Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/fbd7b7-576e-4fde-a8c9-16e1e87c3e40/1/5D6H0v5Hc8kftct1G5rpOIB5u6g.roa
File:                     5D6H0v5Hc8kftct1G5rpOIB5u6g.roa (raw, json)
Hash identifier:          inoz5zSLosxbnwapx0oUDzJHitScFa6YtasXkId5wNU=
Subject key identifier:   E4:3E:87:D2:FE:47:73:C9:1F:B5:CB:75:1B:9A:E9:38:80:79:BB:A8
Certificate issuer:       /CN=65e4f8ef264ec7ea014052087bccb1e62a5c454a
Certificate serial:       019E4FC16C4755F5F70B957598644CD949FE
Authority key identifier: 65:E4:F8:EF:26:4E:C7:EA:01:40:52:08:7B:CC:B1:E6:2A:5C:45:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZeT47yZOx-oBQFIIe8yx5ipcRUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/fbd7b7-576e-4fde-a8c9-16e1e87c3e40/1/5D6H0v5Hc8kftct1G5rpOIB5u6g.roa
Signing time:             Fri 22 May 2026 12:55:36 +0000
ROA not before:           Fri 22 May 2026 12:55:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209754
IP address blocks:        193.32.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/fbd7b7-576e-4fde-a8c9-16e1e87c3e40/1/ZeT47yZOx-oBQFIIe8yx5ipcRUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/fbd7b7-576e-4fde-a8c9-16e1e87c3e40/1/ZeT47yZOx-oBQFIIe8yx5ipcRUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZeT47yZOx-oBQFIIe8yx5ipcRUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4f:c1:6c:47:55:f5:f7:0b:95:75:98:64:4c:d9:49:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65e4f8ef264ec7ea014052087bccb1e62a5c454a
        Validity
            Not Before: May 22 12:55:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e43e87d2fe4773c91fb5cb751b9ae9388079bba8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:35:db:68:ee:60:be:7c:e5:14:ae:13:6c:86:
                    36:be:d3:d7:b6:ae:c2:66:eb:7b:a3:b6:2b:c3:22:
                    60:ec:4c:00:cc:51:4f:aa:4b:35:1f:99:46:cb:a2:
                    1e:ff:ce:74:62:07:a3:44:0d:fb:40:23:ae:71:3a:
                    68:35:1a:e7:dd:58:47:dd:3e:5d:81:da:17:41:c9:
                    e4:72:8f:ff:cb:ab:e4:a6:92:e7:c7:46:8b:9a:c5:
                    2e:8b:f7:30:17:d1:67:2f:fb:36:50:4a:82:1e:62:
                    93:b7:7f:15:14:3a:41:58:cb:54:3b:0c:46:fc:5e:
                    39:7e:44:74:b6:f5:a6:75:42:3b:d1:a3:0f:c6:07:
                    fe:43:63:19:6a:75:2c:f9:16:37:f3:01:2c:24:9e:
                    5b:69:59:6d:62:27:de:28:ca:03:f3:40:34:7f:da:
                    40:57:b1:96:d3:44:b0:af:94:bc:ec:e3:63:8a:e8:
                    6e:fa:8b:fe:3e:63:17:12:ad:3e:14:84:6b:e1:0f:
                    02:dd:b9:d6:35:34:34:37:a9:be:49:9d:97:56:b8:
                    1f:00:ec:2e:0b:f6:ea:8c:d7:64:21:20:0d:dc:89:
                    f3:f4:c5:2e:87:73:61:48:79:e5:8a:15:0c:4f:e2:
                    90:50:db:9c:43:c0:0b:e7:ae:be:f1:d3:27:df:31:
                    97:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:3E:87:D2:FE:47:73:C9:1F:B5:CB:75:1B:9A:E9:38:80:79:BB:A8
            X509v3 Authority Key Identifier:
                keyid:65:E4:F8:EF:26:4E:C7:EA:01:40:52:08:7B:CC:B1:E6:2A:5C:45:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZeT47yZOx-oBQFIIe8yx5ipcRUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/fbd7b7-576e-4fde-a8c9-16e1e87c3e40/1/5D6H0v5Hc8kftct1G5rpOIB5u6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/fbd7b7-576e-4fde-a8c9-16e1e87c3e40/1/ZeT47yZOx-oBQFIIe8yx5ipcRUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bf:b3:c6:b4:93:81:bb:64:c9:ed:3f:fc:0c:1a:fd:32:e7:1a:
         70:13:9b:f2:3e:0f:34:96:fc:f3:85:97:28:ee:58:66:0b:c8:
         f8:ab:3c:6b:61:c0:ea:50:4b:f6:c9:03:0b:48:9f:ef:90:8b:
         6e:55:07:f1:73:a4:31:8c:12:e1:e3:1d:9e:6d:d7:64:1e:79:
         32:c9:20:38:4e:81:95:e9:fc:81:b7:ba:cd:dd:d6:f5:33:85:
         4e:d4:d4:19:86:6c:6b:9e:04:f6:b7:74:0b:b9:2d:d6:ac:16:
         6b:ff:c0:d8:26:0e:aa:77:53:f4:93:65:77:bb:08:73:73:d2:
         3a:23:83:be:5f:64:81:9d:c4:22:d2:2c:52:e7:8e:32:59:d1:
         54:59:7f:d7:ee:05:79:22:32:3d:dd:24:70:a6:7b:25:6a:58:
         04:2f:1a:40:5a:7f:d2:ae:80:2a:ba:56:11:34:6f:26:35:d6:
         41:c8:f9:f4:18:9c:49:d6:1b:35:dd:27:37:32:2e:df:85:a9:
         f1:1e:0b:10:70:ca:7e:d5:65:db:59:b0:c9:19:bd:86:fe:64:
         bc:0c:80:05:fc:57:0d:72:b7:3e:78:1d:22:36:c3:8f:f3:71:
         4d:6b:ee:f4:f9:b0:5a:2e:7e:f0:3a:59:d6:ba:86:c5:14:af:
         90:87:7e:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5PwWxHVfX3C5V1mGRM2Un+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ZTRmOGVmMjY0ZWM3ZWEwMTQwNTIwODdiY2NiMWU2MmE1
YzQ1NGEwHhcNMjYwNTIyMTI1NTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDNlODdkMmZlNDc3M2M5MWZiNWNiNzUxYjlhZTkzODgwNzliYmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjXbaO5gvnzlFK4TbIY2vtPXtq7C
Zut7o7YrwyJg7EwAzFFPqks1H5lGy6Ie/850YgejRA37QCOucTpoNRrn3VhH3T5d
gdoXQcnkco//y6vkppLnx0aLmsUui/cwF9FnL/s2UEqCHmKTt38VFDpBWMtUOwxG
/F45fkR0tvWmdUI70aMPxgf+Q2MZanUs+RY38wEsJJ5baVltYifeKMoD80A0f9pA
V7GW00Swr5S87ONjiuhu+ov+PmMXEq0+FIRr4Q8C3bnWNTQ0N6m+SZ2XVrgfAOwu
C/bqjNdkISAN3Inz9MUuh3NhSHnlihUMT+KQUNucQ8AL566+8dMn3zGXWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQ+h9L+R3PJH7XLdRua6TiAebuoMB8GA1UdIwQY
MBaAFGXk+O8mTsfqAUBSCHvMseYqXEVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmVUNDd5Wk94LW9CUUZJSWU4eXg1aXBjUlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9mYmQ3YjctNTc2ZS00ZmRlLWE4Yzkt
MTZlMWU4N2MzZTQwLzEvNUQ2SDB2NUhjOGtmdGN0MUc1cnBPSUI1dTZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9mYmQ3YjctNTc2ZS00ZmRlLWE4YzktMTZlMWU4N2MzZTQw
LzEvWmVUNDd5Wk94LW9CUUZJSWU4eXg1aXBjUlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSCoMA0G
CSqGSIb3DQEBCwUAA4IBAQC/s8a0k4G7ZMntP/wMGv0y5xpwE5vyPg80lvzzhZco
7lhmC8j4qzxrYcDqUEv2yQMLSJ/vkItuVQfxc6QxjBLh4x2ebddkHnkyySA4ToGV
6fyBt7rN3db1M4VO1NQZhmxrngT2t3QLuS3WrBZr/8DYJg6qd1P0k2V3uwhzc9I6
I4O+X2SBncQi0ixS544yWdFUWX/X7gV5IjI93SRwpnslalgELxpAWn/SroAqulYR
NG8mNdZByPn0GJxJ1hs13Sc3Mi7fhanxHgsQcMp+1WXbWbDJGb2G/mS8DIAF/FcN
crc+eB0iNsOP83FNa+70+bBaLn7wOlnWuobFFK+Qh37+
-----END CERTIFICATE-----