Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/bABKElQpuUR5qvAEktEyWURQ4XE.roa
File:                     bABKElQpuUR5qvAEktEyWURQ4XE.roa (raw, json)
Hash identifier:          xB7baZkS+NXVYrZMh8EL0mNmqqM8iQ6l8pfIwSwvFAM=
Subject key identifier:   6C:00:4A:12:54:29:B9:44:79:AA:F0:04:92:D1:32:59:44:50:E1:71
Certificate issuer:       /CN=e686965509a649c508ab8ab72f7257bef35f7930
Certificate serial:       019EA81DDDEF898B1F653B8B73D001B0EB8E
Authority key identifier: E6:86:96:55:09:A6:49:C5:08:AB:8A:B7:2F:72:57:BE:F3:5F:79:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5oaWVQmmScUIq4q3L3JXvvNfeTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/bABKElQpuUR5qvAEktEyWURQ4XE.roa
Signing time:             Mon 08 Jun 2026 16:43:09 +0000
ROA not before:           Mon 08 Jun 2026 16:43:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199673
IP address blocks:        188.164.152.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/5oaWVQmmScUIq4q3L3JXvvNfeTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/5oaWVQmmScUIq4q3L3JXvvNfeTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5oaWVQmmScUIq4q3L3JXvvNfeTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 16:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a8:1d:dd:ef:89:8b:1f:65:3b:8b:73:d0:01:b0:eb:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e686965509a649c508ab8ab72f7257bef35f7930
        Validity
            Not Before: Jun  8 16:43:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c004a125429b94479aaf00492d132594450e171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f0:6a:44:d8:a7:cb:1d:5f:a4:bb:56:43:36:
                    12:78:85:35:76:9a:fa:1c:3d:3a:5e:f0:3b:00:cf:
                    e1:80:bd:ff:f7:89:aa:21:43:f7:48:b3:c2:33:eb:
                    a4:1f:ba:19:c9:dc:06:0c:60:2d:4d:a3:4a:45:ad:
                    c5:b0:62:5e:5c:f7:14:9e:94:da:68:fc:09:46:e4:
                    47:f8:65:36:80:a9:f8:06:67:35:ae:f7:28:77:19:
                    8c:bd:73:b8:f8:ed:98:ce:ab:21:5b:6d:f1:4e:5b:
                    29:4b:cf:c0:7b:ea:69:03:9a:65:cb:d1:a2:44:50:
                    bf:5d:af:da:29:5f:46:bf:90:48:fe:ca:37:9e:6c:
                    58:11:af:0b:24:40:a8:41:bd:f0:cc:2b:f0:72:c1:
                    d6:df:86:25:39:30:25:48:46:0b:2c:27:38:f3:3b:
                    14:34:b4:c4:68:6f:c7:2d:24:70:90:44:d7:f3:39:
                    0f:05:da:1d:56:ea:38:f9:b9:f2:84:28:15:4b:79:
                    1f:17:7f:d3:51:84:e8:e1:78:a8:df:10:77:f2:73:
                    73:e5:de:37:9a:f2:2b:70:07:35:d3:6c:a9:4b:9a:
                    16:22:0e:69:36:7b:5c:f0:ec:ef:e2:d9:41:dd:6a:
                    e1:8b:15:08:7b:7c:53:ad:4e:fd:05:1f:1d:71:66:
                    bf:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:00:4A:12:54:29:B9:44:79:AA:F0:04:92:D1:32:59:44:50:E1:71
            X509v3 Authority Key Identifier:
                keyid:E6:86:96:55:09:A6:49:C5:08:AB:8A:B7:2F:72:57:BE:F3:5F:79:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5oaWVQmmScUIq4q3L3JXvvNfeTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/bABKElQpuUR5qvAEktEyWURQ4XE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/68bff6-7b2c-4ecf-8006-ed14af6db888/1/5oaWVQmmScUIq4q3L3JXvvNfeTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.164.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         53:6f:d2:b6:08:71:60:64:1c:e9:40:8d:53:6a:80:56:4f:8c:
         be:2a:9a:b1:0d:99:c0:ed:1d:f9:d3:b6:1c:fd:01:80:b9:9c:
         e9:19:79:db:4e:f6:b1:1a:3e:a3:ec:fd:bd:2e:3f:d7:d4:fb:
         12:06:68:87:d8:f8:9b:b8:27:65:db:dd:bb:6d:9e:28:e2:29:
         a1:e2:21:84:07:4d:4a:ab:f4:5c:6c:45:bf:b1:db:e0:95:c0:
         64:d9:f8:47:0d:a7:de:0a:73:31:aa:14:23:d3:15:f4:0f:07:
         2b:09:44:d0:28:b5:ce:f4:20:77:ce:26:a7:1f:92:96:78:70:
         1f:aa:8e:c4:1a:ba:ab:e9:2a:85:af:33:cb:43:e6:11:16:47:
         36:e3:76:ae:db:9e:7e:0a:13:9f:9e:c5:94:5f:3a:2f:e6:f7:
         9c:e0:08:ae:8f:d4:1e:a3:7b:05:61:67:46:51:2b:75:8b:c9:
         3a:31:9c:04:ec:86:22:8a:88:f3:eb:2f:ff:68:0d:af:49:8e:
         06:72:7e:b5:98:e5:50:39:f4:01:7a:b7:5e:39:f1:3a:86:3b:
         c4:ec:d3:78:3c:bc:c5:33:21:dc:40:47:38:a2:f8:d9:9f:77:
         c8:e5:48:89:0d:73:a1:a9:da:be:af:64:bf:f6:54:58:a0:df:
         c6:c1:7d:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6oHd3viYsfZTuLc9ABsOuOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2ODY5NjU1MDlhNjQ5YzUwOGFiOGFiNzJmNzI1N2JlZjM1
Zjc5MzAwHhcNMjYwNjA4MTY0MzA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzAwNGExMjU0MjliOTQ0NzlhYWYwMDQ5MmQxMzI1OTQ0NTBlMTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvBqRNinyx1fpLtWQzYSeIU1dpr6
HD06XvA7AM/hgL3/94mqIUP3SLPCM+ukH7oZydwGDGAtTaNKRa3FsGJeXPcUnpTa
aPwJRuRH+GU2gKn4Bmc1rvcodxmMvXO4+O2YzqshW23xTlspS8/Ae+ppA5ply9Gi
RFC/Xa/aKV9Gv5BI/so3nmxYEa8LJECoQb3wzCvwcsHW34YlOTAlSEYLLCc48zsU
NLTEaG/HLSRwkETX8zkPBdodVuo4+bnyhCgVS3kfF3/TUYTo4Xio3xB38nNz5d43
mvIrcAc102ypS5oWIg5pNntc8Ozv4tlB3WrhixUIe3xTrU79BR8dcWa/DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwAShJUKblEearwBJLRMllEUOFxMB8GA1UdIwQY
MBaAFOaGllUJpknFCKuKty9yV77zX3kwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNW9hV1ZRbW1TY1VJcTRxM0wzSlh2dk5mZVRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82OGJmZjYtN2IyYy00ZWNmLTgwMDYt
ZWQxNGFmNmRiODg4LzEvYkFCS0VsUXB1VVI1cXZBRWt0RXlXVVJRNFhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82OGJmZjYtN2IyYy00ZWNmLTgwMDYtZWQxNGFmNmRiODg4
LzEvNW9hV1ZRbW1TY1VJcTRxM0wzSlh2dk5mZVRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDvKSYMA0G
CSqGSIb3DQEBCwUAA4IBAQBTb9K2CHFgZBzpQI1TaoBWT4y+KpqxDZnA7R3507Yc
/QGAuZzpGXnbTvaxGj6j7P29Lj/X1PsSBmiH2PibuCdl2927bZ4o4imh4iGEB01K
q/RcbEW/sdvglcBk2fhHDafeCnMxqhQj0xX0DwcrCUTQKLXO9CB3zianH5KWeHAf
qo7EGrqr6SqFrzPLQ+YRFkc243au255+ChOfnsWUXzov5vec4Aiuj9Qeo3sFYWdG
USt1i8k6MZwE7IYiiojz6y//aA2vSY4Gcn61mOVQOfQBerdeOfE6hjvE7NN4PLzF
MyHcQEc4ovjZn3fI5UiJDXOhqdq+r2S/9lRYoN/GwX2k
-----END CERTIFICATE-----