Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f111ff-acea-4be9-b356-54629b92b683/1/MSkSuk2uY3DEvPKjzciz_6zSiBs.roa
File:                     MSkSuk2uY3DEvPKjzciz_6zSiBs.roa (raw, json)
Hash identifier:          bKmP81Ny3lbO1lhfJcpvSqIFO1Qid3YCkNlkgwazZYI=
Subject key identifier:   31:29:12:BA:4D:AE:63:70:C4:BC:F2:A3:CD:C8:B3:FF:AC:D2:88:1B
Certificate issuer:       /CN=f546f5c80c3ca82cf48ddabb63c6046a6812b743
Certificate serial:       019EACCA7C599EF0E81B0C9DDF297800E26A
Authority key identifier: F5:46:F5:C8:0C:3C:A8:2C:F4:8D:DA:BB:63:C6:04:6A:68:12:B7:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Ub1yAw8qCz0jdq7Y8YEamgSt0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f111ff-acea-4be9-b356-54629b92b683/1/MSkSuk2uY3DEvPKjzciz_6zSiBs.roa
Signing time:             Tue 09 Jun 2026 14:30:11 +0000
ROA not before:           Tue 09 Jun 2026 14:30:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213069
IP address blocks:        213.177.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f111ff-acea-4be9-b356-54629b92b683/1/9Ub1yAw8qCz0jdq7Y8YEamgSt0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f111ff-acea-4be9-b356-54629b92b683/1/9Ub1yAw8qCz0jdq7Y8YEamgSt0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Ub1yAw8qCz0jdq7Y8YEamgSt0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 22:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:ca:7c:59:9e:f0:e8:1b:0c:9d:df:29:78:00:e2:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f546f5c80c3ca82cf48ddabb63c6046a6812b743
        Validity
            Not Before: Jun  9 14:30:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=312912ba4dae6370c4bcf2a3cdc8b3ffacd2881b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:4c:55:f9:5c:a6:54:b7:b6:88:33:7e:e5:2b:
                    7d:3a:e3:14:58:24:e1:64:19:bf:cf:c6:64:92:50:
                    e1:30:e0:43:60:36:16:12:07:f6:ee:dc:ac:06:00:
                    7e:ce:f6:8a:4e:f3:68:24:b0:2d:81:9c:25:a9:72:
                    23:e6:c3:1e:f5:3a:5c:2d:bb:32:6c:63:02:be:15:
                    64:88:1b:e8:4e:6a:63:8d:8e:47:04:84:0f:7d:57:
                    59:b8:db:7b:e5:c5:7e:83:3e:d6:62:3a:64:94:c0:
                    e2:aa:09:23:38:07:c3:cd:66:0b:62:7f:7e:0b:11:
                    ec:f1:c5:d2:13:a9:53:ad:73:9e:4b:a1:4a:4f:8a:
                    a0:f1:fd:28:a0:a1:f0:cb:45:87:11:63:db:06:8a:
                    46:28:54:99:42:e2:20:ba:70:27:32:13:6a:ed:df:
                    a4:81:cd:52:92:12:4a:ea:3c:5d:12:48:6d:03:13:
                    6f:90:0e:68:a5:93:01:90:f2:45:ec:ff:e0:7a:15:
                    9c:0e:fc:35:23:53:00:cc:4a:99:9b:e8:1d:16:e3:
                    c2:b4:31:ba:7c:8c:a5:10:5f:d7:a1:51:b1:7f:01:
                    74:27:73:36:49:41:13:be:26:7e:60:0c:32:3b:0b:
                    54:a7:1f:ab:6b:ee:c4:8e:a2:9b:51:1e:94:0e:f3:
                    2d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:29:12:BA:4D:AE:63:70:C4:BC:F2:A3:CD:C8:B3:FF:AC:D2:88:1B
            X509v3 Authority Key Identifier:
                keyid:F5:46:F5:C8:0C:3C:A8:2C:F4:8D:DA:BB:63:C6:04:6A:68:12:B7:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Ub1yAw8qCz0jdq7Y8YEamgSt0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f111ff-acea-4be9-b356-54629b92b683/1/MSkSuk2uY3DEvPKjzciz_6zSiBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f111ff-acea-4be9-b356-54629b92b683/1/9Ub1yAw8qCz0jdq7Y8YEamgSt0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.177.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:bf:4d:ff:af:52:a7:4e:9c:40:f1:2f:45:47:3a:4c:66:9e:
         29:d9:74:23:fa:1b:f4:39:22:b6:56:57:98:77:81:1d:ce:ba:
         24:12:06:1a:fa:06:ab:9b:8d:aa:ad:84:89:22:48:b9:97:c2:
         cf:b5:7c:38:f6:6a:ca:a1:30:57:39:71:f5:fa:aa:ad:3b:18:
         56:06:0c:76:26:a8:2e:1f:61:f2:04:ec:a7:cd:d3:8c:95:a7:
         d8:52:7e:c7:fe:e0:7e:e6:84:4d:d2:ac:77:a7:a9:f4:62:f1:
         d9:16:81:8c:b6:38:d2:05:8d:f8:66:1c:59:5b:16:35:09:c3:
         71:68:f9:b7:25:40:cf:8e:2c:38:77:dd:a2:fc:fb:00:c5:12:
         25:6f:2e:f1:16:83:b4:22:06:6c:ca:d6:9f:90:99:e1:3a:16:
         c3:be:d8:ae:c7:e6:27:1a:d9:51:c0:be:12:0d:f7:39:9c:05:
         1b:fb:3a:bb:47:a4:3b:0d:74:29:91:0e:fb:f9:15:05:9a:d2:
         2b:83:6f:51:cc:4e:6a:ea:65:2a:ff:ab:96:0a:44:8e:63:54:
         dc:32:3a:c0:aa:f6:0b:57:ae:8a:1e:9b:ca:47:55:3a:30:7c:
         75:ea:66:9a:71:fb:49:71:5c:1d:84:ca:58:0a:82:78:42:b9:
         cb:17:62:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6synxZnvDoGwyd3yl4AOJqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NDZmNWM4MGMzY2E4MmNmNDhkZGFiYjYzYzYwNDZhNjgx
MmI3NDMwHhcNMjYwNjA5MTQzMDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTI5MTJiYTRkYWU2MzcwYzRiY2YyYTNjZGM4YjNmZmFjZDI4ODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+kxV+VymVLe2iDN+5St9OuMUWCTh
ZBm/z8ZkklDhMOBDYDYWEgf27tysBgB+zvaKTvNoJLAtgZwlqXIj5sMe9TpcLbsy
bGMCvhVkiBvoTmpjjY5HBIQPfVdZuNt75cV+gz7WYjpklMDiqgkjOAfDzWYLYn9+
CxHs8cXSE6lTrXOeS6FKT4qg8f0ooKHwy0WHEWPbBopGKFSZQuIgunAnMhNq7d+k
gc1SkhJK6jxdEkhtAxNvkA5opZMBkPJF7P/gehWcDvw1I1MAzEqZm+gdFuPCtDG6
fIylEF/XoVGxfwF0J3M2SUETviZ+YAwyOwtUpx+ra+7EjqKbUR6UDvMtQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDEpErpNrmNwxLzyo83Is/+s0ogbMB8GA1UdIwQY
MBaAFPVG9cgMPKgs9I3au2PGBGpoErdDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVViMXlBdzhxQ3owamRxN1k4WUVhbWdTdDBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mMTExZmYtYWNlYS00YmU5LWIzNTYt
NTQ2MjliOTJiNjgzLzEvTVNrU3VrMnVZM0RFdlBLanpjaXpfNnpTaUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mMTExZmYtYWNlYS00YmU5LWIzNTYtNTQ2MjliOTJiNjgz
LzEvOVViMXlBdzhxQ3owamRxN1k4WUVhbWdTdDBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bGxMA0G
CSqGSIb3DQEBCwUAA4IBAQB3v03/r1KnTpxA8S9FRzpMZp4p2XQj+hv0OSK2VleY
d4EdzrokEgYa+garm42qrYSJIki5l8LPtXw49mrKoTBXOXH1+qqtOxhWBgx2Jqgu
H2HyBOynzdOMlafYUn7H/uB+5oRN0qx3p6n0YvHZFoGMtjjSBY34ZhxZWxY1CcNx
aPm3JUDPjiw4d92i/PsAxRIlby7xFoO0IgZsytafkJnhOhbDvtiux+YnGtlRwL4S
Dfc5nAUb+zq7R6Q7DXQpkQ77+RUFmtIrg29RzE5q6mUq/6uWCkSOY1TcMjrAqvYL
V66KHpvKR1U6MHx16maacftJcVwdhMpYCoJ4QrnLF2Jy
-----END CERTIFICATE-----