Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/bre_st4SWkBxIWi6nz1uzA273U0.roa
File:                     bre_st4SWkBxIWi6nz1uzA273U0.roa (raw, json)
Hash identifier:          qtJtto8czH7VsyXf5Qyg/HORT4zB1rywutdFtmoisQE=
Subject key identifier:   6E:B7:BF:B2:DE:12:5A:40:71:21:68:BA:9F:3D:6E:CC:0D:BB:DD:4D
Certificate issuer:       /CN=f30e445195b64d799b822e99947792e0cab32b6d
Certificate serial:       019E0121A774DDFEA6DED96BBB7610B8529B
Authority key identifier: F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/bre_st4SWkBxIWi6nz1uzA273U0.roa
Signing time:             Thu 07 May 2026 06:30:43 +0000
ROA not before:           Thu 07 May 2026 06:30:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209104
IP address blocks:        189.13.3.0/24 maxlen: 24
                          189.13.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:01:21:a7:74:dd:fe:a6:de:d9:6b:bb:76:10:b8:52:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f30e445195b64d799b822e99947792e0cab32b6d
        Validity
            Not Before: May  7 06:30:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6eb7bfb2de125a40712168ba9f3d6ecc0dbbdd4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:cd:82:00:be:b8:a8:dd:5f:67:88:d4:3e:69:
                    46:4d:4b:12:6d:20:e6:f1:c2:e6:f9:49:c5:09:5b:
                    84:2e:6d:f6:1e:23:0a:8d:2c:44:42:5d:8b:51:3d:
                    1f:63:47:90:64:bb:98:42:ea:6b:51:4a:16:d5:42:
                    ea:0c:05:e8:aa:e7:0c:f7:9c:04:47:f6:6c:d4:28:
                    2a:3a:49:6d:70:4c:79:91:05:fe:61:bc:dc:8d:79:
                    0b:e8:60:17:6f:03:de:a5:aa:80:19:e8:64:92:d1:
                    6c:10:77:cc:6c:ae:4e:a4:05:54:4f:19:11:5d:a1:
                    02:7a:b2:7b:76:6c:98:5e:3f:a5:7b:ef:ac:25:c7:
                    f8:bc:ac:fb:ea:ac:e9:6f:26:6c:e4:44:4b:12:9b:
                    c8:91:95:cb:d3:56:24:ef:6a:b6:44:5c:da:a4:70:
                    e4:a0:e1:dc:ee:34:a5:71:8b:9b:e6:e8:d4:7d:56:
                    fa:00:ce:c8:33:8a:ae:94:92:3b:00:80:84:56:07:
                    3c:f4:d6:24:0d:14:a1:e9:ea:9f:70:07:12:4b:21:
                    d3:fe:3a:b1:e1:7d:f5:53:f6:68:94:a9:14:e6:87:
                    36:f0:eb:11:c2:6a:61:d7:8f:24:cb:a7:b1:29:83:
                    45:05:9d:63:22:ec:82:fd:4b:5e:a3:8b:3e:2d:bf:
                    4c:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:B7:BF:B2:DE:12:5A:40:71:21:68:BA:9F:3D:6E:CC:0D:BB:DD:4D
            X509v3 Authority Key Identifier:
                keyid:F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/bre_st4SWkBxIWi6nz1uzA273U0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.13.3.0-189.13.4.255

    Signature Algorithm: sha256WithRSAEncryption
         8e:75:c8:17:3a:ee:97:d2:51:1d:dd:06:e7:32:4c:73:f0:60:
         74:d8:41:99:54:db:bf:04:8e:9f:d2:08:2c:f3:71:64:a6:f4:
         d0:7e:ac:81:22:b6:b4:cd:91:c6:3c:86:46:6f:47:d5:68:a7:
         f3:ae:4d:bf:a2:47:a0:05:fa:a9:d4:07:b3:ea:d1:45:ff:44:
         4b:8d:f8:be:51:4b:45:84:1a:0a:77:d6:a7:9b:a8:aa:15:f0:
         12:6c:9a:1a:1e:29:e9:04:d2:32:4b:4c:ec:a4:5a:b4:e8:5d:
         a5:b3:72:0a:8e:c6:e4:26:a4:09:ed:c4:3d:1a:36:8e:01:33:
         35:6f:18:db:e0:05:86:e9:53:51:01:36:e1:87:a0:68:0d:bd:
         c2:ba:7b:84:20:21:83:9f:58:b0:bb:ba:55:97:8c:55:ab:52:
         2a:6e:1e:a5:e0:9a:e2:bc:ad:07:00:fb:db:5d:60:f3:b5:23:
         50:a2:13:58:af:89:69:26:8c:f8:2f:65:03:c9:d1:7f:10:31:
         48:c8:91:e6:d9:44:2f:6b:77:df:ae:9c:1a:1f:d3:b0:e1:95:
         a5:d2:8c:8f:05:3c:1f:d9:4e:f1:79:40:f2:76:fb:f6:3a:28:
         ac:f3:17:53:a6:3d:a4:f5:bd:2d:8d:8e:0b:c4:7f:2a:c8:b9:
         6a:4c:dc:3e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ4BIad03f6m3tlru3YQuFKbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMGU0NDUxOTViNjRkNzk5YjgyMmU5OTk0Nzc5MmUwY2Fi
MzJiNmQwHhcNMjYwNTA3MDYzMDQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWI3YmZiMmRlMTI1YTQwNzEyMTY4YmE5ZjNkNmVjYzBkYmJkZDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0c2CAL64qN1fZ4jUPmlGTUsSbSDm
8cLm+UnFCVuELm32HiMKjSxEQl2LUT0fY0eQZLuYQuprUUoW1ULqDAXoqucM95wE
R/Zs1CgqOkltcEx5kQX+YbzcjXkL6GAXbwPepaqAGehkktFsEHfMbK5OpAVUTxkR
XaECerJ7dmyYXj+le++sJcf4vKz76qzpbyZs5ERLEpvIkZXL01Yk72q2RFzapHDk
oOHc7jSlcYub5ujUfVb6AM7IM4qulJI7AICEVgc89NYkDRSh6eqfcAcSSyHT/jqx
4X31U/ZolKkU5oc28OsRwmph148ky6exKYNFBZ1jIuyC/Uteo4s+Lb9MTQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFG63v7LeElpAcSFoup89bswNu91NMB8GA1UdIwQY
MBaAFPMORFGVtk15m4IumZR3kuDKsyttMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgt
YjdjYTFmNDcyOGQwLzEvYnJlX3N0NFNXa0J4SVdpNm56MXV6QTI3M1UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgtYjdjYTFmNDcyOGQw
LzEvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC9DQMD
BAC9DQQwDQYJKoZIhvcNAQELBQADggEBAI51yBc67pfSUR3dBucyTHPwYHTYQZlU
278Ejp/SCCzzcWSm9NB+rIEitrTNkcY8hkZvR9Vop/OuTb+iR6AF+qnUB7Pq0UX/
REuN+L5RS0WEGgp31qebqKoV8BJsmhoeKekE0jJLTOykWrToXaWzcgqOxuQmpAnt
xD0aNo4BMzVvGNvgBYbpU1EBNuGHoGgNvcK6e4QgIYOfWLC7ulWXjFWrUipuHqXg
muK8rQcA+9tdYPO1I1CiE1iviWkmjPgvZQPJ0X8QMUjIkebZRC9rd9+unBof07Dh
laXSjI8FPB/ZTvF5QPJ2+/Y6KKzzF1OmPaT1vS2NjgvEfyrIuWpM3D4=
-----END CERTIFICATE-----