Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/6dRsLJ5J69_rsQXIRHXOC2z_5dE.roa
File:                     6dRsLJ5J69_rsQXIRHXOC2z_5dE.roa (raw, json)
Hash identifier:          0D/9pUz1X/JKKYGr6Ne59g8RhrUlGqsuwmmjDLCy+xw=
Subject key identifier:   E9:D4:6C:2C:9E:49:EB:DF:EB:B1:05:C8:44:75:CE:0B:6C:FF:E5:D1
Certificate issuer:       /CN=42239fb9af128428f84fed9f358686717ed97601
Certificate serial:       019F0067663A33CAD8FFD65E29DB2E41F200
Authority key identifier: 42:23:9F:B9:AF:12:84:28:F8:4F:ED:9F:35:86:86:71:7E:D9:76:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/6dRsLJ5J69_rsQXIRHXOC2z_5dE.roa
Signing time:             Thu 25 Jun 2026 20:10:03 +0000
ROA not before:           Thu 25 Jun 2026 20:10:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44620
IP address blocks:        153.52.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:00:67:66:3a:33:ca:d8:ff:d6:5e:29:db:2e:41:f2:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42239fb9af128428f84fed9f358686717ed97601
        Validity
            Not Before: Jun 25 20:10:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e9d46c2c9e49ebdfebb105c84475ce0b6cffe5d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f3:32:4f:39:30:02:b2:57:55:6e:f5:b5:af:
                    ac:61:04:2a:58:56:54:28:b8:7f:b0:7f:2a:1e:cf:
                    41:2c:01:d0:0f:f9:8f:da:e5:2d:4b:e2:a5:74:18:
                    d5:c3:85:23:41:39:8b:2d:91:4e:a0:57:24:6b:39:
                    d7:1f:23:50:0d:9c:6f:e6:bc:99:8f:f0:0a:88:5e:
                    aa:78:0d:3b:29:a6:ad:31:5d:7b:c9:a4:56:ce:79:
                    d4:18:f1:98:6d:59:7f:38:06:32:6e:de:bb:ad:31:
                    61:dd:54:bb:9f:dc:ab:88:f6:dd:e5:bc:cf:74:1c:
                    7e:da:c0:aa:d7:3d:c7:34:8f:d0:ca:4b:b7:86:65:
                    d9:fe:17:11:43:a6:62:31:0b:d6:db:1f:c4:d0:b4:
                    90:09:bf:bb:fb:43:6b:3c:af:72:1a:0f:ec:aa:5d:
                    d7:be:2b:47:d7:0d:75:21:68:14:73:63:e1:23:b7:
                    5c:27:cc:3b:6f:ac:b3:47:d7:e6:80:18:94:e9:fd:
                    1b:67:c4:c5:1f:2f:88:2a:6f:7c:b5:e7:d5:c8:12:
                    68:da:0d:19:12:9d:c1:9c:df:6a:31:39:77:4c:af:
                    c1:e2:3b:63:7a:c8:6c:3a:de:50:06:73:ec:88:f1:
                    b7:6a:5e:13:70:b1:0d:bd:aa:13:2c:61:28:a2:8f:
                    4c:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:D4:6C:2C:9E:49:EB:DF:EB:B1:05:C8:44:75:CE:0B:6C:FF:E5:D1
            X509v3 Authority Key Identifier:
                keyid:42:23:9F:B9:AF:12:84:28:F8:4F:ED:9F:35:86:86:71:7E:D9:76:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/6dRsLJ5J69_rsQXIRHXOC2z_5dE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.52.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:be:1a:ef:98:c4:93:92:54:28:2b:ff:c1:61:7d:79:37:38:
         ef:0c:b8:d2:84:f9:99:e1:09:e2:02:bd:b2:58:d2:c2:31:19:
         46:44:a5:cc:f2:47:74:67:f2:9e:8e:ad:56:fc:09:ba:89:c6:
         0c:5e:12:a6:b0:60:a5:cd:64:5a:1e:03:7b:60:fd:32:c4:14:
         70:74:43:b4:cd:cf:bc:83:e7:4e:16:cc:af:2f:62:c6:dc:31:
         0f:d7:b3:ef:6d:d9:f5:09:e4:30:68:cd:f9:a5:fd:bc:3c:b2:
         78:33:da:80:6d:e6:03:b8:e8:21:67:50:e1:82:27:e4:33:c5:
         51:f3:92:2c:2c:2e:c9:02:51:18:b1:fe:78:10:59:86:0a:36:
         4a:6d:a4:b8:9f:14:e2:11:bf:80:54:34:5c:17:c1:98:59:07:
         7c:1d:49:98:3f:9c:b4:0e:b4:65:ff:bd:93:4f:87:32:d0:f7:
         19:df:69:3e:1b:21:8d:f8:f9:3c:d2:a2:18:1b:bd:d7:eb:65:
         ba:83:77:d3:06:51:65:45:e7:50:30:b9:41:3e:12:26:af:ef:
         29:3d:61:31:8c:29:d9:22:92:32:6a:46:da:97:c3:73:52:9a:
         0f:71:fe:d6:c4:6d:55:f6:c1:5c:d5:0b:17:80:ca:8c:47:f1:
         5e:eb:4d:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8AZ2Y6M8rY/9ZeKdsuQfIAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMjM5ZmI5YWYxMjg0MjhmODRmZWQ5ZjM1ODY4NjcxN2Vk
OTc2MDEwHhcNMjYwNjI1MjAxMDAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWQ0NmMyYzllNDllYmRmZWJiMTA1Yzg0NDc1Y2UwYjZjZmZlNWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/MyTzkwArJXVW71ta+sYQQqWFZU
KLh/sH8qHs9BLAHQD/mP2uUtS+KldBjVw4UjQTmLLZFOoFckaznXHyNQDZxv5ryZ
j/AKiF6qeA07KaatMV17yaRWznnUGPGYbVl/OAYybt67rTFh3VS7n9yriPbd5bzP
dBx+2sCq1z3HNI/Qyku3hmXZ/hcRQ6ZiMQvW2x/E0LSQCb+7+0NrPK9yGg/sql3X
vitH1w11IWgUc2PhI7dcJ8w7b6yzR9fmgBiU6f0bZ8TFHy+IKm98tefVyBJo2g0Z
Ep3BnN9qMTl3TK/B4jtjeshsOt5QBnPsiPG3al4TcLENvaoTLGEooo9M+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOnUbCyeSevf67EFyER1zgts/+XRMB8GA1UdIwQY
MBaAFEIjn7mvEoQo+E/tnzWGhnF+2XYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWlPZnVhOFNoQ2o0VC0yZk5ZYUdjWDdaZGdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8zZTNkNDAtMmFlNC00M2YzLWFlN2Mt
YmM1NDAzYWMyYTk1LzEvNmRSc0xKNUo2OV9yc1FYSVJIWE9DMnpfNWRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8zZTNkNDAtMmFlNC00M2YzLWFlN2MtYmM1NDAzYWMyYTk1
LzEvUWlPZnVhOFNoQ2o0VC0yZk5ZYUdjWDdaZGdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmTRcMA0G
CSqGSIb3DQEBCwUAA4IBAQA+vhrvmMSTklQoK//BYX15NzjvDLjShPmZ4QniAr2y
WNLCMRlGRKXM8kd0Z/Kejq1W/Am6icYMXhKmsGClzWRaHgN7YP0yxBRwdEO0zc+8
g+dOFsyvL2LG3DEP17Pvbdn1CeQwaM35pf28PLJ4M9qAbeYDuOghZ1DhgifkM8VR
85IsLC7JAlEYsf54EFmGCjZKbaS4nxTiEb+AVDRcF8GYWQd8HUmYP5y0DrRl/72T
T4cy0PcZ32k+GyGN+Pk80qIYG73X62W6g3fTBlFlRedQMLlBPhImr+8pPWExjCnZ
IpIyakbal8NzUpoPcf7WxG1V9sFc1QsXgMqMR/Fe603f
-----END CERTIFICATE-----