Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/663331-31dc-4ddf-84e0-5f90a2f90d03/1/EGLmRqYL0UveAe7GdroCAjp3RnU.roa
File:                     EGLmRqYL0UveAe7GdroCAjp3RnU.roa (raw, json)
Hash identifier:          K+cn6n/T0n+kIunjtfeLS+AwVWl7DCEWXgHG3rTv6jw=
Subject key identifier:   10:62:E6:46:A6:0B:D1:4B:DE:01:EE:C6:76:BA:02:02:3A:77:46:75
Certificate issuer:       /CN=66c3070a745b2c167e101a161d2648a1bc977991
Certificate serial:       019B7AC881A7849DA7686AE5C83AA2B1C55F
Authority key identifier: 66:C3:07:0A:74:5B:2C:16:7E:10:1A:16:1D:26:48:A1:BC:97:79:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZsMHCnRbLBZ-EBoWHSZIobyXeZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/663331-31dc-4ddf-84e0-5f90a2f90d03/1/EGLmRqYL0UveAe7GdroCAjp3RnU.roa
Signing time:             Thu 01 Jan 2026 18:18:39 +0000
ROA not before:           Thu 01 Jan 2026 18:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42095
IP address blocks:        195.64.136.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/663331-31dc-4ddf-84e0-5f90a2f90d03/1/ZsMHCnRbLBZ-EBoWHSZIobyXeZE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/663331-31dc-4ddf-84e0-5f90a2f90d03/1/ZsMHCnRbLBZ-EBoWHSZIobyXeZE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZsMHCnRbLBZ-EBoWHSZIobyXeZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:81:a7:84:9d:a7:68:6a:e5:c8:3a:a2:b1:c5:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66c3070a745b2c167e101a161d2648a1bc977991
        Validity
            Not Before: Jan  1 18:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1062e646a60bd14bde01eec676ba02023a774675
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:48:55:b2:f4:4c:a2:c1:f4:be:e5:6b:0b:34:
                    4e:b2:8e:72:3c:94:0b:31:16:a4:ab:d6:ba:02:27:
                    c5:d1:7e:b7:c4:54:69:54:38:b4:2a:aa:0e:37:91:
                    bf:d9:4f:91:a5:28:44:ab:d9:de:67:a8:7c:d3:dd:
                    6e:cf:49:df:a7:52:8d:45:72:33:ba:9d:11:44:e3:
                    08:8c:b5:42:18:25:3d:bf:64:72:f1:14:bd:6a:72:
                    a0:6e:ce:06:5c:7d:db:1f:09:85:6b:02:2d:7e:48:
                    4c:46:dd:b7:cc:b9:ff:04:74:f1:eb:3a:8b:e8:b6:
                    d8:a3:44:38:3e:15:f5:41:da:67:41:b6:83:05:54:
                    87:10:3e:6f:d5:a4:08:50:24:f0:d7:5a:9d:84:ee:
                    62:af:91:c8:a6:f6:b5:43:6a:b4:4b:13:45:45:66:
                    c0:78:81:36:a3:25:1a:61:b5:59:3a:fa:77:bf:f8:
                    cf:95:89:ad:d5:b5:e9:ab:08:7f:a6:3c:3c:85:47:
                    01:bb:a3:68:83:54:55:7f:3c:db:03:7f:04:4f:8d:
                    6e:14:95:a0:7d:b2:d9:5b:a6:b0:0c:13:bf:d1:ed:
                    9a:b9:79:28:e2:80:25:bb:19:29:57:99:8c:98:de:
                    83:bf:08:62:ab:91:3a:41:bb:ad:6e:2a:be:ca:5d:
                    06:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:62:E6:46:A6:0B:D1:4B:DE:01:EE:C6:76:BA:02:02:3A:77:46:75
            X509v3 Authority Key Identifier:
                keyid:66:C3:07:0A:74:5B:2C:16:7E:10:1A:16:1D:26:48:A1:BC:97:79:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZsMHCnRbLBZ-EBoWHSZIobyXeZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/663331-31dc-4ddf-84e0-5f90a2f90d03/1/EGLmRqYL0UveAe7GdroCAjp3RnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/663331-31dc-4ddf-84e0-5f90a2f90d03/1/ZsMHCnRbLBZ-EBoWHSZIobyXeZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:76:72:17:6d:9d:45:15:b5:7c:15:6a:57:56:55:d2:5d:04:
         4e:32:d4:92:8c:41:5d:aa:68:da:66:26:cf:22:2d:78:ad:b7:
         70:b8:ce:a5:02:88:31:7e:0c:f6:51:d9:fa:20:2f:8d:d0:2d:
         72:4a:23:59:59:73:62:21:fb:b2:d3:86:37:02:c4:ea:a6:3e:
         90:c5:88:60:3c:55:cb:22:d9:d7:5a:e9:df:69:e0:ed:b0:22:
         1f:16:dc:38:4f:04:e4:0a:78:76:56:3e:1a:54:ca:10:8f:24:
         8f:83:96:d6:b9:1e:27:5f:28:ee:4f:a2:c1:bb:52:c2:f7:79:
         52:8f:54:ea:fe:68:26:c7:36:dd:b6:ad:e6:e9:07:88:11:5d:
         8b:0b:03:13:0f:8a:37:f8:b8:88:c1:70:14:17:ea:02:54:be:
         4a:2a:ae:0e:41:90:ab:d2:8f:f4:2c:ac:ee:50:ba:3d:1d:20:
         61:a4:58:47:80:22:86:01:1b:11:e4:0c:61:d6:83:11:91:fc:
         e4:e4:dd:e2:98:41:2c:d9:1c:8b:6a:65:bd:6b:b7:e9:10:d8:
         05:e0:de:ba:63:22:d9:3e:14:27:3b:90:43:a4:9c:6c:5c:4f:
         c1:fc:23:97:7f:53:5e:55:c4:d7:01:86:77:1f:5c:8b:01:2d:
         93:e9:b6:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yIGnhJ2naGrlyDqiscVfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2YzMwNzBhNzQ1YjJjMTY3ZTEwMWExNjFkMjY0OGExYmM5
Nzc5OTEwHhcNMjYwMTAxMTgxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDYyZTY0NmE2MGJkMTRiZGUwMWVlYzY3NmJhMDIwMjNhNzc0Njc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkhVsvRMosH0vuVrCzROso5yPJQL
MRakq9a6AifF0X63xFRpVDi0KqoON5G/2U+RpShEq9neZ6h8091uz0nfp1KNRXIz
up0RROMIjLVCGCU9v2Ry8RS9anKgbs4GXH3bHwmFawItfkhMRt23zLn/BHTx6zqL
6LbYo0Q4PhX1QdpnQbaDBVSHED5v1aQIUCTw11qdhO5ir5HIpva1Q2q0SxNFRWbA
eIE2oyUaYbVZOvp3v/jPlYmt1bXpqwh/pjw8hUcBu6Nog1RVfzzbA38ET41uFJWg
fbLZW6awDBO/0e2auXko4oAluxkpV5mMmN6Dvwhiq5E6Qbutbiq+yl0GBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBBi5kamC9FL3gHuxna6AgI6d0Z1MB8GA1UdIwQY
MBaAFGbDBwp0WywWfhAaFh0mSKG8l3mRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnNNSENuUmJMQlotRUJvV0hTWklvYnlYZVpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC82NjMzMzEtMzFkYy00ZGRmLTg0ZTAt
NWY5MGEyZjkwZDAzLzEvRUdMbVJxWUwwVXZlQWU3R2Ryb0NBanAzUm5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC82NjMzMzEtMzFkYy00ZGRmLTg0ZTAtNWY5MGEyZjkwZDAz
LzEvWnNNSENuUmJMQlotRUJvV0hTWklvYnlYZVpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw0CIMA0G
CSqGSIb3DQEBCwUAA4IBAQACdnIXbZ1FFbV8FWpXVlXSXQROMtSSjEFdqmjaZibP
Ii14rbdwuM6lAogxfgz2Udn6IC+N0C1ySiNZWXNiIfuy04Y3AsTqpj6QxYhgPFXL
ItnXWunfaeDtsCIfFtw4TwTkCnh2Vj4aVMoQjySPg5bWuR4nXyjuT6LBu1LC93lS
j1Tq/mgmxzbdtq3m6QeIEV2LCwMTD4o3+LiIwXAUF+oCVL5KKq4OQZCr0o/0LKzu
ULo9HSBhpFhHgCKGARsR5Axh1oMRkfzk5N3imEEs2RyLamW9a7fpENgF4N66YyLZ
PhQnO5BDpJxsXE/B/COXf1NeVcTXAYZ3H1yLAS2T6bYg
-----END CERTIFICATE-----