Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6xapfVK_RN3pVXfuzGpeWpjJjr0.roa
File:                     6xapfVK_RN3pVXfuzGpeWpjJjr0.roa (raw, json)
Hash identifier:          tZOuMT95v3dKzOY+sZia4CShhITYMfifZc7t3CutElw=
Subject key identifier:   EB:16:A9:7D:52:BF:44:DD:E9:55:77:EE:CC:6A:5E:5A:98:C9:8E:BD
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E8C24E2AD4B6A1C8614EB4B30D1A36EB0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6xapfVK_RN3pVXfuzGpeWpjJjr0.roa
Signing time:             Wed 03 Jun 2026 06:21:27 +0000
ROA not before:           Wed 03 Jun 2026 06:21:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5511
IP address blocks:        82.153.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8c:24:e2:ad:4b:6a:1c:86:14:eb:4b:30:d1:a3:6e:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun  3 06:21:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eb16a97d52bf44dde95577eecc6a5e5a98c98ebd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:6c:7c:86:d5:0c:88:45:5a:2b:ac:ea:a3:c2:
                    07:38:5d:d7:cb:d7:a2:10:54:ed:98:97:af:94:47:
                    23:71:fd:74:bc:6e:e2:65:dd:fd:53:11:f9:0d:9e:
                    2b:40:1b:1e:de:1c:d3:f8:fd:a2:fc:66:93:99:4c:
                    6f:ff:bd:f7:d9:c3:c8:18:10:d3:33:44:94:b4:06:
                    5a:5d:91:69:a0:5e:5c:c5:95:8a:18:a4:a7:c1:77:
                    aa:de:9a:73:99:fd:31:78:ee:41:96:a0:4f:ea:34:
                    ad:d7:91:54:29:e0:0a:0b:3c:a0:37:80:43:01:ef:
                    63:65:74:57:dd:dc:8f:b1:83:62:f1:59:7b:d5:b6:
                    97:c2:5a:20:a6:a9:fb:76:24:31:e5:ee:28:8f:6a:
                    5d:fe:94:49:3b:d8:13:91:69:68:f9:77:55:7f:b2:
                    45:aa:c0:c2:d2:34:b8:2d:67:15:42:f4:71:64:f6:
                    8c:3c:44:36:b6:65:e0:e1:aa:84:e6:42:1c:5c:9e:
                    34:88:6a:8d:da:4f:ce:0a:7a:e3:7b:50:15:9a:22:
                    64:10:09:88:30:1a:e9:d2:be:2e:ee:f6:6e:74:26:
                    c3:77:5a:55:fc:03:d8:34:90:be:c0:97:66:30:ad:
                    29:ae:e7:ef:66:60:50:8d:cb:b0:32:29:43:26:7e:
                    bf:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:16:A9:7D:52:BF:44:DD:E9:55:77:EE:CC:6A:5E:5A:98:C9:8E:BD
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6xapfVK_RN3pVXfuzGpeWpjJjr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:18:25:9d:60:13:08:09:49:bf:0a:f1:a8:2d:da:23:89:5e:
         e6:4e:e9:62:d5:87:46:31:3d:4d:49:42:4a:d7:b2:60:6e:39:
         c6:f0:66:c1:05:76:d8:d6:03:1e:e9:1d:83:4e:cd:00:cf:b5:
         33:42:9b:4a:50:4e:f5:8d:9e:6e:71:10:1a:0f:da:06:13:e7:
         51:3b:96:c9:93:f3:d3:69:d3:18:f7:28:df:4d:49:b7:02:f7:
         7d:e3:d4:7b:97:8e:57:6b:bb:b2:19:c2:0e:9b:8d:cf:35:22:
         5b:ba:6d:d8:5a:7f:80:13:f4:25:2c:1b:41:14:87:09:b0:0b:
         fc:6f:17:76:8a:06:31:95:cd:fd:ae:8d:0b:ea:cf:5f:d2:d9:
         85:c0:e6:65:9c:83:e2:35:a7:07:fc:a1:b3:90:fc:a6:a4:88:
         67:02:0d:a0:85:33:ee:31:53:11:1d:28:97:2c:06:07:b1:b1:
         ea:d4:ba:af:5e:51:a4:85:ee:b3:3e:fa:35:a7:b1:0a:f4:96:
         30:22:6b:33:13:bf:45:9b:73:32:12:e7:67:c5:46:8e:0f:43:
         88:9f:3f:f1:f9:b5:02:8c:0b:13:79:58:17:bf:4e:85:8a:87:
         b5:d3:4a:22:54:53:a5:04:6f:67:48:e4:03:ec:64:a2:32:39:
         5c:60:70:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6MJOKtS2ochhTrSzDRo26wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjAzMDYyMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjE2YTk3ZDUyYmY0NGRkZTk1NTc3ZWVjYzZhNWU1YTk4Yzk4ZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22x8htUMiEVaK6zqo8IHOF3Xy9ei
EFTtmJevlEcjcf10vG7iZd39UxH5DZ4rQBse3hzT+P2i/GaTmUxv/7332cPIGBDT
M0SUtAZaXZFpoF5cxZWKGKSnwXeq3ppzmf0xeO5BlqBP6jSt15FUKeAKCzygN4BD
Ae9jZXRX3dyPsYNi8Vl71baXwlogpqn7diQx5e4oj2pd/pRJO9gTkWlo+XdVf7JF
qsDC0jS4LWcVQvRxZPaMPEQ2tmXg4aqE5kIcXJ40iGqN2k/OCnrje1AVmiJkEAmI
MBrp0r4u7vZudCbDd1pV/APYNJC+wJdmMK0prufvZmBQjcuwMilDJn6/qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOsWqX1Sv0Td6VV37sxqXlqYyY69MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNnhhcGZWS19STjNwVlhmdXpHcGVXcGpKanIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpmUMA0G
CSqGSIb3DQEBCwUAA4IBAQCCGCWdYBMICUm/CvGoLdojiV7mTuli1YdGMT1NSUJK
17JgbjnG8GbBBXbY1gMe6R2DTs0Az7UzQptKUE71jZ5ucRAaD9oGE+dRO5bJk/PT
adMY9yjfTUm3Avd949R7l45Xa7uyGcIOm43PNSJbum3YWn+AE/QlLBtBFIcJsAv8
bxd2igYxlc39ro0L6s9f0tmFwOZlnIPiNacH/KGzkPympIhnAg2ghTPuMVMRHSiX
LAYHsbHq1LqvXlGkhe6zPvo1p7EK9JYwImszE79Fm3MyEudnxUaOD0OInz/x+bUC
jAsTeVgXv06Fioe100oiVFOlBG9nSOQD7GSiMjlcYHCS
-----END CERTIFICATE-----