Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/2f3383-db79-44c6-bb6b-b546150fdc04/1/RKDDpCFJgRVsaPKFW2mBHa9GuIM.roa
File:                     RKDDpCFJgRVsaPKFW2mBHa9GuIM.roa (raw, json)
Hash identifier:          iYIciX5oRPMlYEZ43lpL4qlTSrlyvBgCIZc5o+HesAk=
Subject key identifier:   44:A0:C3:A4:21:49:81:15:6C:68:F2:85:5B:69:81:1D:AF:46:B8:83
Certificate issuer:       /CN=e96b912b4a5a0c7703b5ca58b186741e0d5335b4
Certificate serial:       019E80B7C2D99E8A10259319ACA712C5503B
Authority key identifier: E9:6B:91:2B:4A:5A:0C:77:03:B5:CA:58:B1:86:74:1E:0D:53:35:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6WuRK0paDHcDtcpYsYZ0Hg1TNbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/2f3383-db79-44c6-bb6b-b546150fdc04/1/RKDDpCFJgRVsaPKFW2mBHa9GuIM.roa
Signing time:             Mon 01 Jun 2026 01:06:26 +0000
ROA not before:           Mon 01 Jun 2026 01:06:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39855
IP address blocks:        185.20.68.0/24 maxlen: 24
                          185.20.69.0/24 maxlen: 24
                          185.20.70.0/24 maxlen: 24
                          185.20.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/2f3383-db79-44c6-bb6b-b546150fdc04/1/6WuRK0paDHcDtcpYsYZ0Hg1TNbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/2f3383-db79-44c6-bb6b-b546150fdc04/1/6WuRK0paDHcDtcpYsYZ0Hg1TNbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6WuRK0paDHcDtcpYsYZ0Hg1TNbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 01:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:80:b7:c2:d9:9e:8a:10:25:93:19:ac:a7:12:c5:50:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96b912b4a5a0c7703b5ca58b186741e0d5335b4
        Validity
            Not Before: Jun  1 01:06:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=44a0c3a4214981156c68f2855b69811daf46b883
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e2:29:7b:24:7b:ee:77:34:cd:36:3c:7f:6e:
                    34:16:42:77:b8:2a:a1:d1:94:b9:06:24:75:73:c1:
                    ba:e2:8e:90:c6:a9:ea:5c:91:0b:4d:c7:0f:1f:9b:
                    db:70:73:1a:b6:5a:ef:6e:2c:60:1a:a5:1e:12:43:
                    ac:0f:2a:5d:b7:3e:6f:79:a7:1c:6c:86:67:9a:ac:
                    7a:c1:c7:7f:6d:aa:6d:1e:9e:5e:70:5c:04:8f:a2:
                    c7:6a:b6:d4:bc:8a:88:a2:02:97:f8:a9:8b:90:88:
                    ca:2c:d8:21:75:69:bf:08:c0:eb:7b:10:26:95:5e:
                    ba:be:23:0e:ec:f1:99:3e:d2:cf:10:1b:55:bd:a0:
                    40:34:54:61:8d:b2:21:1f:06:ec:4c:0a:d6:ed:f7:
                    da:2b:0f:58:1a:aa:2f:39:aa:d9:29:ad:8b:4e:e7:
                    0e:61:75:17:58:fa:2e:6d:bb:8e:7a:bb:5d:27:a1:
                    cf:08:c8:4b:c1:82:0f:39:cf:f9:67:f0:39:23:97:
                    ed:86:ce:b4:d4:e4:c5:f0:ba:1e:4c:84:79:0e:43:
                    db:4c:bf:2f:37:37:bc:ee:65:7c:a4:89:a0:61:80:
                    0f:70:cb:4e:bb:ef:20:c9:f1:ca:61:5d:be:d8:93:
                    58:de:48:7a:a9:8d:5d:fa:f0:c2:13:c7:b6:01:e1:
                    34:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:A0:C3:A4:21:49:81:15:6C:68:F2:85:5B:69:81:1D:AF:46:B8:83
            X509v3 Authority Key Identifier:
                keyid:E9:6B:91:2B:4A:5A:0C:77:03:B5:CA:58:B1:86:74:1E:0D:53:35:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6WuRK0paDHcDtcpYsYZ0Hg1TNbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/2f3383-db79-44c6-bb6b-b546150fdc04/1/RKDDpCFJgRVsaPKFW2mBHa9GuIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/2f3383-db79-44c6-bb6b-b546150fdc04/1/6WuRK0paDHcDtcpYsYZ0Hg1TNbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:32:af:54:63:35:80:0a:61:f9:9e:72:8e:ce:e7:5c:43:f7:
         e2:12:60:1b:fa:53:33:65:30:79:d0:b6:83:16:57:33:e8:11:
         ef:40:fd:c4:fd:dc:14:76:59:3c:cb:4b:df:50:69:f4:7c:f0:
         6b:5d:ff:86:21:e4:fb:82:c8:0f:ae:41:81:66:cf:2b:79:1b:
         be:80:db:e6:1d:6d:02:b8:a0:13:0d:4e:65:74:8d:15:d8:1c:
         bb:a7:f0:47:15:19:83:af:fc:48:4a:a7:7f:5b:4a:8a:59:cb:
         06:ee:1e:1f:56:98:1f:70:75:6c:50:52:cb:0f:d5:67:45:6c:
         ea:32:f3:34:d7:e1:48:3a:d7:d2:d2:0f:91:a6:22:6f:7b:cc:
         2d:92:5e:a9:89:eb:e9:df:c0:e3:65:7b:51:15:be:6c:75:15:
         20:f5:9d:5d:09:d9:8b:fe:24:9c:b9:83:f7:5a:eb:c1:26:46:
         f9:ef:9f:46:c8:21:cc:49:c5:6d:28:76:de:0a:8a:f4:4b:74:
         2f:ea:b5:5d:61:29:c3:0f:1e:4e:c6:69:09:43:1b:52:68:d1:
         25:ec:f4:82:0d:b5:63:a8:2c:d6:c5:01:40:bc:7a:97:d7:78:
         dd:2f:46:56:82:98:82:7e:a9:7d:b9:d7:79:99:3a:e6:7b:b3:
         44:fc:15:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6At8LZnooQJZMZrKcSxVA7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NmI5MTJiNGE1YTBjNzcwM2I1Y2E1OGIxODY3NDFlMGQ1
MzM1YjQwHhcNMjYwNjAxMDEwNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGEwYzNhNDIxNDk4MTE1NmM2OGYyODU1YjY5ODExZGFmNDZiODgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAleIpeyR77nc0zTY8f240FkJ3uCqh
0ZS5BiR1c8G64o6QxqnqXJELTccPH5vbcHMatlrvbixgGqUeEkOsDypdtz5veacc
bIZnmqx6wcd/baptHp5ecFwEj6LHarbUvIqIogKX+KmLkIjKLNghdWm/CMDrexAm
lV66viMO7PGZPtLPEBtVvaBANFRhjbIhHwbsTArW7ffaKw9YGqovOarZKa2LTucO
YXUXWPoubbuOertdJ6HPCMhLwYIPOc/5Z/A5I5fths601OTF8LoeTIR5DkPbTL8v
Nze87mV8pImgYYAPcMtOu+8gyfHKYV2+2JNY3kh6qY1d+vDCE8e2AeE0+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESgw6QhSYEVbGjyhVtpgR2vRriDMB8GA1UdIwQY
MBaAFOlrkStKWgx3A7XKWLGGdB4NUzW0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNld1UkswcGFESGNEdGNwWXNZWjBIZzFUTmJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8yZjMzODMtZGI3OS00NGM2LWJiNmIt
YjU0NjE1MGZkYzA0LzEvUktERHBDRkpnUlZzYVBLRlcybUJIYTlHdUlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8yZjMzODMtZGI3OS00NGM2LWJiNmItYjU0NjE1MGZkYzA0
LzEvNld1UkswcGFESGNEdGNwWXNZWjBIZzFUTmJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRREMA0G
CSqGSIb3DQEBCwUAA4IBAQA2Mq9UYzWACmH5nnKOzudcQ/fiEmAb+lMzZTB50LaD
Flcz6BHvQP3E/dwUdlk8y0vfUGn0fPBrXf+GIeT7gsgPrkGBZs8reRu+gNvmHW0C
uKATDU5ldI0V2By7p/BHFRmDr/xISqd/W0qKWcsG7h4fVpgfcHVsUFLLD9VnRWzq
MvM01+FIOtfS0g+RpiJve8wtkl6pievp38DjZXtRFb5sdRUg9Z1dCdmL/iScuYP3
WuvBJkb5759GyCHMScVtKHbeCor0S3Qv6rVdYSnDDx5OxmkJQxtSaNEl7PSCDbVj
qCzWxQFAvHqX13jdL0ZWgpiCfql9udd5mTrme7NE/BVd
-----END CERTIFICATE-----