Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/76d0ea-48ad-4be1-a799-df3796b34856/1/5FLfpE4KlwxC7ZvAFArzl5Hc3i4.roa
File:                     5FLfpE4KlwxC7ZvAFArzl5Hc3i4.roa (raw, json)
Hash identifier:          DbaePoFlnRucuxr0jFGS0oGqHjeI8ypmeMrBFsWmM0M=
Subject key identifier:   E4:52:DF:A4:4E:0A:97:0C:42:ED:9B:C0:14:0A:F3:97:91:DC:DE:2E
Certificate issuer:       /CN=c65b9ccee217169aaeb97df63d794ce42d8e0b39
Certificate serial:       019EACCD3B07D619F3117FB02C4905DE14EA
Authority key identifier: C6:5B:9C:CE:E2:17:16:9A:AE:B9:7D:F6:3D:79:4C:E4:2D:8E:0B:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xluczuIXFpquuX32PXlM5C2OCzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/76d0ea-48ad-4be1-a799-df3796b34856/1/5FLfpE4KlwxC7ZvAFArzl5Hc3i4.roa
Signing time:             Tue 09 Jun 2026 14:33:11 +0000
ROA not before:           Tue 09 Jun 2026 14:33:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213069
IP address blocks:        193.105.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/76d0ea-48ad-4be1-a799-df3796b34856/1/xluczuIXFpquuX32PXlM5C2OCzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/76d0ea-48ad-4be1-a799-df3796b34856/1/xluczuIXFpquuX32PXlM5C2OCzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xluczuIXFpquuX32PXlM5C2OCzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 22:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:cd:3b:07:d6:19:f3:11:7f:b0:2c:49:05:de:14:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c65b9ccee217169aaeb97df63d794ce42d8e0b39
        Validity
            Not Before: Jun  9 14:33:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e452dfa44e0a970c42ed9bc0140af39791dcde2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2c:53:f1:a5:f6:32:da:ce:59:ca:9e:73:c1:
                    1d:05:a5:54:b2:06:c0:10:5e:62:a1:49:1c:9d:e5:
                    79:6c:97:54:98:2b:6d:f9:61:f6:46:1b:5d:a6:78:
                    d2:72:37:c8:b7:d2:8a:ea:ba:1f:45:ab:23:21:6a:
                    d0:d8:51:ec:66:37:d4:b0:d1:b2:21:0a:5c:56:ae:
                    a5:c1:56:53:1e:a4:4c:a4:1a:b7:91:30:d1:e8:e5:
                    f0:f8:db:1b:86:19:f4:84:d2:ce:35:73:dd:50:21:
                    2b:37:9d:99:11:be:78:f7:05:d1:08:df:81:2e:c8:
                    cf:34:fa:99:df:f8:9b:ca:26:7d:02:ba:a3:17:c1:
                    a8:76:ba:4b:b6:dd:c0:1a:a6:56:8d:59:e8:55:de:
                    9a:0b:6e:1a:11:dc:9b:db:30:85:cc:57:80:74:04:
                    62:01:c7:a2:f7:5d:2f:a4:cd:36:ea:f6:f7:fa:48:
                    d3:23:d8:24:83:1b:55:a8:f5:3c:57:7e:5e:77:48:
                    26:a5:95:d0:57:2b:29:cd:9c:97:db:b1:e7:df:cb:
                    f2:21:92:1e:e6:f9:fa:46:20:e7:00:b4:e1:dc:71:
                    42:c1:b2:28:31:95:11:46:4c:d6:61:c9:f9:e2:ef:
                    c7:a8:bc:e4:be:a5:4f:c0:81:95:fb:6d:76:db:05:
                    70:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:52:DF:A4:4E:0A:97:0C:42:ED:9B:C0:14:0A:F3:97:91:DC:DE:2E
            X509v3 Authority Key Identifier:
                keyid:C6:5B:9C:CE:E2:17:16:9A:AE:B9:7D:F6:3D:79:4C:E4:2D:8E:0B:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xluczuIXFpquuX32PXlM5C2OCzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/76d0ea-48ad-4be1-a799-df3796b34856/1/5FLfpE4KlwxC7ZvAFArzl5Hc3i4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/76d0ea-48ad-4be1-a799-df3796b34856/1/xluczuIXFpquuX32PXlM5C2OCzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:49:c2:4f:79:c9:65:9d:21:bc:d5:19:e5:e7:6f:88:dc:3e:
         1b:6c:7d:db:c5:0d:29:28:42:10:6c:21:5b:03:2b:03:b3:52:
         04:f8:8d:58:27:5d:91:08:59:5e:78:af:1a:8c:42:07:68:44:
         10:b8:bb:7a:40:61:cd:a5:3c:26:9f:0f:02:22:77:39:15:b3:
         04:a6:4a:35:42:d8:b3:af:25:6b:31:43:39:64:5b:f8:b2:24:
         e1:0c:fa:62:dd:e2:23:94:1e:75:fa:6f:4f:82:92:b0:a6:0e:
         00:b7:e1:93:25:04:b9:45:2c:96:bf:55:f4:13:66:20:50:48:
         2a:7a:1a:b7:69:cb:51:86:d5:ad:bf:f5:74:6e:7c:d5:4d:43:
         f6:25:09:9d:71:cf:09:b8:72:69:69:51:ff:e7:20:04:21:12:
         01:18:c4:34:18:d5:51:57:f9:05:d6:ec:55:21:34:9a:47:57:
         ff:d0:e0:e8:93:f7:74:6c:00:4d:f9:3b:e7:b1:aa:ea:b9:2b:
         29:2c:a0:99:a1:83:27:ad:d2:f2:8b:92:21:ab:3c:5d:b4:d7:
         9f:12:c3:26:aa:9b:05:92:01:5c:c1:08:74:d7:95:5e:1e:26:
         35:68:37:92:57:2e:e0:77:ea:26:dd:d8:b9:c2:9f:77:28:ce:
         33:85:84:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6szTsH1hnzEX+wLEkF3hTqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NWI5Y2NlZTIxNzE2OWFhZWI5N2RmNjNkNzk0Y2U0MmQ4
ZTBiMzkwHhcNMjYwNjA5MTQzMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDUyZGZhNDRlMGE5NzBjNDJlZDliYzAxNDBhZjM5NzkxZGNkZTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCxT8aX2MtrOWcqec8EdBaVUsgbA
EF5ioUkcneV5bJdUmCtt+WH2RhtdpnjScjfIt9KK6rofRasjIWrQ2FHsZjfUsNGy
IQpcVq6lwVZTHqRMpBq3kTDR6OXw+Nsbhhn0hNLONXPdUCErN52ZEb549wXRCN+B
LsjPNPqZ3/ibyiZ9ArqjF8GodrpLtt3AGqZWjVnoVd6aC24aEdyb2zCFzFeAdARi
Acei910vpM026vb3+kjTI9gkgxtVqPU8V35ed0gmpZXQVyspzZyX27Hn38vyIZIe
5vn6RiDnALTh3HFCwbIoMZURRkzWYcn54u/HqLzkvqVPwIGV+2122wVw5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFORS36ROCpcMQu2bwBQK85eR3N4uMB8GA1UdIwQY
MBaAFMZbnM7iFxaarrl99j15TOQtjgs5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGx1Y3p1SVhGcHF1dVgzMlBYbE01QzJPQ3prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi83NmQwZWEtNDhhZC00YmUxLWE3OTkt
ZGYzNzk2YjM0ODU2LzEvNUZMZnBFNEtsd3hDN1p2QUZBcnpsNUhjM2k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi83NmQwZWEtNDhhZC00YmUxLWE3OTktZGYzNzk2YjM0ODU2
LzEveGx1Y3p1SVhGcHF1dVgzMlBYbE01QzJPQ3prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWmZMA0G
CSqGSIb3DQEBCwUAA4IBAQBxScJPecllnSG81Rnl52+I3D4bbH3bxQ0pKEIQbCFb
AysDs1IE+I1YJ12RCFleeK8ajEIHaEQQuLt6QGHNpTwmnw8CInc5FbMEpko1Qtiz
ryVrMUM5ZFv4siThDPpi3eIjlB51+m9PgpKwpg4At+GTJQS5RSyWv1X0E2YgUEgq
ehq3actRhtWtv/V0bnzVTUP2JQmdcc8JuHJpaVH/5yAEIRIBGMQ0GNVRV/kF1uxV
ITSaR1f/0ODok/d0bABN+TvnsarquSspLKCZoYMnrdLyi5IhqzxdtNefEsMmqpsF
kgFcwQh015VeHiY1aDeSVy7gd+om3di5wp93KM4zhYQa
-----END CERTIFICATE-----