Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/R6fKmNiL6DPYHGHsgrQhdxRjogw.roa
File:                     R6fKmNiL6DPYHGHsgrQhdxRjogw.roa (raw, json)
Hash identifier:          KlrIoUKqLYU4rd9VeTGSXIJFZfzjhsMmFKFxCnepX50=
Subject key identifier:   47:A7:CA:98:D8:8B:E8:33:D8:1C:61:EC:82:B4:21:77:14:63:A2:0C
Certificate issuer:       /CN=a8010ceb20f2e076a3f000271a5c375761bec2f5
Certificate serial:       019F138E89B3A1862C3D72E54AF579549165
Authority key identifier: A8:01:0C:EB:20:F2:E0:76:A3:F0:00:27:1A:5C:37:57:61:BE:C2:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qAEM6yDy4Haj8AAnGlw3V2G-wvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/R6fKmNiL6DPYHGHsgrQhdxRjogw.roa
Signing time:             Mon 29 Jun 2026 13:25:36 +0000
ROA not before:           Mon 29 Jun 2026 13:25:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     22351
IP address blocks:        159.253.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/qAEM6yDy4Haj8AAnGlw3V2G-wvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/qAEM6yDy4Haj8AAnGlw3V2G-wvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qAEM6yDy4Haj8AAnGlw3V2G-wvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 13:25:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:13:8e:89:b3:a1:86:2c:3d:72:e5:4a:f5:79:54:91:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8010ceb20f2e076a3f000271a5c375761bec2f5
        Validity
            Not Before: Jun 29 13:25:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=47a7ca98d88be833d81c61ec82b421771463a20c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1d:21:7f:23:5b:6b:8d:e5:ee:18:92:8f:1f:
                    c5:af:42:48:13:f1:75:9c:6b:4e:b5:bc:23:9d:ef:
                    07:42:6f:c1:c1:89:6c:ea:98:49:e0:d6:21:63:70:
                    40:2b:ba:f8:84:48:f0:0c:10:8b:e8:02:9a:9a:76:
                    10:c7:da:5a:ca:3c:a2:1f:78:69:64:65:50:41:46:
                    eb:1b:1b:e6:62:e9:88:12:01:0e:d8:9f:1d:bb:7d:
                    49:4a:68:7a:56:3e:49:77:a7:5f:5f:da:20:0a:b7:
                    42:98:54:ff:e8:61:46:24:ec:d9:23:30:d1:d1:fd:
                    ee:ee:ee:6d:18:f7:44:3c:94:6f:31:2a:1f:04:c3:
                    91:03:17:30:8a:a1:32:fa:9b:a4:22:36:23:35:05:
                    60:7b:e5:a9:70:5f:c3:6e:0c:4b:b6:3a:16:bd:40:
                    fd:bf:a8:31:d8:6c:8a:21:09:e5:7e:69:23:06:67:
                    62:6d:9a:f9:a3:5f:e6:b7:57:85:f5:ec:1f:99:10:
                    f4:39:dc:48:e6:77:14:c0:43:34:9e:16:53:ee:4f:
                    2e:15:b4:03:bf:31:12:08:3a:97:1c:0b:a8:fb:a5:
                    84:23:7c:d3:22:4e:ae:45:62:03:04:72:72:0d:34:
                    bf:44:bf:3d:10:dd:88:9d:c6:80:01:1f:da:be:13:
                    98:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:A7:CA:98:D8:8B:E8:33:D8:1C:61:EC:82:B4:21:77:14:63:A2:0C
            X509v3 Authority Key Identifier:
                keyid:A8:01:0C:EB:20:F2:E0:76:A3:F0:00:27:1A:5C:37:57:61:BE:C2:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qAEM6yDy4Haj8AAnGlw3V2G-wvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/R6fKmNiL6DPYHGHsgrQhdxRjogw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/qAEM6yDy4Haj8AAnGlw3V2G-wvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:68:98:bc:6d:86:be:2f:96:19:94:ee:e3:47:37:d6:ff:54:
         12:52:60:56:58:a9:55:a1:a2:17:bf:b5:14:ed:8b:c0:3a:c1:
         1a:cb:12:7d:40:11:b7:56:22:14:0a:dd:c2:98:24:a1:3c:92:
         e9:30:5f:e7:4f:4b:62:33:30:9e:82:14:ac:20:ac:42:5a:54:
         81:f0:ed:3a:2e:88:1a:55:b5:db:b6:10:b9:52:b0:43:4e:ec:
         47:35:a7:f8:fa:99:71:6c:6e:d4:9a:12:16:1e:45:f0:bb:e7:
         07:3a:37:11:e4:d2:4d:85:df:4e:c7:97:ff:96:79:dd:4a:fd:
         d5:ec:06:1c:3d:d2:62:73:01:30:25:21:b3:d6:eb:62:38:bf:
         12:a9:cb:9c:f9:bc:da:38:45:00:6e:df:01:b4:64:67:98:a0:
         95:7b:87:9f:3d:ea:e7:1c:57:97:b9:92:08:18:bc:a0:4f:6a:
         02:5f:f7:ea:55:8f:f6:ff:2c:d1:89:61:c3:36:83:22:96:b8:
         b4:fa:1c:e0:5d:53:f9:65:35:c5:98:94:0a:02:a2:a3:5e:6f:
         1b:35:b6:e8:51:16:62:07:cb:41:b1:0a:d7:15:9d:15:a8:4f:
         f2:31:aa:23:f8:d8:92:70:8c:39:ba:cc:e7:63:5f:0e:8d:9f:
         5a:3a:c2:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8TjomzoYYsPXLlSvV5VJFlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MDEwY2ViMjBmMmUwNzZhM2YwMDAyNzFhNWMzNzU3NjFi
ZWMyZjUwHhcNMjYwNjI5MTMyNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2E3Y2E5OGQ4OGJlODMzZDgxYzYxZWM4MmI0MjE3NzE0NjNhMjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArh0hfyNba43l7hiSjx/Fr0JIE/F1
nGtOtbwjne8HQm/BwYls6phJ4NYhY3BAK7r4hEjwDBCL6AKamnYQx9payjyiH3hp
ZGVQQUbrGxvmYumIEgEO2J8du31JSmh6Vj5Jd6dfX9ogCrdCmFT/6GFGJOzZIzDR
0f3u7u5tGPdEPJRvMSofBMORAxcwiqEy+pukIjYjNQVge+WpcF/DbgxLtjoWvUD9
v6gx2GyKIQnlfmkjBmdibZr5o1/mt1eF9ewfmRD0OdxI5ncUwEM0nhZT7k8uFbQD
vzESCDqXHAuo+6WEI3zTIk6uRWIDBHJyDTS/RL89EN2IncaAAR/avhOYnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEenypjYi+gz2Bxh7IK0IXcUY6IMMB8GA1UdIwQY
MBaAFKgBDOsg8uB2o/AAJxpcN1dhvsL1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUFFTTZ5RHk0SGFqOEFBbkdsdzNWMkctd3ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9mNDQ0YWEtYWU4Yy00ZDE0LWEzYTMt
NDlmNjVjNmE0OGJmLzEvUjZmS21OaUw2RFBZSEdIc2dyUWhkeFJqb2d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9mNDQ0YWEtYWU4Yy00ZDE0LWEzYTMtNDlmNjVjNmE0OGJm
LzEvcUFFTTZ5RHk0SGFqOEFBbkdsdzNWMkctd3ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn/3GMA0G
CSqGSIb3DQEBCwUAA4IBAQAJaJi8bYa+L5YZlO7jRzfW/1QSUmBWWKlVoaIXv7UU
7YvAOsEayxJ9QBG3ViIUCt3CmCShPJLpMF/nT0tiMzCeghSsIKxCWlSB8O06Loga
VbXbthC5UrBDTuxHNaf4+plxbG7UmhIWHkXwu+cHOjcR5NJNhd9Ox5f/lnndSv3V
7AYcPdJicwEwJSGz1utiOL8Sqcuc+bzaOEUAbt8BtGRnmKCVe4efPernHFeXuZII
GLygT2oCX/fqVY/2/yzRiWHDNoMilri0+hzgXVP5ZTXFmJQKAqKjXm8bNbboURZi
B8tBsQrXFZ0VqE/yMaoj+NiScIw5usznY18OjZ9aOsLi
-----END CERTIFICATE-----