Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/u6bOiDbYGbN8U3FLmB5moa8lWns.roa
File:                     u6bOiDbYGbN8U3FLmB5moa8lWns.roa (raw, json)
Hash identifier:          xAD0hA+5+OEGX8pMFnHObrDCODAFRjsyaJxdKXFvolA=
Subject key identifier:   BB:A6:CE:88:36:D8:19:B3:7C:53:71:4B:98:1E:66:A1:AF:25:5A:7B
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019EC6D904EC7C6C00B0F40CDDA01F761C96
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/u6bOiDbYGbN8U3FLmB5moa8lWns.roa
Signing time:             Sun 14 Jun 2026 15:56:11 +0000
ROA not before:           Sun 14 Jun 2026 15:56:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135754
IP address blocks:        62.132.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 14:33:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c6:d9:04:ec:7c:6c:00:b0:f4:0c:dd:a0:1f:76:1c:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jun 14 15:56:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bba6ce8836d819b37c53714b981e66a1af255a7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:3a:e3:12:80:53:bd:76:be:2c:9c:72:b5:3b:
                    10:7e:7c:f2:67:e5:22:b6:4d:cd:90:09:45:d0:22:
                    7b:26:c6:1d:e9:f5:09:10:7b:4a:63:a8:c7:2f:2a:
                    32:be:40:2a:c8:12:ad:42:08:81:82:a9:1a:c5:49:
                    8f:e1:94:d4:1b:e8:b7:a1:21:1f:39:0a:d9:fa:19:
                    cd:61:f1:b9:83:27:cc:98:2c:ac:88:4e:c0:54:bf:
                    9a:b0:bc:17:64:4f:6f:76:70:75:9f:cb:06:61:11:
                    f1:8a:b1:51:e4:ef:8e:84:c6:4f:a8:c8:50:6d:ea:
                    30:f9:0b:b6:21:a1:b7:88:46:ef:68:61:c2:5e:02:
                    97:14:9b:0a:ae:04:94:06:65:5c:8f:64:76:e5:7e:
                    ad:de:76:d5:3c:b4:dc:d8:da:9f:5c:2e:ba:07:15:
                    51:b9:32:46:7e:2a:ae:bf:27:68:e2:f4:43:19:74:
                    40:89:85:2b:7c:c9:c6:20:69:cc:d9:10:82:43:c6:
                    8b:83:41:d4:24:b0:2e:b4:dd:75:90:7f:f9:5e:7f:
                    a3:a4:77:00:68:10:e6:65:c6:a9:1e:60:e5:06:0f:
                    b1:25:ac:77:67:38:ec:e2:3f:c1:e3:04:92:30:28:
                    a0:ae:64:55:1f:ec:32:3a:8c:9d:a0:fc:13:34:09:
                    ac:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:A6:CE:88:36:D8:19:B3:7C:53:71:4B:98:1E:66:A1:AF:25:5A:7B
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/u6bOiDbYGbN8U3FLmB5moa8lWns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.132.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:e0:eb:24:32:f5:0d:a0:99:dc:a2:49:70:68:f4:e4:2d:82:
         e4:91:d5:3f:df:d3:90:44:b1:c3:a9:84:17:0a:00:36:23:31:
         3d:99:ae:fa:9f:ae:ce:2d:3e:3c:16:3d:cd:14:fd:99:f0:c5:
         39:50:af:b1:66:98:a7:4b:ab:0e:e9:d4:b9:d3:10:c0:48:e6:
         3b:47:c2:05:1b:96:07:88:39:6a:18:aa:d9:4f:2c:be:9c:c8:
         00:a1:5a:eb:6f:b9:6f:e0:39:78:e0:bf:d8:0e:61:60:31:fe:
         71:f8:b9:98:5a:ef:cf:8a:b2:91:87:61:8e:10:6b:f9:8c:cc:
         5a:eb:19:06:e6:69:0f:92:72:36:d3:15:35:19:68:21:b1:dd:
         6c:71:12:ad:d2:ef:da:b4:cb:89:0e:bb:7b:69:4a:58:97:8a:
         e4:31:d6:c2:95:7a:b5:25:6e:0a:c6:77:77:51:af:bd:0f:30:
         6c:11:84:66:22:f6:fb:8c:eb:01:50:a5:ee:76:6e:8f:e2:17:
         85:89:37:9e:a9:0b:da:07:70:d6:cb:2f:e2:72:ea:78:dc:c3:
         dc:5d:37:a0:74:5a:b2:bf:8b:fe:d8:cc:a6:5e:ac:e8:cb:c8:
         4f:7f:90:a1:50:20:00:c7:5c:5e:10:f6:f7:9c:39:29:5b:77:
         c7:af:0f:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7G2QTsfGwAsPQM3aAfdhyWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNjE0MTU1NjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmE2Y2U4ODM2ZDgxOWIzN2M1MzcxNGI5ODFlNjZhMWFmMjU1YTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zrjEoBTvXa+LJxytTsQfnzyZ+Ui
tk3NkAlF0CJ7JsYd6fUJEHtKY6jHLyoyvkAqyBKtQgiBgqkaxUmP4ZTUG+i3oSEf
OQrZ+hnNYfG5gyfMmCysiE7AVL+asLwXZE9vdnB1n8sGYRHxirFR5O+OhMZPqMhQ
beow+Qu2IaG3iEbvaGHCXgKXFJsKrgSUBmVcj2R25X6t3nbVPLTc2NqfXC66BxVR
uTJGfiquvydo4vRDGXRAiYUrfMnGIGnM2RCCQ8aLg0HUJLAutN11kH/5Xn+jpHcA
aBDmZcapHmDlBg+xJax3Zzjs4j/B4wSSMCigrmRVH+wyOoydoPwTNAms+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLumzog22BmzfFNxS5geZqGvJVp7MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvdTZiT2lEYllHYk44VTNGTG1CNW1vYThsV25zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPoR0MA0G
CSqGSIb3DQEBCwUAA4IBAQBd4OskMvUNoJncoklwaPTkLYLkkdU/39OQRLHDqYQX
CgA2IzE9ma76n67OLT48Fj3NFP2Z8MU5UK+xZpinS6sO6dS50xDASOY7R8IFG5YH
iDlqGKrZTyy+nMgAoVrrb7lv4Dl44L/YDmFgMf5x+LmYWu/PirKRh2GOEGv5jMxa
6xkG5mkPknI20xU1GWghsd1scRKt0u/atMuJDrt7aUpYl4rkMdbClXq1JW4Kxnd3
Ua+9DzBsEYRmIvb7jOsBUKXudm6P4heFiTeeqQvaB3DWyy/icup43MPcXTegdFqy
v4v+2MymXqzoy8hPf5ChUCAAx1xeEPb3nDkpW3fHrw86
-----END CERTIFICATE-----