Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/6SGncDrqYDpQGEDuIWDnfbVCMjc.roa
File:                     6SGncDrqYDpQGEDuIWDnfbVCMjc.roa (raw, json)
Hash identifier:          z0GAiziBDXBT4sZtravdZfNM5+ikQZJBB70AFI5Qsfc=
Subject key identifier:   E9:21:A7:70:3A:EA:60:3A:50:18:40:EE:21:60:E7:7D:B5:42:32:37
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019DF6F51452547A835B4444C960BA44C9CD
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/6SGncDrqYDpQGEDuIWDnfbVCMjc.roa
Signing time:             Tue 05 May 2026 07:05:49 +0000
ROA not before:           Tue 05 May 2026 07:05:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209888
IP address blocks:        188.255.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 16:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f6:f5:14:52:54:7a:83:5b:44:44:c9:60:ba:44:c9:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May  5 07:05:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e921a7703aea603a501840ee2160e77db5423237
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f3:92:9b:07:a0:bd:41:23:da:8b:17:b1:94:
                    75:ea:84:2e:11:a8:0e:08:a5:00:14:fb:93:5b:f6:
                    be:d1:76:50:7c:de:cc:aa:50:2e:5e:e2:8c:fe:7f:
                    73:5f:74:9c:bf:ea:6e:0a:64:b4:e8:1e:00:7e:3e:
                    a5:09:25:bf:6f:04:a1:d6:85:fa:d5:72:e3:03:73:
                    28:37:b8:11:bc:6f:d8:98:ea:1b:5d:f6:1d:93:8c:
                    da:2f:03:7c:ee:48:36:67:bf:6f:77:de:21:68:c7:
                    2e:3a:88:e5:bc:c3:d6:fa:72:80:26:d4:0c:e5:3d:
                    29:b3:f2:ce:0a:2f:c0:ed:ac:ce:31:9e:52:10:4f:
                    35:c3:15:f7:4d:ef:cb:57:90:fe:01:ec:35:7f:72:
                    66:05:6e:b4:ce:b0:54:bc:fa:12:0b:b4:87:91:26:
                    23:d2:89:d5:a4:d8:72:5f:ed:b8:97:0f:e6:06:2a:
                    91:e1:77:a1:25:c5:16:9c:cd:be:83:5e:bd:4d:44:
                    b8:1c:cd:38:b3:98:1b:6a:c3:05:27:ea:35:21:62:
                    a3:51:e2:2e:f6:71:99:c7:2c:55:5a:92:1a:bb:61:
                    e6:70:ba:e2:3e:75:81:25:ca:fa:df:5d:df:b0:aa:
                    75:99:ce:85:b7:8c:e2:a8:72:5a:0a:e6:3d:9b:90:
                    d1:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:21:A7:70:3A:EA:60:3A:50:18:40:EE:21:60:E7:7D:B5:42:32:37
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/6SGncDrqYDpQGEDuIWDnfbVCMjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:cf:38:27:ed:bd:03:f0:f4:38:bc:0e:f7:59:19:bd:ec:49:
         c1:70:45:26:01:34:ff:e8:3a:89:3d:c1:0e:8e:c0:e9:0a:59:
         63:47:cf:94:cc:81:95:37:68:2d:c9:12:0f:69:33:9e:ae:38:
         b1:28:40:ed:4f:fd:53:8f:c2:7b:c2:80:3a:14:8f:7b:2f:01:
         93:f5:7e:ba:38:87:4f:f4:86:33:63:9a:b4:90:1b:56:47:5d:
         42:f6:0f:09:17:22:83:68:7c:8f:50:05:2d:c6:0f:18:cb:f3:
         87:fb:fa:5d:c8:67:39:40:8b:f1:00:2d:a4:65:93:10:85:73:
         be:c6:03:25:12:22:3f:66:f1:bc:a6:a6:61:a1:e8:10:81:1c:
         73:3b:60:9e:2a:13:85:1f:1c:0f:fb:97:de:ea:fc:86:b5:1c:
         07:b4:26:06:4c:d5:4b:3c:8e:fe:6f:aa:b2:8d:3f:1f:91:7b:
         b4:cc:12:6d:64:93:75:3c:b3:25:a9:b8:24:14:0d:23:8f:fe:
         71:62:ba:86:2c:05:d5:66:a8:82:a1:41:e1:47:5b:7b:4d:cb:
         9c:c6:6a:c9:b3:63:9e:61:d3:71:9b:7b:c0:ff:85:80:1d:ee:
         b1:3b:1f:d6:07:80:c0:4b:b1:9d:35:fa:5a:64:31:e1:b8:19:
         b7:0f:9f:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ329RRSVHqDW0REyWC6RMnNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTA1MDcwNTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTIxYTc3MDNhZWE2MDNhNTAxODQwZWUyMTYwZTc3ZGI1NDIzMjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/OSmwegvUEj2osXsZR16oQuEagO
CKUAFPuTW/a+0XZQfN7MqlAuXuKM/n9zX3Scv+puCmS06B4Afj6lCSW/bwSh1oX6
1XLjA3MoN7gRvG/YmOobXfYdk4zaLwN87kg2Z79vd94haMcuOojlvMPW+nKAJtQM
5T0ps/LOCi/A7azOMZ5SEE81wxX3Te/LV5D+Aew1f3JmBW60zrBUvPoSC7SHkSYj
0onVpNhyX+24lw/mBiqR4XehJcUWnM2+g169TUS4HM04s5gbasMFJ+o1IWKjUeIu
9nGZxyxVWpIau2HmcLriPnWBJcr6313fsKp1mc6Ft4ziqHJaCuY9m5DR8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOkhp3A66mA6UBhA7iFg5321QjI3MB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvNlNHbmNEcnFZRHBRR0VEdUlXRG5mYlZDTWpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP+uMA0G
CSqGSIb3DQEBCwUAA4IBAQCdzzgn7b0D8PQ4vA73WRm97EnBcEUmATT/6DqJPcEO
jsDpClljR8+UzIGVN2gtyRIPaTOerjixKEDtT/1Tj8J7woA6FI97LwGT9X66OIdP
9IYzY5q0kBtWR11C9g8JFyKDaHyPUAUtxg8Yy/OH+/pdyGc5QIvxAC2kZZMQhXO+
xgMlEiI/ZvG8pqZhoegQgRxzO2CeKhOFHxwP+5fe6vyGtRwHtCYGTNVLPI7+b6qy
jT8fkXu0zBJtZJN1PLMlqbgkFA0jj/5xYrqGLAXVZqiCoUHhR1t7TcucxmrJs2Oe
YdNxm3vA/4WAHe6xOx/WB4DAS7GdNfpaZDHhuBm3D58l
-----END CERTIFICATE-----