Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/ce4e9a-7fc0-41f3-b80e-4f6b16ec33a7/1/5uwlb6VAMyxIYrxx11L4WCDtq5Q.roa
File:                     5uwlb6VAMyxIYrxx11L4WCDtq5Q.roa (raw, json)
Hash identifier:          zVxnrr7NCdH/hFMNNgmxYObL0zm+TgiecARXZu0CtnA=
Subject key identifier:   E6:EC:25:6F:A5:40:33:2C:48:62:BC:71:D7:52:F8:58:20:ED:AB:94
Certificate issuer:       /CN=d0f856a884e8622741f5e168ec7aa7a3de6f2bc3
Certificate serial:       019E91AEC2AFD54AD070D9D71DDB6F2A0097
Authority key identifier: D0:F8:56:A8:84:E8:62:27:41:F5:E1:68:EC:7A:A7:A3:DE:6F:2B:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0PhWqIToYidB9eFo7Hqno95vK8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/ce4e9a-7fc0-41f3-b80e-4f6b16ec33a7/1/5uwlb6VAMyxIYrxx11L4WCDtq5Q.roa
Signing time:             Thu 04 Jun 2026 08:10:09 +0000
ROA not before:           Thu 04 Jun 2026 08:10:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44283
IP address blocks:        195.128.186.0/24 maxlen: 24
                          195.128.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/ce4e9a-7fc0-41f3-b80e-4f6b16ec33a7/1/0PhWqIToYidB9eFo7Hqno95vK8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/ce4e9a-7fc0-41f3-b80e-4f6b16ec33a7/1/0PhWqIToYidB9eFo7Hqno95vK8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0PhWqIToYidB9eFo7Hqno95vK8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 19:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:91:ae:c2:af:d5:4a:d0:70:d9:d7:1d:db:6f:2a:00:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0f856a884e8622741f5e168ec7aa7a3de6f2bc3
        Validity
            Not Before: Jun  4 08:10:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e6ec256fa540332c4862bc71d752f85820edab94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:23:68:3b:4b:13:ef:16:86:fb:79:b3:04:85:
                    20:45:ac:f2:04:9d:df:ae:f4:26:d4:69:ae:ec:7d:
                    31:32:2d:85:99:d8:66:9c:4b:01:05:bd:40:a3:db:
                    3b:d9:39:62:30:65:dc:dd:6d:bf:47:19:14:e4:ac:
                    6b:70:4e:bb:0b:8a:a9:0d:b3:9d:e7:3c:35:33:e9:
                    e4:2a:19:e6:24:01:66:f1:49:86:38:5c:6e:9e:b8:
                    3b:5f:0e:2c:cc:55:0e:1c:f5:ef:c4:7a:a7:cf:7c:
                    91:d0:19:2c:a0:93:9c:11:69:b6:51:3d:23:20:12:
                    b1:37:50:c5:c8:55:65:a1:bc:73:5f:7d:70:83:4a:
                    06:f1:fd:3e:a4:57:21:f0:69:28:d7:32:a5:e0:e4:
                    12:6d:43:ce:9a:b0:67:de:ad:27:bd:ca:ad:77:25:
                    58:5e:d8:37:e6:5c:58:45:3f:f8:3b:9d:c8:5d:5a:
                    39:77:6c:aa:71:90:dc:b8:dc:a1:5e:5e:b4:42:e7:
                    4b:8a:7a:00:00:8b:30:2a:fa:7e:1b:15:a9:07:6b:
                    32:08:85:e5:7e:da:1d:3c:cd:a0:3c:3f:a5:ab:12:
                    a8:20:30:b3:2c:67:b0:91:68:00:bb:8f:0a:3e:79:
                    3a:be:a7:a4:5e:b8:6f:9c:61:90:a5:22:95:60:f7:
                    f1:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:EC:25:6F:A5:40:33:2C:48:62:BC:71:D7:52:F8:58:20:ED:AB:94
            X509v3 Authority Key Identifier:
                keyid:D0:F8:56:A8:84:E8:62:27:41:F5:E1:68:EC:7A:A7:A3:DE:6F:2B:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0PhWqIToYidB9eFo7Hqno95vK8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ce4e9a-7fc0-41f3-b80e-4f6b16ec33a7/1/5uwlb6VAMyxIYrxx11L4WCDtq5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ce4e9a-7fc0-41f3-b80e-4f6b16ec33a7/1/0PhWqIToYidB9eFo7Hqno95vK8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.128.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:a3:88:3e:70:ab:51:d2:fc:4c:ca:b9:7c:93:72:33:82:ca:
         75:b1:0e:2b:de:e6:a7:c1:6d:aa:c0:e1:52:c4:ba:4f:38:ac:
         b2:a0:5e:28:8a:b7:90:16:70:a1:fd:f2:aa:73:f9:5a:e3:19:
         d6:a6:6a:c8:dc:1b:c8:24:18:9d:fd:b0:7d:1d:66:24:36:42:
         04:30:8d:dd:a7:fe:e1:7f:7a:2f:76:3b:dd:b8:83:7a:ab:2e:
         b9:92:22:fe:90:d9:d9:5e:b7:b0:74:44:cc:c2:9e:5f:6a:64:
         e2:a6:5d:0a:ba:91:10:4b:3a:00:4b:6e:d3:a8:cf:2b:15:97:
         ed:78:fe:6d:a7:30:17:e5:64:5f:81:60:5c:26:87:a9:79:c1:
         23:6c:0f:cf:fe:fc:e8:f6:33:9d:74:fb:67:6c:c2:7f:ad:7a:
         c5:6e:03:3e:c8:1c:85:ef:57:ec:9c:10:60:a3:b2:d8:24:96:
         50:83:9b:59:16:84:21:e3:b1:85:e1:03:79:ce:7d:03:2e:ca:
         a2:bf:82:be:af:08:c5:8d:74:14:d8:50:11:7e:ec:b7:1f:40:
         65:c6:d9:2c:cf:cb:37:c7:d1:8f:ff:89:85:6e:a8:a6:35:0d:
         9e:e1:49:cc:23:12:99:f7:64:16:61:ff:f6:04:cf:b9:f6:ba:
         b6:5a:8f:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6RrsKv1UrQcNnXHdtvKgCXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZjg1NmE4ODRlODYyMjc0MWY1ZTE2OGVjN2FhN2EzZGU2
ZjJiYzMwHhcNMjYwNjA0MDgxMDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmVjMjU2ZmE1NDAzMzJjNDg2MmJjNzFkNzUyZjg1ODIwZWRhYjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SNoO0sT7xaG+3mzBIUgRazyBJ3f
rvQm1Gmu7H0xMi2FmdhmnEsBBb1Ao9s72TliMGXc3W2/RxkU5KxrcE67C4qpDbOd
5zw1M+nkKhnmJAFm8UmGOFxunrg7Xw4szFUOHPXvxHqnz3yR0BksoJOcEWm2UT0j
IBKxN1DFyFVlobxzX31wg0oG8f0+pFch8Gko1zKl4OQSbUPOmrBn3q0nvcqtdyVY
Xtg35lxYRT/4O53IXVo5d2yqcZDcuNyhXl60QudLinoAAIswKvp+GxWpB2syCIXl
ftodPM2gPD+lqxKoIDCzLGewkWgAu48KPnk6vqekXrhvnGGQpSKVYPfx3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFObsJW+lQDMsSGK8cddS+Fgg7auUMB8GA1UdIwQY
MBaAFND4VqiE6GInQfXhaOx6p6PebyvDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFBoV3FJVG9ZaWRCOWVGbzdIcW5vOTV2SzhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9jZTRlOWEtN2ZjMC00MWYzLWI4MGUt
NGY2YjE2ZWMzM2E3LzEvNXV3bGI2VkFNeXhJWXJ4eDExTDRXQ0R0cTVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9jZTRlOWEtN2ZjMC00MWYzLWI4MGUtNGY2YjE2ZWMzM2E3
LzEvMFBoV3FJVG9ZaWRCOWVGbzdIcW5vOTV2SzhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw4C6MA0G
CSqGSIb3DQEBCwUAA4IBAQBio4g+cKtR0vxMyrl8k3Izgsp1sQ4r3uanwW2qwOFS
xLpPOKyyoF4oireQFnCh/fKqc/la4xnWpmrI3BvIJBid/bB9HWYkNkIEMI3dp/7h
f3ovdjvduIN6qy65kiL+kNnZXrewdETMwp5famTipl0KupEQSzoAS27TqM8rFZft
eP5tpzAX5WRfgWBcJoepecEjbA/P/vzo9jOddPtnbMJ/rXrFbgM+yByF71fsnBBg
o7LYJJZQg5tZFoQh47GF4QN5zn0DLsqiv4K+rwjFjXQU2FARfuy3H0Blxtksz8s3
x9GP/4mFbqimNQ2e4UnMIxKZ92QWYf/2BM+59rq2Wo8C
-----END CERTIFICATE-----