Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/5e4d7e-ac21-4f02-9581-f00d92dc07b8/1/E6Emgi8OOcxRYIN6dlPoick6xdc.roa
File:                     E6Emgi8OOcxRYIN6dlPoick6xdc.roa (raw, json)
Hash identifier:          b17vqDW+cXgHkIk7rlMgxV1W0X2t1+N9MIRFO/oaFGs=
Subject key identifier:   13:A1:26:82:2F:0E:39:CC:51:60:83:7A:76:53:E8:89:C9:3A:C5:D7
Certificate issuer:       /CN=9886f4b2150815eda783e7f3cfb9b7e53ce7d97f
Certificate serial:       019EA18B20851953AB3A8E66560602CA6E2C
Authority key identifier: 98:86:F4:B2:15:08:15:ED:A7:83:E7:F3:CF:B9:B7:E5:3C:E7:D9:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mIb0shUIFe2ng-fzz7m35Tzn2X8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/5e4d7e-ac21-4f02-9581-f00d92dc07b8/1/E6Emgi8OOcxRYIN6dlPoick6xdc.roa
Signing time:             Sun 07 Jun 2026 10:05:10 +0000
ROA not before:           Sun 07 Jun 2026 10:05:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205767
IP address blocks:        185.211.172.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/5e4d7e-ac21-4f02-9581-f00d92dc07b8/1/mIb0shUIFe2ng-fzz7m35Tzn2X8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/5e4d7e-ac21-4f02-9581-f00d92dc07b8/1/mIb0shUIFe2ng-fzz7m35Tzn2X8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mIb0shUIFe2ng-fzz7m35Tzn2X8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Jun 2026 02:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a1:8b:20:85:19:53:ab:3a:8e:66:56:06:02:ca:6e:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9886f4b2150815eda783e7f3cfb9b7e53ce7d97f
        Validity
            Not Before: Jun  7 10:05:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=13a126822f0e39cc5160837a7653e889c93ac5d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:9b:81:2f:23:c8:e5:85:c5:62:0a:f6:fc:98:
                    82:d8:96:ed:b6:02:34:bf:bb:6d:7b:c0:c1:22:93:
                    c3:8c:ec:d0:c4:de:dc:88:09:3b:22:d2:fa:51:31:
                    2f:3b:43:55:aa:28:b5:33:e3:66:cf:c8:a7:b6:d0:
                    33:86:14:79:a7:e2:c7:40:16:2c:c7:3c:ed:2b:9f:
                    56:42:68:81:7b:d9:ff:52:13:26:2d:a1:bc:36:de:
                    53:58:92:c8:5a:5a:ad:cf:91:58:a9:e3:21:bf:33:
                    00:d2:dd:3d:e3:67:73:7e:94:85:0b:fe:65:17:60:
                    8c:aa:75:9a:44:24:8c:ff:2b:a9:ef:16:14:c3:7a:
                    58:32:8c:22:ed:ea:5a:cf:35:d1:53:d0:7e:1f:54:
                    2e:c4:38:45:43:80:3b:96:13:2d:65:18:13:0b:59:
                    23:a9:4d:18:2c:a4:ca:e1:ba:9e:d3:2b:0f:c4:bb:
                    9c:aa:af:a3:ad:8a:b5:0d:f2:da:23:17:01:2d:e5:
                    59:de:ca:a4:04:54:a2:22:37:ed:9f:7b:7b:ef:18:
                    e5:93:bd:38:65:92:1e:ab:79:62:6d:0d:a6:ea:29:
                    da:98:e9:c3:93:39:40:ed:78:a1:f5:13:0e:bd:39:
                    b6:d0:4f:ec:1a:d4:8f:b8:c8:62:1b:ea:43:2c:15:
                    2d:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:A1:26:82:2F:0E:39:CC:51:60:83:7A:76:53:E8:89:C9:3A:C5:D7
            X509v3 Authority Key Identifier:
                keyid:98:86:F4:B2:15:08:15:ED:A7:83:E7:F3:CF:B9:B7:E5:3C:E7:D9:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mIb0shUIFe2ng-fzz7m35Tzn2X8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/5e4d7e-ac21-4f02-9581-f00d92dc07b8/1/E6Emgi8OOcxRYIN6dlPoick6xdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/5e4d7e-ac21-4f02-9581-f00d92dc07b8/1/mIb0shUIFe2ng-fzz7m35Tzn2X8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:e9:ab:69:30:60:9f:0e:58:4e:5e:89:35:ef:50:b1:ee:0c:
         7d:50:7f:23:84:0c:ce:b6:3b:52:84:dd:83:8f:b5:38:ae:fc:
         2f:fa:2f:5b:ea:73:b4:9c:27:0c:08:a3:20:24:a4:76:9e:c1:
         f8:71:c2:21:76:a7:26:2e:df:02:75:9b:86:2d:1a:c6:95:78:
         65:63:dc:bd:98:98:5f:c6:27:4f:ab:95:d1:11:89:2f:20:07:
         6f:51:43:1f:de:70:6f:d7:9c:7a:19:da:da:24:e4:46:53:48:
         f1:9a:58:9f:90:03:cb:68:4e:d4:11:cf:f1:95:73:2a:11:55:
         8d:6c:9a:6a:0a:25:5a:6a:8d:43:96:3e:0b:e7:89:31:77:0c:
         9a:42:0e:e8:53:39:e7:b5:8b:5f:4f:16:f6:0b:e9:2a:a8:fe:
         d3:51:97:3e:53:a2:60:2c:b1:1c:79:07:33:fa:8a:ba:f6:b0:
         a4:57:e5:90:42:26:44:c7:cf:7d:9d:0a:74:23:ec:2f:61:c2:
         af:df:38:48:29:5b:41:f6:94:0f:80:da:cf:58:04:69:db:c0:
         d4:81:4e:5d:10:38:fc:38:c7:42:77:21:75:b1:73:ce:2d:39:
         63:3d:78:bb:85:1c:b9:af:91:00:ef:1f:c8:b4:4a:0b:a1:fb:
         86:d6:80:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6hiyCFGVOrOo5mVgYCym4sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ODZmNGIyMTUwODE1ZWRhNzgzZTdmM2NmYjliN2U1M2Nl
N2Q5N2YwHhcNMjYwNjA3MTAwNTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2ExMjY4MjJmMGUzOWNjNTE2MDgzN2E3NjUzZTg4OWM5M2FjNWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05uBLyPI5YXFYgr2/JiC2JbttgI0
v7tte8DBIpPDjOzQxN7ciAk7ItL6UTEvO0NVqii1M+Nmz8inttAzhhR5p+LHQBYs
xzztK59WQmiBe9n/UhMmLaG8Nt5TWJLIWlqtz5FYqeMhvzMA0t0942dzfpSFC/5l
F2CMqnWaRCSM/yup7xYUw3pYMowi7epazzXRU9B+H1QuxDhFQ4A7lhMtZRgTC1kj
qU0YLKTK4bqe0ysPxLucqq+jrYq1DfLaIxcBLeVZ3sqkBFSiIjftn3t77xjlk704
ZZIeq3libQ2m6inamOnDkzlA7Xih9RMOvTm20E/sGtSPuMhiG+pDLBUtsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBOhJoIvDjnMUWCDenZT6InJOsXXMB8GA1UdIwQY
MBaAFJiG9LIVCBXtp4Pn88+5t+U859l/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUliMHNoVUlGZTJuZy1meno3bTM1VHpuMlg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC81ZTRkN2UtYWMyMS00ZjAyLTk1ODEt
ZjAwZDkyZGMwN2I4LzEvRTZFbWdpOE9PY3hSWUlONmRsUG9pY2s2eGRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC81ZTRkN2UtYWMyMS00ZjAyLTk1ODEtZjAwZDkyZGMwN2I4
LzEvbUliMHNoVUlGZTJuZy1meno3bTM1VHpuMlg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudOsMA0G
CSqGSIb3DQEBCwUAA4IBAQCf6atpMGCfDlhOXok171Cx7gx9UH8jhAzOtjtShN2D
j7U4rvwv+i9b6nO0nCcMCKMgJKR2nsH4ccIhdqcmLt8CdZuGLRrGlXhlY9y9mJhf
xidPq5XREYkvIAdvUUMf3nBv15x6GdraJORGU0jxmlifkAPLaE7UEc/xlXMqEVWN
bJpqCiVaao1Dlj4L54kxdwyaQg7oUznntYtfTxb2C+kqqP7TUZc+U6JgLLEceQcz
+oq69rCkV+WQQiZEx899nQp0I+wvYcKv3zhIKVtB9pQPgNrPWARp28DUgU5dEDj8
OMdCdyF1sXPOLTljPXi7hRy5r5EA7x/ItEoLofuG1oBh
-----END CERTIFICATE-----