Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/o6k4KBPjdil3WuB7HudYZFQVuio.roa
File:                     o6k4KBPjdil3WuB7HudYZFQVuio.roa (raw, json)
Hash identifier:          5XEGVtaoTy/OrakXg9NARGFxY6y76Ds7hBFFlDQicdE=
Subject key identifier:   A3:A9:38:28:13:E3:76:29:77:5A:E0:7B:1E:E7:58:64:54:15:BA:2A
Certificate issuer:       /CN=320b24a740f2e61632050adc146c1ee6a3e686c5
Certificate serial:       019ECFA84C77171AB868407E9C466331655F
Authority key identifier: 32:0B:24:A7:40:F2:E6:16:32:05:0A:DC:14:6C:1E:E6:A3:E6:86:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/o6k4KBPjdil3WuB7HudYZFQVuio.roa
Signing time:             Tue 16 Jun 2026 08:59:33 +0000
ROA not before:           Tue 16 Jun 2026 08:59:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12443
IP address blocks:        92.240.90.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Jun 2026 08:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cf:a8:4c:77:17:1a:b8:68:40:7e:9c:46:63:31:65:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=320b24a740f2e61632050adc146c1ee6a3e686c5
        Validity
            Not Before: Jun 16 08:59:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a3a9382813e37629775ae07b1ee758645415ba2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:04:f0:cb:d9:12:ff:fc:2e:d2:6f:c3:26:95:
                    ff:78:e9:9f:7e:3a:4b:69:a0:7b:7e:3b:e4:3d:6c:
                    44:bc:0d:76:8a:2c:66:87:b9:d9:18:75:02:fd:07:
                    17:4a:07:e1:81:53:e1:b3:ab:1c:5f:ca:6f:e1:b2:
                    ff:75:9b:f6:ec:7f:8c:6e:e1:9c:4d:8b:33:88:97:
                    42:b8:f3:3e:01:ba:be:4d:05:49:c1:56:08:d6:f1:
                    35:13:c3:9d:ce:fe:7f:6a:44:bc:39:e3:79:5d:fe:
                    fa:00:91:7f:a4:1b:c5:24:36:bb:4b:03:aa:57:9c:
                    75:e2:33:1f:6f:aa:61:5b:ca:a4:b4:04:c5:18:cf:
                    59:26:a1:31:2f:e1:a3:eb:cc:f8:e0:6e:17:cc:5e:
                    18:cc:ee:bf:82:fc:e2:61:83:ea:b0:32:b7:e6:82:
                    3c:33:4a:5d:b1:bd:82:d0:0d:b5:9d:2d:e7:98:b2:
                    24:0d:fc:c4:d6:58:9d:c1:c9:90:60:01:90:c3:9f:
                    8d:67:90:07:ca:d0:6d:5f:3c:b2:b7:b0:24:d7:de:
                    64:c2:ba:bf:ff:45:ad:94:e4:d5:97:57:54:0f:18:
                    c8:ff:3d:ac:e4:fe:6f:fe:50:6b:47:10:10:0b:be:
                    d6:aa:e6:bd:4b:4d:06:77:59:a2:1f:ea:98:bb:ed:
                    59:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:A9:38:28:13:E3:76:29:77:5A:E0:7B:1E:E7:58:64:54:15:BA:2A
            X509v3 Authority Key Identifier:
                keyid:32:0B:24:A7:40:F2:E6:16:32:05:0A:DC:14:6C:1E:E6:A3:E6:86:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/o6k4KBPjdil3WuB7HudYZFQVuio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.240.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7d:52:c7:d9:cd:e5:f5:09:88:48:93:2d:c5:ce:12:09:82:9a:
         6a:0e:d3:19:80:37:79:06:f0:55:be:f5:e4:ff:6a:ad:ac:b0:
         76:e3:8b:15:cf:aa:a6:10:47:63:16:a5:44:17:88:7b:e2:25:
         d3:09:28:29:b3:b9:64:a6:46:65:e4:85:53:0d:d4:e0:16:11:
         db:54:98:b7:f7:b1:8f:2c:71:28:95:1b:24:d1:b4:6e:94:0d:
         c7:d6:bc:9b:47:eb:44:8f:4a:5a:9a:af:d1:a8:77:12:25:2c:
         6a:1c:12:20:c1:2e:b7:c1:8e:ae:68:a4:90:6b:fe:41:14:6b:
         72:63:9f:bf:e7:f7:d7:5b:64:b3:bb:6d:b8:f5:ea:6f:f4:d1:
         ca:d4:95:c0:98:d2:60:a3:cf:04:fe:0b:86:e3:0a:87:24:e9:
         da:45:a4:3d:3c:e8:3f:81:c5:4b:55:f9:32:8d:73:2d:75:1f:
         23:bd:c7:c1:10:93:8a:2b:98:86:1b:9b:5b:19:1c:2a:f9:2b:
         23:12:f4:88:9e:21:55:da:e9:1a:93:f8:be:ea:37:c7:98:91:
         38:e7:a8:66:ae:35:f1:99:38:c2:a4:78:f2:8c:f9:c5:8a:9e:
         08:de:56:80:d9:3f:40:ab:71:ce:19:a8:47:1a:b7:7c:96:f1:
         50:c0:ff:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7PqEx3Fxq4aEB+nEZjMWVfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMGIyNGE3NDBmMmU2MTYzMjA1MGFkYzE0NmMxZWU2YTNl
Njg2YzUwHhcNMjYwNjE2MDg1OTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2E5MzgyODEzZTM3NjI5Nzc1YWUwN2IxZWU3NTg2NDU0MTViYTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ATwy9kS//wu0m/DJpX/eOmffjpL
aaB7fjvkPWxEvA12iixmh7nZGHUC/QcXSgfhgVPhs6scX8pv4bL/dZv27H+MbuGc
TYsziJdCuPM+Abq+TQVJwVYI1vE1E8Odzv5/akS8OeN5Xf76AJF/pBvFJDa7SwOq
V5x14jMfb6phW8qktATFGM9ZJqExL+Gj68z44G4XzF4YzO6/gvziYYPqsDK35oI8
M0pdsb2C0A21nS3nmLIkDfzE1lidwcmQYAGQw5+NZ5AHytBtXzyyt7Ak195kwrq/
/0WtlOTVl1dUDxjI/z2s5P5v/lBrRxAQC77Wqua9S00Gd1miH+qYu+1ZfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOpOCgT43Ypd1rgex7nWGRUFboqMB8GA1UdIwQY
MBaAFDILJKdA8uYWMgUK3BRsHuaj5obFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWdza3AwRHk1aFl5QlFyY0ZHd2U1cVBtaHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy85YzI3ZTQtZDdiMS00M2MxLWEzOGYt
OTQ5MTRmNWRkYjNjLzEvbzZrNEtCUGpkaWwzV3VCN0h1ZFlaRlFWdWlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy85YzI3ZTQtZDdiMS00M2MxLWEzOGYtOTQ5MTRmNWRkYjNj
LzEvTWdza3AwRHk1aFl5QlFyY0ZHd2U1cVBtaHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXPBaMA0G
CSqGSIb3DQEBCwUAA4IBAQB9UsfZzeX1CYhIky3FzhIJgppqDtMZgDd5BvBVvvXk
/2qtrLB244sVz6qmEEdjFqVEF4h74iXTCSgps7lkpkZl5IVTDdTgFhHbVJi397GP
LHEolRsk0bRulA3H1rybR+tEj0pamq/RqHcSJSxqHBIgwS63wY6uaKSQa/5BFGty
Y5+/5/fXW2Szu2249epv9NHK1JXAmNJgo88E/guG4wqHJOnaRaQ9POg/gcVLVfky
jXMtdR8jvcfBEJOKK5iGG5tbGRwq+SsjEvSIniFV2ukak/i+6jfHmJE456hmrjXx
mTjCpHjyjPnFip4I3laA2T9Aq3HOGahHGrd8lvFQwP8k
-----END CERTIFICATE-----