Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bBidNeH26-5aKs-cLEr3hxUaSZw.roa
File:                     bBidNeH26-5aKs-cLEr3hxUaSZw.roa (raw, json)
Hash identifier:          FCUWlnCDFlkxUyV9GKY/G6k76JkBAHiTtKKJT6aKYcA=
Subject key identifier:   6C:18:9D:35:E1:F6:EB:EE:5A:2A:CF:9C:2C:4A:F7:87:15:1A:49:9C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019EB538657EF0065707082DCC3F17D95CBA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bBidNeH26-5aKs-cLEr3hxUaSZw.roa
Signing time:             Thu 11 Jun 2026 05:47:12 +0000
ROA not before:           Thu 11 Jun 2026 05:47:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209946
IP address blocks:        193.148.56.0/24 maxlen: 24
                          193.148.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b5:38:65:7e:f0:06:57:07:08:2d:cc:3f:17:d9:5c:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun 11 05:47:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c189d35e1f6ebee5a2acf9c2c4af787151a499c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:8a:64:4b:b8:97:ac:b9:70:24:d2:65:9f:21:
                    1f:61:1f:44:08:9e:62:5c:ce:c2:76:26:e2:e3:fb:
                    40:6f:68:9d:67:fd:6e:70:f1:f3:d7:aa:15:37:c7:
                    fe:60:23:92:c4:d9:c6:b0:f7:23:b2:ca:38:d3:93:
                    12:57:df:f1:1e:fd:42:91:43:b8:41:ae:f5:e3:a1:
                    9d:6b:ae:fb:39:d5:50:cc:c8:84:5f:9e:3f:98:34:
                    75:cd:7b:af:77:0d:68:a6:19:21:88:68:90:e0:fc:
                    18:48:2f:66:3b:ac:b9:3e:11:ec:8d:f4:64:0a:36:
                    ed:0b:52:24:b3:39:f3:e6:9c:08:46:b1:56:d7:1a:
                    a5:8b:9a:19:61:da:8e:e5:34:9e:84:66:e9:93:7a:
                    49:fc:7f:e4:6c:c6:5c:88:ad:92:ff:5c:0c:91:93:
                    5d:4a:1a:dc:e9:dd:3b:44:6c:8b:81:49:c6:71:34:
                    38:e4:e2:24:3a:5b:c6:c9:2d:e5:8c:2f:7e:f9:43:
                    61:87:51:16:46:24:6c:f1:9e:a6:8d:a9:e8:5c:e6:
                    f8:2e:c3:56:d2:e7:af:3e:4a:2b:1b:0b:c1:7d:2f:
                    ad:f7:59:3b:9e:5e:db:96:01:63:9f:bc:be:36:b6:
                    9d:28:99:c1:e8:01:31:82:d6:f6:b7:82:34:a0:00:
                    83:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:18:9D:35:E1:F6:EB:EE:5A:2A:CF:9C:2C:4A:F7:87:15:1A:49:9C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bBidNeH26-5aKs-cLEr3hxUaSZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.148.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:19:4d:e6:1e:26:c7:68:2c:45:bd:32:ed:6b:4f:85:82:6e:
         e3:65:2d:9c:e3:03:d2:eb:c7:d9:c9:49:b8:29:c8:38:3b:8e:
         0b:53:39:50:b2:1f:53:3c:10:a1:a5:e7:48:91:c9:18:10:bc:
         a8:17:2f:48:85:a0:52:ec:be:f1:10:a9:10:3e:41:3b:31:ba:
         d5:09:f7:48:08:19:0a:4b:82:ee:35:a6:03:96:ba:bb:02:1a:
         be:2b:61:b3:4a:58:88:58:c0:20:30:28:84:79:90:5f:4e:da:
         df:63:73:25:3a:d6:cf:1a:79:2f:3d:3f:16:49:99:c0:78:1d:
         83:5b:4b:26:c6:d2:93:b2:03:a9:bf:19:45:68:ff:19:a5:5c:
         ea:0a:a3:7d:ec:14:1f:34:78:74:42:1d:ce:66:47:fd:d6:21:
         15:70:65:42:e0:cf:21:27:e8:27:b5:39:d7:9b:45:ba:5d:1f:
         59:e3:7a:3f:90:29:f2:d0:0e:b9:e6:29:d2:8c:dd:60:24:16:
         f3:25:45:25:e1:b3:01:a4:fe:3e:a1:12:93:58:30:e8:da:6f:
         43:97:4a:84:34:d6:51:9b:a9:ff:81:00:96:6a:6b:c2:35:ab:
         29:3c:60:6a:ac:7f:03:e3:cc:68:5e:c2:42:d7:46:ff:67:1f:
         23:48:e8:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ61OGV+8AZXBwgtzD8X2Vy6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwNjExMDU0NzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzE4OWQzNWUxZjZlYmVlNWEyYWNmOWMyYzRhZjc4NzE1MWE0OTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuopkS7iXrLlwJNJlnyEfYR9ECJ5i
XM7Cdibi4/tAb2idZ/1ucPHz16oVN8f+YCOSxNnGsPcjsso405MSV9/xHv1CkUO4
Qa7146Gda677OdVQzMiEX54/mDR1zXuvdw1ophkhiGiQ4PwYSC9mO6y5PhHsjfRk
CjbtC1Iksznz5pwIRrFW1xqli5oZYdqO5TSehGbpk3pJ/H/kbMZciK2S/1wMkZNd
Shrc6d07RGyLgUnGcTQ45OIkOlvGyS3ljC9++UNhh1EWRiRs8Z6mjanoXOb4LsNW
0uevPkorGwvBfS+t91k7nl7blgFjn7y+NradKJnB6AExgtb2t4I0oACDRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwYnTXh9uvuWirPnCxK94cVGkmcMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYkJpZE5lSDI2LTVhS3MtY0xFcjNoeFVhU1p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwZQ4MA0G
CSqGSIb3DQEBCwUAA4IBAQCDGU3mHibHaCxFvTLta0+Fgm7jZS2c4wPS68fZyUm4
Kcg4O44LUzlQsh9TPBChpedIkckYELyoFy9IhaBS7L7xEKkQPkE7MbrVCfdICBkK
S4LuNaYDlrq7Ahq+K2GzSliIWMAgMCiEeZBfTtrfY3MlOtbPGnkvPT8WSZnAeB2D
W0smxtKTsgOpvxlFaP8ZpVzqCqN97BQfNHh0Qh3OZkf91iEVcGVC4M8hJ+gntTnX
m0W6XR9Z43o/kCny0A655inSjN1gJBbzJUUl4bMBpP4+oRKTWDDo2m9Dl0qENNZR
m6n/gQCWamvCNaspPGBqrH8D48xoXsJC10b/Zx8jSOju
-----END CERTIFICATE-----