Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/f12858-3ca1-453b-843b-adc4d5ab566c/1/vV6KIbjbHUkMbwKENIBHTTXDdrU.roa
File:                     vV6KIbjbHUkMbwKENIBHTTXDdrU.roa (raw, json)
Hash identifier:          EOt5kopYpNaYTBOsxtYCd3AAd6VIO4EI/DljsaKcEE0=
Subject key identifier:   BD:5E:8A:21:B8:DB:1D:49:0C:6F:02:84:34:80:47:4D:35:C3:76:B5
Certificate issuer:       /CN=70857756acf339fac229a1c9e9c57c4895efa91f
Certificate serial:       019E6E94835DF5A6DAF5199B371C6F54BE73
Authority key identifier: 70:85:77:56:AC:F3:39:FA:C2:29:A1:C9:E9:C5:7C:48:95:EF:A9:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cIV3VqzzOfrCKaHJ6cV8SJXvqR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/f12858-3ca1-453b-843b-adc4d5ab566c/1/vV6KIbjbHUkMbwKENIBHTTXDdrU.roa
Signing time:             Thu 28 May 2026 12:34:47 +0000
ROA not before:           Thu 28 May 2026 12:34:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13030
IP address blocks:        194.116.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/f12858-3ca1-453b-843b-adc4d5ab566c/1/cIV3VqzzOfrCKaHJ6cV8SJXvqR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/f12858-3ca1-453b-843b-adc4d5ab566c/1/cIV3VqzzOfrCKaHJ6cV8SJXvqR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cIV3VqzzOfrCKaHJ6cV8SJXvqR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6e:94:83:5d:f5:a6:da:f5:19:9b:37:1c:6f:54:be:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70857756acf339fac229a1c9e9c57c4895efa91f
        Validity
            Not Before: May 28 12:34:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd5e8a21b8db1d490c6f02843480474d35c376b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:80:73:b8:3a:ad:90:03:b7:22:19:2f:cc:71:
                    c6:95:c1:52:74:15:c9:80:cd:51:22:7e:57:15:4e:
                    e8:e4:96:42:db:e2:85:a2:89:4a:6f:06:ce:0a:a4:
                    7b:ff:98:cb:3c:58:ce:5c:bc:15:ae:46:59:78:9f:
                    04:82:08:52:37:5c:f6:0b:64:c3:69:38:53:76:ee:
                    ef:33:42:72:73:3c:39:84:9e:18:00:66:c6:38:30:
                    99:59:9c:1d:cc:a7:82:45:04:33:06:dc:5d:b0:78:
                    9c:6d:d7:e3:43:1d:02:ca:5c:7c:56:72:56:f5:10:
                    f5:75:29:69:0d:00:aa:f4:e7:61:d0:93:60:ee:fe:
                    c1:d0:58:0e:6d:7a:5b:1b:fa:2e:7d:e7:80:13:bb:
                    7a:91:dc:93:d4:05:e0:ff:cf:e2:ea:74:58:4e:f9:
                    ba:1f:52:9a:5b:a8:e4:2b:46:c0:78:09:07:fa:4c:
                    bd:0b:60:8a:1b:c3:48:ac:8b:57:0e:2c:97:2b:a9:
                    7c:ac:0e:ca:2f:95:db:22:e2:8b:7d:51:4c:2f:d0:
                    50:4e:04:2c:72:1f:1d:ef:95:24:a7:fd:52:7a:3e:
                    46:73:88:fa:3a:ce:20:d4:0d:2b:e2:8b:90:25:f6:
                    a9:08:56:7c:60:75:98:fa:7f:97:b5:67:c7:3c:47:
                    64:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:5E:8A:21:B8:DB:1D:49:0C:6F:02:84:34:80:47:4D:35:C3:76:B5
            X509v3 Authority Key Identifier:
                keyid:70:85:77:56:AC:F3:39:FA:C2:29:A1:C9:E9:C5:7C:48:95:EF:A9:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cIV3VqzzOfrCKaHJ6cV8SJXvqR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/f12858-3ca1-453b-843b-adc4d5ab566c/1/vV6KIbjbHUkMbwKENIBHTTXDdrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/f12858-3ca1-453b-843b-adc4d5ab566c/1/cIV3VqzzOfrCKaHJ6cV8SJXvqR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.116.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:e6:09:ba:7c:47:b1:44:25:79:57:95:4a:ef:eb:8f:59:38:
         8c:c1:ae:91:9f:47:f9:d3:03:9e:69:86:f5:c0:9c:10:71:4b:
         30:42:ac:60:2b:5a:03:a9:1e:76:fc:b6:38:24:14:a9:37:95:
         5f:bd:f7:69:0c:48:c4:85:9b:84:a4:9a:36:c4:cc:9a:de:64:
         1b:94:40:b0:94:f1:70:a2:38:b6:a2:35:8c:4b:6e:5b:c2:47:
         5b:dd:15:27:00:60:fb:f4:00:4f:03:0a:39:09:cd:a7:c3:5a:
         35:eb:3d:d2:9a:bb:0f:42:2d:75:6a:7d:2b:63:6c:9b:9b:ae:
         ad:1a:b1:fc:38:29:f8:37:52:3c:69:f7:9d:95:9e:57:04:53:
         40:28:bd:b8:6a:b2:3d:96:16:18:27:74:be:23:ba:9d:9d:80:
         1b:f9:c1:b0:be:14:76:56:62:01:a5:60:2d:e5:e8:65:e8:32:
         4c:e2:1d:1c:53:0c:29:7e:ec:6a:1c:90:e3:d2:f8:05:17:37:
         aa:49:cf:5c:e8:c5:90:87:dc:f0:34:a6:f3:a8:06:7a:b9:4f:
         66:41:27:0e:70:a6:fd:c8:63:b2:eb:45:26:3d:06:64:73:83:
         69:4a:3a:f1:91:45:6a:66:86:9a:d3:47:9b:99:c0:39:3e:18:
         a8:8b:1f:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5ulINd9aba9RmbNxxvVL5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwODU3NzU2YWNmMzM5ZmFjMjI5YTFjOWU5YzU3YzQ4OTVl
ZmE5MWYwHhcNMjYwNTI4MTIzNDQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDVlOGEyMWI4ZGIxZDQ5MGM2ZjAyODQzNDgwNDc0ZDM1YzM3NmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYBzuDqtkAO3IhkvzHHGlcFSdBXJ
gM1RIn5XFU7o5JZC2+KFoolKbwbOCqR7/5jLPFjOXLwVrkZZeJ8EgghSN1z2C2TD
aThTdu7vM0Jyczw5hJ4YAGbGODCZWZwdzKeCRQQzBtxdsHicbdfjQx0Cylx8VnJW
9RD1dSlpDQCq9Odh0JNg7v7B0FgObXpbG/oufeeAE7t6kdyT1AXg/8/i6nRYTvm6
H1KaW6jkK0bAeAkH+ky9C2CKG8NIrItXDiyXK6l8rA7KL5XbIuKLfVFML9BQTgQs
ch8d75Ukp/1Sej5Gc4j6Os4g1A0r4ouQJfapCFZ8YHWY+n+XtWfHPEdkxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1eiiG42x1JDG8ChDSAR001w3a1MB8GA1UdIwQY
MBaAFHCFd1as8zn6wimhyenFfEiV76kfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0lWM1ZxenpPZnJDS2FISjZjVjhTSlh2cVI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9mMTI4NTgtM2NhMS00NTNiLTg0M2It
YWRjNGQ1YWI1NjZjLzEvdlY2S0liamJIVWtNYndLRU5JQkhUVFhEZHJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9mMTI4NTgtM2NhMS00NTNiLTg0M2ItYWRjNGQ1YWI1NjZj
LzEvY0lWM1ZxenpPZnJDS2FISjZjVjhTSlh2cVI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnT+MA0G
CSqGSIb3DQEBCwUAA4IBAQBR5gm6fEexRCV5V5VK7+uPWTiMwa6Rn0f50wOeaYb1
wJwQcUswQqxgK1oDqR52/LY4JBSpN5VfvfdpDEjEhZuEpJo2xMya3mQblECwlPFw
oji2ojWMS25bwkdb3RUnAGD79ABPAwo5Cc2nw1o16z3SmrsPQi11an0rY2ybm66t
GrH8OCn4N1I8afedlZ5XBFNAKL24arI9lhYYJ3S+I7qdnYAb+cGwvhR2VmIBpWAt
5ehl6DJM4h0cUwwpfuxqHJDj0vgFFzeqSc9c6MWQh9zwNKbzqAZ6uU9mQScOcKb9
yGOy60UmPQZkc4NpSjrxkUVqZoaa00ebmcA5Phioix9L
-----END CERTIFICATE-----