:49:60:65:11:40:5d:
         1f:9a:7d:cb:47:69:17:8e:67:ca:93:6b:02:c6:9c:06:5d:1a:
         91:63:dd:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4MT37Vp1uVlacGzeXAiNj5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxNjgzODA1YjIzZDhiNzg3ZDY5MjEwNTNkN2ViYWU5NzA0
MDhhMTkwHhcNMjYwNTA5MTAzNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTM0M2VhYWE3NDYyZjI5MzQyNzRmOTBlOGExM2M0MTMyYjU5NzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAni5sMeHVdrvHLnAuCj97PtgeBuPm
+jMpljct5QpoyuRKbBdDA6q5nH929ZUElU4A8F7VAq+mYl65owoQt5zXsi99vWkg
z8YsqJhUwtJ91vJ+fATB0uisNh3UWJqaAaT9Dr3yb2U4he3snH0+GZsAiMTiLnk7
P9s+fvPLGIkNrW2iG8B64QUxy4IR899N08SPByVeEkN5OYhDJRq1vT9kv8KPnukT
CBR7Ju+zY4Oa9uu7qLcDmpqYUijgJvGo742Z3nl0fIl+vNOI7x4lDrbpl7zXh0Fo
FVmYRElzGLdBnUcBVVd/0iMc3E6qdBmryb8VESBFSbmDkQg7Ox2M81/cRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA40PqqnRi8pNCdPkOihPEEytZeSMB8GA1UdIwQY
MBaAFDFoOAWyPYt4fWkhBT1+uulwQIoZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVdnNEJiSTlpM2g5YVNFRlBYNjY2WEJBaWhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9lYTM1MjgtNDViOS00N2E0LTk2MTIt
MmE0NTZmZDA5NmFiLzEvRGpRLXFxZEdMeWswSjAtUTZLRThRVEsxbDVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9lYTM1MjgtNDViOS00N2E0LTk2MTItMmE0NTZmZDA5NmFi
LzEvTVdnNEJiSTlpM2g5YVNFRlBYNjY2WEJBaWhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpxNMA0G
CSqGSIb3DQEBCwUAA4IBAQB3Cvv47CZtw2ay3ukzLqNvnMo11aowsvdNY2mLQWmi
sgjX/BJSMwWt70CKz0LkeHgJdaPRi+gDVD8MwSvLKLeS4Gar+YXdwzqdK/n5ziUg
4MmxLRezMU4BBzj/e/l6Ib7bF/GV/yCbaAow761nsrkPwEr/MK4ox73klwiqMdx2
dUSDZ9Hw7SzuanCS/l0fIaNmf6ccta4vgy89LiMI02PFJT3MrfxjHyxQCi9Uy9sj
yhVd/6CDr706LDuUFf92sjJqLrybEsBewIOMNDExw0ytggR1tBwKRYljmNjuB7Ss
5KYuHIdJYGURQF0fmn3LR2kXjmfKk2sCxpwGXRqRY90H
-----END CERTIFICATE-----