Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/rh96YEpfSIvPLHfTi_lpKQmnjP8.roa
File:                     rh96YEpfSIvPLHfTi_lpKQmnjP8.roa (raw, json)
Hash identifier:          y2f8KhwFa0vwIyLgbnlcTiZNOJgpzRCsXyp630yvoD8=
Subject key identifier:   AE:1F:7A:60:4A:5F:48:8B:CF:2C:77:D3:8B:F9:69:29:09:A7:8C:FF
Certificate issuer:       /CN=f30e445195b64d799b822e99947792e0cab32b6d
Certificate serial:       019E0121A6FC91E729D108D78C339F008679
Authority key identifier: F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/rh96YEpfSIvPLHfTi_lpKQmnjP8.roa
Signing time:             Thu 07 May 2026 06:30:42 +0000
ROA not before:           Thu 07 May 2026 06:30:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199030
IP address blocks:        189.13.5.0/24 maxlen: 24
                          189.13.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:01:21:a6:fc:91:e7:29:d1:08:d7:8c:33:9f:00:86:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f30e445195b64d799b822e99947792e0cab32b6d
        Validity
            Not Before: May  7 06:30:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ae1f7a604a5f488bcf2c77d38bf9692909a78cff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ac:5f:2e:d1:18:a2:86:67:9c:34:3a:a8:9e:
                    b9:97:97:7b:d1:1b:73:63:4e:15:f7:45:38:f6:44:
                    28:f7:a5:e3:15:2f:30:a6:de:ae:4e:3c:06:3c:07:
                    c8:df:21:5a:93:22:3e:34:9b:56:9d:1d:5e:ae:74:
                    4e:8b:58:ed:39:92:5b:7f:94:67:ba:9c:ef:49:b9:
                    b8:bc:c0:9d:98:04:39:40:f9:29:74:81:5a:9b:39:
                    8c:07:82:86:c5:82:b1:54:88:5c:18:77:4e:34:e5:
                    97:c2:9f:be:d2:88:a4:7c:7c:28:01:f9:78:45:90:
                    13:00:a3:7d:ce:27:16:0c:21:d9:c4:df:fa:8c:52:
                    84:62:58:f5:1c:6c:17:45:42:b0:fa:62:a2:f5:04:
                    f5:e5:0e:f1:c2:e3:03:33:c3:fa:c3:2f:71:a6:8f:
                    74:be:51:b0:b4:a2:08:af:9c:e0:74:d8:b5:fb:5a:
                    31:a1:ea:31:b5:2a:3f:4b:af:ff:6f:aa:5a:c2:a7:
                    c4:58:24:54:fd:ab:42:95:cd:9d:5d:a2:6f:5d:5d:
                    f3:84:f1:8b:c6:0e:7a:09:e0:5f:10:65:ad:67:db:
                    c6:fe:63:04:80:6b:58:82:7f:f8:40:2a:a2:bb:19:
                    1a:44:1e:6f:52:40:c7:2c:fb:6b:be:bb:a7:7b:f7:
                    f2:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:1F:7A:60:4A:5F:48:8B:CF:2C:77:D3:8B:F9:69:29:09:A7:8C:FF
            X509v3 Authority Key Identifier:
                keyid:F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/rh96YEpfSIvPLHfTi_lpKQmnjP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.13.5.0-189.13.6.255

    Signature Algorithm: sha256WithRSAEncryption
         3b:52:5a:b5:a6:bc:a5:7d:43:86:f3:1c:06:d2:09:de:a1:7a:
         ab:b0:dc:a0:19:1b:39:c3:4f:07:05:83:45:ca:47:6a:08:df:
         66:7a:e1:ec:f6:f3:c9:00:ab:77:02:67:65:ff:fc:d3:56:f5:
         af:62:20:eb:8d:d6:95:15:1a:99:1b:ec:56:4a:a2:83:6b:3d:
         38:19:79:e1:f8:57:d2:13:4f:f2:13:25:75:0d:45:c5:a4:0e:
         39:f6:b5:32:f9:55:b4:5a:47:68:b2:3d:77:e6:1d:fb:f4:f7:
         ab:ae:7f:d8:dd:95:e1:72:d4:0b:40:9e:7b:59:89:0e:4c:90:
         43:f3:9a:24:c4:ca:ec:a5:b0:cd:0f:a8:20:33:5b:2c:b1:c4:
         26:69:3d:8b:96:c4:b8:6e:9e:5d:73:b1:94:b5:2e:27:20:64:
         0a:36:65:b8:3d:83:d9:45:1c:cd:19:c9:f4:27:63:a9:89:72:
         09:a7:ac:70:38:6f:0e:e6:41:30:5f:5e:fa:9f:31:f7:7f:34:
         fc:10:da:83:06:f3:a3:d2:71:6a:17:bb:63:8f:2c:a3:26:36:
         41:7e:53:2d:8a:f7:1c:2d:95:33:d0:3e:ce:b0:c7:ee:aa:5b:
         55:37:d9:0c:85:02:21:69:b7:36:3a:cf:f8:5d:98:99:54:43:
         eb:1c:ff:3a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ4BIab8kecp0QjXjDOfAIZ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMGU0NDUxOTViNjRkNzk5YjgyMmU5OTk0Nzc5MmUwY2Fi
MzJiNmQwHhcNMjYwNTA3MDYzMDQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTFmN2E2MDRhNWY0ODhiY2YyYzc3ZDM4YmY5NjkyOTA5YTc4Y2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6xfLtEYooZnnDQ6qJ65l5d70Rtz
Y04V90U49kQo96XjFS8wpt6uTjwGPAfI3yFakyI+NJtWnR1ernROi1jtOZJbf5Rn
upzvSbm4vMCdmAQ5QPkpdIFamzmMB4KGxYKxVIhcGHdONOWXwp++0oikfHwoAfl4
RZATAKN9zicWDCHZxN/6jFKEYlj1HGwXRUKw+mKi9QT15Q7xwuMDM8P6wy9xpo90
vlGwtKIIr5zgdNi1+1oxoeoxtSo/S6//b6pawqfEWCRU/atClc2dXaJvXV3zhPGL
xg56CeBfEGWtZ9vG/mMEgGtYgn/4QCqiuxkaRB5vUkDHLPtrvrune/fyGwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFK4femBKX0iLzyx304v5aSkJp4z/MB8GA1UdIwQY
MBaAFPMORFGVtk15m4IumZR3kuDKsyttMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgt
YjdjYTFmNDcyOGQwLzEvcmg5NllFcGZTSXZQTEhmVGlfbHBLUW1ualA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgtYjdjYTFmNDcyOGQw
LzEvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC9DQUD
BAC9DQYwDQYJKoZIhvcNAQELBQADggEBADtSWrWmvKV9Q4bzHAbSCd6hequw3KAZ
GznDTwcFg0XKR2oI32Z64ez288kAq3cCZ2X//NNW9a9iIOuN1pUVGpkb7FZKooNr
PTgZeeH4V9ITT/ITJXUNRcWkDjn2tTL5VbRaR2iyPXfmHfv096uuf9jdleFy1AtA
nntZiQ5MkEPzmiTEyuylsM0PqCAzWyyxxCZpPYuWxLhunl1zsZS1LicgZAo2Zbg9
g9lFHM0ZyfQnY6mJcgmnrHA4bw7mQTBfXvqfMfd/NPwQ2oMG86PScWoXu2OPLKMm
NkF+Uy2K9xwtlTPQPs6wx+6qW1U32QyFAiFptzY6z/hdmJlUQ+sc/zo=
-----END CERTIFICATE-----