Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/6SSFg2yTmoKjF6zDnreMbjMeibE.roa
File:                     6SSFg2yTmoKjF6zDnreMbjMeibE.roa (raw, json)
Hash identifier:          AXKKKuWwPyZUnqIrE5CjvILYke6ea5omdcN+j9qzetQ=
Subject key identifier:   E9:24:85:83:6C:93:9A:82:A3:17:AC:C3:9E:B7:8C:6E:33:1E:89:B1
Certificate issuer:       /CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
Certificate serial:       019E6DABA944FF15DFB7FC4C14107A71EB0A
Authority key identifier: 12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/6SSFg2yTmoKjF6zDnreMbjMeibE.roa
Signing time:             Thu 28 May 2026 08:20:26 +0000
ROA not before:           Thu 28 May 2026 08:20:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212477
IP address blocks:        185.114.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6d:ab:a9:44:ff:15:df:b7:fc:4c:14:10:7a:71:eb:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
        Validity
            Not Before: May 28 08:20:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e92485836c939a82a317acc39eb78c6e331e89b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b4:f1:58:ad:a5:65:20:01:23:f8:a6:81:41:
                    61:51:c1:98:d1:fa:43:74:c2:d8:d1:e3:e8:45:b7:
                    1f:19:89:47:ce:03:b6:35:0c:42:3a:b3:45:cd:e5:
                    64:de:07:37:f1:f5:5b:9b:40:6a:f7:8e:92:20:bc:
                    af:f9:78:08:dd:fd:6c:8e:ab:20:29:a2:d7:12:35:
                    4a:87:e7:1f:ee:e2:7d:8c:51:cd:28:85:1e:84:02:
                    6a:61:14:98:f8:2e:31:ca:6a:8b:df:4a:ad:00:c9:
                    56:45:4e:80:77:4c:c4:d2:8d:cb:bb:80:72:11:11:
                    f7:01:bb:11:c3:b2:0d:62:ed:84:1f:a1:32:19:16:
                    8c:89:a5:06:5e:e4:44:be:41:5c:3e:31:35:bc:87:
                    37:ad:9b:5a:bd:44:1e:b6:dd:7c:5e:82:b7:94:05:
                    d4:ce:20:f7:45:7d:5a:68:4e:bd:a3:9a:56:c6:f0:
                    9f:8b:c8:ec:69:34:93:f9:e3:70:13:49:32:7c:eb:
                    8b:50:d8:48:bd:49:81:dd:2d:35:c7:90:fa:1e:33:
                    67:dc:a8:69:37:22:4b:16:75:c9:db:d8:3f:ed:74:
                    fd:36:68:63:c8:c2:93:40:61:a2:54:4f:d5:8f:18:
                    8b:1d:30:07:1d:8f:63:38:9c:22:82:d0:6a:50:df:
                    12:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:24:85:83:6C:93:9A:82:A3:17:AC:C3:9E:B7:8C:6E:33:1E:89:B1
            X509v3 Authority Key Identifier:
                keyid:12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/6SSFg2yTmoKjF6zDnreMbjMeibE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:d3:62:45:98:91:14:b8:7a:59:ea:fe:a7:ec:22:fc:44:66:
         20:7c:fe:4a:7d:d9:f1:1c:de:7c:00:d2:40:e4:0b:92:f3:15:
         91:e3:21:50:ca:4e:b7:2a:9f:29:6b:2c:1a:f9:58:d8:27:af:
         53:4e:41:d9:c4:06:1a:c3:cb:9a:50:8a:5d:53:10:b4:aa:13:
         9f:ab:1e:56:10:95:91:32:2f:55:cf:12:2c:60:61:5e:fa:46:
         4e:f3:aa:fd:a3:52:a3:33:8e:da:22:d1:20:4c:5c:64:16:e7:
         15:74:d4:34:8d:d9:81:0b:70:12:d8:c4:63:c9:b5:d7:c6:ff:
         11:e0:6a:27:b2:85:1f:ec:d3:95:f6:04:02:ba:5a:fa:e1:88:
         94:7c:cd:76:d2:7e:4c:20:9c:f6:87:29:86:5b:e4:f8:0c:96:
         e4:d4:4f:91:5e:bb:11:c0:dc:4d:12:6f:7e:72:74:91:80:31:
         15:f6:09:cd:8d:de:20:d6:84:5d:a3:48:db:ec:90:be:8f:51:
         52:54:12:bb:e3:e6:69:f3:d1:61:36:6b:7d:43:b5:ac:31:69:
         6e:75:38:d8:ed:8e:8e:88:a4:bc:6c:5a:fd:a5:79:b5:2c:f5:
         db:12:28:cf:42:45:e4:df:4e:6f:9d:65:62:1c:1a:7e:44:14:
         f8:88:dc:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5tq6lE/xXft/xMFBB6cesKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMTRhN2UyYThjNzAxMjMyNWFlOTczZWQxYTJiYmEwNWIy
YmI5YzEwHhcNMjYwNTI4MDgyMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTI0ODU4MzZjOTM5YTgyYTMxN2FjYzM5ZWI3OGM2ZTMzMWU4OWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrTxWK2lZSABI/imgUFhUcGY0fpD
dMLY0ePoRbcfGYlHzgO2NQxCOrNFzeVk3gc38fVbm0Bq946SILyv+XgI3f1sjqsg
KaLXEjVKh+cf7uJ9jFHNKIUehAJqYRSY+C4xymqL30qtAMlWRU6Ad0zE0o3Lu4By
ERH3AbsRw7INYu2EH6EyGRaMiaUGXuREvkFcPjE1vIc3rZtavUQett18XoK3lAXU
ziD3RX1aaE69o5pWxvCfi8jsaTST+eNwE0kyfOuLUNhIvUmB3S01x5D6HjNn3Khp
NyJLFnXJ29g/7XT9NmhjyMKTQGGiVE/VjxiLHTAHHY9jOJwigtBqUN8SUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOkkhYNsk5qCoxesw563jG4zHomxMB8GA1UdIwQY
MBaAFBIUp+KoxwEjJa6XPtGiu6BbK7nBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQt
ZTljMzY0OWMxMjE4LzEvNlNTRmcyeVRtb0tqRjZ6RG5yZU1iak1laWJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQtZTljMzY0OWMxMjE4
LzEvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXIhMA0G
CSqGSIb3DQEBCwUAA4IBAQAX02JFmJEUuHpZ6v6n7CL8RGYgfP5KfdnxHN58ANJA
5AuS8xWR4yFQyk63Kp8paywa+VjYJ69TTkHZxAYaw8uaUIpdUxC0qhOfqx5WEJWR
Mi9VzxIsYGFe+kZO86r9o1KjM47aItEgTFxkFucVdNQ0jdmBC3AS2MRjybXXxv8R
4GonsoUf7NOV9gQCulr64YiUfM120n5MIJz2hymGW+T4DJbk1E+RXrsRwNxNEm9+
cnSRgDEV9gnNjd4g1oRdo0jb7JC+j1FSVBK74+Zp89FhNmt9Q7WsMWludTjY7Y6O
iKS8bFr9pXm1LPXbEijPQkXk305vnWViHBp+RBT4iNzV
-----END CERTIFICATE-----