Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/d5383b-10e5-43e9-b320-3234160dbcd4/1/6-2FD8HR51guZuZo3woN4IVR9zc.roa
File:                     6-2FD8HR51guZuZo3woN4IVR9zc.roa (raw, json)
Hash identifier:          PJc3A8dXSGr4yP32dRfCtlI52+k/p1Mtsy/ZQcI6iOs=
Subject key identifier:   EB:ED:85:0F:C1:D1:E7:58:2E:66:E6:68:DF:0A:0D:E0:85:51:F7:37
Certificate issuer:       /CN=e1f43f3e61990fd3e5767debe98e51cc19cac708
Certificate serial:       019E031350E049F675EA8BBDBF4822A74741
Authority key identifier: E1:F4:3F:3E:61:99:0F:D3:E5:76:7D:EB:E9:8E:51:CC:19:CA:C7:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4fQ_PmGZD9Pldn3r6Y5RzBnKxwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/d5383b-10e5-43e9-b320-3234160dbcd4/1/6-2FD8HR51guZuZo3woN4IVR9zc.roa
Signing time:             Thu 07 May 2026 15:34:17 +0000
ROA not before:           Thu 07 May 2026 15:34:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        195.66.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/d5383b-10e5-43e9-b320-3234160dbcd4/1/4fQ_PmGZD9Pldn3r6Y5RzBnKxwg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/d5383b-10e5-43e9-b320-3234160dbcd4/1/4fQ_PmGZD9Pldn3r6Y5RzBnKxwg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4fQ_PmGZD9Pldn3r6Y5RzBnKxwg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:03:13:50:e0:49:f6:75:ea:8b:bd:bf:48:22:a7:47:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1f43f3e61990fd3e5767debe98e51cc19cac708
        Validity
            Not Before: May  7 15:34:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ebed850fc1d1e7582e66e668df0a0de08551f737
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ab:89:b6:5b:b8:5f:24:16:ac:37:b7:17:10:
                    fd:16:a5:d6:84:3f:5d:40:e8:d1:eb:f1:ed:c3:74:
                    c6:ba:85:c6:93:f1:f6:13:36:a6:8e:c8:9d:ea:fb:
                    6f:1a:73:19:aa:0f:a6:40:f9:8c:ba:9a:c9:dc:e4:
                    ce:03:e0:bf:6f:8c:8b:e9:57:e8:f1:7a:07:a9:6f:
                    9e:08:f2:65:cf:09:30:c0:2c:63:1d:a9:dc:68:9e:
                    8c:02:ee:78:3b:0d:b6:79:0f:62:b1:e2:b1:90:b8:
                    3e:e3:30:92:f4:73:fe:1c:f8:53:4e:ad:3a:e3:67:
                    9a:32:7b:e7:71:d5:7b:99:b3:d6:b8:a1:ee:55:56:
                    3a:e6:6b:15:4e:56:df:a5:42:90:54:15:a8:01:17:
                    ca:ce:b9:53:f2:af:7d:75:76:b6:a7:c0:e4:94:a0:
                    53:7f:74:d0:82:69:ca:1b:d8:8c:6d:0d:8a:26:e4:
                    93:4d:6a:b1:93:38:8f:9f:ae:6d:12:eb:32:4c:b0:
                    72:de:d8:f2:ff:06:e5:9e:94:52:3e:e2:91:fd:40:
                    1f:0e:45:7f:44:25:76:bb:07:95:33:f5:64:46:9e:
                    fe:7d:16:5d:de:b9:50:fb:29:6f:e7:c5:41:57:ea:
                    b5:54:ac:17:e9:23:a7:51:4f:7d:92:09:47:4c:4c:
                    b0:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:ED:85:0F:C1:D1:E7:58:2E:66:E6:68:DF:0A:0D:E0:85:51:F7:37
            X509v3 Authority Key Identifier:
                keyid:E1:F4:3F:3E:61:99:0F:D3:E5:76:7D:EB:E9:8E:51:CC:19:CA:C7:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4fQ_PmGZD9Pldn3r6Y5RzBnKxwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/d5383b-10e5-43e9-b320-3234160dbcd4/1/6-2FD8HR51guZuZo3woN4IVR9zc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/d5383b-10e5-43e9-b320-3234160dbcd4/1/4fQ_PmGZD9Pldn3r6Y5RzBnKxwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:db:dd:9d:e0:55:aa:96:33:80:99:3e:7f:3a:ac:ab:2a:1b:
         b2:f1:98:d0:17:74:5a:3c:b9:2a:74:0f:56:73:06:ad:97:37:
         8e:cd:04:a3:f1:6e:dd:91:5d:75:6d:7f:bc:8f:f1:6b:fc:62:
         9f:ae:a0:32:e7:97:d3:8c:70:29:e0:00:fa:a2:f9:9d:c0:f2:
         75:27:12:70:27:3e:a4:ef:dc:d6:46:e6:19:22:ab:88:2e:77:
         3e:e4:a0:da:2f:86:aa:0e:c6:26:dc:16:fe:4b:4c:8b:a8:c3:
         2c:0c:96:32:27:23:21:9d:a3:6f:2c:ce:16:ad:b1:e6:01:07:
         ee:f8:25:29:16:5d:6d:0a:fc:32:62:7c:cf:2a:ec:4d:15:da:
         da:b8:dc:8e:02:69:2f:ad:68:0d:4e:56:83:66:2f:d3:08:6d:
         3e:b6:f3:23:29:04:03:0a:1e:cd:52:68:ae:93:2c:79:c5:7c:
         8f:03:bb:2c:0d:65:72:78:4d:ae:22:61:5f:67:d9:de:45:df:
         9c:c8:e5:67:fb:b5:4a:c8:a1:8b:65:f5:62:b7:17:29:96:ba:
         ae:18:29:6f:ce:e4:12:94:ac:7b:fa:1b:96:d5:97:a1:24:43:
         7a:02:1d:2e:19:20:2d:a8:48:9f:21:6b:4f:1d:b5:0a:c0:94:
         09:29:24:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4DE1DgSfZ16ou9v0gip0dBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZjQzZjNlNjE5OTBmZDNlNTc2N2RlYmU5OGU1MWNjMTlj
YWM3MDgwHhcNMjYwNTA3MTUzNDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmVkODUwZmMxZDFlNzU4MmU2NmU2NjhkZjBhMGRlMDg1NTFmNzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0quJtlu4XyQWrDe3FxD9FqXWhD9d
QOjR6/Htw3TGuoXGk/H2Ezamjsid6vtvGnMZqg+mQPmMuprJ3OTOA+C/b4yL6Vfo
8XoHqW+eCPJlzwkwwCxjHancaJ6MAu54Ow22eQ9iseKxkLg+4zCS9HP+HPhTTq06
42eaMnvncdV7mbPWuKHuVVY65msVTlbfpUKQVBWoARfKzrlT8q99dXa2p8DklKBT
f3TQgmnKG9iMbQ2KJuSTTWqxkziPn65tEusyTLBy3tjy/wblnpRSPuKR/UAfDkV/
RCV2uweVM/VkRp7+fRZd3rlQ+ylv58VBV+q1VKwX6SOnUU99kglHTEyw8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvthQ/B0edYLmbmaN8KDeCFUfc3MB8GA1UdIwQY
MBaAFOH0Pz5hmQ/T5XZ96+mOUcwZyscIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGZRX1BtR1pEOVBsZG4zcjZZNVJ6Qm5LeHdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9kNTM4M2ItMTBlNS00M2U5LWIzMjAt
MzIzNDE2MGRiY2Q0LzEvNi0yRkQ4SFI1MWd1WnVabzN3b040SVZSOXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9kNTM4M2ItMTBlNS00M2U5LWIzMjAtMzIzNDE2MGRiY2Q0
LzEvNGZRX1BtR1pEOVBsZG4zcjZZNVJ6Qm5LeHdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0IdMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ292d4FWqljOAmT5/OqyrKhuy8ZjQF3RaPLkqdA9W
cwatlzeOzQSj8W7dkV11bX+8j/Fr/GKfrqAy55fTjHAp4AD6ovmdwPJ1JxJwJz6k
79zWRuYZIquILnc+5KDaL4aqDsYm3Bb+S0yLqMMsDJYyJyMhnaNvLM4WrbHmAQfu
+CUpFl1tCvwyYnzPKuxNFdrauNyOAmkvrWgNTlaDZi/TCG0+tvMjKQQDCh7NUmiu
kyx5xXyPA7ssDWVyeE2uImFfZ9neRd+cyOVn+7VKyKGLZfVitxcplrquGClvzuQS
lKx7+huW1ZehJEN6Ah0uGSAtqEifIWtPHbUKwJQJKSQ5
-----END CERTIFICATE-----