Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/j6znYu0bJRReLpFKGjBQS3zUf5Q.roa
File:                     j6znYu0bJRReLpFKGjBQS3zUf5Q.roa (raw, json)
Hash identifier:          zeH1/5DXXLfFyvTDI3wxcCj9S7ygGASJokuM/q7Nwsg=
Subject key identifier:   8F:AC:E7:62:ED:1B:25:14:5E:2E:91:4A:1A:30:50:4B:7C:D4:7F:94
Certificate issuer:       /CN=d4afe3f0c9e555e52d3505d6163278df3da18cee
Certificate serial:       019E8CCB7F40933190D84B77CA22B800589A
Authority key identifier: D4:AF:E3:F0:C9:E5:55:E5:2D:35:05:D6:16:32:78:DF:3D:A1:8C:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1K_j8MnlVeUtNQXWFjJ43z2hjO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/j6znYu0bJRReLpFKGjBQS3zUf5Q.roa
Signing time:             Wed 03 Jun 2026 09:23:26 +0000
ROA not before:           Wed 03 Jun 2026 09:23:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205489
IP address blocks:        213.193.240.0/24 maxlen: 24
                          213.193.242.0/24 maxlen: 24
                          213.193.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/1K_j8MnlVeUtNQXWFjJ43z2hjO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/1K_j8MnlVeUtNQXWFjJ43z2hjO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1K_j8MnlVeUtNQXWFjJ43z2hjO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8c:cb:7f:40:93:31:90:d8:4b:77:ca:22:b8:00:58:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4afe3f0c9e555e52d3505d6163278df3da18cee
        Validity
            Not Before: Jun  3 09:23:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8face762ed1b25145e2e914a1a30504b7cd47f94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7a:5b:92:52:fe:44:d7:95:e0:bd:68:f9:e1:
                    d3:4a:03:21:31:69:80:a5:8e:8c:4e:4a:c6:cb:00:
                    47:a0:97:db:0a:82:43:10:93:eb:e6:be:a0:fc:c8:
                    8c:6d:d8:f8:d7:12:5f:bb:13:04:78:08:0e:59:58:
                    19:2e:bf:5e:7e:b0:94:3d:c2:9b:f9:33:7e:d5:0c:
                    19:57:c7:60:6c:39:66:2c:c4:15:76:ed:94:f3:be:
                    24:cd:59:aa:c0:ed:4f:a3:14:41:ee:d0:4f:f5:7b:
                    ab:da:71:2d:e7:f5:23:ac:f1:e1:59:cc:39:86:bf:
                    62:ca:52:71:29:cd:60:54:0b:bd:96:b0:3c:11:47:
                    fa:5a:7b:46:42:eb:4e:42:29:0f:71:ac:15:13:0c:
                    9a:07:6a:07:51:b8:df:b7:89:26:fc:7e:d6:59:69:
                    fd:ce:20:f7:4f:5c:ae:24:c9:d8:64:48:05:fe:46:
                    dd:17:c0:d1:c3:79:86:0b:15:9d:a5:47:ec:31:50:
                    c7:8f:4c:dc:01:e1:2f:8a:70:49:e1:a4:fc:e4:43:
                    b3:ec:1f:2b:a0:f6:95:1c:8c:f7:f1:ee:4d:d5:fa:
                    2e:4b:b7:c7:81:f8:55:a0:5f:4b:16:ae:f4:ab:10:
                    bf:e5:a1:70:37:18:f0:e6:af:65:ce:45:89:97:b1:
                    bd:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:AC:E7:62:ED:1B:25:14:5E:2E:91:4A:1A:30:50:4B:7C:D4:7F:94
            X509v3 Authority Key Identifier:
                keyid:D4:AF:E3:F0:C9:E5:55:E5:2D:35:05:D6:16:32:78:DF:3D:A1:8C:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1K_j8MnlVeUtNQXWFjJ43z2hjO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/j6znYu0bJRReLpFKGjBQS3zUf5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/1c67ef-e83d-4427-864b-c59825bbcb32/1/1K_j8MnlVeUtNQXWFjJ43z2hjO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.193.240.0/24
                  213.193.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:9e:15:d9:0b:8a:6f:f1:3c:15:a0:0d:3c:8a:02:7c:21:96:
         52:13:b2:68:78:a6:94:34:da:ad:e9:a1:5f:32:de:be:fe:33:
         1f:9a:34:c5:64:25:4e:2f:0f:47:4a:2b:77:15:cf:a1:e0:15:
         17:37:c1:80:ed:4a:58:94:58:8d:22:98:0b:cf:b9:04:5f:0a:
         af:9e:3f:ff:25:95:48:aa:bf:92:bc:67:88:ff:cf:cf:e1:f6:
         c4:0d:2b:83:e7:67:65:32:81:d3:ea:b1:5b:4f:cd:2a:8b:e5:
         49:2e:43:c4:e9:29:c3:56:39:f0:2f:ef:0b:69:4d:92:55:a8:
         47:af:0f:92:62:df:2f:4e:99:99:5d:6a:9b:74:85:be:d8:10:
         e0:0f:28:2d:b8:da:67:b8:0a:35:8e:c7:0e:b6:c1:8f:6c:fe:
         c3:c2:bc:17:cd:e1:d0:f9:e0:8e:e6:7a:56:bd:a5:8d:ad:71:
         5f:bf:3a:ba:b6:b3:18:51:2e:2c:66:cf:8f:b1:85:f4:39:2d:
         3a:5a:dd:89:f0:a4:9f:1d:98:9e:3b:e7:cc:79:3e:41:3e:56:
         d9:d7:20:c7:54:3e:a4:a2:1f:88:67:d4:53:9d:4a:3f:4a:81:
         99:e8:eb:bc:98:5d:ab:78:1d:24:47:11:48:fe:2f:4a:ac:70:
         8d:58:32:9f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6My39AkzGQ2Et3yiK4AFiaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0YWZlM2YwYzllNTU1ZTUyZDM1MDVkNjE2MzI3OGRmM2Rh
MThjZWUwHhcNMjYwNjAzMDkyMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmFjZTc2MmVkMWIyNTE0NWUyZTkxNGExYTMwNTA0YjdjZDQ3Zjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3pbklL+RNeV4L1o+eHTSgMhMWmA
pY6MTkrGywBHoJfbCoJDEJPr5r6g/MiMbdj41xJfuxMEeAgOWVgZLr9efrCUPcKb
+TN+1QwZV8dgbDlmLMQVdu2U874kzVmqwO1PoxRB7tBP9Xur2nEt5/UjrPHhWcw5
hr9iylJxKc1gVAu9lrA8EUf6WntGQutOQikPcawVEwyaB2oHUbjft4km/H7WWWn9
ziD3T1yuJMnYZEgF/kbdF8DRw3mGCxWdpUfsMVDHj0zcAeEvinBJ4aT85EOz7B8r
oPaVHIz38e5N1fouS7fHgfhVoF9LFq70qxC/5aFwNxjw5q9lzkWJl7G9pwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI+s52LtGyUUXi6RShowUEt81H+UMB8GA1UdIwQY
MBaAFNSv4/DJ5VXlLTUF1hYyeN89oYzuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUtfajhNbmxWZVV0TlFYV0ZqSjQzejJoak80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8xYzY3ZWYtZTgzZC00NDI3LTg2NGIt
YzU5ODI1YmJjYjMyLzEvajZ6bll1MGJKUlJlTHBGS0dqQlFTM3pVZjVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8xYzY3ZWYtZTgzZC00NDI3LTg2NGItYzU5ODI1YmJjYjMy
LzEvMUtfajhNbmxWZVV0TlFYV0ZqSjQzejJoak80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1cHwAwQB
1cHyMA0GCSqGSIb3DQEBCwUAA4IBAQBtnhXZC4pv8TwVoA08igJ8IZZSE7JoeKaU
NNqt6aFfMt6+/jMfmjTFZCVOLw9HSit3Fc+h4BUXN8GA7UpYlFiNIpgLz7kEXwqv
nj//JZVIqr+SvGeI/8/P4fbEDSuD52dlMoHT6rFbT80qi+VJLkPE6SnDVjnwL+8L
aU2SVahHrw+SYt8vTpmZXWqbdIW+2BDgDygtuNpnuAo1jscOtsGPbP7DwrwXzeHQ
+eCO5npWvaWNrXFfvzq6trMYUS4sZs+PsYX0OS06Wt2J8KSfHZieO+fMeT5BPlbZ
1yDHVD6koh+IZ9RTnUo/SoGZ6Ou8mF2reB0kRxFI/i9KrHCNWDKf
-----END CERTIFICATE-----