Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/Rj7C9HFWuzFDb2nAa-azSTKfGOQ.roa
File:                     Rj7C9HFWuzFDb2nAa-azSTKfGOQ.roa (raw, json)
Hash identifier:          vFchV3jK24P/EgvD1iXL5CmPkvqderYcShvnrsGp47Y=
Subject key identifier:   46:3E:C2:F4:71:56:BB:31:43:6F:69:C0:6B:E6:B3:49:32:9F:18:E4
Certificate issuer:       /CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
Certificate serial:       019E8EF6F7259D5C3F110DAC8E3CE725C612
Authority key identifier: 97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/Rj7C9HFWuzFDb2nAa-azSTKfGOQ.roa
Signing time:             Wed 03 Jun 2026 19:30:10 +0000
ROA not before:           Wed 03 Jun 2026 19:30:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20640
IP address blocks:        82.206.20.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 04:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8e:f6:f7:25:9d:5c:3f:11:0d:ac:8e:3c:e7:25:c6:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
        Validity
            Not Before: Jun  3 19:30:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=463ec2f47156bb31436f69c06be6b349329f18e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:13:4f:b4:47:72:23:ae:c0:e8:77:1a:8c:36:
                    f8:61:93:0b:48:20:c0:a1:93:99:d1:65:99:78:fa:
                    a1:7f:d0:2b:42:ee:0e:58:23:58:5a:3c:88:02:c3:
                    26:3c:58:3e:2e:3e:a1:bc:bd:50:f7:1c:a6:a5:90:
                    b9:13:60:14:35:45:92:3c:82:72:a7:84:97:74:32:
                    23:be:04:d4:e1:93:52:bb:0a:06:5a:ac:93:73:9a:
                    3f:ef:90:06:55:cc:88:6f:73:bc:65:09:d6:7b:54:
                    82:f7:86:4a:a7:33:03:b6:15:11:18:f4:9d:fd:31:
                    ce:9a:a9:20:92:eb:97:f7:e3:3c:38:11:b3:fa:7e:
                    a5:52:21:2e:d8:e6:3b:9e:8a:02:6b:8d:77:6b:04:
                    73:07:30:da:fc:23:20:92:f6:cb:d5:bf:81:8c:c3:
                    7e:58:77:96:ab:4b:a1:80:0c:b3:d7:10:c3:a3:bb:
                    e3:ff:fb:f6:0d:c0:78:e8:80:48:ca:e2:eb:9e:56:
                    b4:80:8b:c3:30:dd:b7:da:05:a6:82:78:40:5e:a9:
                    c6:ad:ea:ed:92:29:fd:b2:1b:82:f5:d0:8f:18:bf:
                    87:38:30:a4:67:09:18:3e:f5:25:4c:b3:c5:ef:84:
                    59:83:5f:d7:64:47:44:ae:5e:30:ab:a5:75:82:41:
                    ff:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:3E:C2:F4:71:56:BB:31:43:6F:69:C0:6B:E6:B3:49:32:9F:18:E4
            X509v3 Authority Key Identifier:
                keyid:97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/Rj7C9HFWuzFDb2nAa-azSTKfGOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.206.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:9e:5b:f9:c1:7e:54:f8:7e:40:01:72:0e:3d:7b:2e:9d:1e:
         95:74:d3:dc:cc:e9:07:dd:a9:31:22:ca:a2:5b:38:3e:ef:5e:
         d4:9f:1b:23:e6:bf:8e:8b:db:d6:05:58:9e:97:17:02:2c:81:
         a4:34:c9:fd:4b:e8:fb:9b:a7:0c:72:6b:64:54:b7:92:6a:0e:
         69:12:01:91:48:3e:17:33:23:94:c4:e8:4b:fb:5a:0b:d1:ea:
         ef:9b:48:95:33:0a:32:3a:b3:f3:8b:93:8b:b6:d3:e9:b7:c8:
         ee:31:4f:87:f4:c5:21:e9:48:c3:bc:da:60:0f:a2:18:92:bc:
         28:f4:9a:a0:f8:f8:91:b9:68:5d:1d:5a:c9:11:c1:c9:1b:c2:
         8b:dd:7c:33:af:eb:1b:0f:0a:93:b3:44:a6:5d:18:64:1b:c5:
         be:ec:3e:9e:1c:6c:d8:9c:2a:3a:2d:5d:ca:51:43:8a:2a:97:
         73:de:56:9e:10:78:4d:cd:83:3f:16:47:28:b3:7c:61:77:9f:
         cd:7d:d2:6e:e9:73:83:77:55:fb:e8:cb:a5:ef:d0:55:94:e8:
         98:b9:a3:15:b3:77:14:f4:6c:6b:c1:5b:81:de:b5:5e:03:b9:
         c6:91:e5:3e:a4:84:5c:83:22:a1:a6:0d:35:c8:28:f1:96:73:
         74:04:19:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6O9vclnVw/EQ2sjjznJcYSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTkxNDBiNDJkYjZjYjZiZjhjNmRkNDEzNzQ3ZmNmNGE2
ZmQ5YjUwHhcNMjYwNjAzMTkzMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjNlYzJmNDcxNTZiYjMxNDM2ZjY5YzA2YmU2YjM0OTMyOWYxOGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRNPtEdyI67A6HcajDb4YZMLSCDA
oZOZ0WWZePqhf9ArQu4OWCNYWjyIAsMmPFg+Lj6hvL1Q9xympZC5E2AUNUWSPIJy
p4SXdDIjvgTU4ZNSuwoGWqyTc5o/75AGVcyIb3O8ZQnWe1SC94ZKpzMDthURGPSd
/THOmqkgkuuX9+M8OBGz+n6lUiEu2OY7nooCa413awRzBzDa/CMgkvbL1b+BjMN+
WHeWq0uhgAyz1xDDo7vj//v2DcB46IBIyuLrnla0gIvDMN232gWmgnhAXqnGrert
kin9shuC9dCPGL+HODCkZwkYPvUlTLPF74RZg1/XZEdErl4wq6V1gkH/YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEY+wvRxVrsxQ29pwGvms0kynxjkMB8GA1UdIwQY
MBaAFJeZFAtC22y2v4xt1BN0f89Kb9m1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2Qt
NTk1OTE5YmUwZjUyLzEvUmo3QzlIRld1ekZEYjJuQWEtYXpTVEtmR09RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2QtNTk1OTE5YmUwZjUy
LzEvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUs4UMA0G
CSqGSIb3DQEBCwUAA4IBAQBdnlv5wX5U+H5AAXIOPXsunR6VdNPczOkH3akxIsqi
Wzg+717Unxsj5r+Oi9vWBVielxcCLIGkNMn9S+j7m6cMcmtkVLeSag5pEgGRSD4X
MyOUxOhL+1oL0ervm0iVMwoyOrPzi5OLttPpt8juMU+H9MUh6UjDvNpgD6IYkrwo
9Jqg+PiRuWhdHVrJEcHJG8KL3Xwzr+sbDwqTs0SmXRhkG8W+7D6eHGzYnCo6LV3K
UUOKKpdz3laeEHhNzYM/Fkcos3xhd5/NfdJu6XODd1X76Mul79BVlOiYuaMVs3cU
9GxrwVuB3rVeA7nGkeU+pIRcgyKhpg01yCjxlnN0BBni
-----END CERTIFICATE-----