Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/dc13c1-de56-449f-9c29-c81266b7c49e/1/E0dnKecbXG4AqFYW8U1R4jgEvrE.roa
File:                     E0dnKecbXG4AqFYW8U1R4jgEvrE.roa (raw, json)
Hash identifier:          jHiYs49wNOGxk/w2eAt7fchJ5eCMdlJ9jGqRCPGoOF4=
Subject key identifier:   13:47:67:29:E7:1B:5C:6E:00:A8:56:16:F1:4D:51:E2:38:04:BE:B1
Certificate issuer:       /CN=b6ed62055a5191c02ec5112e95181a89ac060ceb
Certificate serial:       019EC0112CADC1AD86C2D276A7AD056AE702
Authority key identifier: B6:ED:62:05:5A:51:91:C0:2E:C5:11:2E:95:18:1A:89:AC:06:0C:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tu1iBVpRkcAuxREulRgaiawGDOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/dc13c1-de56-449f-9c29-c81266b7c49e/1/E0dnKecbXG4AqFYW8U1R4jgEvrE.roa
Signing time:             Sat 13 Jun 2026 08:20:11 +0000
ROA not before:           Sat 13 Jun 2026 08:20:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47242
IP address blocks:        185.73.136.0/24 maxlen: 24
                          185.73.138.0/24 maxlen: 24
                          185.73.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/dc13c1-de56-449f-9c29-c81266b7c49e/1/tu1iBVpRkcAuxREulRgaiawGDOs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/dc13c1-de56-449f-9c29-c81266b7c49e/1/tu1iBVpRkcAuxREulRgaiawGDOs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tu1iBVpRkcAuxREulRgaiawGDOs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 08:33:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c0:11:2c:ad:c1:ad:86:c2:d2:76:a7:ad:05:6a:e7:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6ed62055a5191c02ec5112e95181a89ac060ceb
        Validity
            Not Before: Jun 13 08:20:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=13476729e71b5c6e00a85616f14d51e23804beb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:28:06:33:99:fc:6b:4a:b7:8f:19:2b:23:a8:
                    f3:06:a6:19:53:db:0a:ec:c0:59:13:5b:8a:c3:b9:
                    27:65:5e:4e:bc:c7:dc:41:c1:98:44:43:ec:a6:dc:
                    15:ae:f8:4a:65:d1:d6:d5:c0:e0:68:67:97:34:12:
                    5f:51:9f:f2:cb:8a:23:83:84:2b:48:a5:10:e2:c5:
                    b1:56:8d:80:79:2f:c4:41:c8:9a:56:12:4a:ad:04:
                    c2:1c:97:c3:f3:cb:68:83:b8:f6:b4:1f:8c:d3:44:
                    82:fb:f3:2c:72:81:92:c1:51:3d:e1:d7:bf:71:c3:
                    92:5d:b2:1d:3b:85:74:51:0f:34:f4:ee:64:cc:a0:
                    d3:c4:1b:2e:6d:5a:be:d0:e7:5d:2a:6f:e8:42:35:
                    f6:2a:36:fb:b0:bd:6b:54:93:c0:fc:49:e5:87:48:
                    90:8d:46:3d:cb:85:bc:dd:3b:39:0e:82:47:05:3f:
                    16:f6:6e:41:a8:e3:2a:32:6f:3b:a3:9a:92:86:b8:
                    8b:f2:d7:23:94:70:d8:d3:ba:4b:4a:0a:9d:63:e3:
                    1f:bc:8f:27:a8:c3:4f:4f:54:16:e2:87:0c:34:20:
                    7b:2f:86:c7:af:f0:21:9a:8f:94:62:bb:5e:ef:e8:
                    22:8b:8b:fd:98:cb:31:4e:96:b9:ef:0c:cb:1f:ba:
                    20:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:47:67:29:E7:1B:5C:6E:00:A8:56:16:F1:4D:51:E2:38:04:BE:B1
            X509v3 Authority Key Identifier:
                keyid:B6:ED:62:05:5A:51:91:C0:2E:C5:11:2E:95:18:1A:89:AC:06:0C:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tu1iBVpRkcAuxREulRgaiawGDOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/dc13c1-de56-449f-9c29-c81266b7c49e/1/E0dnKecbXG4AqFYW8U1R4jgEvrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/dc13c1-de56-449f-9c29-c81266b7c49e/1/tu1iBVpRkcAuxREulRgaiawGDOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.136.0/24
                  185.73.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         14:2f:a5:f9:4a:30:e2:21:ee:a4:ca:ef:72:96:36:d0:7d:d1:
         43:dc:27:fb:8b:b2:50:64:6b:a8:ed:b7:c9:18:cd:8e:56:1e:
         fa:ed:94:f9:9d:57:93:5b:79:bd:b1:55:1c:b7:a6:ec:b6:33:
         23:64:eb:5d:7e:4f:61:2a:6d:ff:ad:83:1b:b9:8f:a7:1b:61:
         42:3d:3b:1b:e0:02:11:1a:97:31:4c:47:61:14:31:66:3b:c5:
         87:07:59:9d:8d:0b:e9:d8:41:9f:9c:2d:6e:f8:4d:97:4b:84:
         f4:56:f6:98:b5:2d:12:da:93:b5:40:27:d4:bc:d1:08:2e:4c:
         41:cd:5d:b5:88:af:1d:4b:5f:cb:4b:b1:c8:ec:f0:67:94:72:
         6c:47:fb:4e:b4:51:11:ee:7b:cf:0c:7e:d5:72:96:76:af:d5:
         1b:7f:05:d4:1d:9a:80:78:7f:86:a2:a8:71:66:ad:9c:92:62:
         bd:4c:a4:7d:44:9a:8c:64:80:c9:7c:2a:f8:11:60:20:af:a0:
         d2:41:98:da:c3:ad:a0:a1:2f:0d:ef:a7:68:d7:f0:2c:ad:2d:
         f5:cb:76:64:48:02:f9:75:89:c1:db:3f:9e:ba:2f:57:b3:a2:
         09:6d:5b:94:34:7f:d0:cb:7c:54:73:ff:6a:75:99:2a:a1:78:
         82:85:22:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7AESytwa2GwtJ2p60FaucCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZWQ2MjA1NWE1MTkxYzAyZWM1MTEyZTk1MTgxYTg5YWMw
NjBjZWIwHhcNMjYwNjEzMDgyMDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzQ3NjcyOWU3MWI1YzZlMDBhODU2MTZmMTRkNTFlMjM4MDRiZWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4igGM5n8a0q3jxkrI6jzBqYZU9sK
7MBZE1uKw7knZV5OvMfcQcGYREPsptwVrvhKZdHW1cDgaGeXNBJfUZ/yy4ojg4Qr
SKUQ4sWxVo2AeS/EQciaVhJKrQTCHJfD88tog7j2tB+M00SC+/MscoGSwVE94de/
ccOSXbIdO4V0UQ809O5kzKDTxBsubVq+0OddKm/oQjX2Kjb7sL1rVJPA/Enlh0iQ
jUY9y4W83Ts5DoJHBT8W9m5BqOMqMm87o5qShriL8tcjlHDY07pLSgqdY+MfvI8n
qMNPT1QW4ocMNCB7L4bHr/Ahmo+UYrte7+gii4v9mMsxTpa57wzLH7ogEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBNHZynnG1xuAKhWFvFNUeI4BL6xMB8GA1UdIwQY
MBaAFLbtYgVaUZHALsURLpUYGomsBgzrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHUxaUJWcFJrY0F1eFJFdWxSZ2FpYXdHRE9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kYzEzYzEtZGU1Ni00NDlmLTljMjkt
YzgxMjY2YjdjNDllLzEvRTBkbktlY2JYRzRBcUZZVzhVMVI0amdFdnJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kYzEzYzEtZGU1Ni00NDlmLTljMjktYzgxMjY2YjdjNDll
LzEvdHUxaUJWcFJrY0F1eFJFdWxSZ2FpYXdHRE9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuUmIAwQB
uUmKMA0GCSqGSIb3DQEBCwUAA4IBAQAUL6X5SjDiIe6kyu9yljbQfdFD3Cf7i7JQ
ZGuo7bfJGM2OVh767ZT5nVeTW3m9sVUct6bstjMjZOtdfk9hKm3/rYMbuY+nG2FC
PTsb4AIRGpcxTEdhFDFmO8WHB1mdjQvp2EGfnC1u+E2XS4T0VvaYtS0S2pO1QCfU
vNEILkxBzV21iK8dS1/LS7HI7PBnlHJsR/tOtFER7nvPDH7VcpZ2r9UbfwXUHZqA
eH+GoqhxZq2ckmK9TKR9RJqMZIDJfCr4EWAgr6DSQZjaw62goS8N76do1/AsrS31
y3ZkSAL5dYnB2z+eui9Xs6IJbVuUNH/Qy3xUc/9qdZkqoXiChSIO
-----END CERTIFICATE-----