Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Z6kZGu79gCVG6mAbRL13OQliGng.roa
File:                     Z6kZGu79gCVG6mAbRL13OQliGng.roa (raw, json)
Hash identifier:          35kMo7sN6wYgdG6G9NpvXffBwpF9eQayRJXKBmYuzUs=
Subject key identifier:   67:A9:19:1A:EE:FD:80:25:46:EA:60:1B:44:BD:77:39:09:62:1A:78
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019E929EA2EC254C1BF11AFEB7AF0762DF4E
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Z6kZGu79gCVG6mAbRL13OQliGng.roa
Signing time:             Thu 04 Jun 2026 12:32:10 +0000
ROA not before:           Thu 04 Jun 2026 12:32:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152460
IP address blocks:        158.173.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 14:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:9e:a2:ec:25:4c:1b:f1:1a:fe:b7:af:07:62:df:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jun  4 12:32:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=67a9191aeefd802546ea601b44bd773909621a78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:25:53:a8:16:f0:64:93:57:1c:56:57:22:7f:
                    ae:ef:4b:6f:82:5b:69:15:72:bb:c6:39:21:9b:0e:
                    d1:57:f9:51:1f:76:71:97:a1:f6:09:40:52:76:7a:
                    12:81:7c:5d:53:eb:42:84:5a:a7:41:8e:18:f0:4f:
                    85:13:47:97:fb:a9:21:90:30:c7:ac:ce:7c:98:c1:
                    0f:41:bd:65:0b:bc:c2:be:05:85:07:bd:83:5d:2b:
                    13:d1:3a:1a:e1:d0:ce:eb:1b:61:52:64:ba:75:82:
                    34:56:c3:ca:56:26:ec:5c:0e:b6:72:b0:ec:42:3b:
                    ed:31:d4:21:38:1f:2a:af:e6:76:f8:e5:0a:99:7d:
                    5b:9d:94:7a:de:0a:1e:b9:68:70:b0:ce:1b:48:c6:
                    f4:21:0b:0a:37:84:36:ee:bb:ff:a1:fb:0a:e7:50:
                    cd:02:07:dd:54:29:76:88:f6:b6:11:e3:3c:ca:89:
                    85:d7:66:5c:a8:b0:3e:9e:1a:1d:4f:a8:cc:7d:0e:
                    ee:18:dd:44:a0:8f:93:ba:61:be:fe:8e:03:8a:97:
                    97:48:a1:a4:8c:29:58:e1:33:cc:66:d4:c7:7b:40:
                    34:de:fb:44:ab:98:43:7a:1d:aa:ca:27:f0:15:b4:
                    63:3e:97:95:65:49:1f:b7:6a:e3:2c:8e:f1:65:52:
                    76:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:A9:19:1A:EE:FD:80:25:46:EA:60:1B:44:BD:77:39:09:62:1A:78
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Z6kZGu79gCVG6mAbRL13OQliGng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:f6:c1:7c:ac:ab:58:43:2d:fb:ab:a3:d0:ab:55:e9:01:d3:
         38:f1:09:c5:39:ab:e3:7d:30:a8:c5:23:87:c6:b6:b1:07:a9:
         23:bc:0a:e2:18:45:51:bb:e1:fe:d5:09:54:00:82:dd:f9:a1:
         30:ea:bd:bd:69:b7:e7:af:10:fb:01:5e:74:cc:bc:4b:22:17:
         e4:51:82:70:c2:bc:16:b3:58:96:3a:de:3b:63:76:c6:5b:fe:
         fb:c1:8e:53:c9:be:cb:31:23:e6:d9:5a:db:32:fa:00:f0:ba:
         71:0c:e2:db:4f:64:4a:78:1b:b3:f5:a8:0d:e1:6f:b8:03:35:
         04:d8:ec:94:79:ad:19:ee:35:7e:f6:d0:eb:b0:a2:6d:e4:c9:
         6d:00:61:7d:7a:e1:f0:76:5d:fb:a4:c9:c6:4a:b4:a2:f5:db:
         cd:c0:b4:d1:6c:cb:c5:50:36:e0:81:06:eb:1e:10:9a:2e:03:
         3f:d5:77:aa:d8:89:65:1f:3b:6e:34:78:76:24:8a:69:9a:df:
         7c:d2:7f:f5:2a:a2:da:5b:7a:c5:48:d1:05:43:b1:f5:a6:4a:
         38:b3:47:27:56:ab:61:ce:6c:92:38:73:57:d6:96:80:22:39:
         39:d1:80:6f:17:e0:3d:a9:13:94:77:9c:3c:87:ff:3a:82:69:
         64:fe:c7:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6SnqLsJUwb8Rr+t68HYt9OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNjA0MTIzMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2E5MTkxYWVlZmQ4MDI1NDZlYTYwMWI0NGJkNzczOTA5NjIxYTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2CVTqBbwZJNXHFZXIn+u70tvgltp
FXK7xjkhmw7RV/lRH3Zxl6H2CUBSdnoSgXxdU+tChFqnQY4Y8E+FE0eX+6khkDDH
rM58mMEPQb1lC7zCvgWFB72DXSsT0Toa4dDO6xthUmS6dYI0VsPKVibsXA62crDs
QjvtMdQhOB8qr+Z2+OUKmX1bnZR63goeuWhwsM4bSMb0IQsKN4Q27rv/ofsK51DN
AgfdVCl2iPa2EeM8yomF12ZcqLA+nhodT6jMfQ7uGN1EoI+TumG+/o4DipeXSKGk
jClY4TPMZtTHe0A03vtEq5hDeh2qyifwFbRjPpeVZUkft2rjLI7xZVJ29QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGepGRru/YAlRupgG0S9dzkJYhp4MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvWjZrWkd1NzlnQ1ZHNm1BYlJMMTNPUWxpR25nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq3DMA0G
CSqGSIb3DQEBCwUAA4IBAQAC9sF8rKtYQy37q6PQq1XpAdM48QnFOavjfTCoxSOH
xraxB6kjvAriGEVRu+H+1QlUAILd+aEw6r29abfnrxD7AV50zLxLIhfkUYJwwrwW
s1iWOt47Y3bGW/77wY5Tyb7LMSPm2VrbMvoA8LpxDOLbT2RKeBuz9agN4W+4AzUE
2OyUea0Z7jV+9tDrsKJt5MltAGF9euHwdl37pMnGSrSi9dvNwLTRbMvFUDbggQbr
HhCaLgM/1Xeq2IllHztuNHh2JIppmt980n/1KqLaW3rFSNEFQ7H1pko4s0cnVqth
zmySOHNX1paAIjk50YBvF+A9qROUd5w8h/86gmlk/sdy
-----END CERTIFICATE-----