Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/tXBsZKUJGHiyZq9Z5oz2zOXl09w.roa
File:                     tXBsZKUJGHiyZq9Z5oz2zOXl09w.roa (raw, json)
Hash identifier:          LPXITZ2KpGAEeNf7OaGX0n0Wbym3ZdBdIpBqOYpNTyM=
Subject key identifier:   B5:70:6C:64:A5:09:18:78:B2:66:AF:59:E6:8C:F6:CC:E5:E5:D3:DC
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       019EBA6C7A42F13C1C568672CBCCCB1D9053
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/tXBsZKUJGHiyZq9Z5oz2zOXl09w.roa
Signing time:             Fri 12 Jun 2026 06:02:11 +0000
ROA not before:           Fri 12 Jun 2026 06:02:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200658
IP address blocks:        81.29.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ba:6c:7a:42:f1:3c:1c:56:86:72:cb:cc:cb:1d:90:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jun 12 06:02:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b5706c64a5091878b266af59e68cf6cce5e5d3dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:3c:a0:98:2e:4f:d1:33:98:a8:ad:8b:f0:4a:
                    ed:df:ce:18:7c:34:35:f1:1a:44:36:87:9e:1d:72:
                    77:b7:bb:b6:93:db:38:11:c7:87:b1:1a:6c:f4:c5:
                    60:aa:dc:26:cd:8a:b6:16:ba:28:1a:0a:85:90:b1:
                    e9:77:e1:c1:82:b4:7f:a2:cb:99:eb:6c:3c:8f:05:
                    66:b2:79:4f:8d:b3:46:e5:bb:fa:54:e1:33:73:7e:
                    7a:cd:e5:3e:f4:f1:28:75:11:c9:cb:8c:89:5b:93:
                    bd:78:a4:cd:2f:33:7f:ed:90:5d:54:78:65:f7:cb:
                    d7:60:dd:b1:4d:c7:37:82:10:7e:93:71:f3:6a:a1:
                    8f:b6:05:e0:71:fd:d6:8a:37:72:fb:f8:10:e1:78:
                    3c:77:06:19:1f:37:10:33:68:23:99:8f:d3:67:21:
                    fe:56:88:6f:4d:04:8f:28:62:45:b0:34:bb:d6:52:
                    78:12:75:08:5a:55:c2:6e:a1:67:22:99:dd:3b:47:
                    9a:e8:8b:3f:79:83:9e:e6:98:6d:3f:aa:a5:21:c4:
                    dc:47:23:17:52:cd:f9:cd:63:10:db:e2:d7:c9:db:
                    96:52:94:45:df:3d:4e:85:3a:5e:42:fb:16:f4:df:
                    98:de:a4:69:dd:4c:70:f6:82:66:8d:54:95:02:b2:
                    c4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:70:6C:64:A5:09:18:78:B2:66:AF:59:E6:8C:F6:CC:E5:E5:D3:DC
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/tXBsZKUJGHiyZq9Z5oz2zOXl09w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:76:85:70:91:ff:77:69:1f:e4:7b:89:71:40:77:ae:2d:7a:
         68:bf:32:a6:24:9d:73:de:7a:4c:7d:24:0d:52:fe:71:69:6d:
         d8:50:be:4d:19:89:57:f9:85:42:98:7b:cd:b2:8b:ee:f6:ea:
         98:ee:cb:a2:3a:ef:cd:0f:b5:43:3b:24:a5:82:83:d8:b9:39:
         58:ea:44:f1:bf:e3:96:c9:e4:a6:08:36:39:70:2e:75:6d:2d:
         6d:bd:d0:e0:ad:ee:6e:31:af:01:e2:9a:73:04:5c:af:60:df:
         5e:7d:9b:73:71:99:72:64:34:58:8a:f0:95:3e:09:d9:ae:0b:
         88:cf:3b:f8:9e:6b:7e:74:4d:d1:99:fe:ba:1e:79:41:02:30:
         74:12:fd:21:cd:45:3c:33:15:fa:15:70:a8:b0:09:4b:af:34:
         18:0b:60:56:a2:1e:e2:e1:f7:e6:c6:8f:11:37:72:e5:ac:4f:
         79:c9:d2:20:91:8b:1f:49:ff:1f:7c:ab:31:e4:a3:34:ec:e1:
         ac:bc:57:9d:4e:79:a0:a1:89:86:d7:3f:76:2c:06:cf:15:25:
         fe:64:0a:d4:ec:2b:bc:f2:56:5a:c5:c9:b4:ba:5a:68:27:0e:
         68:c2:ec:7f:97:b1:79:4c:4e:f2:a5:65:c2:b3:d6:25:1d:27:
         d9:48:76:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ66bHpC8TwcVoZyy8zLHZBTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjYwNjEyMDYwMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTcwNmM2NGE1MDkxODc4YjI2NmFmNTllNjhjZjZjY2U1ZTVkM2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijygmC5P0TOYqK2L8Ert384YfDQ1
8RpENoeeHXJ3t7u2k9s4EceHsRps9MVgqtwmzYq2FrooGgqFkLHpd+HBgrR/osuZ
62w8jwVmsnlPjbNG5bv6VOEzc356zeU+9PEodRHJy4yJW5O9eKTNLzN/7ZBdVHhl
98vXYN2xTcc3ghB+k3HzaqGPtgXgcf3Wijdy+/gQ4Xg8dwYZHzcQM2gjmY/TZyH+
VohvTQSPKGJFsDS71lJ4EnUIWlXCbqFnIpndO0ea6Is/eYOe5phtP6qlIcTcRyMX
Us35zWMQ2+LXyduWUpRF3z1OhTpeQvsW9N+Y3qRp3Uxw9oJmjVSVArLElQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVwbGSlCRh4smavWeaM9szl5dPcMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvdFhCc1pLVUpHSGl5WnE5WjVvejJ6T1hsMDl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR2UMA0G
CSqGSIb3DQEBCwUAA4IBAQBhdoVwkf93aR/ke4lxQHeuLXpovzKmJJ1z3npMfSQN
Uv5xaW3YUL5NGYlX+YVCmHvNsovu9uqY7suiOu/ND7VDOySlgoPYuTlY6kTxv+OW
yeSmCDY5cC51bS1tvdDgre5uMa8B4ppzBFyvYN9efZtzcZlyZDRYivCVPgnZrguI
zzv4nmt+dE3Rmf66HnlBAjB0Ev0hzUU8MxX6FXCosAlLrzQYC2BWoh7i4ffmxo8R
N3LlrE95ydIgkYsfSf8ffKsx5KM07OGsvFedTnmgoYmG1z92LAbPFSX+ZArU7Cu8
8lZaxcm0ulpoJw5owux/l7F5TE7ypWXCs9YlHSfZSHYw
-----END CERTIFICATE-----