Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/1hmoXUf_HEidVqAlUNrVMbRe73Q.roa
File:                     1hmoXUf_HEidVqAlUNrVMbRe73Q.roa (raw, json)
Hash identifier:          LNul/HliCFgKtEsh4duhgw+vWs/BKVcWwUv72PAMMxg=
Subject key identifier:   D6:19:A8:5D:47:FF:1C:48:9D:56:A0:25:50:DA:D5:31:B4:5E:EF:74
Certificate issuer:       /CN=f30e445195b64d799b822e99947792e0cab32b6d
Certificate serial:       019E6D51846C833A9A08B4B972B702953981
Authority key identifier: F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/1hmoXUf_HEidVqAlUNrVMbRe73Q.roa
Signing time:             Thu 28 May 2026 06:41:59 +0000
ROA not before:           Thu 28 May 2026 06:41:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401322
IP address blocks:        189.13.253.0/24 maxlen: 24
                          189.13.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 23:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6d:51:84:6c:83:3a:9a:08:b4:b9:72:b7:02:95:39:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f30e445195b64d799b822e99947792e0cab32b6d
        Validity
            Not Before: May 28 06:41:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d619a85d47ff1c489d56a02550dad531b45eef74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5c:d1:3c:32:da:93:b7:72:bd:a2:ca:64:7c:
                    50:b5:0f:44:50:59:72:4b:92:85:6d:29:eb:51:ba:
                    57:87:87:bc:07:6f:8f:67:3b:82:21:be:be:ea:8c:
                    59:d2:6e:29:d5:10:f2:47:ba:15:23:84:9c:71:7d:
                    44:90:60:0b:4e:ca:f7:df:54:02:bf:2f:26:33:eb:
                    2d:86:a8:3e:b7:a0:9e:cb:c9:19:ac:32:38:90:f2:
                    b3:4c:e5:4a:8a:c6:cc:98:43:4c:f9:9e:7d:ab:2e:
                    2c:e7:9a:c3:db:4a:67:5c:45:64:60:67:13:e9:e6:
                    8d:30:8d:24:7c:34:08:c1:04:a6:6c:1e:80:35:21:
                    e4:ed:34:6a:14:53:54:f2:cb:98:96:39:d8:60:62:
                    8f:8d:6b:d8:f8:63:3a:21:ff:aa:5b:5e:83:cc:8e:
                    09:a1:c1:b9:62:4b:c4:a8:67:04:f6:65:b6:79:b1:
                    a3:ac:ff:18:9d:64:5f:16:44:ef:8a:e3:a1:94:34:
                    a4:89:a2:5b:f0:76:56:cc:3d:56:1d:5b:ab:6b:db:
                    12:9a:ac:ad:9e:b0:5b:82:43:84:ef:91:a3:dc:48:
                    fd:0c:21:84:03:ea:31:8b:29:81:92:06:23:0c:9e:
                    bb:9f:0c:60:09:24:5a:68:2d:49:b9:9e:48:21:d0:
                    c4:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:19:A8:5D:47:FF:1C:48:9D:56:A0:25:50:DA:D5:31:B4:5E:EF:74
            X509v3 Authority Key Identifier:
                keyid:F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/1hmoXUf_HEidVqAlUNrVMbRe73Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.13.253.0-189.13.254.255

    Signature Algorithm: sha256WithRSAEncryption
         6e:6a:0d:52:7d:5f:5f:61:3d:be:f6:6c:09:83:2a:ce:45:79:
         3e:e5:f3:14:d3:18:c5:1a:83:a6:d5:ab:e7:3f:60:47:81:2f:
         c7:1d:f3:e3:0c:74:d3:9a:52:db:ae:93:b2:13:b3:e1:0f:67:
         bf:ba:41:8e:41:57:bb:b8:b1:ab:e5:14:87:fe:c7:58:d5:ec:
         aa:be:a8:9f:96:a2:cd:b7:66:2d:97:25:9d:34:b4:17:91:e6:
         06:5c:fa:95:e9:f7:ef:ce:40:d9:87:54:f2:27:a3:fd:10:1d:
         4b:b3:80:bd:42:74:88:65:19:a1:b9:50:05:c6:b8:b8:94:43:
         74:77:42:3f:e6:73:cf:89:48:76:db:58:3f:bd:8b:17:c0:92:
         93:2f:1f:36:0a:22:6f:8d:d2:01:18:92:d6:a6:6b:2f:77:a7:
         af:2c:32:f0:03:ac:95:a8:4d:a5:f0:85:b0:28:23:af:01:a8:
         6a:da:90:4b:f1:8c:ba:34:f4:ed:fa:c5:32:1b:19:6e:70:48:
         d6:27:4b:0f:f2:bd:f6:93:92:05:a7:af:ea:6e:27:73:01:1f:
         79:1c:1c:ec:ab:b8:68:93:ee:c8:19:3e:33:69:38:e9:35:d4:
         47:2a:fd:41:76:9b:99:71:1b:c5:0c:8d:04:d7:97:70:3a:70:
         49:da:95:fc
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ5tUYRsgzqaCLS5crcClTmBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMGU0NDUxOTViNjRkNzk5YjgyMmU5OTk0Nzc5MmUwY2Fi
MzJiNmQwHhcNMjYwNTI4MDY0MTU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjE5YTg1ZDQ3ZmYxYzQ4OWQ1NmEwMjU1MGRhZDUzMWI0NWVlZjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1zRPDLak7dyvaLKZHxQtQ9EUFly
S5KFbSnrUbpXh4e8B2+PZzuCIb6+6oxZ0m4p1RDyR7oVI4SccX1EkGALTsr331QC
vy8mM+sthqg+t6Cey8kZrDI4kPKzTOVKisbMmENM+Z59qy4s55rD20pnXEVkYGcT
6eaNMI0kfDQIwQSmbB6ANSHk7TRqFFNU8suYljnYYGKPjWvY+GM6If+qW16DzI4J
ocG5YkvEqGcE9mW2ebGjrP8YnWRfFkTviuOhlDSkiaJb8HZWzD1WHVura9sSmqyt
nrBbgkOE75Gj3Ej9DCGEA+oxiymBkgYjDJ67nwxgCSRaaC1JuZ5IIdDESQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNYZqF1H/xxInVagJVDa1TG0Xu90MB8GA1UdIwQY
MBaAFPMORFGVtk15m4IumZR3kuDKsyttMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgt
YjdjYTFmNDcyOGQwLzEvMWhtb1hVZl9IRWlkVnFBbFVOclZNYlJlNzNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgtYjdjYTFmNDcyOGQw
LzEvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC9Df0D
BAC9Df4wDQYJKoZIhvcNAQELBQADggEBAG5qDVJ9X19hPb72bAmDKs5FeT7l8xTT
GMUag6bVq+c/YEeBL8cd8+MMdNOaUtuuk7ITs+EPZ7+6QY5BV7u4savlFIf+x1jV
7Kq+qJ+Wos23Zi2XJZ00tBeR5gZc+pXp9+/OQNmHVPIno/0QHUuzgL1CdIhlGaG5
UAXGuLiUQ3R3Qj/mc8+JSHbbWD+9ixfAkpMvHzYKIm+N0gEYktamay93p68sMvAD
rJWoTaXwhbAoI68BqGrakEvxjLo09O36xTIbGW5wSNYnSw/yvfaTkgWnr+puJ3MB
H3kcHOyruGiT7sgZPjNpOOk11Ecq/UF2m5lxG8UMjQTXl3A6cEnalfw=
-----END CERTIFICATE-----