Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/aBRByi6HtqSTkTwS-fInKVGreVM.roa
File:                     aBRByi6HtqSTkTwS-fInKVGreVM.roa (raw, json)
Hash identifier:          L+8L7FrVL2l9rPUgEQqLrjnJQ1XfFBQi0mPOySPHZwc=
Subject key identifier:   68:14:41:CA:2E:87:B6:A4:93:91:3C:12:F9:F2:27:29:51:AB:79:53
Certificate issuer:       /CN=5c6b0c001a99ab6296e242173bf7e7fdcf03c019
Certificate serial:       019DAED9DCB0315A7193C02574F62158CB6B
Authority key identifier: 5C:6B:0C:00:1A:99:AB:62:96:E2:42:17:3B:F7:E7:FD:CF:03:C0:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGsMABqZq2KW4kIXO_fn_c8DwBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/aBRByi6HtqSTkTwS-fInKVGreVM.roa
Signing time:             Tue 21 Apr 2026 07:03:26 +0000
ROA not before:           Tue 21 Apr 2026 07:03:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202051
IP address blocks:        178.214.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/XGsMABqZq2KW4kIXO_fn_c8DwBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/XGsMABqZq2KW4kIXO_fn_c8DwBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGsMABqZq2KW4kIXO_fn_c8DwBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 09:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ae:d9:dc:b0:31:5a:71:93:c0:25:74:f6:21:58:cb:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c6b0c001a99ab6296e242173bf7e7fdcf03c019
        Validity
            Not Before: Apr 21 07:03:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=681441ca2e87b6a493913c12f9f2272951ab7953
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b1:28:89:7c:52:c9:d5:1d:7c:60:64:92:af:
                    df:68:ca:1e:56:b5:cb:e7:a5:2e:e3:dc:29:0e:14:
                    f5:a4:0d:55:fa:1a:06:54:ce:20:3a:4e:d6:91:2d:
                    a4:56:d6:8f:4a:e2:93:45:f2:c5:38:6f:a4:56:a2:
                    4e:bf:b2:e4:65:65:df:86:85:92:ad:4a:e2:ab:78:
                    d5:f3:d6:0b:d1:d2:30:50:50:6e:63:54:3b:b9:e0:
                    78:16:42:0f:74:2c:5f:a5:f5:cc:66:01:1b:81:cd:
                    e4:7a:67:50:91:24:66:8a:55:32:72:26:71:6c:69:
                    a7:be:56:0c:df:07:8c:df:8b:48:bf:7d:79:c2:59:
                    37:df:d3:54:51:2f:1c:56:4c:b7:78:35:6f:2d:17:
                    05:2a:62:8f:8a:73:d9:f7:99:a8:c4:ba:ef:bc:fa:
                    f9:30:de:9b:3b:4c:f8:9e:9e:48:21:32:4e:ac:c8:
                    06:f6:a6:a2:82:0a:b7:db:f7:48:e1:5d:4d:dc:6f:
                    4f:21:5a:46:85:2f:c2:be:1c:29:e4:44:1b:75:aa:
                    39:17:9c:2a:d9:c9:ef:80:5a:bf:c0:9d:36:d9:ab:
                    5c:85:d2:86:d1:ff:00:25:27:e5:94:9e:ed:00:f0:
                    b4:02:65:3c:58:52:f5:e2:f1:69:0a:3e:69:e8:2f:
                    86:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:14:41:CA:2E:87:B6:A4:93:91:3C:12:F9:F2:27:29:51:AB:79:53
            X509v3 Authority Key Identifier:
                keyid:5C:6B:0C:00:1A:99:AB:62:96:E2:42:17:3B:F7:E7:FD:CF:03:C0:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGsMABqZq2KW4kIXO_fn_c8DwBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/aBRByi6HtqSTkTwS-fInKVGreVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/XGsMABqZq2KW4kIXO_fn_c8DwBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.214.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:c7:0b:85:3c:50:72:81:53:7d:7b:5c:58:85:da:ef:2a:8f:
         63:20:01:8d:57:a5:ba:9b:fe:f5:b0:87:c9:1c:0f:d0:67:e1:
         f0:a3:86:97:ef:c7:5b:1e:39:45:99:1d:66:fa:a0:31:09:02:
         f3:f4:83:3d:cf:d4:eb:2f:80:31:19:43:68:3f:37:3e:30:93:
         2a:1e:43:2b:6e:0c:e1:4f:e7:7e:a1:99:3f:75:a6:23:94:87:
         26:8a:a9:74:03:a3:11:41:7e:4a:4a:3d:ed:20:51:1d:39:73:
         c6:86:b5:50:e4:e2:8e:66:ec:2d:91:03:08:ea:60:47:13:41:
         e6:25:01:8a:ee:89:9a:17:0e:86:00:74:d4:71:c1:27:b9:8a:
         8f:af:15:a8:73:c6:99:e7:2b:48:2b:1f:ec:a8:33:df:84:ad:
         0e:55:5d:2d:0d:ec:81:8d:a2:7b:26:44:48:ee:bf:ca:5d:c7:
         93:3a:5a:56:69:4d:f2:09:82:07:1b:3d:04:33:24:54:1c:b5:
         48:89:73:00:32:d5:76:c7:8a:c5:44:91:94:bb:39:af:45:4e:
         68:fb:36:27:bb:cd:7d:49:1d:83:a6:23:0b:45:87:58:a5:66:
         bd:2c:72:b2:22:f8:8d:56:cb:75:7a:d2:88:01:d2:e3:fa:e2:
         aa:ee:fc:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2u2dywMVpxk8AldPYhWMtrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNmIwYzAwMWE5OWFiNjI5NmUyNDIxNzNiZjdlN2ZkY2Yw
M2MwMTkwHhcNMjYwNDIxMDcwMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODE0NDFjYTJlODdiNmE0OTM5MTNjMTJmOWYyMjcyOTUxYWI3OTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLEoiXxSydUdfGBkkq/faMoeVrXL
56Uu49wpDhT1pA1V+hoGVM4gOk7WkS2kVtaPSuKTRfLFOG+kVqJOv7LkZWXfhoWS
rUriq3jV89YL0dIwUFBuY1Q7ueB4FkIPdCxfpfXMZgEbgc3kemdQkSRmilUyciZx
bGmnvlYM3weM34tIv315wlk339NUUS8cVky3eDVvLRcFKmKPinPZ95moxLrvvPr5
MN6bO0z4np5IITJOrMgG9qaiggq32/dI4V1N3G9PIVpGhS/Cvhwp5EQbdao5F5wq
2cnvgFq/wJ022atchdKG0f8AJSfllJ7tAPC0AmU8WFL14vFpCj5p6C+G9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgUQcouh7akk5E8EvnyJylRq3lTMB8GA1UdIwQY
MBaAFFxrDAAamatiluJCFzv35/3PA8AZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdzTUFCcVpxMktXNGtJWE9fZm5fYzhEd0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jODk2NzctMWQ5YS00MThkLTg1OTMt
YzE4ZTNjY2M3NDJiLzEvYUJSQnlpNkh0cVNUa1R3Uy1mSW5LVkdyZVZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jODk2NzctMWQ5YS00MThkLTg1OTMtYzE4ZTNjY2M3NDJi
LzEvWEdzTUFCcVpxMktXNGtJWE9fZm5fYzhEd0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstbTMA0G
CSqGSIb3DQEBCwUAA4IBAQAZxwuFPFBygVN9e1xYhdrvKo9jIAGNV6W6m/71sIfJ
HA/QZ+Hwo4aX78dbHjlFmR1m+qAxCQLz9IM9z9TrL4AxGUNoPzc+MJMqHkMrbgzh
T+d+oZk/daYjlIcmiql0A6MRQX5KSj3tIFEdOXPGhrVQ5OKOZuwtkQMI6mBHE0Hm
JQGK7omaFw6GAHTUccEnuYqPrxWoc8aZ5ytIKx/sqDPfhK0OVV0tDeyBjaJ7JkRI
7r/KXceTOlpWaU3yCYIHGz0EMyRUHLVIiXMAMtV2x4rFRJGUuzmvRU5o+zYnu819
SR2DpiMLRYdYpWa9LHKyIviNVst1etKIAdLj+uKq7vyN
-----END CERTIFICATE-----