Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/6xn_mUuM4Y4HJ703NISdpo34g0s.roa
File:                     6xn_mUuM4Y4HJ703NISdpo34g0s.roa (raw, json)
Hash identifier:          ElbcaA4wovONmIYrx1CN7oj5diLQLu4pOgko7ggQLw8=
Subject key identifier:   EB:19:FF:99:4B:8C:E1:8E:07:27:BD:37:34:84:9D:A6:8D:F8:83:4B
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019DF67B502D5CD12A2363403D12AD032A45
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/6xn_mUuM4Y4HJ703NISdpo34g0s.roa
Signing time:             Tue 05 May 2026 04:52:49 +0000
ROA not before:           Tue 05 May 2026 04:52:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206930
IP address blocks:        185.216.130.0/24 maxlen: 24
                          194.15.140.0/24 maxlen: 24
                          2a0a:e9c7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f6:7b:50:2d:5c:d1:2a:23:63:40:3d:12:ad:03:2a:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: May  5 04:52:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eb19ff994b8ce18e0727bd3734849da68df8834b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7a:d0:c2:bf:bb:5c:df:ce:a6:05:1e:50:a4:
                    36:8e:f4:01:51:fb:8d:08:97:85:c2:02:87:d3:50:
                    09:b1:a0:49:44:7a:ce:45:e9:f6:af:05:a5:54:35:
                    df:a5:72:58:81:33:cf:38:e9:31:ff:bd:3f:f7:8f:
                    97:33:3e:75:ee:57:ca:ea:4e:95:4f:68:92:96:b0:
                    b4:0c:74:2e:a4:7a:0d:bd:a6:87:64:8e:f9:d0:07:
                    77:66:a7:3d:3f:76:a6:a5:1e:1b:9e:84:9b:89:e4:
                    01:18:98:7d:cc:a3:ce:1f:e8:2f:6e:57:cf:30:8a:
                    60:0e:d9:89:cd:6e:15:18:46:de:05:31:8d:ef:62:
                    ef:ee:4b:0a:38:1c:81:5d:2b:28:e2:53:96:7e:21:
                    ed:8a:87:a4:0b:a4:d8:68:e3:34:38:d5:57:58:e3:
                    24:d1:52:09:e8:bd:69:05:43:60:e7:6b:98:03:e5:
                    ec:9f:93:d8:2b:e1:09:b0:dd:0b:be:ce:69:fa:f4:
                    db:47:51:b3:31:b5:08:6d:91:ff:ea:6b:f3:52:77:
                    18:39:1c:57:d4:f4:91:c2:ea:ec:c5:06:93:94:ce:
                    02:9f:96:71:97:f7:d5:b0:cb:40:c7:6d:e3:a2:76:
                    94:e1:55:8a:55:42:c4:54:99:24:eb:1f:23:75:f3:
                    60:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:19:FF:99:4B:8C:E1:8E:07:27:BD:37:34:84:9D:A6:8D:F8:83:4B
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/6xn_mUuM4Y4HJ703NISdpo34g0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.130.0/24
                  194.15.140.0/24
                IPv6:
                  2a0a:e9c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         b8:ac:15:3c:71:b0:54:99:d3:4e:f3:35:a4:51:37:4b:19:17:
         ce:6b:b7:0f:98:89:c5:d1:43:28:95:08:58:04:ad:32:02:c9:
         d5:94:14:27:d2:1c:54:b1:27:b5:7a:72:9b:c9:a2:d2:a0:92:
         b4:38:4a:80:73:7c:43:af:89:b0:73:39:35:bd:a9:67:f9:64:
         c1:d0:f1:b5:a4:79:5d:57:c4:f7:1b:4d:2e:5f:14:10:e4:f4:
         51:20:e3:0a:fb:19:bf:de:50:5c:97:93:c9:0d:c2:e7:09:b6:
         02:da:c2:42:ac:77:ad:6a:e9:b5:1e:a6:4e:6a:32:5d:d9:7e:
         e0:10:f5:33:a2:8f:f5:7b:81:65:0c:fd:a9:e5:eb:70:11:a7:
         62:80:de:57:76:ab:90:de:66:e1:f6:86:83:14:51:b7:ca:50:
         f2:b2:1d:4c:57:68:d6:46:c7:87:4f:20:42:c0:fe:88:a1:ad:
         aa:c1:38:8e:3e:27:50:5c:67:48:7d:70:c8:f9:81:77:4d:7e:
         3f:d4:fa:de:f2:0b:f9:c3:0e:f3:b4:a2:94:05:4b:f2:40:3a:
         9d:13:6b:a5:dd:e5:72:92:23:b4:df:ff:d5:48:7a:cb:9f:d1:
         fb:94:4c:d5:ea:66:98:59:fd:66:fa:c1:76:4c:1e:dd:ce:39:
         c7:ea:70:e1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ32e1AtXNEqI2NAPRKtAypFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwNTA1MDQ1MjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjE5ZmY5OTRiOGNlMThlMDcyN2JkMzczNDg0OWRhNjhkZjg4MzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHrQwr+7XN/OpgUeUKQ2jvQBUfuN
CJeFwgKH01AJsaBJRHrORen2rwWlVDXfpXJYgTPPOOkx/70/94+XMz517lfK6k6V
T2iSlrC0DHQupHoNvaaHZI750Ad3Zqc9P3ampR4bnoSbieQBGJh9zKPOH+gvblfP
MIpgDtmJzW4VGEbeBTGN72Lv7ksKOByBXSso4lOWfiHtioekC6TYaOM0ONVXWOMk
0VIJ6L1pBUNg52uYA+Xsn5PYK+EJsN0Lvs5p+vTbR1GzMbUIbZH/6mvzUncYORxX
1PSRwursxQaTlM4Cn5Zxl/fVsMtAx23jonaU4VWKVULEVJkk6x8jdfNgrQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOsZ/5lLjOGOBye9NzSEnaaN+INLMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvNnhuX21VdU00WTRISjcwM05JU2RwbzM0ZzBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAudiCAwQA
wg+MMA0EAgACMAcDBQAqCunHMA0GCSqGSIb3DQEBCwUAA4IBAQC4rBU8cbBUmdNO
8zWkUTdLGRfOa7cPmInF0UMolQhYBK0yAsnVlBQn0hxUsSe1enKbyaLSoJK0OEqA
c3xDr4mwczk1valn+WTB0PG1pHldV8T3G00uXxQQ5PRRIOMK+xm/3lBcl5PJDcLn
CbYC2sJCrHetaum1HqZOajJd2X7gEPUzoo/1e4FlDP2p5etwEadigN5XdquQ3mbh
9oaDFFG3ylDysh1MV2jWRseHTyBCwP6Ioa2qwTiOPidQXGdIfXDI+YF3TX4/1Pre
8gv5ww7ztKKUBUvyQDqdE2ul3eVykiO03//VSHrLn9H7lEzV6maYWf1m+sF2TB7d
zjnH6nDh
-----END CERTIFICATE-----