Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/4NdsewZiCE0tb4461BTcjMI8EEs.roa
File:                     4NdsewZiCE0tb4461BTcjMI8EEs.roa (raw, json)
Hash identifier:          082szJE40NLk4m73R6y2ge9lzv07QZN/ueI5yeyXB9M=
Subject key identifier:   E0:D7:6C:7B:06:62:08:4D:2D:6F:8E:3A:D4:14:DC:8C:C2:3C:10:4B
Certificate issuer:       /CN=f30e445195b64d799b822e99947792e0cab32b6d
Certificate serial:       019E784549CA91EE0C3EBA293F23326E6A62
Authority key identifier: F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/4NdsewZiCE0tb4461BTcjMI8EEs.roa
Signing time:             Sat 30 May 2026 09:44:27 +0000
ROA not before:           Sat 30 May 2026 09:44:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209961
IP address blocks:        189.13.125.0/24 maxlen: 24
                          189.13.126.0/24 maxlen: 24
                          189.13.146.0/24 maxlen: 24
                          189.13.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 23:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:78:45:49:ca:91:ee:0c:3e:ba:29:3f:23:32:6e:6a:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f30e445195b64d799b822e99947792e0cab32b6d
        Validity
            Not Before: May 30 09:44:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e0d76c7b0662084d2d6f8e3ad414dc8cc23c104b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:1c:f3:d6:95:08:e7:96:99:14:24:18:22:35:
                    e9:b4:ab:15:42:db:cb:8c:d7:62:8a:7f:b5:e6:37:
                    5e:51:07:56:bb:ed:14:32:b2:19:3b:38:22:d2:45:
                    5e:f2:69:25:13:73:d9:49:1e:4a:35:5c:5c:4d:84:
                    41:4b:28:19:c8:a5:37:83:76:b2:4e:82:29:a6:d7:
                    3b:86:7b:51:3c:0b:53:40:4a:41:bd:dd:4f:bc:a7:
                    ec:66:4e:b4:b7:ae:7b:ff:a1:a3:20:bb:ca:16:ae:
                    41:26:64:3d:c1:0c:6d:f3:b8:44:88:eb:94:bb:68:
                    a2:2d:d9:b8:e2:60:c2:e4:61:f4:70:46:2b:3a:0d:
                    04:0c:bd:79:7b:6d:19:12:32:c5:37:90:d1:0d:7e:
                    63:07:09:67:ae:cc:bd:17:b0:f6:9e:be:04:d5:2a:
                    96:8c:6b:53:b4:b0:24:78:cd:a2:ee:2f:98:bf:dc:
                    2c:a6:b3:24:d9:8f:33:d0:57:62:5a:f8:30:d3:31:
                    e8:d8:80:65:42:a5:a7:03:a0:c4:6f:54:cf:51:4d:
                    c6:e5:d1:af:cd:29:c0:ee:1f:ab:7c:75:8a:10:ac:
                    8f:27:e6:fb:bf:ce:16:a5:ba:84:e4:ff:fd:e8:c8:
                    22:19:66:05:d9:cd:d2:15:f1:d0:4d:fe:a6:32:6b:
                    69:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:D7:6C:7B:06:62:08:4D:2D:6F:8E:3A:D4:14:DC:8C:C2:3C:10:4B
            X509v3 Authority Key Identifier:
                keyid:F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/4NdsewZiCE0tb4461BTcjMI8EEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.13.125.0-189.13.126.255
                  189.13.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4b:5d:f8:75:97:32:9d:14:f2:19:ed:ee:63:f5:ec:ae:26:6e:
         76:6f:72:9a:bd:51:18:01:8b:53:36:bc:9f:3b:35:b8:97:1f:
         4b:e0:45:8c:1a:7a:78:89:20:e0:99:98:70:76:d4:94:da:40:
         44:fc:4c:5c:03:70:62:be:06:50:11:43:24:05:d9:a3:78:48:
         5a:3b:4c:cf:c1:bc:ed:00:e9:73:2f:e3:a0:25:83:29:2a:5e:
         3a:90:4f:4a:c8:91:b5:6f:77:99:ac:eb:4b:d4:f5:da:5a:db:
         ec:df:c9:46:e8:2c:fb:ea:46:03:a4:61:7c:e3:2a:47:63:1d:
         24:2d:1d:dd:c9:9c:02:5d:ce:7f:de:54:4f:31:8f:db:b2:df:
         ad:9a:0a:da:b9:43:35:b2:ba:9d:46:cb:50:49:be:d5:73:81:
         c8:9e:2e:fd:44:2c:a8:07:37:bb:81:99:67:bf:87:fd:25:c4:
         71:0a:a0:35:a9:db:e4:1b:2c:bd:a6:e8:ac:d9:2b:20:78:75:
         d5:a9:fe:2e:a9:ff:c4:b5:01:9f:82:dc:86:a1:8d:dd:e4:b2:
         84:49:52:ce:37:7c:f1:2a:e1:18:c3:e3:5d:71:40:97:8a:ee:
         e8:7e:cf:fc:83:26:7a:f8:fa:5f:3d:4f:bc:3e:0a:cb:68:4e:
         af:19:e8:8c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ54RUnKke4MPropPyMybmpiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMGU0NDUxOTViNjRkNzk5YjgyMmU5OTk0Nzc5MmUwY2Fi
MzJiNmQwHhcNMjYwNTMwMDk0NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGQ3NmM3YjA2NjIwODRkMmQ2ZjhlM2FkNDE0ZGM4Y2MyM2MxMDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxzz1pUI55aZFCQYIjXptKsVQtvL
jNdiin+15jdeUQdWu+0UMrIZOzgi0kVe8mklE3PZSR5KNVxcTYRBSygZyKU3g3ay
ToIpptc7hntRPAtTQEpBvd1PvKfsZk60t657/6GjILvKFq5BJmQ9wQxt87hEiOuU
u2iiLdm44mDC5GH0cEYrOg0EDL15e20ZEjLFN5DRDX5jBwlnrsy9F7D2nr4E1SqW
jGtTtLAkeM2i7i+Yv9wsprMk2Y8z0FdiWvgw0zHo2IBlQqWnA6DEb1TPUU3G5dGv
zSnA7h+rfHWKEKyPJ+b7v84WpbqE5P/96MgiGWYF2c3SFfHQTf6mMmtpmQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFODXbHsGYghNLW+OOtQU3IzCPBBLMB8GA1UdIwQY
MBaAFPMORFGVtk15m4IumZR3kuDKsyttMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgt
YjdjYTFmNDcyOGQwLzEvNE5kc2V3WmlDRTB0YjQ0NjFCVGNqTUk4RUVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgtYjdjYTFmNDcyOGQw
LzEvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAC9DX0D
BAC9DX4DBAG9DZIwDQYJKoZIhvcNAQELBQADggEBAEtd+HWXMp0U8hnt7mP17K4m
bnZvcpq9URgBi1M2vJ87NbiXH0vgRYwaeniJIOCZmHB21JTaQET8TFwDcGK+BlAR
QyQF2aN4SFo7TM/BvO0A6XMv46AlgykqXjqQT0rIkbVvd5ms60vU9dpa2+zfyUbo
LPvqRgOkYXzjKkdjHSQtHd3JnAJdzn/eVE8xj9uy362aCtq5QzWyup1Gy1BJvtVz
gcieLv1ELKgHN7uBmWe/h/0lxHEKoDWp2+QbLL2m6KzZKyB4ddWp/i6p/8S1AZ+C
3Iahjd3ksoRJUs43fPEq4RjD411xQJeK7uh+z/yDJnr4+l89T7w+CstoTq8Z6Iw=
-----END CERTIFICATE-----