Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/Ff6BouTNXT5eNhcKm-QyUQY5mmc.roa
File:                     Ff6BouTNXT5eNhcKm-QyUQY5mmc.roa (raw, json)
Hash identifier:          xacRAoEbQASFa3ri0NoVm1BfBttzL7W7adDm9SFCKzI=
Subject key identifier:   15:FE:81:A2:E4:CD:5D:3E:5E:36:17:0A:9B:E4:32:51:06:39:9A:67
Certificate issuer:       /CN=f30e445195b64d799b822e99947792e0cab32b6d
Certificate serial:       019E0121A82E3E05A246B757A52ACD2CB413
Authority key identifier: F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/Ff6BouTNXT5eNhcKm-QyUQY5mmc.roa
Signing time:             Thu 07 May 2026 06:30:43 +0000
ROA not before:           Thu 07 May 2026 06:30:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401856
IP address blocks:        189.13.1.0/24 maxlen: 24
                          189.13.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:01:21:a8:2e:3e:05:a2:46:b7:57:a5:2a:cd:2c:b4:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f30e445195b64d799b822e99947792e0cab32b6d
        Validity
            Not Before: May  7 06:30:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=15fe81a2e4cd5d3e5e36170a9be4325106399a67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d5:2d:58:43:63:5c:c8:f5:e9:9f:1b:6a:e0:
                    3e:f8:9f:55:c3:7f:2c:8a:09:91:8c:5c:b5:1e:82:
                    bc:ec:15:0a:79:3a:c6:e7:86:8f:f4:a9:4d:aa:2b:
                    ea:ac:25:1a:d5:0a:ba:53:35:f5:76:4a:57:ca:bf:
                    cb:b0:80:f0:71:b3:a6:94:13:52:94:d2:26:fe:86:
                    64:16:59:b3:8d:06:da:e7:ea:56:6e:20:c1:9a:16:
                    d5:44:13:10:85:63:cc:a2:bf:8d:b7:7a:87:5e:a6:
                    05:d0:c3:7f:6a:73:12:dd:f7:06:f1:6e:91:61:94:
                    6b:b6:85:e9:a0:ae:f7:04:98:6e:45:ae:21:5d:68:
                    7f:28:12:bf:a5:55:0d:86:b4:9b:d3:5f:a4:57:db:
                    42:5f:6b:60:f3:ee:39:2b:14:d2:c9:93:56:e1:0e:
                    f5:da:7a:40:63:77:a9:fd:64:9c:73:51:44:d0:21:
                    7d:72:ce:2a:19:7a:f2:f4:95:29:f2:3e:9d:ba:dd:
                    f3:d5:26:80:e0:52:a6:dc:76:96:bc:40:e3:00:2e:
                    c9:d0:8c:5c:07:17:9f:0e:5c:15:1b:16:2e:2e:f0:
                    85:c3:80:0d:a7:d4:50:6e:61:0b:ad:ec:ca:a0:94:
                    9e:06:1b:ac:f5:3e:81:0a:ab:0e:9f:b2:f0:6c:11:
                    05:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:FE:81:A2:E4:CD:5D:3E:5E:36:17:0A:9B:E4:32:51:06:39:9A:67
            X509v3 Authority Key Identifier:
                keyid:F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/Ff6BouTNXT5eNhcKm-QyUQY5mmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.13.1.0-189.13.2.255

    Signature Algorithm: sha256WithRSAEncryption
         44:d3:97:25:fd:18:e1:c5:c0:7a:79:4c:e8:dd:70:25:b0:c3:
         03:5e:02:65:91:d5:3a:ae:74:d2:70:c7:10:20:0a:2f:9c:8e:
         5c:68:0b:95:af:50:80:32:6c:94:82:1f:65:e6:1f:4e:3e:9a:
         01:b3:24:73:3f:ba:53:01:a9:d2:88:cb:5a:d4:5c:da:cc:a8:
         2d:a4:16:52:e0:00:56:d2:43:2f:08:11:f6:56:c4:ac:d0:ea:
         d6:0e:43:22:ec:27:c8:35:4b:09:44:6c:30:a8:22:ce:9b:43:
         4a:fd:7d:aa:22:dc:02:5e:8e:8c:61:23:35:6b:33:ea:66:7a:
         94:12:f7:bb:cc:e8:bb:da:01:6f:a7:53:ba:26:c1:e8:0a:f0:
         4f:90:7e:da:0e:06:f3:e1:85:d6:7b:85:d6:60:8c:96:d3:78:
         3b:c4:83:01:30:62:9d:58:db:3a:14:ab:ce:08:f0:41:98:82:
         89:9e:70:dd:11:0b:07:25:3b:d7:75:e2:d1:9a:f1:95:30:28:
         44:25:74:52:b2:6c:14:7a:50:12:3a:ab:fb:29:19:ad:91:0e:
         75:03:48:56:ce:60:c8:89:da:e3:e1:3c:2d:7b:ac:f4:ec:ce:
         20:46:e1:49:aa:51:ff:42:fc:c0:77:f3:99:24:88:2e:ac:98:
         cc:58:36:02
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ4BIaguPgWiRrdXpSrNLLQTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMGU0NDUxOTViNjRkNzk5YjgyMmU5OTk0Nzc5MmUwY2Fi
MzJiNmQwHhcNMjYwNTA3MDYzMDQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWZlODFhMmU0Y2Q1ZDNlNWUzNjE3MGE5YmU0MzI1MTA2Mzk5YTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNUtWENjXMj16Z8bauA++J9Vw38s
igmRjFy1HoK87BUKeTrG54aP9KlNqivqrCUa1Qq6UzX1dkpXyr/LsIDwcbOmlBNS
lNIm/oZkFlmzjQba5+pWbiDBmhbVRBMQhWPMor+Nt3qHXqYF0MN/anMS3fcG8W6R
YZRrtoXpoK73BJhuRa4hXWh/KBK/pVUNhrSb01+kV9tCX2tg8+45KxTSyZNW4Q71
2npAY3ep/WScc1FE0CF9cs4qGXry9JUp8j6dut3z1SaA4FKm3HaWvEDjAC7J0Ixc
BxefDlwVGxYuLvCFw4ANp9RQbmELrezKoJSeBhus9T6BCqsOn7LwbBEF8QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBX+gaLkzV0+XjYXCpvkMlEGOZpnMB8GA1UdIwQY
MBaAFPMORFGVtk15m4IumZR3kuDKsyttMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgt
YjdjYTFmNDcyOGQwLzEvRmY2Qm91VE5YVDVlTmhjS20tUXlVUVk1bW1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgtYjdjYTFmNDcyOGQw
LzEvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC9DQED
BAC9DQIwDQYJKoZIhvcNAQELBQADggEBAETTlyX9GOHFwHp5TOjdcCWwwwNeAmWR
1TqudNJwxxAgCi+cjlxoC5WvUIAybJSCH2XmH04+mgGzJHM/ulMBqdKIy1rUXNrM
qC2kFlLgAFbSQy8IEfZWxKzQ6tYOQyLsJ8g1SwlEbDCoIs6bQ0r9faoi3AJejoxh
IzVrM+pmepQS97vM6LvaAW+nU7omwegK8E+QftoOBvPhhdZ7hdZgjJbTeDvEgwEw
Yp1Y2zoUq84I8EGYgomecN0RCwclO9d14tGa8ZUwKEQldFKybBR6UBI6q/spGa2R
DnUDSFbOYMiJ2uPhPC17rPTsziBG4UmqUf9C/MB385kkiC6smMxYNgI=
-----END CERTIFICATE-----