Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/dHQX0Nw27Jfv1xGsD06FXVRHc2w.roa
File:                     dHQX0Nw27Jfv1xGsD06FXVRHc2w.roa (raw, json)
Hash identifier:          oo6XHUFrM8HfrLnsL37nHXH48/gFh3gq5GhHvRPTERs=
Subject key identifier:   74:74:17:D0:DC:36:EC:97:EF:D7:11:AC:0F:4E:85:5D:54:47:73:6C
Certificate issuer:       /CN=f30e445195b64d799b822e99947792e0cab32b6d
Certificate serial:       019E83055BBC0D42892B12221262D490D11D
Authority key identifier: F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/dHQX0Nw27Jfv1xGsD06FXVRHc2w.roa
Signing time:             Mon 01 Jun 2026 11:50:26 +0000
ROA not before:           Mon 01 Jun 2026 11:50:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208317
IP address blocks:        189.13.148.0/24 maxlen: 24
                          189.13.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 23:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:05:5b:bc:0d:42:89:2b:12:22:12:62:d4:90:d1:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f30e445195b64d799b822e99947792e0cab32b6d
        Validity
            Not Before: Jun  1 11:50:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=747417d0dc36ec97efd711ac0f4e855d5447736c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:41:08:96:2b:9a:2b:95:f3:49:8d:85:a0:6e:
                    9c:fd:74:a8:5f:db:51:c8:83:a6:b1:c0:25:da:6e:
                    48:2a:19:79:21:ae:06:cf:65:00:1b:8c:d7:d2:e9:
                    18:86:f9:cd:e9:6d:59:e7:71:61:16:97:85:a2:f7:
                    e7:61:3d:bd:c3:c9:6e:63:ec:95:42:f1:bd:6b:3f:
                    86:df:1a:4d:ce:85:8e:b6:12:c2:29:e9:fc:5f:fb:
                    e7:79:18:fc:0f:88:80:a7:6c:17:c5:1e:6c:56:ec:
                    fa:c4:b4:fd:db:86:12:5f:07:d6:65:0d:85:9e:7c:
                    3c:2c:9c:19:24:00:fe:a9:5a:ab:31:de:26:e2:91:
                    09:1b:19:74:81:cb:63:e2:11:af:c0:1e:3c:f4:c4:
                    aa:57:66:c7:c6:34:46:94:5d:d9:78:cc:7f:16:e1:
                    5a:5f:75:3e:16:56:20:3b:8c:9d:ed:4e:d0:9c:63:
                    03:b0:f5:08:62:4c:22:28:d0:63:69:4e:cc:67:22:
                    18:75:18:d8:73:b0:50:ac:9b:55:6c:8e:a9:5b:43:
                    96:27:4f:27:50:3a:24:14:af:f0:27:d6:54:63:1f:
                    44:5a:18:e8:76:0d:e8:fe:d9:4c:62:59:5f:16:0f:
                    62:77:ca:95:06:5e:70:94:e7:1a:98:61:84:31:2d:
                    45:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:74:17:D0:DC:36:EC:97:EF:D7:11:AC:0F:4E:85:5D:54:47:73:6C
            X509v3 Authority Key Identifier:
                keyid:F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/dHQX0Nw27Jfv1xGsD06FXVRHc2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.13.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:8a:e9:c3:09:3b:88:01:10:32:78:15:95:9c:4e:02:89:97:
         62:44:8c:40:60:a2:02:a5:25:29:a1:bc:cb:30:90:75:9a:a5:
         79:fd:86:9d:d2:cd:3a:5f:f1:c4:e1:23:a7:32:2f:db:f0:cf:
         66:91:c3:67:d8:bf:1d:09:e8:5a:5a:10:8a:e8:11:de:04:8a:
         e6:dd:e6:e0:d5:a9:b1:78:35:0b:12:69:96:42:8e:95:d2:3c:
         e6:f8:40:b8:50:48:96:29:f4:5b:d5:89:55:7a:3e:89:6d:1d:
         32:91:5e:00:fe:d2:a6:8b:4f:7b:6a:72:05:e2:45:1b:ca:c9:
         38:c8:8b:8b:cb:19:b7:fa:a6:b5:9f:0a:60:e2:03:80:b5:2b:
         fb:4f:98:f0:01:8e:0c:1e:b7:5d:67:8c:85:be:a3:2e:e0:e2:
         e3:b9:78:5b:1a:b1:f9:f1:a5:d4:35:b6:84:2b:9b:90:54:9f:
         54:36:0c:0c:d6:a2:8b:a7:31:cf:3c:6e:83:ec:80:d7:d3:71:
         29:39:8e:6e:c0:d3:77:06:8d:99:13:8d:11:d8:40:b4:ab:43:
         38:24:d2:f8:e6:61:c8:66:36:17:d1:41:d7:27:27:05:af:03:
         de:cc:cb:69:9c:ed:1b:94:0e:57:e5:46:c2:d2:3f:46:27:49:
         86:2c:50:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6DBVu8DUKJKxIiEmLUkNEdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMGU0NDUxOTViNjRkNzk5YjgyMmU5OTk0Nzc5MmUwY2Fi
MzJiNmQwHhcNMjYwNjAxMTE1MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDc0MTdkMGRjMzZlYzk3ZWZkNzExYWMwZjRlODU1ZDU0NDc3MzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0EIliuaK5XzSY2FoG6c/XSoX9tR
yIOmscAl2m5IKhl5Ia4Gz2UAG4zX0ukYhvnN6W1Z53FhFpeFovfnYT29w8luY+yV
QvG9az+G3xpNzoWOthLCKen8X/vneRj8D4iAp2wXxR5sVuz6xLT924YSXwfWZQ2F
nnw8LJwZJAD+qVqrMd4m4pEJGxl0gctj4hGvwB489MSqV2bHxjRGlF3ZeMx/FuFa
X3U+FlYgO4yd7U7QnGMDsPUIYkwiKNBjaU7MZyIYdRjYc7BQrJtVbI6pW0OWJ08n
UDokFK/wJ9ZUYx9EWhjodg3o/tlMYllfFg9id8qVBl5wlOcamGGEMS1FGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHR0F9DcNuyX79cRrA9OhV1UR3NsMB8GA1UdIwQY
MBaAFPMORFGVtk15m4IumZR3kuDKsyttMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgt
YjdjYTFmNDcyOGQwLzEvZEhRWDBOdzI3SmZ2MXhHc0QwNkZYVlJIYzJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgtYjdjYTFmNDcyOGQw
LzEvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvQ2UMA0G
CSqGSIb3DQEBCwUAA4IBAQCbiunDCTuIARAyeBWVnE4CiZdiRIxAYKICpSUpobzL
MJB1mqV5/Yad0s06X/HE4SOnMi/b8M9mkcNn2L8dCehaWhCK6BHeBIrm3ebg1amx
eDULEmmWQo6V0jzm+EC4UEiWKfRb1YlVej6JbR0ykV4A/tKmi097anIF4kUbysk4
yIuLyxm3+qa1nwpg4gOAtSv7T5jwAY4MHrddZ4yFvqMu4OLjuXhbGrH58aXUNbaE
K5uQVJ9UNgwM1qKLpzHPPG6D7IDX03EpOY5uwNN3Bo2ZE40R2EC0q0M4JNL45mHI
ZjYX0UHXJycFrwPezMtpnO0blA5X5UbC0j9GJ0mGLFAJ
-----END CERTIFICATE-----