Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/5s1U4ElgrKaVnnOXLyr9BLMM-4I.roa
File:                     5s1U4ElgrKaVnnOXLyr9BLMM-4I.roa (raw, json)
Hash identifier:          ScHqM5fNz0qRYVqAQHJcV3gGClo3/wCDE4W5EMTqOA8=
Subject key identifier:   E6:CD:54:E0:49:60:AC:A6:95:9E:73:97:2F:2A:FD:04:B3:0C:FB:82
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019EAB1970C210C3E62B1485CE8110A4C11C
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/5s1U4ElgrKaVnnOXLyr9BLMM-4I.roa
Signing time:             Tue 09 Jun 2026 06:37:11 +0000
ROA not before:           Tue 09 Jun 2026 06:37:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213900
IP address blocks:        213.176.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ab:19:70:c2:10:c3:e6:2b:14:85:ce:81:10:a4:c1:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jun  9 06:37:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e6cd54e04960aca6959e73972f2afd04b30cfb82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:62:30:0f:08:5c:20:bd:32:95:7c:6e:f9:c2:
                    c6:62:40:e5:a7:ea:ed:af:e8:7e:42:e0:ba:d9:3f:
                    67:70:2f:f9:d3:2a:2b:a2:b6:c2:3a:72:00:69:24:
                    76:0c:15:d1:38:ee:95:09:11:e9:9a:03:22:45:57:
                    bf:f9:34:25:f7:fc:f3:47:a5:e3:74:86:e1:36:69:
                    cb:8f:82:a6:02:cc:04:8d:92:d1:0c:5c:1a:5c:57:
                    c1:13:9d:94:9b:db:7f:34:61:20:3c:71:b1:a1:b5:
                    64:1b:eb:cc:d4:d2:dc:7c:dd:1f:e1:2c:2e:cb:89:
                    a0:19:d8:e6:4e:b1:50:d5:b6:1c:d7:59:87:3b:0f:
                    de:56:34:3f:16:2c:40:c3:87:57:e5:35:74:63:fa:
                    44:85:cf:9b:a8:8c:50:13:2f:4a:7a:06:88:8f:b2:
                    be:70:87:e4:33:54:38:10:12:1d:cd:9d:47:54:19:
                    6c:af:a6:de:60:64:de:bc:03:96:64:68:90:23:66:
                    29:a4:80:83:61:21:34:00:cb:73:d6:41:c0:f0:d7:
                    71:3a:17:53:73:66:39:0a:ec:3d:38:c7:3e:c0:5d:
                    f6:2e:e5:ee:dd:b2:d2:54:65:05:03:b6:66:44:69:
                    30:6f:4d:dd:b4:0a:35:ab:90:8d:a0:a1:a2:4f:88:
                    60:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:CD:54:E0:49:60:AC:A6:95:9E:73:97:2F:2A:FD:04:B3:0C:FB:82
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/5s1U4ElgrKaVnnOXLyr9BLMM-4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.176.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:ba:ff:62:a5:a3:f5:16:bd:37:1a:c4:8c:f8:24:0a:87:8c:
         b7:12:e3:da:de:21:ec:c2:db:ae:d6:61:09:3a:1b:37:cb:2f:
         d4:31:fb:d2:f0:72:2b:9b:3c:29:91:64:3d:33:60:f5:1c:bf:
         72:d3:49:49:67:e1:14:d1:be:63:7a:37:a4:26:9b:5a:52:a2:
         1a:ba:cd:01:6e:f0:49:93:40:56:8a:e6:2a:af:1a:bd:3c:31:
         93:60:1e:f4:ed:36:11:ad:b8:99:6b:8c:2c:12:9f:89:9e:4b:
         4d:9d:02:99:53:76:8f:18:a7:37:7b:6a:20:a3:3f:91:a5:12:
         22:0c:45:03:46:7a:ef:3f:81:99:ad:30:d8:7d:48:17:c7:a3:
         cb:52:d4:d2:87:35:0e:55:69:69:91:54:ce:8f:3c:d8:0b:89:
         c0:8c:f4:2f:60:7f:3a:ea:30:c8:b9:0e:c0:df:ee:36:55:34:
         99:55:ab:93:03:90:cf:a3:aa:f8:10:00:a9:57:29:ac:70:cf:
         6f:04:ed:96:e8:33:0c:1b:d8:3d:58:d7:b9:a7:b9:78:58:57:
         1d:2d:94:9c:f7:63:b2:cb:fa:a8:d7:6b:a0:1b:1b:cc:53:32:
         1e:5b:45:0e:d5:5c:5d:b8:90:23:4d:66:a1:e0:cf:0e:31:d3:
         f9:cf:fd:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6rGXDCEMPmKxSFzoEQpMEcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjYwNjA5MDYzNzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmNkNTRlMDQ5NjBhY2E2OTU5ZTczOTcyZjJhZmQwNGIzMGNmYjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7WIwDwhcIL0ylXxu+cLGYkDlp+rt
r+h+QuC62T9ncC/50yororbCOnIAaSR2DBXROO6VCRHpmgMiRVe/+TQl9/zzR6Xj
dIbhNmnLj4KmAswEjZLRDFwaXFfBE52Um9t/NGEgPHGxobVkG+vM1NLcfN0f4Swu
y4mgGdjmTrFQ1bYc11mHOw/eVjQ/FixAw4dX5TV0Y/pEhc+bqIxQEy9KegaIj7K+
cIfkM1Q4EBIdzZ1HVBlsr6beYGTevAOWZGiQI2YppICDYSE0AMtz1kHA8NdxOhdT
c2Y5Cuw9OMc+wF32LuXu3bLSVGUFA7ZmRGkwb03dtAo1q5CNoKGiT4hguQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFObNVOBJYKymlZ5zly8q/QSzDPuCMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvNXMxVTRFbGdyS2FWbm5PWEx5cjlCTE1NLTRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bB+MA0G
CSqGSIb3DQEBCwUAA4IBAQA3uv9ipaP1Fr03GsSM+CQKh4y3EuPa3iHswtuu1mEJ
Ohs3yy/UMfvS8HIrmzwpkWQ9M2D1HL9y00lJZ+EU0b5jejekJptaUqIaus0BbvBJ
k0BWiuYqrxq9PDGTYB707TYRrbiZa4wsEp+JnktNnQKZU3aPGKc3e2ogoz+RpRIi
DEUDRnrvP4GZrTDYfUgXx6PLUtTShzUOVWlpkVTOjzzYC4nAjPQvYH866jDIuQ7A
3+42VTSZVauTA5DPo6r4EACpVymscM9vBO2W6DMMG9g9WNe5p7l4WFcdLZSc92Oy
y/qo12ugGxvMUzIeW0UO1VxduJAjTWah4M8OMdP5z/1L
-----END CERTIFICATE-----