Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/975f3c-af4a-437b-89b1-284e5123e29f/1/5v9iEqqw9h8Wg3xh2Nok2-eNQQM.roa
File:                     5v9iEqqw9h8Wg3xh2Nok2-eNQQM.roa (raw, json)
Hash identifier:          3N4L/xDAzZWmVmC1vE/Ib8W3ZzU4rXZkkHgA9mF0qSI=
Subject key identifier:   E6:FF:62:12:AA:B0:F6:1F:16:83:7C:61:D8:DA:24:DB:E7:8D:41:03
Certificate issuer:       /CN=6d005198b74572a156ab63f23085897bd3ccd41b
Certificate serial:       019E25D643591DE235CE5BD2C46A49653D44
Authority key identifier: 6D:00:51:98:B7:45:72:A1:56:AB:63:F2:30:85:89:7B:D3:CC:D4:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQBRmLdFcqFWq2PyMIWJe9PM1Bs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/975f3c-af4a-437b-89b1-284e5123e29f/1/5v9iEqqw9h8Wg3xh2Nok2-eNQQM.roa
Signing time:             Thu 14 May 2026 09:34:19 +0000
ROA not before:           Thu 14 May 2026 09:34:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213642
IP address blocks:        194.149.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/975f3c-af4a-437b-89b1-284e5123e29f/1/bQBRmLdFcqFWq2PyMIWJe9PM1Bs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/975f3c-af4a-437b-89b1-284e5123e29f/1/bQBRmLdFcqFWq2PyMIWJe9PM1Bs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQBRmLdFcqFWq2PyMIWJe9PM1Bs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 12:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:25:d6:43:59:1d:e2:35:ce:5b:d2:c4:6a:49:65:3d:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d005198b74572a156ab63f23085897bd3ccd41b
        Validity
            Not Before: May 14 09:34:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e6ff6212aab0f61f16837c61d8da24dbe78d4103
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f4:a2:9a:29:dd:47:6f:36:a4:c8:ab:2b:e5:
                    c8:f2:a3:4d:b5:a8:44:57:07:f8:71:c4:16:a3:7d:
                    00:89:90:9b:82:7b:23:1e:91:1b:2f:03:5d:fb:9a:
                    9f:c2:1a:68:d7:ed:c6:4b:a0:c4:17:a3:ee:60:fb:
                    98:22:0a:97:c3:89:83:c1:01:73:0a:8b:ec:be:60:
                    46:25:9d:11:ec:af:5c:7e:8e:7d:32:6e:d2:23:6a:
                    22:cb:ec:f3:89:02:88:de:02:57:25:1c:65:b4:ab:
                    0c:db:6c:14:a4:f4:15:d7:cc:59:6e:f8:0d:40:93:
                    10:81:f6:c3:d8:80:9a:07:df:ed:95:9c:7e:df:2e:
                    99:03:4d:c2:e0:74:f1:7b:b4:7c:42:ca:4b:72:18:
                    fd:b8:f8:44:0a:f2:1c:bf:7f:22:19:b5:f2:f0:96:
                    a3:1f:de:09:de:96:cd:63:ab:fe:4e:8a:25:c1:2f:
                    e8:f8:06:6e:b2:aa:35:06:b4:2e:b3:06:d7:90:30:
                    23:64:7e:1d:90:ce:61:62:35:e5:a2:1f:dc:8f:b7:
                    ec:27:86:68:f8:8a:77:b0:98:7f:71:5d:00:bb:c6:
                    a6:94:23:2f:0e:99:2b:9d:d5:25:7b:f5:15:d7:17:
                    e4:55:45:f0:0b:af:83:39:e2:c3:3e:29:33:e0:a3:
                    6f:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:FF:62:12:AA:B0:F6:1F:16:83:7C:61:D8:DA:24:DB:E7:8D:41:03
            X509v3 Authority Key Identifier:
                keyid:6D:00:51:98:B7:45:72:A1:56:AB:63:F2:30:85:89:7B:D3:CC:D4:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQBRmLdFcqFWq2PyMIWJe9PM1Bs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/975f3c-af4a-437b-89b1-284e5123e29f/1/5v9iEqqw9h8Wg3xh2Nok2-eNQQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/975f3c-af4a-437b-89b1-284e5123e29f/1/bQBRmLdFcqFWq2PyMIWJe9PM1Bs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.149.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:bd:ee:e8:3d:21:25:01:67:e2:82:a8:af:fe:af:3c:28:12:
         59:bf:a0:a5:07:08:1b:bc:ec:37:1a:a0:6d:02:be:42:2c:e3:
         eb:9a:83:a2:97:26:76:7d:1e:f6:f9:79:23:db:bc:7d:44:ac:
         c2:aa:5a:46:63:41:0f:38:68:2c:55:1b:37:e9:67:c5:3e:62:
         4b:31:ee:6d:48:a1:f6:87:53:d1:cd:f9:64:cc:f7:7a:70:af:
         91:11:9a:95:1b:8d:e2:c3:5f:24:aa:64:72:f0:6c:49:00:e4:
         f6:56:5b:00:5a:33:6f:79:98:9e:08:d8:0f:44:2a:52:15:a6:
         48:d5:f0:75:cf:d8:31:66:19:98:1a:96:7e:a9:8b:de:0f:7f:
         6f:8a:8f:df:4f:e2:2c:b6:05:d8:d5:e2:9c:47:92:a1:a4:1b:
         b5:57:06:0d:0f:b6:7a:b0:87:22:5a:12:ac:5d:f6:1a:5f:09:
         66:8b:20:72:89:ac:aa:04:a5:1f:9e:cd:63:ff:5e:32:7f:fc:
         21:16:5e:31:f4:77:5c:59:cd:71:81:2a:d8:6b:0e:11:07:b8:
         fc:4c:4e:42:41:11:d7:82:45:5a:ed:9b:cb:6f:51:1e:2d:71:
         28:01:17:3f:22:fa:ff:1e:24:6f:33:4e:a7:34:4a:90:84:ab:
         f8:07:8d:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4l1kNZHeI1zlvSxGpJZT1EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDA1MTk4Yjc0NTcyYTE1NmFiNjNmMjMwODU4OTdiZDNj
Y2Q0MWIwHhcNMjYwNTE0MDkzNDE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmZmNjIxMmFhYjBmNjFmMTY4MzdjNjFkOGRhMjRkYmU3OGQ0MTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPSimindR282pMirK+XI8qNNtahE
Vwf4ccQWo30AiZCbgnsjHpEbLwNd+5qfwhpo1+3GS6DEF6PuYPuYIgqXw4mDwQFz
CovsvmBGJZ0R7K9cfo59Mm7SI2oiy+zziQKI3gJXJRxltKsM22wUpPQV18xZbvgN
QJMQgfbD2ICaB9/tlZx+3y6ZA03C4HTxe7R8QspLchj9uPhECvIcv38iGbXy8Jaj
H94J3pbNY6v+ToolwS/o+AZusqo1BrQuswbXkDAjZH4dkM5hYjXloh/cj7fsJ4Zo
+Ip3sJh/cV0Au8amlCMvDpkrndUle/UV1xfkVUXwC6+DOeLDPikz4KNvuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOb/YhKqsPYfFoN8YdjaJNvnjUEDMB8GA1UdIwQY
MBaAFG0AUZi3RXKhVqtj8jCFiXvTzNQbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFCUm1MZEZjcUZXcTJQeU1JV0plOVBNMUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC85NzVmM2MtYWY0YS00MzdiLTg5YjEt
Mjg0ZTUxMjNlMjlmLzEvNXY5aUVxcXc5aDhXZzN4aDJOb2syLWVOUVFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC85NzVmM2MtYWY0YS00MzdiLTg5YjEtMjg0ZTUxMjNlMjlm
LzEvYlFCUm1MZEZjcUZXcTJQeU1JV0plOVBNMUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpXzMA0G
CSqGSIb3DQEBCwUAA4IBAQBeve7oPSElAWfigqiv/q88KBJZv6ClBwgbvOw3GqBt
Ar5CLOPrmoOilyZ2fR72+Xkj27x9RKzCqlpGY0EPOGgsVRs36WfFPmJLMe5tSKH2
h1PRzflkzPd6cK+REZqVG43iw18kqmRy8GxJAOT2VlsAWjNveZieCNgPRCpSFaZI
1fB1z9gxZhmYGpZ+qYveD39vio/fT+IstgXY1eKcR5KhpBu1VwYND7Z6sIciWhKs
XfYaXwlmiyByiayqBKUfns1j/14yf/whFl4x9HdcWc1xgSrYaw4RB7j8TE5CQRHX
gkVa7ZvLb1EeLXEoARc/Ivr/HiRvM06nNEqQhKv4B40B
-----END CERTIFICATE-----