Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/e5df49-44b8-434e-a811-57194668cea9/1/a835romKiKyDsWhLVFBGzimfo5Q.roa
File:                     a835romKiKyDsWhLVFBGzimfo5Q.roa (raw, json)
Hash identifier:          NH/Bb+RpBScI1VSoFGtRzq5S+fLF3ORr7Z1sBrpa2MU=
Subject key identifier:   6B:CD:F9:AE:89:8A:88:AC:83:B1:68:4B:54:50:46:CE:29:9F:A3:94
Certificate issuer:       /CN=e36d594f5fe382bec2ce8e3a31a8f28e6d97c01e
Certificate serial:       019ED0B66B44AC3E5B7C9EB66C238A10CE20
Authority key identifier: E3:6D:59:4F:5F:E3:82:BE:C2:CE:8E:3A:31:A8:F2:8E:6D:97:C0:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/421ZT1_jgr7Czo46Majyjm2XwB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/e5df49-44b8-434e-a811-57194668cea9/1/a835romKiKyDsWhLVFBGzimfo5Q.roa
Signing time:             Tue 16 Jun 2026 13:54:36 +0000
ROA not before:           Tue 16 Jun 2026 13:54:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211919
IP address blocks:        185.235.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/e5df49-44b8-434e-a811-57194668cea9/1/421ZT1_jgr7Czo46Majyjm2XwB4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/e5df49-44b8-434e-a811-57194668cea9/1/421ZT1_jgr7Czo46Majyjm2XwB4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/421ZT1_jgr7Czo46Majyjm2XwB4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d0:b6:6b:44:ac:3e:5b:7c:9e:b6:6c:23:8a:10:ce:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e36d594f5fe382bec2ce8e3a31a8f28e6d97c01e
        Validity
            Not Before: Jun 16 13:54:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6bcdf9ae898a88ac83b1684b545046ce299fa394
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:5a:f0:05:17:9b:e0:3c:91:4a:ae:9e:a6:aa:
                    6a:69:f5:81:6b:7c:40:83:9f:72:0a:19:90:0b:ee:
                    d2:fb:52:bb:e2:a1:a1:db:f9:05:a6:5a:47:34:fb:
                    99:26:d8:98:5b:54:a2:d9:c8:ea:ef:b1:d7:11:2c:
                    10:46:e5:81:bf:2d:ba:c3:1d:d8:ba:df:ba:ac:9c:
                    e3:40:c8:49:1e:5c:71:61:70:fe:5b:2d:fc:d1:2d:
                    10:66:6a:6d:58:a4:ad:e6:a8:62:df:d8:f2:79:8e:
                    9b:8e:53:10:84:f1:3e:3b:a9:26:fb:78:49:64:be:
                    3c:5d:51:eb:ff:3d:29:ab:8f:12:6b:c5:76:ba:78:
                    d4:bc:de:33:33:85:ff:42:3f:11:9d:2f:36:7e:2e:
                    bb:e8:9a:38:07:9c:62:aa:f1:e9:69:50:e1:02:47:
                    29:8a:f9:0e:89:a9:4e:0d:9a:a4:80:3b:ea:d8:83:
                    92:0f:de:ec:01:35:f9:a9:2d:3e:09:c1:3d:ba:c3:
                    c2:04:7c:a6:e1:40:f2:72:34:95:db:33:8c:14:f3:
                    82:36:ef:78:7f:21:24:f9:d0:d1:14:dc:cc:ac:10:
                    8d:60:04:f7:3e:c3:17:6f:82:4a:84:25:04:e5:e2:
                    b0:7d:91:cf:d3:6c:8a:00:b9:f8:d5:7b:a6:9c:fa:
                    6d:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:CD:F9:AE:89:8A:88:AC:83:B1:68:4B:54:50:46:CE:29:9F:A3:94
            X509v3 Authority Key Identifier:
                keyid:E3:6D:59:4F:5F:E3:82:BE:C2:CE:8E:3A:31:A8:F2:8E:6D:97:C0:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/421ZT1_jgr7Czo46Majyjm2XwB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/e5df49-44b8-434e-a811-57194668cea9/1/a835romKiKyDsWhLVFBGzimfo5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/e5df49-44b8-434e-a811-57194668cea9/1/421ZT1_jgr7Czo46Majyjm2XwB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:0a:0b:8e:81:5f:53:eb:ef:27:86:40:73:60:1c:a8:0f:a2:
         74:46:0d:ba:1c:b8:73:77:98:93:b0:41:be:b1:e5:a3:2e:ff:
         53:82:11:fe:9b:ce:a6:21:6e:16:12:8a:7e:c1:a6:3a:80:a1:
         a5:19:63:8b:d6:f4:d2:76:45:10:04:e9:5d:5b:00:6a:46:7a:
         b0:97:12:22:40:b1:d6:45:d8:a1:1a:a0:14:9d:c2:97:e6:56:
         62:22:d8:39:b4:27:f6:6b:6f:0c:d4:bc:1d:a3:b9:a1:b9:39:
         14:cd:f8:37:b0:a9:a4:86:0b:4d:58:dc:db:80:34:3a:06:42:
         d5:ef:1e:0c:9f:7c:93:27:5a:b6:ab:7c:88:88:99:43:16:2a:
         9d:e9:91:d5:84:52:e6:94:31:e1:a3:dd:50:30:b6:40:2b:48:
         c2:34:4b:ee:40:5b:d0:6d:6b:f6:2a:b2:89:f2:48:2b:68:d6:
         84:66:b4:18:64:31:d1:0a:7e:54:8d:08:a8:77:65:b9:26:7c:
         5e:6f:2b:3c:10:69:db:a8:ac:63:22:de:6c:f5:d7:94:8b:97:
         d6:15:e7:7d:80:3c:91:01:1f:76:1b:5b:85:4b:a5:a3:45:d0:
         e9:87:40:52:29:e8:61:66:ba:86:a9:e8:7a:0d:65:63:e8:c1:
         d6:16:10:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7QtmtErD5bfJ62bCOKEM4gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzNmQ1OTRmNWZlMzgyYmVjMmNlOGUzYTMxYThmMjhlNmQ5
N2MwMWUwHhcNMjYwNjE2MTM1NDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmNkZjlhZTg5OGE4OGFjODNiMTY4NGI1NDUwNDZjZTI5OWZhMzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFrwBReb4DyRSq6epqpqafWBa3xA
g59yChmQC+7S+1K74qGh2/kFplpHNPuZJtiYW1Si2cjq77HXESwQRuWBvy26wx3Y
ut+6rJzjQMhJHlxxYXD+Wy380S0QZmptWKSt5qhi39jyeY6bjlMQhPE+O6km+3hJ
ZL48XVHr/z0pq48Sa8V2unjUvN4zM4X/Qj8RnS82fi676Jo4B5xiqvHpaVDhAkcp
ivkOialODZqkgDvq2IOSD97sATX5qS0+CcE9usPCBHym4UDycjSV2zOMFPOCNu94
fyEk+dDRFNzMrBCNYAT3PsMXb4JKhCUE5eKwfZHP02yKALn41XumnPptoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvN+a6Jioisg7FoS1RQRs4pn6OUMB8GA1UdIwQY
MBaAFONtWU9f44K+ws6OOjGo8o5tl8AeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDIxWlQxX2pncjdDem80Nk1hanlqbTJYd0I0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9lNWRmNDktNDRiOC00MzRlLWE4MTEt
NTcxOTQ2NjhjZWE5LzEvYTgzNXJvbUtpS3lEc1doTFZGQkd6aW1mbzVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9lNWRmNDktNDRiOC00MzRlLWE4MTEtNTcxOTQ2NjhjZWE5
LzEvNDIxWlQxX2pncjdDem80Nk1hanlqbTJYd0I0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuetPMA0G
CSqGSIb3DQEBCwUAA4IBAQCHCguOgV9T6+8nhkBzYByoD6J0Rg26HLhzd5iTsEG+
seWjLv9TghH+m86mIW4WEop+waY6gKGlGWOL1vTSdkUQBOldWwBqRnqwlxIiQLHW
RdihGqAUncKX5lZiItg5tCf2a28M1Lwdo7mhuTkUzfg3sKmkhgtNWNzbgDQ6BkLV
7x4Mn3yTJ1q2q3yIiJlDFiqd6ZHVhFLmlDHho91QMLZAK0jCNEvuQFvQbWv2KrKJ
8kgraNaEZrQYZDHRCn5UjQiod2W5Jnxebys8EGnbqKxjIt5s9deUi5fWFed9gDyR
AR92G1uFS6WjRdDph0BSKehhZrqGqeh6DWVj6MHWFhDW
-----END CERTIFICATE-----