Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/3a109a-9b32-45a8-9b0c-7a02517fd9d2/1/5OH9MU3n5jnbsFQihGMju6cfMP8.roa
File:                     5OH9MU3n5jnbsFQihGMju6cfMP8.roa (raw, json)
Hash identifier:          ebl8kR+bOvw+VlEIFx9Aju1goGA4RN7+C5LqHyAwZJ4=
Subject key identifier:   E4:E1:FD:31:4D:E7:E6:39:DB:B0:54:22:84:63:23:BB:A7:1F:30:FF
Certificate issuer:       /CN=06097a72e4ae40b6b9929b72f81efd71c517dd98
Certificate serial:       019E5EC879829FF4E2AB56C32DD9BB0E923E
Authority key identifier: 06:09:7A:72:E4:AE:40:B6:B9:92:9B:72:F8:1E:FD:71:C5:17:DD:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bgl6cuSuQLa5kpty-B79ccUX3Zg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/3a109a-9b32-45a8-9b0c-7a02517fd9d2/1/5OH9MU3n5jnbsFQihGMju6cfMP8.roa
Signing time:             Mon 25 May 2026 10:57:36 +0000
ROA not before:           Mon 25 May 2026 10:57:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49556
IP address blocks:        194.110.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/3a109a-9b32-45a8-9b0c-7a02517fd9d2/1/Bgl6cuSuQLa5kpty-B79ccUX3Zg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/3a109a-9b32-45a8-9b0c-7a02517fd9d2/1/Bgl6cuSuQLa5kpty-B79ccUX3Zg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Bgl6cuSuQLa5kpty-B79ccUX3Zg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 16:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5e:c8:79:82:9f:f4:e2:ab:56:c3:2d:d9:bb:0e:92:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06097a72e4ae40b6b9929b72f81efd71c517dd98
        Validity
            Not Before: May 25 10:57:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4e1fd314de7e639dbb05422846323bba71f30ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:e1:2a:b9:3f:0b:43:1a:e3:43:14:22:3f:8e:
                    7d:a9:3a:3d:9b:7d:7f:31:e9:aa:a3:e3:05:af:b2:
                    a7:8a:c8:5e:3c:1a:a2:02:fe:d0:81:48:05:32:34:
                    b5:5e:4f:95:83:21:0c:a3:d0:b0:8c:fa:e3:eb:4c:
                    61:20:42:99:3e:4f:22:7b:26:8a:12:12:b8:19:1d:
                    e2:06:26:34:2c:aa:f8:a3:98:a9:9b:d1:f8:0e:bf:
                    bf:4b:63:4b:d0:b3:fe:be:84:f5:04:f6:2f:cb:c5:
                    09:45:fb:9d:ee:6b:71:b6:4c:7a:43:52:0f:c3:d9:
                    01:43:6d:23:3d:e4:9e:c3:1c:6f:a6:a3:55:41:7f:
                    33:6f:9a:77:51:3b:a3:4e:61:8a:b9:99:21:07:b3:
                    73:dd:fd:27:79:30:7f:6d:ee:db:29:0a:15:b9:e9:
                    95:b4:9f:09:7c:34:e0:12:c7:82:f4:ba:de:8e:fc:
                    6b:99:50:25:0c:89:3f:68:a6:a1:d8:18:b4:b9:2b:
                    90:42:9f:24:18:ce:43:e4:c1:10:8e:a1:86:7e:5f:
                    0b:9a:d6:bb:ad:56:f6:2c:2b:70:d0:98:6c:10:be:
                    34:99:d1:25:e7:d1:9e:2c:75:4f:3d:53:f7:fd:0b:
                    7d:7f:96:6e:f8:a8:0b:80:6e:5d:40:92:a0:68:49:
                    2e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:E1:FD:31:4D:E7:E6:39:DB:B0:54:22:84:63:23:BB:A7:1F:30:FF
            X509v3 Authority Key Identifier:
                keyid:06:09:7A:72:E4:AE:40:B6:B9:92:9B:72:F8:1E:FD:71:C5:17:DD:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bgl6cuSuQLa5kpty-B79ccUX3Zg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/3a109a-9b32-45a8-9b0c-7a02517fd9d2/1/5OH9MU3n5jnbsFQihGMju6cfMP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/3a109a-9b32-45a8-9b0c-7a02517fd9d2/1/Bgl6cuSuQLa5kpty-B79ccUX3Zg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:90:fa:81:18:a8:bd:50:66:04:8d:fb:28:49:77:e4:54:ed:
         9f:01:c7:ea:19:4b:28:17:8f:d4:ef:b5:12:ce:5c:01:78:7e:
         9c:3c:c2:04:7b:d4:27:93:cb:63:0e:96:4e:48:bd:f8:5b:01:
         67:29:db:b5:a7:b3:ff:db:02:7a:bb:32:ad:5e:5b:a9:f1:7d:
         83:be:a3:78:e0:77:dd:08:f8:57:0f:c7:01:5e:38:9a:29:c7:
         72:c5:99:66:61:d9:9a:f0:bd:20:9c:14:8c:d7:6a:90:01:db:
         c2:79:71:4c:70:28:18:29:87:6b:14:b3:e9:a0:3a:04:1d:8a:
         b9:99:8e:de:14:0c:a3:ad:e8:6a:0b:8a:aa:87:f3:7a:16:30:
         8d:ad:63:d1:33:40:61:f4:9d:ff:f6:50:e2:4b:ba:79:18:71:
         2d:eb:2b:37:f7:00:af:d0:67:20:45:5f:3d:8e:39:62:60:8b:
         4c:fc:8c:7f:bf:68:c2:72:94:b6:0f:49:d8:51:4f:3e:c8:94:
         60:db:41:27:42:31:7a:b6:f4:9f:44:08:e6:86:a5:5b:90:8f:
         a7:b8:0d:a2:38:8e:17:d3:b1:ea:4d:66:53:91:90:a7:27:96:
         0f:18:53:03:09:7c:7c:9f:e2:a0:1b:bb:13:9a:f2:98:cb:fe:
         9c:00:af:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5eyHmCn/Tiq1bDLdm7DpI+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MDk3YTcyZTRhZTQwYjZiOTkyOWI3MmY4MWVmZDcxYzUx
N2RkOTgwHhcNMjYwNTI1MTA1NzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGUxZmQzMTRkZTdlNjM5ZGJiMDU0MjI4NDYzMjNiYmE3MWYzMGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7uEquT8LQxrjQxQiP459qTo9m31/
Memqo+MFr7KnishePBqiAv7QgUgFMjS1Xk+VgyEMo9CwjPrj60xhIEKZPk8ieyaK
EhK4GR3iBiY0LKr4o5ipm9H4Dr+/S2NL0LP+voT1BPYvy8UJRfud7mtxtkx6Q1IP
w9kBQ20jPeSewxxvpqNVQX8zb5p3UTujTmGKuZkhB7Nz3f0neTB/be7bKQoVuemV
tJ8JfDTgEseC9LrejvxrmVAlDIk/aKah2Bi0uSuQQp8kGM5D5MEQjqGGfl8Lmta7
rVb2LCtw0JhsEL40mdEl59GeLHVPPVP3/Qt9f5Zu+KgLgG5dQJKgaEkuJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOTh/TFN5+Y527BUIoRjI7unHzD/MB8GA1UdIwQY
MBaAFAYJenLkrkC2uZKbcvge/XHFF92YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmdsNmN1U3VRTGE1a3B0eS1CNzljY1VYM1pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zYTEwOWEtOWIzMi00NWE4LTliMGMt
N2EwMjUxN2ZkOWQyLzEvNU9IOU1VM241am5ic0ZRaWhHTWp1NmNmTVA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zYTEwOWEtOWIzMi00NWE4LTliMGMtN2EwMjUxN2ZkOWQy
LzEvQmdsNmN1U3VRTGE1a3B0eS1CNzljY1VYM1pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm4YMA0G
CSqGSIb3DQEBCwUAA4IBAQCIkPqBGKi9UGYEjfsoSXfkVO2fAcfqGUsoF4/U77US
zlwBeH6cPMIEe9Qnk8tjDpZOSL34WwFnKdu1p7P/2wJ6uzKtXlup8X2DvqN44Hfd
CPhXD8cBXjiaKcdyxZlmYdma8L0gnBSM12qQAdvCeXFMcCgYKYdrFLPpoDoEHYq5
mY7eFAyjrehqC4qqh/N6FjCNrWPRM0Bh9J3/9lDiS7p5GHEt6ys39wCv0GcgRV89
jjliYItM/Ix/v2jCcpS2D0nYUU8+yJRg20EnQjF6tvSfRAjmhqVbkI+nuA2iOI4X
07HqTWZTkZCnJ5YPGFMDCXx8n+KgG7sTmvKYy/6cAK9U
-----END CERTIFICATE-----