Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/MB6JSO9ACnv98emZwnhz7Tl0Olw.roa
File:                     MB6JSO9ACnv98emZwnhz7Tl0Olw.roa (raw, json)
Hash identifier:          4jWR2Y8UMUPZKDlOyZiLVijrtwfAi66n09fqeOlC/RU=
Subject key identifier:   30:1E:89:48:EF:40:0A:7B:FD:F1:E9:99:C2:78:73:ED:39:74:3A:5C
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019E64A506BF6FE327CCE81CD5132E2F238B
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/MB6JSO9ACnv98emZwnhz7Tl0Olw.roa
Signing time:             Tue 26 May 2026 14:16:37 +0000
ROA not before:           Tue 26 May 2026 14:16:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     273994
IP address blocks:        178.19.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Jun 2026 23:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:64:a5:06:bf:6f:e3:27:cc:e8:1c:d5:13:2e:2f:23:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: May 26 14:16:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=301e8948ef400a7bfdf1e999c27873ed39743a5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f2:51:3b:a9:56:8a:df:e5:4c:48:1a:ea:cd:
                    f6:e1:3d:d7:e1:93:6c:c9:a7:52:68:b9:a3:3c:1e:
                    21:55:70:60:a4:33:c0:fb:54:96:85:95:33:26:0a:
                    33:95:62:a8:89:c6:62:48:78:07:4e:79:d4:53:c4:
                    f2:c2:95:f2:84:e5:ba:97:43:81:5d:1c:98:be:d6:
                    fe:7e:32:2d:db:0a:cb:71:61:21:2f:ad:2e:d1:13:
                    34:f4:4f:44:73:c1:80:39:9b:20:94:16:55:57:38:
                    4b:75:29:35:ec:67:5d:c2:38:7a:c1:65:04:29:c4:
                    0e:3a:1e:2e:2f:ab:ce:9a:1b:22:99:59:a0:7b:fc:
                    e7:7d:e2:2b:29:ea:42:31:37:c3:8d:66:39:89:83:
                    cd:00:4e:d4:a1:23:e2:05:86:5c:0b:25:f0:ed:8d:
                    a8:55:09:cc:ad:89:b4:98:f4:c6:e6:d9:5b:ff:00:
                    5e:d9:6b:59:f7:1c:52:34:09:d9:6d:37:7f:eb:43:
                    a5:e5:e4:d6:96:be:ba:d9:09:d1:42:c2:cd:25:c6:
                    29:af:94:77:89:7c:52:b4:a3:0d:65:6e:46:56:d0:
                    2d:78:97:ec:3d:17:30:20:f1:70:dc:d2:e0:d7:f0:
                    58:fc:48:e0:fb:6a:7d:af:8c:6f:b3:3b:12:7d:3c:
                    b5:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:1E:89:48:EF:40:0A:7B:FD:F1:E9:99:C2:78:73:ED:39:74:3A:5C
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/MB6JSO9ACnv98emZwnhz7Tl0Olw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.19.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:fb:94:55:08:30:86:41:46:1c:26:dc:04:d2:a8:30:ed:ac:
         16:eb:2c:9a:e9:7f:34:07:60:5b:a1:bf:b5:80:28:b3:39:79:
         7e:4b:bc:25:ac:36:30:68:0e:55:62:44:d6:af:90:75:88:f7:
         82:2d:d5:4b:df:4b:2e:44:b1:a9:48:04:25:97:da:90:58:48:
         ea:af:a1:ab:a4:39:c3:77:c9:98:49:1f:c5:3b:51:5c:6f:95:
         54:c6:51:05:f7:59:0c:1a:11:9f:8e:79:4c:b5:1b:bd:df:cd:
         f4:24:39:5d:69:12:5d:e0:19:2d:42:a9:7c:21:d7:d2:dc:b5:
         7b:d5:44:5f:73:01:4b:b4:d9:a7:2a:a1:44:d5:5b:28:a5:9d:
         8a:6a:02:96:8d:9b:21:c4:28:36:0f:ec:b9:c2:a7:27:c5:17:
         ed:21:49:bf:83:02:f3:0d:7b:9f:fe:32:fd:3b:f1:91:7c:57:
         5a:81:86:ea:cb:ac:dd:94:f8:9b:c1:33:35:4f:03:88:2c:73:
         7d:4a:ee:3d:44:12:90:fa:ad:91:7c:1f:88:4a:0e:28:74:0a:
         19:48:60:54:73:0e:c2:40:d0:d9:eb:56:a5:1c:99:a6:b5:50:
         ef:f3:87:09:b2:6c:43:b9:2d:3b:37:80:7e:c2:9e:66:18:e4:
         42:a1:79:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5kpQa/b+MnzOgc1RMuLyOLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwNTI2MTQxNjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDFlODk0OGVmNDAwYTdiZmRmMWU5OTljMjc4NzNlZDM5NzQzYTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/JRO6lWit/lTEga6s324T3X4ZNs
yadSaLmjPB4hVXBgpDPA+1SWhZUzJgozlWKoicZiSHgHTnnUU8TywpXyhOW6l0OB
XRyYvtb+fjIt2wrLcWEhL60u0RM09E9Ec8GAOZsglBZVVzhLdSk17Gddwjh6wWUE
KcQOOh4uL6vOmhsimVmge/znfeIrKepCMTfDjWY5iYPNAE7UoSPiBYZcCyXw7Y2o
VQnMrYm0mPTG5tlb/wBe2WtZ9xxSNAnZbTd/60Ol5eTWlr662QnRQsLNJcYpr5R3
iXxStKMNZW5GVtAteJfsPRcwIPFw3NLg1/BY/Ejg+2p9r4xvszsSfTy14wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAeiUjvQAp7/fHpmcJ4c+05dDpcMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvTUI2SlNPOUFDbnY5OGVtWnduaHo3VGwwT2x3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshMpMA0G
CSqGSIb3DQEBCwUAA4IBAQCp+5RVCDCGQUYcJtwE0qgw7awW6yya6X80B2Bbob+1
gCizOXl+S7wlrDYwaA5VYkTWr5B1iPeCLdVL30suRLGpSAQll9qQWEjqr6GrpDnD
d8mYSR/FO1Fcb5VUxlEF91kMGhGfjnlMtRu93830JDldaRJd4BktQql8IdfS3LV7
1URfcwFLtNmnKqFE1VsopZ2KagKWjZshxCg2D+y5wqcnxRftIUm/gwLzDXuf/jL9
O/GRfFdagYbqy6zdlPibwTM1TwOILHN9Su49RBKQ+q2RfB+ISg4odAoZSGBUcw7C
QNDZ61alHJmmtVDv84cJsmxDuS07N4B+wp5mGORCoXke
-----END CERTIFICATE-----