Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/c27fa6-b2b0-4dcb-a899-1030cdbe6bd4/1/bOwoeGXB2wja2W0aIO7cJEqFn0c.roa
File:                     bOwoeGXB2wja2W0aIO7cJEqFn0c.roa (raw, json)
Hash identifier:          TjrVmHhe6qTnTA+IeFLgJO+nqktu8K34RwVXqHJjTPE=
Subject key identifier:   6C:EC:28:78:65:C1:DB:08:DA:D9:6D:1A:20:EE:DC:24:4A:85:9F:47
Certificate issuer:       /CN=43015654082578c4946cd27be1e89a3dd7562fa4
Certificate serial:       019E2B9B47DE552FF814DAF1EE233FB1BCAD
Authority key identifier: 43:01:56:54:08:25:78:C4:94:6C:D2:7B:E1:E8:9A:3D:D7:56:2F:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QwFWVAgleMSUbNJ74eiaPddWL6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/c27fa6-b2b0-4dcb-a899-1030cdbe6bd4/1/bOwoeGXB2wja2W0aIO7cJEqFn0c.roa
Signing time:             Fri 15 May 2026 12:27:37 +0000
ROA not before:           Fri 15 May 2026 12:27:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205839
IP address blocks:        89.18.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/c27fa6-b2b0-4dcb-a899-1030cdbe6bd4/1/QwFWVAgleMSUbNJ74eiaPddWL6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/c27fa6-b2b0-4dcb-a899-1030cdbe6bd4/1/QwFWVAgleMSUbNJ74eiaPddWL6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QwFWVAgleMSUbNJ74eiaPddWL6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2b:9b:47:de:55:2f:f8:14:da:f1:ee:23:3f:b1:bc:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43015654082578c4946cd27be1e89a3dd7562fa4
        Validity
            Not Before: May 15 12:27:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6cec287865c1db08dad96d1a20eedc244a859f47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:44:c0:a0:99:49:0f:6f:d1:a4:ca:06:9f:a8:
                    01:8e:a7:b7:a4:82:d2:cb:eb:3f:15:c6:3a:ab:96:
                    c6:71:d6:99:37:e2:9d:37:7b:ce:f7:e9:de:7b:9a:
                    fc:f2:7e:07:9a:61:b5:3a:41:93:50:f0:76:b0:e7:
                    f8:7a:fa:0d:78:3b:63:21:f0:94:76:82:d0:52:a7:
                    fc:94:9f:30:39:6c:5c:06:5a:ef:c8:74:b4:49:7d:
                    79:42:d9:66:2f:29:ce:10:d3:18:25:ad:e9:37:df:
                    f5:f0:90:b1:d0:54:d8:b3:a2:86:3b:ae:47:b5:92:
                    11:41:26:08:18:24:00:62:45:9d:98:cd:3d:25:0e:
                    81:5a:31:3e:66:10:ea:a7:a6:3a:6b:17:5f:5d:e0:
                    1a:68:e9:37:4e:aa:ad:8d:4e:ee:8b:00:c5:96:d0:
                    4b:20:1c:e2:1a:28:c2:85:74:46:24:62:60:71:d1:
                    e3:52:61:42:e0:72:f6:5c:6d:c6:94:11:4c:97:a8:
                    9f:c8:56:f6:be:8d:1b:6c:79:a4:39:39:bc:d2:98:
                    4e:b4:ca:55:0c:5f:80:f2:32:dc:3a:b6:8b:89:6e:
                    ce:4e:29:e5:79:5f:7f:87:78:95:45:c7:fe:d3:64:
                    07:68:26:db:da:a9:c0:45:7b:d9:a8:d1:9c:98:f9:
                    95:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:EC:28:78:65:C1:DB:08:DA:D9:6D:1A:20:EE:DC:24:4A:85:9F:47
            X509v3 Authority Key Identifier:
                keyid:43:01:56:54:08:25:78:C4:94:6C:D2:7B:E1:E8:9A:3D:D7:56:2F:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwFWVAgleMSUbNJ74eiaPddWL6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c27fa6-b2b0-4dcb-a899-1030cdbe6bd4/1/bOwoeGXB2wja2W0aIO7cJEqFn0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c27fa6-b2b0-4dcb-a899-1030cdbe6bd4/1/QwFWVAgleMSUbNJ74eiaPddWL6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.18.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:2e:29:37:24:a5:02:2b:ab:21:05:1f:10:45:68:7e:a5:15:
         bd:7f:17:8f:ab:88:57:02:b1:02:c2:2b:64:92:27:b3:0b:92:
         99:61:5c:27:96:72:08:a1:e2:ce:41:63:bc:95:b2:78:e4:4f:
         78:2a:65:7a:72:a6:d2:6e:f5:26:8e:68:f8:79:6b:fe:83:c6:
         e5:e2:89:ca:61:6d:94:d6:6f:f1:a9:0f:8e:cc:09:41:3c:33:
         17:ac:2b:3c:8f:21:66:c3:15:5b:eb:89:91:67:b0:a6:b7:9f:
         11:77:53:40:c3:ac:ad:df:69:a3:9e:42:1d:43:d8:f8:19:5b:
         67:25:1a:7d:30:c0:29:48:c2:17:8e:f8:a7:a1:b4:80:5d:2c:
         23:40:04:1e:21:45:0c:74:75:26:bd:4a:df:f6:99:cd:e2:d0:
         6e:f9:cb:84:65:e1:d8:60:d6:b9:1b:44:1f:1b:8b:8d:57:66:
         e8:4e:68:56:de:43:cd:19:34:56:2f:03:98:d6:74:b7:7e:76:
         79:93:72:e1:d9:db:50:a8:1a:86:7d:4f:bc:99:71:f6:7e:65:
         11:87:7f:9d:90:fc:83:14:c6:69:d2:0e:9e:17:e4:8e:74:e8:
         1c:c2:d7:1f:2c:f7:fe:26:6f:77:a0:c2:66:d1:5b:ad:fd:65:
         43:26:b0:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4rm0feVS/4FNrx7iM/sbytMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDE1NjU0MDgyNTc4YzQ5NDZjZDI3YmUxZTg5YTNkZDc1
NjJmYTQwHhcNMjYwNTE1MTIyNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2VjMjg3ODY1YzFkYjA4ZGFkOTZkMWEyMGVlZGMyNDRhODU5ZjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUTAoJlJD2/RpMoGn6gBjqe3pILS
y+s/FcY6q5bGcdaZN+KdN3vO9+nee5r88n4HmmG1OkGTUPB2sOf4evoNeDtjIfCU
doLQUqf8lJ8wOWxcBlrvyHS0SX15QtlmLynOENMYJa3pN9/18JCx0FTYs6KGO65H
tZIRQSYIGCQAYkWdmM09JQ6BWjE+ZhDqp6Y6axdfXeAaaOk3TqqtjU7uiwDFltBL
IBziGijChXRGJGJgcdHjUmFC4HL2XG3GlBFMl6ifyFb2vo0bbHmkOTm80phOtMpV
DF+A8jLcOraLiW7OTinleV9/h3iVRcf+02QHaCbb2qnARXvZqNGcmPmVBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzsKHhlwdsI2tltGiDu3CRKhZ9HMB8GA1UdIwQY
MBaAFEMBVlQIJXjElGzSe+Homj3XVi+kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdGV1ZBZ2xlTVNVYk5KNzRlaWFQZGRXTDZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9jMjdmYTYtYjJiMC00ZGNiLWE4OTkt
MTAzMGNkYmU2YmQ0LzEvYk93b2VHWEIyd2phMlcwYUlPN2NKRXFGbjBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9jMjdmYTYtYjJiMC00ZGNiLWE4OTktMTAzMGNkYmU2YmQ0
LzEvUXdGV1ZBZ2xlTVNVYk5KNzRlaWFQZGRXTDZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRK3MA0G
CSqGSIb3DQEBCwUAA4IBAQCmLik3JKUCK6shBR8QRWh+pRW9fxePq4hXArECwitk
kiezC5KZYVwnlnIIoeLOQWO8lbJ45E94KmV6cqbSbvUmjmj4eWv+g8bl4onKYW2U
1m/xqQ+OzAlBPDMXrCs8jyFmwxVb64mRZ7Cmt58Rd1NAw6yt32mjnkIdQ9j4GVtn
JRp9MMApSMIXjvinobSAXSwjQAQeIUUMdHUmvUrf9pnN4tBu+cuEZeHYYNa5G0Qf
G4uNV2boTmhW3kPNGTRWLwOY1nS3fnZ5k3Lh2dtQqBqGfU+8mXH2fmURh3+dkPyD
FMZp0g6eF+SOdOgcwtcfLPf+Jm93oMJm0Vut/WVDJrBv
-----END CERTIFICATE-----