Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/W9C7VyIBIx1ahwW0PN-gKqh55Tk.roa
File:                     W9C7VyIBIx1ahwW0PN-gKqh55Tk.roa (raw, json)
Hash identifier:          UIXTR5grwZANA4lHjsxGyctkdK5SPl2+jXCTgwK9G24=
Subject key identifier:   5B:D0:BB:57:22:01:23:1D:5A:87:05:B4:3C:DF:A0:2A:A8:79:E5:39
Certificate issuer:       /CN=f30e445195b64d799b822e99947792e0cab32b6d
Certificate serial:       019EB4A326775ED757CA5C6D02B4344A4EF8
Authority key identifier: F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/W9C7VyIBIx1ahwW0PN-gKqh55Tk.roa
Signing time:             Thu 11 Jun 2026 03:04:11 +0000
ROA not before:           Thu 11 Jun 2026 03:04:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204794
IP address blocks:        189.13.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b4:a3:26:77:5e:d7:57:ca:5c:6d:02:b4:34:4a:4e:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f30e445195b64d799b822e99947792e0cab32b6d
        Validity
            Not Before: Jun 11 03:04:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5bd0bb572201231d5a8705b43cdfa02aa879e539
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7a:b7:db:64:6d:d4:f3:26:26:cb:00:c7:35:
                    7d:01:e0:65:a3:3b:df:04:71:54:da:0c:08:99:54:
                    3d:cf:83:aa:08:e8:e2:ce:a2:3e:a5:2f:88:74:67:
                    e7:09:67:cd:2c:7d:bd:81:a7:2c:ec:3f:75:51:cc:
                    99:4e:c7:e8:cc:ae:00:43:c5:17:f9:ce:41:e6:13:
                    15:db:e7:8a:e7:98:44:d3:91:93:e5:42:09:79:0a:
                    e4:03:8b:d5:e0:67:77:5f:b3:35:fb:a9:eb:db:13:
                    5b:00:8c:eb:43:66:ce:59:15:6b:eb:14:ad:13:f9:
                    28:ca:ce:2f:99:89:28:e4:10:fa:f7:07:d8:ae:e8:
                    a2:ca:a8:a2:85:b2:c3:91:e9:99:07:96:92:e2:f0:
                    90:af:b6:e0:33:ba:c3:9b:02:9c:de:4a:4f:b2:d8:
                    0f:0d:93:68:de:9a:8e:d5:0e:a8:a8:4c:dd:49:b2:
                    8e:cc:2a:60:32:5f:62:ed:94:4c:5e:5f:6a:c4:2a:
                    94:bc:48:5a:7a:01:1e:a6:88:11:0b:25:89:fa:81:
                    58:12:16:40:dc:42:7c:dc:e3:78:f1:e4:63:2d:52:
                    fe:6d:41:13:e4:4c:6d:44:99:72:dd:6a:f9:9d:c3:
                    03:89:26:57:47:b1:93:df:8c:7f:7b:8b:54:cf:8a:
                    35:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:D0:BB:57:22:01:23:1D:5A:87:05:B4:3C:DF:A0:2A:A8:79:E5:39
            X509v3 Authority Key Identifier:
                keyid:F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/W9C7VyIBIx1ahwW0PN-gKqh55Tk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.13.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:9b:68:f8:9c:23:5b:a5:65:28:d8:c4:36:3f:04:76:63:d0:
         c7:24:1f:04:c8:ee:61:08:0b:42:85:74:7f:9b:c7:73:1e:9e:
         af:c9:30:3c:99:5f:aa:f4:d4:e2:24:bf:c7:23:9e:56:64:b1:
         cb:56:28:88:a4:d7:16:a7:31:da:4b:2f:96:82:b5:47:d0:3a:
         e4:dc:31:5a:90:87:d1:d4:2d:49:9d:73:0f:37:b8:e8:7c:e1:
         b6:7c:4d:f3:00:07:98:58:e0:e1:d8:8c:9a:34:73:b7:71:ab:
         b6:ee:bf:a2:7a:e4:ce:c3:27:1c:b9:96:a7:63:f7:5a:29:48:
         7c:75:3f:61:30:b1:7a:45:89:50:c0:29:19:6f:68:39:00:01:
         75:aa:8e:dc:8d:cf:ac:3a:88:7d:8f:ca:73:b8:0b:df:e0:2b:
         ad:9b:1e:c8:e8:a7:a5:ca:fd:a5:6d:bd:97:eb:2c:fd:08:7c:
         5a:75:7d:23:54:d6:55:09:17:80:d3:9b:ae:85:4e:b2:61:1a:
         24:4c:e1:79:b2:36:b3:17:5b:98:db:32:89:24:64:db:90:81:
         97:8c:74:93:e0:22:0f:a3:33:a5:f2:8e:e6:fd:86:88:6d:9c:
         e0:00:ef:80:61:dd:05:b7:61:68:46:74:f8:6f:d8:fe:70:ac:
         51:7d:4b:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ60oyZ3XtdXylxtArQ0Sk74MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMGU0NDUxOTViNjRkNzk5YjgyMmU5OTk0Nzc5MmUwY2Fi
MzJiNmQwHhcNMjYwNjExMDMwNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmQwYmI1NzIyMDEyMzFkNWE4NzA1YjQzY2RmYTAyYWE4NzllNTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXq322Rt1PMmJssAxzV9AeBlozvf
BHFU2gwImVQ9z4OqCOjizqI+pS+IdGfnCWfNLH29gacs7D91UcyZTsfozK4AQ8UX
+c5B5hMV2+eK55hE05GT5UIJeQrkA4vV4Gd3X7M1+6nr2xNbAIzrQ2bOWRVr6xSt
E/koys4vmYko5BD69wfYruiiyqiihbLDkemZB5aS4vCQr7bgM7rDmwKc3kpPstgP
DZNo3pqO1Q6oqEzdSbKOzCpgMl9i7ZRMXl9qxCqUvEhaegEepogRCyWJ+oFYEhZA
3EJ83ON48eRjLVL+bUET5ExtRJly3Wr5ncMDiSZXR7GT34x/e4tUz4o11wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvQu1ciASMdWocFtDzfoCqoeeU5MB8GA1UdIwQY
MBaAFPMORFGVtk15m4IumZR3kuDKsyttMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgt
YjdjYTFmNDcyOGQwLzEvVzlDN1Z5SUJJeDFhaHdXMFBOLWdLcWg1NVRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgtYjdjYTFmNDcyOGQw
LzEvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvQ13MA0G
CSqGSIb3DQEBCwUAA4IBAQCcm2j4nCNbpWUo2MQ2PwR2Y9DHJB8EyO5hCAtChXR/
m8dzHp6vyTA8mV+q9NTiJL/HI55WZLHLViiIpNcWpzHaSy+WgrVH0Drk3DFakIfR
1C1JnXMPN7jofOG2fE3zAAeYWODh2IyaNHO3cau27r+ieuTOwyccuZanY/daKUh8
dT9hMLF6RYlQwCkZb2g5AAF1qo7cjc+sOoh9j8pzuAvf4Cutmx7I6Kelyv2lbb2X
6yz9CHxadX0jVNZVCReA05uuhU6yYRokTOF5sjazF1uY2zKJJGTbkIGXjHST4CIP
ozOl8o7m/YaIbZzgAO+AYd0Ft2FoRnT4b9j+cKxRfUvv
-----END CERTIFICATE-----