Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/R2Iz5GevUGf-krHMkvkrt339EqM.roa
File:                     R2Iz5GevUGf-krHMkvkrt339EqM.roa (raw, json)
Hash identifier:          Tn/cjr5igEec4108Vij8hNZ06JAnhXKEqyCio3g56zo=
Subject key identifier:   47:62:33:E4:67:AF:50:67:FE:92:B1:CC:92:F9:2B:B7:7D:FD:12:A3
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019E2BA1121B2F64A445A6B248EDB9C059FF
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/R2Iz5GevUGf-krHMkvkrt339EqM.roa
Signing time:             Fri 15 May 2026 12:33:56 +0000
ROA not before:           Fri 15 May 2026 12:33:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199734
IP address blocks:        212.69.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2b:a1:12:1b:2f:64:a4:45:a6:b2:48:ed:b9:c0:59:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May 15 12:33:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=476233e467af5067fe92b1cc92f92bb77dfd12a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:32:5a:43:e7:6a:8f:03:f7:11:f0:9a:28:4c:
                    e8:aa:3f:d3:31:4b:93:26:5d:5d:8d:c6:d3:08:3e:
                    cf:0c:9c:79:af:01:13:3c:55:76:cd:34:e5:35:a9:
                    96:13:47:41:6c:ae:81:43:70:03:00:15:3a:dc:83:
                    d3:97:2e:2b:24:8e:1f:0f:32:5d:aa:fa:87:ef:a6:
                    03:08:56:99:c0:11:b1:2e:15:a5:5f:24:96:74:30:
                    4b:53:27:94:88:5f:05:79:f4:a7:c2:ec:f6:41:fd:
                    dc:49:8a:ff:50:66:88:ab:03:8d:b5:60:97:dd:95:
                    40:d9:09:83:4e:14:aa:cd:b3:9a:24:0d:93:2b:b8:
                    8f:bf:43:64:d1:dc:3f:3d:09:08:af:68:c2:24:88:
                    2d:a0:03:ce:2f:86:91:64:1a:e1:6a:49:cb:6b:53:
                    87:6e:72:0b:1f:fc:3c:f7:ed:b8:71:a7:ea:86:0c:
                    5d:83:6d:3c:56:82:21:6a:b2:36:af:1e:fc:7e:43:
                    e6:fe:62:37:db:21:b6:2b:56:b7:33:dc:f4:97:58:
                    f0:76:23:67:69:cc:4a:83:9f:7a:f4:3b:35:6f:6f:
                    29:f4:4e:c2:a4:20:79:b9:2b:f1:ba:30:00:e9:e8:
                    c3:f6:c4:52:a3:c1:b8:a5:b5:75:5b:e7:e3:10:cf:
                    b6:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:62:33:E4:67:AF:50:67:FE:92:B1:CC:92:F9:2B:B7:7D:FD:12:A3
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/R2Iz5GevUGf-krHMkvkrt339EqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.69.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:fc:44:ba:a1:f2:8f:81:62:7c:6c:b3:6b:06:4e:14:01:df:
         58:df:ce:67:ce:73:7a:71:f5:c2:fd:b4:dd:a9:2d:e9:d4:d3:
         d1:6a:2c:c1:8e:fb:45:81:f7:87:07:49:5a:a1:0f:54:d0:ef:
         c5:d4:25:88:2f:71:57:5a:82:6c:99:25:b1:c0:52:fa:06:d3:
         98:5a:bd:6f:91:53:bf:0d:9d:33:e0:95:51:c2:08:f0:d7:19:
         8e:01:38:31:15:ff:f7:28:d1:45:b6:be:28:cb:66:86:63:23:
         2e:64:3d:7c:a7:e2:34:8a:56:cb:98:ac:f1:60:5a:8b:d3:de:
         17:d1:af:89:fb:6e:49:c7:4b:6d:21:61:37:07:90:81:ae:31:
         f6:eb:92:9f:52:c7:bc:b0:47:22:3e:33:80:30:ec:ba:92:8d:
         2d:7a:b5:e9:d6:2d:7d:ef:18:3d:76:fd:d0:5a:a8:02:06:d7:
         21:4a:2a:b2:33:ae:a6:73:83:6b:27:8f:2b:5f:ae:37:e9:db:
         f4:10:ea:d6:b2:ce:de:02:31:95:ed:48:a3:1c:ef:4e:13:ac:
         3b:fc:ed:21:a9:ec:78:47:50:59:32:29:94:eb:99:b8:15:8b:
         6f:cb:9f:9f:22:89:c2:2b:8b:9c:03:26:a4:e0:8c:ed:27:cd:
         6d:2c:2a:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4roRIbL2SkRaaySO25wFn/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTE1MTIzMzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzYyMzNlNDY3YWY1MDY3ZmU5MmIxY2M5MmY5MmJiNzdkZmQxMmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7DJaQ+dqjwP3EfCaKEzoqj/TMUuT
Jl1djcbTCD7PDJx5rwETPFV2zTTlNamWE0dBbK6BQ3ADABU63IPTly4rJI4fDzJd
qvqH76YDCFaZwBGxLhWlXySWdDBLUyeUiF8FefSnwuz2Qf3cSYr/UGaIqwONtWCX
3ZVA2QmDThSqzbOaJA2TK7iPv0Nk0dw/PQkIr2jCJIgtoAPOL4aRZBrhaknLa1OH
bnILH/w89+24cafqhgxdg208VoIharI2rx78fkPm/mI32yG2K1a3M9z0l1jwdiNn
acxKg5969Ds1b28p9E7CpCB5uSvxujAA6ejD9sRSo8G4pbV1W+fjEM+2IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdiM+Rnr1Bn/pKxzJL5K7d9/RKjMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvUjJJejVHZXZVR2Yta3JITWt2a3J0MzM5RXFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EULMA0G
CSqGSIb3DQEBCwUAA4IBAQA2/ES6ofKPgWJ8bLNrBk4UAd9Y385nznN6cfXC/bTd
qS3p1NPRaizBjvtFgfeHB0laoQ9U0O/F1CWIL3FXWoJsmSWxwFL6BtOYWr1vkVO/
DZ0z4JVRwgjw1xmOATgxFf/3KNFFtr4oy2aGYyMuZD18p+I0ilbLmKzxYFqL094X
0a+J+25Jx0ttIWE3B5CBrjH265KfUse8sEciPjOAMOy6ko0terXp1i197xg9dv3Q
WqgCBtchSiqyM66mc4NrJ48rX6436dv0EOrWss7eAjGV7UijHO9OE6w7/O0hqex4
R1BZMimU65m4FYtvy5+fIonCK4ucAyak4IztJ81tLCoc
-----END CERTIFICATE-----