Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/ab34ad-9e9a-4289-8727-b1acd75018c3/1/SlreLJKQ_DkqduATGqA6lqJDbOk.roa
File:                     SlreLJKQ_DkqduATGqA6lqJDbOk.roa (raw, json)
Hash identifier:          wESW+iKwV026/S9NWzhgpiTlKH/IB4iP5UQlySv5rfs=
Subject key identifier:   4A:5A:DE:2C:92:90:FC:39:2A:76:E0:13:1A:A0:3A:96:A2:43:6C:E9
Certificate issuer:       /CN=836a73bed75aa4efa577ed90ad3562e21951d1b2
Certificate serial:       019E93F8CD1D3F1C77C9B89B25EF6307C783
Authority key identifier: 83:6A:73:BE:D7:5A:A4:EF:A5:77:ED:90:AD:35:62:E2:19:51:D1:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g2pzvtdapO-ld-2QrTVi4hlR0bI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/ab34ad-9e9a-4289-8727-b1acd75018c3/1/SlreLJKQ_DkqduATGqA6lqJDbOk.roa
Signing time:             Thu 04 Jun 2026 18:50:16 +0000
ROA not before:           Thu 04 Jun 2026 18:50:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200797
IP address blocks:        185.95.212.0/22 maxlen: 24
                          2a05:fc40::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/ab34ad-9e9a-4289-8727-b1acd75018c3/1/g2pzvtdapO-ld-2QrTVi4hlR0bI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/ab34ad-9e9a-4289-8727-b1acd75018c3/1/g2pzvtdapO-ld-2QrTVi4hlR0bI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g2pzvtdapO-ld-2QrTVi4hlR0bI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:93:f8:cd:1d:3f:1c:77:c9:b8:9b:25:ef:63:07:c7:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=836a73bed75aa4efa577ed90ad3562e21951d1b2
        Validity
            Not Before: Jun  4 18:50:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4a5ade2c9290fc392a76e0131aa03a96a2436ce9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:1c:84:2c:36:0c:f7:74:cb:a6:45:53:cc:37:
                    8f:a5:b9:67:c7:80:84:05:d1:24:c4:b0:f5:2a:84:
                    92:b6:73:ac:69:cf:5b:19:5e:de:e7:2c:f1:8a:ae:
                    eb:76:23:eb:05:35:ef:34:d5:ea:88:81:d4:89:74:
                    41:5c:e8:99:87:6f:df:0c:b1:4c:4d:64:9b:5d:ba:
                    66:e3:29:07:a8:78:4c:dd:94:c0:1f:04:37:1a:fa:
                    76:5e:4e:0f:e9:3b:d5:67:6c:f2:02:c7:00:d8:7d:
                    dc:55:b9:a8:72:80:6d:b4:81:81:9f:4e:a6:c8:e9:
                    a9:58:e8:9d:7d:88:5d:18:84:d3:34:0e:64:ed:c2:
                    c6:9f:c6:ee:04:54:13:a9:15:30:a1:ea:05:2e:52:
                    65:2f:86:67:20:18:61:01:7f:2a:26:34:eb:99:f7:
                    86:90:ec:c4:6f:2a:e2:03:eb:ba:3e:21:cc:ca:1f:
                    a4:ca:00:cb:17:ab:af:50:c8:62:6e:cd:f7:81:5f:
                    ba:1d:4b:7d:54:b2:c7:9c:94:a4:b1:63:a3:92:ec:
                    90:f5:63:57:3d:d9:e9:89:47:05:c2:18:c4:6e:be:
                    ad:21:78:1e:dc:33:a6:43:f1:11:87:5d:3d:0c:80:
                    92:b8:27:9a:59:35:89:f5:48:6c:af:8f:62:cc:1e:
                    f3:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:5A:DE:2C:92:90:FC:39:2A:76:E0:13:1A:A0:3A:96:A2:43:6C:E9
            X509v3 Authority Key Identifier:
                keyid:83:6A:73:BE:D7:5A:A4:EF:A5:77:ED:90:AD:35:62:E2:19:51:D1:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g2pzvtdapO-ld-2QrTVi4hlR0bI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/ab34ad-9e9a-4289-8727-b1acd75018c3/1/SlreLJKQ_DkqduATGqA6lqJDbOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/ab34ad-9e9a-4289-8727-b1acd75018c3/1/g2pzvtdapO-ld-2QrTVi4hlR0bI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.212.0/22
                IPv6:
                  2a05:fc40::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:40:98:47:29:3b:95:01:c7:a8:92:a6:bd:ef:cc:58:09:43:
         bc:a2:fd:5b:d4:14:1c:66:f3:56:6c:a9:b4:ec:0d:64:44:12:
         fb:f5:ba:54:68:fa:1e:e3:57:7b:fb:c3:98:65:a2:05:73:ba:
         57:f9:49:7f:c3:2c:0c:b2:06:2b:2e:89:f7:54:a9:c3:94:dd:
         9f:4d:8a:ce:9f:07:dd:c3:c1:49:6c:d6:53:90:62:3e:d3:c0:
         75:ab:78:46:8d:b0:54:ab:fd:21:ad:38:47:da:00:3d:e3:aa:
         de:c1:a7:10:c0:c3:1a:07:c3:d4:32:72:4f:74:aa:ff:53:7d:
         14:f1:34:cb:00:bf:b4:7d:38:86:3b:bc:61:bc:87:5c:eb:89:
         3e:cb:c0:25:1d:e5:7b:5c:ae:5a:29:a0:50:7d:6b:d4:be:c6:
         13:c0:32:0b:ad:df:84:ec:f0:6d:a6:5c:77:73:9a:41:ee:b6:
         b2:ff:74:cd:28:77:6d:b1:27:c0:3a:7d:f4:ae:84:1e:76:35:
         2d:f0:87:52:fd:1e:d1:7d:f1:b9:6a:b4:2b:64:d3:d9:5e:65:
         04:c6:85:73:e6:6d:c1:46:4d:6e:7a:05:32:f0:af:4b:a9:f2:
         ce:43:7d:df:92:2e:61:d0:23:a2:45:db:9e:0f:91:93:a6:bd:
         3e:44:93:e3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ6T+M0dPxx3ybibJe9jB8eDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNmE3M2JlZDc1YWE0ZWZhNTc3ZWQ5MGFkMzU2MmUyMTk1
MWQxYjIwHhcNMjYwNjA0MTg1MDE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTVhZGUyYzkyOTBmYzM5MmE3NmUwMTMxYWEwM2E5NmEyNDM2Y2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhyELDYM93TLpkVTzDePpblnx4CE
BdEkxLD1KoSStnOsac9bGV7e5yzxiq7rdiPrBTXvNNXqiIHUiXRBXOiZh2/fDLFM
TWSbXbpm4ykHqHhM3ZTAHwQ3Gvp2Xk4P6TvVZ2zyAscA2H3cVbmocoBttIGBn06m
yOmpWOidfYhdGITTNA5k7cLGn8buBFQTqRUwoeoFLlJlL4ZnIBhhAX8qJjTrmfeG
kOzEbyriA+u6PiHMyh+kygDLF6uvUMhibs33gV+6HUt9VLLHnJSksWOjkuyQ9WNX
PdnpiUcFwhjEbr6tIXge3DOmQ/ERh109DICSuCeaWTWJ9Uhsr49izB7zHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEpa3iySkPw5KnbgExqgOpaiQ2zpMB8GA1UdIwQY
MBaAFINqc77XWqTvpXftkK01YuIZUdGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzJwenZ0ZGFwTy1sZC0yUXJUVmk0aGxSMGJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9hYjM0YWQtOWU5YS00Mjg5LTg3Mjct
YjFhY2Q3NTAxOGMzLzEvU2xyZUxKS1FfRGtxZHVBVEdxQTZscUpEYk9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9hYjM0YWQtOWU5YS00Mjg5LTg3MjctYjFhY2Q3NTAxOGMz
LzEvZzJwenZ0ZGFwTy1sZC0yUXJUVmk0aGxSMGJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuV/UMA0E
AgACMAcDBQAqBfxAMA0GCSqGSIb3DQEBCwUAA4IBAQBYQJhHKTuVAceokqa978xY
CUO8ov1b1BQcZvNWbKm07A1kRBL79bpUaPoe41d7+8OYZaIFc7pX+Ul/wywMsgYr
Lon3VKnDlN2fTYrOnwfdw8FJbNZTkGI+08B1q3hGjbBUq/0hrThH2gA946rewacQ
wMMaB8PUMnJPdKr/U30U8TTLAL+0fTiGO7xhvIdc64k+y8AlHeV7XK5aKaBQfWvU
vsYTwDILrd+E7PBtplx3c5pB7ray/3TNKHdtsSfAOn30roQedjUt8IdS/R7RffG5
arQrZNPZXmUExoVz5m3BRk1uegUy8K9LqfLOQ33fki5h0COiRdueD5GTpr0+RJPj
-----END CERTIFICATE-----