Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/a-A-agnUzTVTtpnb8Au-C-sd9mg.roa
File:                     a-A-agnUzTVTtpnb8Au-C-sd9mg.roa (raw, json)
Hash identifier:          6EiGbyje2xiZ/0vW3XwjON0NmaFjFzOACugwDh+QsIY=
Subject key identifier:   6B:E0:3E:6A:09:D4:CD:35:53:B6:99:DB:F0:0B:BE:0B:EB:1D:F6:68
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019EDDFD0D078E1973F7395EFDE7E74197C5
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/a-A-agnUzTVTtpnb8Au-C-sd9mg.roa
Signing time:             Fri 19 Jun 2026 03:46:49 +0000
ROA not before:           Fri 19 Jun 2026 03:46:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200051
IP address blocks:        5.230.201.0/24 maxlen: 24
                          89.106.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 23:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:dd:fd:0d:07:8e:19:73:f7:39:5e:fd:e7:e7:41:97:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jun 19 03:46:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6be03e6a09d4cd3553b699dbf00bbe0beb1df668
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:b0:eb:c6:7d:fa:af:89:ff:18:74:a3:d0:94:
                    b7:be:16:26:0b:5a:0f:8f:6d:40:09:70:c4:1e:af:
                    5c:51:68:e1:11:2a:df:b1:06:21:36:b1:78:77:41:
                    99:cb:dd:b1:d2:10:25:3d:c3:54:6f:d8:aa:d2:c9:
                    27:e4:ef:8f:68:cf:a8:4a:c3:79:7f:b9:99:5f:f9:
                    63:e7:05:96:ce:f7:67:60:6e:0e:31:4f:81:a3:24:
                    8a:25:9f:7b:a9:5e:e7:bb:b2:ca:46:fa:a3:65:41:
                    67:af:e1:f5:f9:33:dd:c1:48:43:d2:70:65:8a:f8:
                    69:f6:12:f3:e7:d2:30:75:ca:53:c6:da:6e:cd:38:
                    d0:c0:ef:07:d5:03:00:b5:4c:69:92:83:40:f6:f0:
                    c5:f1:e0:a0:62:ca:47:52:fe:0c:7a:24:b3:8b:49:
                    78:13:0a:62:93:29:14:40:cc:a4:61:52:a5:62:0a:
                    43:68:9d:f0:f0:e7:3c:aa:84:23:03:8d:c2:c0:83:
                    d0:38:2b:fc:7f:32:38:93:04:d5:a4:e1:22:0f:74:
                    6a:f8:81:15:f7:ed:31:b0:bc:cc:0b:c1:b7:a7:21:
                    6e:05:f6:32:3e:16:64:f7:26:38:f3:9b:56:44:f9:
                    f0:9a:7f:76:45:39:11:18:d0:64:7c:0b:4f:67:95:
                    67:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:E0:3E:6A:09:D4:CD:35:53:B6:99:DB:F0:0B:BE:0B:EB:1D:F6:68
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/a-A-agnUzTVTtpnb8Au-C-sd9mg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.230.201.0/24
                  89.106.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:78:91:2c:ea:ff:bb:d2:a9:53:17:24:50:18:4f:59:db:96:
         47:a6:40:44:d2:94:2e:b2:a8:3b:74:d1:cb:c9:91:b9:d8:18:
         8c:71:e3:98:07:fb:d4:57:fb:17:80:73:87:be:28:20:ce:93:
         16:0e:06:8c:df:4b:18:29:1d:5d:c5:d2:c6:34:34:c1:df:9a:
         24:8e:08:9b:e5:a1:b1:1e:5e:39:8a:62:61:f6:e9:23:d6:c8:
         b0:5d:1c:f6:f1:5a:28:04:ed:6a:08:fa:f0:4e:f6:b7:55:02:
         79:e6:3f:0e:24:1b:6c:86:7b:d4:10:d7:a7:01:05:24:50:d7:
         33:42:3d:93:8e:60:c8:26:ae:3b:ff:c0:88:bd:eb:6f:03:33:
         0d:80:5c:f6:f0:25:83:f5:ee:6e:97:0b:15:3f:7d:70:5d:a3:
         03:b9:12:af:5f:cd:24:81:ff:bc:c7:1e:97:b3:5c:24:b2:cc:
         49:7d:9e:f1:9e:98:ca:0f:85:20:a3:e1:23:0e:90:e0:c3:d9:
         4b:e9:7a:0a:04:25:ff:01:f5:0a:ed:4b:fa:89:a2:42:9e:39:
         69:54:05:4e:7f:c5:c3:0c:5b:24:b3:39:51:f2:21:a0:b0:cb:
         b4:29:15:f0:d2:69:bb:b0:b5:fb:37:1a:aa:0b:30:75:f5:8e:
         aa:3d:a8:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7d/Q0Hjhlz9zle/efnQZfFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNjE5MDM0NjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmUwM2U2YTA5ZDRjZDM1NTNiNjk5ZGJmMDBiYmUwYmViMWRmNjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbDrxn36r4n/GHSj0JS3vhYmC1oP
j21ACXDEHq9cUWjhESrfsQYhNrF4d0GZy92x0hAlPcNUb9iq0skn5O+PaM+oSsN5
f7mZX/lj5wWWzvdnYG4OMU+BoySKJZ97qV7nu7LKRvqjZUFnr+H1+TPdwUhD0nBl
ivhp9hLz59IwdcpTxtpuzTjQwO8H1QMAtUxpkoNA9vDF8eCgYspHUv4MeiSzi0l4
EwpikykUQMykYVKlYgpDaJ3w8Oc8qoQjA43CwIPQOCv8fzI4kwTVpOEiD3Rq+IEV
9+0xsLzMC8G3pyFuBfYyPhZk9yY485tWRPnwmn92RTkRGNBkfAtPZ5Vn0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGvgPmoJ1M01U7aZ2/ALvgvrHfZoMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvYS1BLWFnblV6VFZUdHBuYjhBdS1DLXNkOW1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABebJAwQA
WWpTMA0GCSqGSIb3DQEBCwUAA4IBAQCPeJEs6v+70qlTFyRQGE9Z25ZHpkBE0pQu
sqg7dNHLyZG52BiMceOYB/vUV/sXgHOHviggzpMWDgaM30sYKR1dxdLGNDTB35ok
jgib5aGxHl45imJh9ukj1siwXRz28VooBO1qCPrwTva3VQJ55j8OJBtshnvUENen
AQUkUNczQj2TjmDIJq47/8CIvetvAzMNgFz28CWD9e5ulwsVP31wXaMDuRKvX80k
gf+8xx6Xs1wkssxJfZ7xnpjKD4Ugo+EjDpDgw9lL6XoKBCX/AfUK7Uv6iaJCnjlp
VAVOf8XDDFskszlR8iGgsMu0KRXw0mm7sLX7NxqqCzB19Y6qPajv
-----END CERTIFICATE-----