Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/bwp5bXEghgHr7EYl0KNAFE7mc20.roa
File:                     bwp5bXEghgHr7EYl0KNAFE7mc20.roa (raw, json)
Hash identifier:          7u7Zj5oFaGyCqot4J3MzTBt5vDDbem5Ae4vFNHbppfk=
Subject key identifier:   6F:0A:79:6D:71:20:86:01:EB:EC:46:25:D0:A3:40:14:4E:E6:73:6D
Certificate issuer:       /CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
Certificate serial:       019C47B3D2D3F60CDC3E5CE6C1C5D5C568B2
Authority key identifier: 5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/bwp5bXEghgHr7EYl0KNAFE7mc20.roa
Signing time:             Tue 10 Feb 2026 13:18:13 +0000
ROA not before:           Tue 10 Feb 2026 13:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        193.160.102.0/24 maxlen: 24
                          193.160.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:47:b3:d2:d3:f6:0c:dc:3e:5c:e6:c1:c5:d5:c5:68:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
        Validity
            Not Before: Feb 10 13:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f0a796d71208601ebec4625d0a340144ee6736d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:89:73:b8:8b:a4:52:e9:5d:df:4d:e0:a6:fd:
                    48:3c:0a:a9:1e:92:14:31:70:98:bc:f4:4d:da:34:
                    8b:5d:76:87:95:44:55:8f:7e:6b:0f:de:0e:f2:21:
                    33:6f:1e:15:c1:00:54:1a:45:1b:89:f3:11:32:4e:
                    77:31:fd:98:76:f6:91:be:52:e0:09:a9:bf:fd:fe:
                    b5:1b:62:65:90:35:54:14:5e:32:91:d3:69:a5:3d:
                    16:3d:96:38:a7:19:17:2d:1f:a3:88:8f:46:98:9a:
                    c2:c0:98:c8:8a:53:48:c1:7f:8d:12:c5:bb:5a:80:
                    9e:32:d4:18:df:00:03:b6:a0:7c:d6:60:5d:2e:ba:
                    b9:7a:45:87:18:39:1a:ec:fa:af:e7:ff:23:68:e3:
                    25:f6:96:99:6c:0b:9e:c9:50:bc:30:a5:4c:98:08:
                    38:1b:5f:79:cc:33:28:b5:a5:41:c9:d1:19:43:a2:
                    a7:fc:a4:b9:0d:11:b1:76:dc:d8:0e:93:7b:45:0b:
                    e6:34:e6:ed:f0:51:09:3a:18:51:b7:68:6f:e7:50:
                    73:fe:e1:b0:9a:c2:fb:69:ea:a4:38:51:30:9f:27:
                    8b:6a:1b:96:cf:f3:d3:f6:cb:5d:21:06:15:8e:ea:
                    83:8e:11:37:a9:f7:d2:8e:e7:52:aa:d9:71:88:7f:
                    9a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:0A:79:6D:71:20:86:01:EB:EC:46:25:D0:A3:40:14:4E:E6:73:6D
            X509v3 Authority Key Identifier:
                keyid:5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/bwp5bXEghgHr7EYl0KNAFE7mc20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.102.0/24
                  193.160.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:51:3e:51:79:e5:4a:30:0d:fe:26:45:54:45:4f:71:1a:c5:
         6b:72:17:17:21:3b:07:cc:5e:26:c3:ed:38:96:d6:2f:a9:52:
         86:0d:8d:ce:91:ff:11:41:d7:ae:8f:39:40:66:64:8b:93:bd:
         08:fd:96:8c:5f:3d:a4:9a:b5:ef:4b:1a:73:27:20:3b:8a:11:
         cb:4c:ea:61:eb:1f:7b:7c:47:50:3a:3b:98:8e:b0:a1:b3:4f:
         30:8f:93:d6:53:da:0a:21:40:c6:24:50:b4:ea:5f:99:5e:45:
         86:8c:fe:c4:57:e8:6e:96:82:82:2a:af:c3:83:25:0a:66:a1:
         e5:7b:b0:9f:43:46:0e:0f:98:b9:c2:69:e1:f4:75:2c:08:49:
         e5:ff:26:d3:1f:24:54:80:01:8e:79:9f:82:57:48:fe:87:22:
         f3:ad:a3:f4:a6:fd:ef:ce:0d:2e:37:0d:8d:3b:02:a6:15:94:
         31:69:ee:4d:e6:22:a2:10:b8:09:61:b9:3b:62:a3:14:68:18:
         29:a1:7a:1b:80:1e:05:c1:13:ba:64:41:2c:7e:c7:8d:40:9a:
         5b:cf:ba:37:ed:1d:5d:3e:9d:3a:3a:08:51:5b:22:15:0b:9c:
         41:ba:d7:73:45:fa:78:a7:07:ec:e7:c6:83:c4:a3:14:ad:86:
         29:80:24:9f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxHs9LT9gzcPlzmwcXVxWiyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZWUwZDdlNzMwODRhNDJlNGM3ZjcxMThmMjM4M2ZjZmYz
NjliYTQwHhcNMjYwMjEwMTMxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjBhNzk2ZDcxMjA4NjAxZWJlYzQ2MjVkMGEzNDAxNDRlZTY3MzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIlzuIukUuld303gpv1IPAqpHpIU
MXCYvPRN2jSLXXaHlURVj35rD94O8iEzbx4VwQBUGkUbifMRMk53Mf2YdvaRvlLg
Cam//f61G2JlkDVUFF4ykdNppT0WPZY4pxkXLR+jiI9GmJrCwJjIilNIwX+NEsW7
WoCeMtQY3wADtqB81mBdLrq5ekWHGDka7Pqv5/8jaOMl9paZbAueyVC8MKVMmAg4
G195zDMotaVBydEZQ6Kn/KS5DRGxdtzYDpN7RQvmNObt8FEJOhhRt2hv51Bz/uGw
msL7aeqkOFEwnyeLahuWz/PT9stdIQYVjuqDjhE3qffSjudSqtlxiH+agQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG8KeW1xIIYB6+xGJdCjQBRO5nNtMB8GA1UdIwQY
MBaAFF7uDX5zCEpC5Mf3EY8jg/z/NpukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgt
ZGRjMjY2NTY0NmNjLzEvYndwNWJYRWdoZ0hyN0VZbDBLTkFGRTdtYzIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgtZGRjMjY2NTY0NmNj
LzEvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwaBmAwQA
waBxMA0GCSqGSIb3DQEBCwUAA4IBAQBrUT5ReeVKMA3+JkVURU9xGsVrchcXITsH
zF4mw+04ltYvqVKGDY3Okf8RQdeujzlAZmSLk70I/ZaMXz2kmrXvSxpzJyA7ihHL
TOph6x97fEdQOjuYjrChs08wj5PWU9oKIUDGJFC06l+ZXkWGjP7EV+huloKCKq/D
gyUKZqHle7CfQ0YOD5i5wmnh9HUsCEnl/ybTHyRUgAGOeZ+CV0j+hyLzraP0pv3v
zg0uNw2NOwKmFZQxae5N5iKiELgJYbk7YqMUaBgpoXobgB4FwRO6ZEEsfseNQJpb
z7o37R1dPp06OghRWyIVC5xButdzRfp4pwfs58aDxKMUrYYpgCSf
-----END CERTIFICATE-----