Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/oARZ6oTr4cQ8g_kHZA5aqd1qMLQ.roa
File:                     oARZ6oTr4cQ8g_kHZA5aqd1qMLQ.roa (raw, json)
Hash identifier:          yF+kCjJ0S1gnXWTA33vjxysCsTy5aFtDEK492sXsfic=
Subject key identifier:   A0:04:59:EA:84:EB:E1:C4:3C:83:F9:07:64:0E:5A:A9:DD:6A:30:B4
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019E72F9641E4F2FBE09D918D3F1435843CC
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/oARZ6oTr4cQ8g_kHZA5aqd1qMLQ.roa
Signing time:             Fri 29 May 2026 09:03:27 +0000
ROA not before:           Fri 29 May 2026 09:03:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     174
IP address blocks:        188.255.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:72:f9:64:1e:4f:2f:be:09:d9:18:d3:f1:43:58:43:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May 29 09:03:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a00459ea84ebe1c43c83f907640e5aa9dd6a30b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:78:a0:3e:23:9e:19:a2:02:05:22:91:61:c6:
                    07:20:cd:9f:64:10:9b:ab:a0:d0:73:bf:d5:69:e9:
                    b4:7e:07:bf:2e:86:04:53:04:24:ff:10:cb:0d:3c:
                    e2:7b:b1:fe:50:fe:53:52:9a:6b:4b:69:3c:89:bc:
                    aa:48:73:39:30:b9:9e:4e:20:ff:86:10:81:8d:0a:
                    17:21:4b:4e:d8:a9:8b:cc:9b:10:d5:ba:b1:52:c7:
                    a9:81:5c:7a:f7:54:17:93:de:05:bd:e7:58:d5:b3:
                    79:d5:4e:65:4a:9a:70:0f:f9:ac:1b:0d:55:61:ab:
                    fc:92:53:ab:b2:02:c8:0f:24:04:1d:0b:8c:82:45:
                    56:92:d4:2c:4a:3d:54:ea:45:23:d7:cb:46:a4:f4:
                    76:bd:4f:a9:3f:f1:f2:1a:1a:c0:48:89:b3:15:ce:
                    04:fa:cb:fe:01:df:bf:71:2e:74:c3:f5:e6:78:74:
                    0b:fc:d9:f8:bd:28:e9:e6:b4:de:76:f3:c3:fb:94:
                    73:f3:52:20:97:e8:d8:c8:a3:9a:ae:98:18:e4:9a:
                    c6:6c:97:09:86:1e:1f:4f:d1:2d:31:60:f4:76:b0:
                    68:91:4a:7e:74:c8:35:8f:84:02:66:9c:52:ea:d7:
                    80:1a:ee:d9:11:b8:07:cb:38:55:d9:d7:28:ef:41:
                    ef:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:04:59:EA:84:EB:E1:C4:3C:83:F9:07:64:0E:5A:A9:DD:6A:30:B4
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/oARZ6oTr4cQ8g_kHZA5aqd1qMLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:d7:1d:c7:7a:78:82:8e:8d:67:c7:a3:e5:4e:34:97:46:e0:
         82:d0:df:9e:0b:4d:2f:45:19:a0:fe:02:07:5f:dd:9e:66:18:
         5b:bb:4d:54:b3:c1:43:45:56:45:a7:8b:35:ac:f1:d1:a7:47:
         d5:cc:fb:92:14:76:c4:0a:37:6d:71:72:64:8b:92:c1:46:82:
         32:db:7b:d0:d7:ec:e2:14:92:db:6d:3d:17:4c:d8:ac:d6:05:
         14:3f:ff:d9:0c:1c:ce:eb:3a:df:bb:f3:8e:e4:99:15:18:e0:
         78:ac:a5:19:d7:08:04:9d:01:0b:8a:25:81:5f:24:d6:4a:03:
         90:4a:a3:99:07:98:bf:c2:5a:5d:9e:75:b3:11:b9:b6:53:df:
         0c:57:de:db:a4:e9:ee:12:f8:9a:16:45:b1:ae:92:27:76:10:
         b1:3d:93:b4:f1:7f:b1:66:e9:c3:cd:ee:9b:2d:eb:ed:23:d0:
         c6:d8:ac:6a:d3:d5:f5:c3:1a:5c:12:9b:1f:2d:31:f7:7c:3c:
         7b:8e:08:43:c6:8f:ad:04:35:a2:38:99:1d:19:ea:56:9f:ba:
         7b:ca:9d:d5:2c:7d:15:61:fb:94:a8:44:b5:36:09:51:9a:8e:
         f5:49:5e:4b:c9:bd:eb:25:4c:55:6f:33:4b:f1:db:88:71:a0:
         da:be:80:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5y+WQeTy++CdkY0/FDWEPMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTI5MDkwMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDA0NTllYTg0ZWJlMWM0M2M4M2Y5MDc2NDBlNWFhOWRkNmEzMGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3igPiOeGaICBSKRYcYHIM2fZBCb
q6DQc7/Vaem0fge/LoYEUwQk/xDLDTzie7H+UP5TUpprS2k8ibyqSHM5MLmeTiD/
hhCBjQoXIUtO2KmLzJsQ1bqxUsepgVx691QXk94FvedY1bN51U5lSppwD/msGw1V
Yav8klOrsgLIDyQEHQuMgkVWktQsSj1U6kUj18tGpPR2vU+pP/HyGhrASImzFc4E
+sv+Ad+/cS50w/XmeHQL/Nn4vSjp5rTedvPD+5Rz81Igl+jYyKOarpgY5JrGbJcJ
hh4fT9EtMWD0drBokUp+dMg1j4QCZpxS6teAGu7ZEbgHyzhV2dco70HvpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAEWeqE6+HEPIP5B2QOWqndajC0MB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvb0FSWjZvVHI0Y1E4Z19rSFpBNWFxZDFxTUxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP/yMA0G
CSqGSIb3DQEBCwUAA4IBAQAU1x3HeniCjo1nx6PlTjSXRuCC0N+eC00vRRmg/gIH
X92eZhhbu01Us8FDRVZFp4s1rPHRp0fVzPuSFHbECjdtcXJki5LBRoIy23vQ1+zi
FJLbbT0XTNis1gUUP//ZDBzO6zrfu/OO5JkVGOB4rKUZ1wgEnQELiiWBXyTWSgOQ
SqOZB5i/wlpdnnWzEbm2U98MV97bpOnuEviaFkWxrpIndhCxPZO08X+xZunDze6b
LevtI9DG2Kxq09X1wxpcEpsfLTH3fDx7jghDxo+tBDWiOJkdGepWn7p7yp3VLH0V
YfuUqES1NglRmo71SV5Lyb3rJUxVbzNL8duIcaDavoDK
-----END CERTIFICATE-----