Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/6MDMieQ8YrbNva02JUIU7ZYZPyw.roa
File:                     6MDMieQ8YrbNva02JUIU7ZYZPyw.roa (raw, json)
Hash identifier:          IJleNmbsqFaKpIABn68IeW3f2FWHkJ/hRNAlwkzpHYA=
Subject key identifier:   E8:C0:CC:89:E4:3C:62:B6:CD:BD:AD:36:25:42:14:ED:96:19:3F:2C
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019E3FA8A3D4A35A57DEE4E7407B744F86D5
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/6MDMieQ8YrbNva02JUIU7ZYZPyw.roa
Signing time:             Tue 19 May 2026 09:54:37 +0000
ROA not before:           Tue 19 May 2026 09:54:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55470
IP address blocks:        195.172.130.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 31 May 2026 04:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3f:a8:a3:d4:a3:5a:57:de:e4:e7:40:7b:74:4f:86:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: May 19 09:54:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e8c0cc89e43c62b6cdbdad36254214ed96193f2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:47:bc:8a:b2:36:f3:8a:18:dc:7d:a5:b4:f2:
                    7f:4c:f4:a3:47:05:3e:66:28:d9:2b:74:6c:5c:ea:
                    a7:11:22:db:89:51:39:d5:47:2a:27:14:e3:5d:dc:
                    f8:11:0b:1a:82:9f:27:b4:c8:ef:c6:21:64:ae:75:
                    ab:29:23:51:5b:9d:6f:5b:11:1e:da:b3:70:40:8d:
                    69:2b:0f:1b:fa:b8:61:ef:19:7c:04:c8:19:39:69:
                    33:fa:e0:51:21:6d:e5:ee:cc:0c:44:39:df:ff:0e:
                    1b:02:74:d7:94:6c:af:74:34:19:d3:a0:9b:e1:38:
                    54:4a:15:a7:63:c4:bb:5c:5d:d8:b2:e5:74:30:d8:
                    c1:89:82:c1:55:d6:09:21:ad:a7:06:6d:ca:d9:2e:
                    bc:8d:d5:0d:30:9b:71:30:27:7c:9c:f6:32:5c:2d:
                    ea:b0:5d:b9:49:1d:c0:b4:28:82:62:de:06:79:a1:
                    b6:f0:27:26:6d:9c:ee:bb:1b:25:64:fb:8a:63:34:
                    38:ec:87:51:2a:fe:fb:f6:63:5c:c7:13:f1:ed:71:
                    53:0d:53:e1:79:0f:82:2b:ed:f7:9e:f9:aa:fd:41:
                    4a:f4:bd:99:61:52:4e:e5:26:25:16:40:e8:0d:8b:
                    0c:01:29:5e:89:63:de:64:8c:d9:01:47:fe:4d:8d:
                    1a:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:C0:CC:89:E4:3C:62:B6:CD:BD:AD:36:25:42:14:ED:96:19:3F:2C
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/6MDMieQ8YrbNva02JUIU7ZYZPyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.172.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:4d:e9:4c:15:4d:26:15:a1:52:b5:71:b9:b7:79:8f:2a:a3:
         7e:5f:87:98:40:85:de:38:01:12:dd:8f:8b:2f:40:56:77:3d:
         07:fa:ad:b3:31:79:8e:1d:cc:29:d4:f9:a3:e8:d1:b6:2d:53:
         18:b2:b1:66:65:a2:94:99:36:24:d1:cc:ed:92:90:06:1a:7d:
         ce:e6:b3:68:e6:1e:63:55:a8:dc:ae:5e:da:4c:d5:a5:44:3b:
         bc:98:47:a9:2a:4a:3f:be:c9:37:70:72:d4:ee:a1:81:27:1b:
         ce:23:28:a5:8a:26:da:66:c6:48:54:c2:24:17:d0:50:9a:80:
         b9:02:28:43:83:ef:5b:6f:f4:3c:b4:ce:c5:d4:42:e4:c5:0c:
         e6:40:be:a2:93:33:6f:1f:11:2b:30:4e:af:db:6b:14:90:4c:
         22:0b:18:e6:f1:78:cf:f5:58:c2:8c:f3:86:74:7a:fb:68:ba:
         39:64:05:92:fc:51:73:62:1c:95:2e:bd:89:3d:10:6b:83:e2:
         b6:40:62:22:e9:ba:03:82:47:3e:78:9c:73:b5:52:a6:10:61:
         7a:ad:d3:4c:b1:76:44:43:7f:65:09:f1:b5:f3:85:59:cc:f1:
         0e:a7:e7:6e:c3:45:ea:38:a0:5b:30:15:a5:78:c3:78:0f:2a:
         8b:7c:34:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4/qKPUo1pX3uTnQHt0T4bVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNTE5MDk1NDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGMwY2M4OWU0M2M2MmI2Y2RiZGFkMzYyNTQyMTRlZDk2MTkzZjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEe8irI284oY3H2ltPJ/TPSjRwU+
ZijZK3RsXOqnESLbiVE51UcqJxTjXdz4EQsagp8ntMjvxiFkrnWrKSNRW51vWxEe
2rNwQI1pKw8b+rhh7xl8BMgZOWkz+uBRIW3l7swMRDnf/w4bAnTXlGyvdDQZ06Cb
4ThUShWnY8S7XF3YsuV0MNjBiYLBVdYJIa2nBm3K2S68jdUNMJtxMCd8nPYyXC3q
sF25SR3AtCiCYt4GeaG28CcmbZzuuxslZPuKYzQ47IdRKv779mNcxxPx7XFTDVPh
eQ+CK+33nvmq/UFK9L2ZYVJO5SYlFkDoDYsMASleiWPeZIzZAUf+TY0aTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOjAzInkPGK2zb2tNiVCFO2WGT8sMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvNk1ETWllUThZcmJOdmEwMkpVSVU3WllaUHl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw6yCMA0G
CSqGSIb3DQEBCwUAA4IBAQCVTelMFU0mFaFStXG5t3mPKqN+X4eYQIXeOAES3Y+L
L0BWdz0H+q2zMXmOHcwp1Pmj6NG2LVMYsrFmZaKUmTYk0cztkpAGGn3O5rNo5h5j
Vajcrl7aTNWlRDu8mEepKko/vsk3cHLU7qGBJxvOIyiliibaZsZIVMIkF9BQmoC5
AihDg+9bb/Q8tM7F1ELkxQzmQL6ikzNvHxErME6v22sUkEwiCxjm8XjP9VjCjPOG
dHr7aLo5ZAWS/FFzYhyVLr2JPRBrg+K2QGIi6boDgkc+eJxztVKmEGF6rdNMsXZE
Q39lCfG184VZzPEOp+duw0XqOKBbMBWleMN4DyqLfDRv
-----END CERTIFICATE-----