Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/SZtukkjRXiwa2MP-xz2orv9e2EQ.roa
File:                     SZtukkjRXiwa2MP-xz2orv9e2EQ.roa (raw, json)
Hash identifier:          SI1p9E5oAtOUP1K3tQ3v2d/3208FkwLNQ2JaBJZUxeU=
Subject key identifier:   49:9B:6E:92:48:D1:5E:2C:1A:D8:C3:FE:C7:3D:A8:AE:FF:5E:D8:44
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       019EC07D353765FB88B404D003D53B99D1BD
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/SZtukkjRXiwa2MP-xz2orv9e2EQ.roa
Signing time:             Sat 13 Jun 2026 10:18:11 +0000
ROA not before:           Sat 13 Jun 2026 10:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     265919
IP address blocks:        185.219.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 19:57:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c0:7d:35:37:65:fb:88:b4:04:d0:03:d5:3b:99:d1:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Jun 13 10:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=499b6e9248d15e2c1ad8c3fec73da8aeff5ed844
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f4:2d:dc:ae:3d:25:45:97:81:e7:88:a7:e1:
                    e9:73:e5:18:eb:d4:5c:ec:ac:9b:43:64:7f:3e:a3:
                    6b:c0:57:96:f3:8d:7e:e2:a6:5d:14:cb:29:a3:42:
                    1b:9a:90:69:29:a1:fa:14:b3:6e:47:cc:df:50:1e:
                    85:a2:4d:12:72:61:b9:9e:6a:b0:87:e4:59:19:46:
                    43:6d:e9:5b:8d:48:b2:b9:de:69:1f:c2:da:00:7d:
                    e1:e5:37:15:b6:41:cc:0d:ee:8d:1f:b7:01:0b:b3:
                    75:5b:42:0e:8f:8c:59:3d:be:a7:af:da:c5:39:05:
                    9e:39:ce:6a:9b:65:fe:b4:d3:87:63:7e:13:3b:cc:
                    1d:1d:de:f9:80:53:47:8c:d1:f2:e3:c3:a4:5b:80:
                    7a:b7:d9:2d:41:ed:4d:d9:f8:2c:be:d1:50:42:50:
                    e8:1c:33:de:b8:5d:86:22:85:ef:90:7b:f2:f4:1e:
                    c3:79:65:07:1c:40:c4:bc:01:d7:61:dc:1e:74:a1:
                    d4:0b:94:52:8d:e0:f2:83:b2:f2:8f:5f:71:0d:e0:
                    1a:cc:c7:2c:c4:07:a2:3e:ab:2a:83:b4:58:29:5d:
                    5e:17:02:f5:ec:b0:c6:16:1a:57:97:60:4c:60:d5:
                    39:79:3a:a7:35:12:a1:cc:63:45:95:9c:2d:29:48:
                    bf:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:9B:6E:92:48:D1:5E:2C:1A:D8:C3:FE:C7:3D:A8:AE:FF:5E:D8:44
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/SZtukkjRXiwa2MP-xz2orv9e2EQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:99:80:64:69:c9:80:b3:7d:99:81:1b:5c:42:60:a9:42:4c:
         e4:e4:28:bb:0a:36:e2:f4:4a:6d:f9:68:9b:aa:a1:3f:40:8b:
         cd:69:48:fc:1c:ca:8e:55:ef:b5:2f:4c:b5:03:e8:95:6e:42:
         15:f6:05:93:0f:1c:d0:fe:2c:47:c6:e8:fc:19:8e:f4:44:46:
         c8:30:f3:ef:fa:c7:f3:0b:c8:fd:8c:dd:56:69:e5:d8:e1:e1:
         8e:2c:d9:c4:86:04:80:da:c5:89:9e:97:db:1a:e0:7b:b9:60:
         36:ba:99:91:3c:c4:d2:94:e3:95:08:3c:5f:1e:f5:e8:94:61:
         c2:d1:c8:5b:b4:b4:10:27:bd:29:3f:c7:6a:ef:dc:70:18:0d:
         96:17:72:b0:e1:38:a3:7c:a8:64:31:15:07:2b:61:57:f4:9f:
         c1:cd:2b:cf:89:13:4b:96:51:c0:48:d7:ab:4f:ce:11:39:3d:
         1d:32:a6:f8:48:1b:69:f7:38:c5:92:a6:8b:aa:d0:53:92:18:
         a1:c1:0f:e2:31:1f:cc:6a:b5:43:cc:95:bc:d8:c0:75:ab:84:
         30:b1:63:a1:5b:ad:42:f9:d6:18:83:25:af:57:a2:9d:64:d6:
         97:58:ae:d5:b9:25:bd:cd:fd:d8:ad:f3:8a:9e:75:aa:78:8b:
         cf:54:76:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7AfTU3ZfuItATQA9U7mdG9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjYwNjEzMTAxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTliNmU5MjQ4ZDE1ZTJjMWFkOGMzZmVjNzNkYThhZWZmNWVkODQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/Qt3K49JUWXgeeIp+Hpc+UY69Rc
7KybQ2R/PqNrwFeW841+4qZdFMspo0IbmpBpKaH6FLNuR8zfUB6Fok0ScmG5nmqw
h+RZGUZDbelbjUiyud5pH8LaAH3h5TcVtkHMDe6NH7cBC7N1W0IOj4xZPb6nr9rF
OQWeOc5qm2X+tNOHY34TO8wdHd75gFNHjNHy48OkW4B6t9ktQe1N2fgsvtFQQlDo
HDPeuF2GIoXvkHvy9B7DeWUHHEDEvAHXYdwedKHUC5RSjeDyg7Lyj19xDeAazMcs
xAeiPqsqg7RYKV1eFwL17LDGFhpXl2BMYNU5eTqnNRKhzGNFlZwtKUi/8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmbbpJI0V4sGtjD/sc9qK7/XthEMB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvU1p0dWtralJYaXdhMk1QLXh6Mm9ydjllMkVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudu9MA0G
CSqGSIb3DQEBCwUAA4IBAQCamYBkacmAs32ZgRtcQmCpQkzk5Ci7Cjbi9Ept+Wib
qqE/QIvNaUj8HMqOVe+1L0y1A+iVbkIV9gWTDxzQ/ixHxuj8GY70REbIMPPv+sfz
C8j9jN1WaeXY4eGOLNnEhgSA2sWJnpfbGuB7uWA2upmRPMTSlOOVCDxfHvXolGHC
0chbtLQQJ70pP8dq79xwGA2WF3Kw4TijfKhkMRUHK2FX9J/BzSvPiRNLllHASNer
T84ROT0dMqb4SBtp9zjFkqaLqtBTkhihwQ/iMR/MarVDzJW82MB1q4QwsWOhW61C
+dYYgyWvV6KdZNaXWK7VuSW9zf3YrfOKnnWqeIvPVHYv
-----END CERTIFICATE-----