Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/hPtPsg-6OKwTfronceqW8wXsS98.roa
File:                     hPtPsg-6OKwTfronceqW8wXsS98.roa (raw, json)
Hash identifier:          YXjMoOLA0PmRNOsi8ULuuhguIVXpGFhmxFke5vIV7vI=
Subject key identifier:   84:FB:4F:B2:0F:BA:38:AC:13:7E:BA:27:71:EA:96:F3:05:EC:4B:DF
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019E81BF6F65D605ED8E9217EF664D0EA239
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/hPtPsg-6OKwTfronceqW8wXsS98.roa
Signing time:             Mon 01 Jun 2026 05:54:27 +0000
ROA not before:           Mon 01 Jun 2026 05:54:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     149573
IP address blocks:        188.255.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:81:bf:6f:65:d6:05:ed:8e:92:17:ef:66:4d:0e:a2:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jun  1 05:54:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84fb4fb20fba38ac137eba2771ea96f305ec4bdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:02:99:c6:04:50:95:83:bc:6f:a0:31:ae:9d:
                    46:df:4f:93:0e:db:c3:3e:01:9a:a8:ff:39:c0:b0:
                    66:4a:8a:43:5c:6c:f8:eb:e8:ee:c3:96:31:e0:b8:
                    97:37:d4:62:05:47:f4:08:35:61:ee:b0:76:a3:be:
                    d3:0b:9b:9c:95:ed:1a:95:b1:07:91:c7:62:9b:ec:
                    f5:22:10:31:7c:aa:7e:f2:53:03:b0:c2:97:84:51:
                    6e:e5:34:c1:62:e3:4c:b6:f8:1e:f3:07:70:bd:b4:
                    96:b0:a7:bc:56:a1:b8:0d:69:ea:47:6d:14:2e:e5:
                    cb:54:6d:7e:1f:f9:70:2c:5b:5d:af:4e:16:1d:2c:
                    12:89:ef:d9:93:41:b4:c1:f2:6f:11:cd:e8:c2:10:
                    25:c6:71:17:0f:ab:80:b9:79:33:48:32:a9:03:c6:
                    b8:34:83:38:41:59:1d:66:5d:ac:c1:0f:90:c1:a8:
                    88:88:f0:4b:c9:4a:9b:1d:4d:22:76:52:c7:89:d6:
                    a9:08:61:47:2c:ca:3b:9b:72:01:3e:22:b6:ab:9f:
                    e4:0f:81:d9:94:83:56:0f:32:ab:83:92:fc:f5:f7:
                    15:cf:2c:e3:92:49:2f:33:d9:e3:81:c9:60:84:6f:
                    9b:be:a6:25:c5:36:29:cf:f6:eb:fb:d4:fb:4e:3e:
                    7d:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:FB:4F:B2:0F:BA:38:AC:13:7E:BA:27:71:EA:96:F3:05:EC:4B:DF
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/hPtPsg-6OKwTfronceqW8wXsS98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:3e:d7:a2:20:d9:09:e6:65:3d:fd:a9:9a:cf:52:d3:59:15:
         8b:79:76:77:28:8b:62:e1:ed:b8:88:f0:b2:fc:82:55:05:e4:
         cc:5c:37:9d:64:79:21:24:78:ce:10:a2:ad:d1:0e:56:12:7d:
         c3:1d:86:94:cc:f4:8f:aa:a9:af:c1:62:c6:2c:87:5e:65:10:
         3f:f4:2e:8f:03:bc:ee:3e:dc:f4:be:26:bf:e1:bd:6b:d8:5d:
         19:06:58:c6:72:bd:20:b7:ff:dc:3b:fa:67:1b:2f:5f:10:99:
         52:95:f6:47:e4:96:e7:8e:1f:35:aa:4e:ba:93:15:9e:f9:0d:
         1c:23:6c:09:6d:3b:17:33:8f:69:c4:54:54:99:01:e3:62:51:
         e9:1e:79:76:4d:c1:82:3d:ad:c4:37:bf:58:38:76:bd:a2:9e:
         da:e5:7b:77:91:8f:0c:31:71:2f:03:d4:86:59:0a:b4:d8:b4:
         0c:3a:d8:14:d5:1a:e7:d9:34:ff:94:79:25:ba:b1:6e:4b:b7:
         f9:79:15:1d:e3:5a:24:1d:29:d7:88:98:06:e8:0f:2b:93:4b:
         dd:b2:87:fa:0f:9a:54:9e:68:91:36:ef:b8:c6:7b:80:a0:ce:
         aa:68:28:eb:8a:39:22:b8:34:64:a2:cc:a3:55:ec:3e:c8:f5:
         47:f8:6e:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6Bv29l1gXtjpIX72ZNDqI5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNjAxMDU1NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGZiNGZiMjBmYmEzOGFjMTM3ZWJhMjc3MWVhOTZmMzA1ZWM0YmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6wKZxgRQlYO8b6Axrp1G30+TDtvD
PgGaqP85wLBmSopDXGz46+juw5Yx4LiXN9RiBUf0CDVh7rB2o77TC5ucle0albEH
kcdim+z1IhAxfKp+8lMDsMKXhFFu5TTBYuNMtvge8wdwvbSWsKe8VqG4DWnqR20U
LuXLVG1+H/lwLFtdr04WHSwSie/Zk0G0wfJvEc3owhAlxnEXD6uAuXkzSDKpA8a4
NIM4QVkdZl2swQ+QwaiIiPBLyUqbHU0idlLHidapCGFHLMo7m3IBPiK2q5/kD4HZ
lINWDzKrg5L89fcVzyzjkkkvM9njgclghG+bvqYlxTYpz/br+9T7Tj59awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIT7T7IPujisE366J3HqlvMF7EvfMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvaFB0UHNnLTZPS3dUZnJvbmNlcVc4d1hzUzk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP+IMA0G
CSqGSIb3DQEBCwUAA4IBAQBMPteiINkJ5mU9/amaz1LTWRWLeXZ3KIti4e24iPCy
/IJVBeTMXDedZHkhJHjOEKKt0Q5WEn3DHYaUzPSPqqmvwWLGLIdeZRA/9C6PA7zu
Ptz0via/4b1r2F0ZBljGcr0gt//cO/pnGy9fEJlSlfZH5Jbnjh81qk66kxWe+Q0c
I2wJbTsXM49pxFRUmQHjYlHpHnl2TcGCPa3EN79YOHa9op7a5Xt3kY8MMXEvA9SG
WQq02LQMOtgU1Rrn2TT/lHklurFuS7f5eRUd41okHSnXiJgG6A8rk0vdsof6D5pU
nmiRNu+4xnuAoM6qaCjrijkiuDRkosyjVew+yPVH+G7Q
-----END CERTIFICATE-----