Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/upeWk6l3RB2LHUKsj33cbx3Wo4U.roa
File:                     upeWk6l3RB2LHUKsj33cbx3Wo4U.roa (raw, json)
Hash identifier:          mpD7pPPDL+iqPtBq39SRfO3k/c/MKzg91fIxVKEE1ZE=
Subject key identifier:   BA:97:96:93:A9:77:44:1D:8B:1D:42:AC:8F:7D:DC:6F:1D:D6:A3:85
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019E6E9D5E52C74A76E7AFA0B685D8D30683
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/upeWk6l3RB2LHUKsj33cbx3Wo4U.roa
Signing time:             Thu 28 May 2026 12:44:27 +0000
ROA not before:           Thu 28 May 2026 12:44:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199176
IP address blocks:        81.18.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6e:9d:5e:52:c7:4a:76:e7:af:a0:b6:85:d8:d3:06:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May 28 12:44:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba979693a977441d8b1d42ac8f7ddc6f1dd6a385
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ea:c6:52:1e:40:95:7e:bf:d9:35:95:d8:0f:
                    0b:69:9c:d2:21:5e:6a:7f:7a:65:8d:ed:62:7c:47:
                    66:ac:fd:21:c6:32:70:10:37:29:10:9f:99:33:89:
                    56:f3:0a:96:d2:6d:d2:9b:92:5b:00:06:99:25:a1:
                    0b:7f:97:44:18:97:3d:6b:2c:cd:0e:e6:bf:38:99:
                    14:9d:f4:d2:0e:8f:b0:78:7f:81:af:e2:81:60:1a:
                    16:7c:3b:26:e0:90:96:e2:49:20:28:31:9f:af:4f:
                    9e:0f:8b:3d:ae:00:91:c9:78:67:05:63:19:4e:b8:
                    e9:86:9b:0c:e8:b5:48:47:d8:5c:fd:78:72:09:3f:
                    3a:05:b5:e1:4b:5f:fb:cf:67:02:14:32:30:1a:a2:
                    eb:b0:0d:4b:f9:61:e0:f0:a4:f3:87:3d:23:f7:51:
                    70:58:2d:d1:ed:be:78:17:7a:d5:33:b1:10:2c:0e:
                    43:66:99:5c:c0:15:20:50:03:6d:93:4f:de:4c:82:
                    20:d7:5c:74:e6:52:84:00:67:55:d9:73:ac:f1:ad:
                    ca:ec:c7:74:ab:33:d0:0f:3a:4f:e4:cf:f9:32:0f:
                    07:6c:77:71:9e:41:41:e8:ce:43:f4:4c:fd:95:e5:
                    99:0c:e5:43:fb:1b:d1:16:db:d7:1d:61:f7:20:45:
                    b9:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:97:96:93:A9:77:44:1D:8B:1D:42:AC:8F:7D:DC:6F:1D:D6:A3:85
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/upeWk6l3RB2LHUKsj33cbx3Wo4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.18.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:ce:f5:19:4a:7a:7b:b8:1f:59:4c:cf:b6:56:64:3f:18:9f:
         ef:5e:d5:17:30:4d:46:31:be:f6:89:39:60:48:30:19:9a:24:
         0a:45:4b:6d:bd:12:ff:d7:b6:01:ab:c6:7b:66:aa:22:6c:23:
         99:97:f4:88:43:ea:03:11:1b:d9:6e:16:b3:d3:69:71:63:2e:
         33:fe:25:45:fc:be:c1:b8:a7:18:f2:86:b5:01:8e:91:7f:b0:
         10:07:d3:45:0f:c6:76:e4:51:38:1b:09:b6:3f:63:c8:8d:1b:
         d9:44:d9:c1:2a:25:fa:90:24:34:de:46:c2:b4:f1:6c:ce:62:
         63:0e:91:93:fb:55:49:be:22:35:d9:3d:97:7e:07:b0:57:9c:
         ef:a3:a5:e0:5d:a5:ca:20:19:76:a1:d2:73:cd:28:11:b6:c9:
         40:66:08:2f:0e:10:67:c4:95:09:b7:f9:d1:3c:27:f0:14:4e:
         df:a1:3b:36:f2:c8:7d:6f:88:a8:f7:82:22:69:d6:f1:cc:03:
         20:98:4f:19:31:0d:19:49:b6:8e:b5:93:2b:54:55:d6:08:36:
         b7:33:a0:b5:f6:0f:ee:ec:90:27:e9:96:89:9c:8f:a0:a0:6e:
         9d:8f:94:ea:a6:c2:4e:5d:a3:92:fd:0a:93:4f:dc:34:d8:8f:
         29:7e:6f:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5unV5Sx0p256+gtoXY0waDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTI4MTI0NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTk3OTY5M2E5Nzc0NDFkOGIxZDQyYWM4ZjdkZGM2ZjFkZDZhMzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAturGUh5AlX6/2TWV2A8LaZzSIV5q
f3plje1ifEdmrP0hxjJwEDcpEJ+ZM4lW8wqW0m3Sm5JbAAaZJaELf5dEGJc9ayzN
Dua/OJkUnfTSDo+weH+Br+KBYBoWfDsm4JCW4kkgKDGfr0+eD4s9rgCRyXhnBWMZ
TrjphpsM6LVIR9hc/XhyCT86BbXhS1/7z2cCFDIwGqLrsA1L+WHg8KTzhz0j91Fw
WC3R7b54F3rVM7EQLA5DZplcwBUgUANtk0/eTIIg11x05lKEAGdV2XOs8a3K7Md0
qzPQDzpP5M/5Mg8HbHdxnkFB6M5D9Ez9leWZDOVD+xvRFtvXHWH3IEW5iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLqXlpOpd0Qdix1CrI993G8d1qOFMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvdXBlV2s2bDNSQjJMSFVLc2ozM2NieDNXbzRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURIwMA0G
CSqGSIb3DQEBCwUAA4IBAQCKzvUZSnp7uB9ZTM+2VmQ/GJ/vXtUXME1GMb72iTlg
SDAZmiQKRUttvRL/17YBq8Z7ZqoibCOZl/SIQ+oDERvZbhaz02lxYy4z/iVF/L7B
uKcY8oa1AY6Rf7AQB9NFD8Z25FE4Gwm2P2PIjRvZRNnBKiX6kCQ03kbCtPFszmJj
DpGT+1VJviI12T2XfgewV5zvo6XgXaXKIBl2odJzzSgRtslAZggvDhBnxJUJt/nR
PCfwFE7foTs28sh9b4io94IiadbxzAMgmE8ZMQ0ZSbaOtZMrVFXWCDa3M6C19g/u
7JAn6ZaJnI+goG6dj5TqpsJOXaOS/QqTT9w02I8pfm90
-----END CERTIFICATE-----