Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/0qEn2Tr1eL0p4gWnJC-dqU4CxzY.roa
File:                     0qEn2Tr1eL0p4gWnJC-dqU4CxzY.roa (raw, json)
Hash identifier:          MGRmXu5/DYswkbnJSviqmyBoyVZENS/DT4pMUXKKoHc=
Subject key identifier:   D2:A1:27:D9:3A:F5:78:BD:29:E2:05:A7:24:2F:9D:A9:4E:02:C7:36
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019E547385F342C11308833345226878B068
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/0qEn2Tr1eL0p4gWnJC-dqU4CxzY.roa
Signing time:             Sat 23 May 2026 10:48:37 +0000
ROA not before:           Sat 23 May 2026 10:48:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9318
IP address blocks:        178.253.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:54:73:85:f3:42:c1:13:08:83:33:45:22:68:78:b0:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May 23 10:48:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d2a127d93af578bd29e205a7242f9da94e02c736
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2f:a1:bd:59:29:0f:c7:e8:c2:75:93:30:db:
                    85:af:b9:5c:ab:c6:80:15:4b:b2:b2:4b:55:f9:10:
                    1c:73:a5:92:bb:9a:3c:8b:bb:3a:55:87:11:a3:31:
                    35:02:91:a1:dc:62:c0:92:ee:d9:97:6b:36:5c:c3:
                    ce:fa:dd:a3:b1:c4:56:f9:1e:7f:7b:69:3b:63:b3:
                    a5:3a:65:82:2a:55:a2:66:87:df:d5:2e:3e:9c:08:
                    53:3a:05:1b:a0:e0:ca:49:f6:41:11:b8:9d:25:bb:
                    a5:7b:c4:7f:e1:b9:2c:28:31:85:98:07:1a:77:29:
                    88:3b:bf:5e:5f:34:59:7d:bf:77:52:bb:d9:6c:14:
                    e1:6f:46:35:46:d8:8a:91:d5:e8:6a:1d:8f:ad:03:
                    a6:89:ae:b9:89:cd:00:aa:77:72:99:94:3b:01:94:
                    ef:2c:f8:8f:88:6b:62:fa:34:eb:f3:19:03:cf:92:
                    c5:38:8a:e6:3b:67:2d:bf:04:6f:ad:74:6b:8f:ef:
                    db:95:f3:89:6e:a9:b0:f6:91:83:2f:9b:4e:21:be:
                    4a:14:12:15:54:7b:a8:e2:1f:22:b6:ae:53:4e:ee:
                    5c:b4:64:be:18:94:fe:ea:13:7f:64:bf:02:20:73:
                    32:6f:f6:f0:bf:ee:e1:cd:81:a2:89:fb:0a:cf:a3:
                    7b:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:A1:27:D9:3A:F5:78:BD:29:E2:05:A7:24:2F:9D:A9:4E:02:C7:36
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/0qEn2Tr1eL0p4gWnJC-dqU4CxzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:8f:22:69:63:39:83:0a:e9:9c:ec:38:f6:7f:36:64:17:3d:
         9b:79:5e:5b:17:11:57:38:05:7a:a3:fc:4f:0f:56:99:45:9b:
         38:b6:6d:8a:6e:e9:6f:a1:60:61:15:d6:3d:92:a7:f0:dc:7c:
         d5:a8:7a:cc:1d:a9:2e:dd:26:53:f7:0f:38:8e:73:37:b3:86:
         01:34:dc:d2:8c:e5:6f:5f:a1:d1:0f:8c:53:19:15:04:d5:ba:
         26:f3:4e:66:c5:65:39:fe:c0:d9:19:ed:b8:45:1c:44:f4:f3:
         b1:3a:9d:87:7c:71:44:e0:8a:0d:c2:e6:21:2a:f7:52:8e:ad:
         4d:7b:1b:a0:2f:cb:b3:18:5c:2b:ed:bb:c7:9d:5c:5a:bc:cb:
         fa:40:53:82:10:71:3d:03:65:9b:5e:fe:bb:83:0f:8c:2d:b1:
         71:f5:b1:50:28:46:0b:6d:3c:02:c3:00:d4:bc:a0:04:23:ea:
         1d:ae:48:08:c0:8d:a1:64:0d:0a:b7:25:b7:68:74:45:24:a2:
         c2:bb:63:13:32:ef:da:28:47:b3:c5:7a:4f:99:e5:99:6f:fb:
         61:06:1f:92:91:5e:ae:79:43:1e:2a:b8:70:54:25:d7:44:6d:
         75:e2:38:03:1d:b1:f9:a4:fb:e4:a9:00:bc:19:b0:00:43:aa:
         30:ec:27:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5Uc4XzQsETCIMzRSJoeLBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTIzMTA0ODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmExMjdkOTNhZjU3OGJkMjllMjA1YTcyNDJmOWRhOTRlMDJjNzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtS+hvVkpD8fownWTMNuFr7lcq8aA
FUuysktV+RAcc6WSu5o8i7s6VYcRozE1ApGh3GLAku7Zl2s2XMPO+t2jscRW+R5/
e2k7Y7OlOmWCKlWiZoff1S4+nAhTOgUboODKSfZBEbidJbule8R/4bksKDGFmAca
dymIO79eXzRZfb93UrvZbBThb0Y1RtiKkdXoah2PrQOmia65ic0AqndymZQ7AZTv
LPiPiGti+jTr8xkDz5LFOIrmO2ctvwRvrXRrj+/blfOJbqmw9pGDL5tOIb5KFBIV
VHuo4h8itq5TTu5ctGS+GJT+6hN/ZL8CIHMyb/bwv+7hzYGiifsKz6N76QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNKhJ9k69Xi9KeIFpyQvnalOAsc2MB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvMHFFbjJUcjFlTDBwNGdXbkpDLWRxVTRDeHpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv3lMA0G
CSqGSIb3DQEBCwUAA4IBAQCMjyJpYzmDCumc7Dj2fzZkFz2beV5bFxFXOAV6o/xP
D1aZRZs4tm2KbulvoWBhFdY9kqfw3HzVqHrMHaku3SZT9w84jnM3s4YBNNzSjOVv
X6HRD4xTGRUE1bom805mxWU5/sDZGe24RRxE9POxOp2HfHFE4IoNwuYhKvdSjq1N
exugL8uzGFwr7bvHnVxavMv6QFOCEHE9A2WbXv67gw+MLbFx9bFQKEYLbTwCwwDU
vKAEI+odrkgIwI2hZA0KtyW3aHRFJKLCu2MTMu/aKEezxXpPmeWZb/thBh+SkV6u
eUMeKrhwVCXXRG114jgDHbH5pPvkqQC8GbAAQ6ow7CeC
-----END CERTIFICATE-----