Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/6vCqSCljarDUm6oxxIQ3pb1kZFw.roa
File:                     6vCqSCljarDUm6oxxIQ3pb1kZFw.roa (raw, json)
Hash identifier:          FMFFPXye46qkgvJliwSmSLxawUDf9GZDVDx3/Z/BmJg=
Subject key identifier:   EA:F0:AA:48:29:63:6A:B0:D4:9B:AA:31:C4:84:37:A5:BD:64:64:5C
Certificate issuer:       /CN=42239fb9af128428f84fed9f358686717ed97601
Certificate serial:       019EAE4DC0674B4878CDD6094BEBCF6735BC
Authority key identifier: 42:23:9F:B9:AF:12:84:28:F8:4F:ED:9F:35:86:86:71:7E:D9:76:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/6vCqSCljarDUm6oxxIQ3pb1kZFw.roa
Signing time:             Tue 09 Jun 2026 21:33:11 +0000
ROA not before:           Tue 09 Jun 2026 21:33:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199412
IP address blocks:        153.52.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ae:4d:c0:67:4b:48:78:cd:d6:09:4b:eb:cf:67:35:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42239fb9af128428f84fed9f358686717ed97601
        Validity
            Not Before: Jun  9 21:33:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eaf0aa4829636ab0d49baa31c48437a5bd64645c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ed:b6:6f:82:13:e8:5d:b1:67:46:ca:63:a7:
                    23:42:72:36:05:b0:e5:01:85:6f:2f:b8:a5:8f:6b:
                    28:87:fa:55:c3:b2:11:b5:78:cc:c3:7e:75:89:fb:
                    7b:95:96:c4:6c:bd:3a:bb:64:24:3b:cd:ee:a7:09:
                    2d:db:a2:82:3e:51:cd:f1:48:0c:ee:5b:3e:13:49:
                    2a:83:ac:74:8d:eb:2b:9b:c5:61:ee:b2:b1:84:bf:
                    18:7d:b8:82:c5:aa:53:5d:78:3e:e5:2d:54:b9:da:
                    39:3a:80:52:75:3b:c8:a4:be:0e:13:2b:ed:0f:10:
                    05:84:8e:f2:33:60:46:b4:68:b9:9a:00:b9:10:28:
                    4e:6b:e2:c2:06:5a:83:87:a7:65:52:d1:e0:52:dd:
                    80:15:f6:d3:6b:aa:23:a6:98:21:56:54:cd:fc:dd:
                    2f:a2:7e:65:d2:8d:c9:15:eb:06:68:bc:20:a6:5f:
                    c0:c1:ad:d8:e6:c3:33:64:96:00:a4:11:54:6b:68:
                    a9:31:64:2f:88:05:68:ec:2f:e9:8f:8f:3e:bc:0d:
                    94:72:90:41:b8:c0:d3:00:1f:b2:84:29:0c:a0:52:
                    98:e5:b5:de:49:f3:57:f6:3e:1c:47:f5:8c:de:73:
                    c9:4e:de:86:e0:c2:dc:f6:a4:f1:31:77:9f:9e:86:
                    df:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:F0:AA:48:29:63:6A:B0:D4:9B:AA:31:C4:84:37:A5:BD:64:64:5C
            X509v3 Authority Key Identifier:
                keyid:42:23:9F:B9:AF:12:84:28:F8:4F:ED:9F:35:86:86:71:7E:D9:76:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/6vCqSCljarDUm6oxxIQ3pb1kZFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.52.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:17:17:44:95:18:0d:81:c7:41:13:fb:f3:59:1b:41:60:a6:
         9d:30:33:f4:03:6a:ae:d5:7d:a1:50:78:10:8c:d3:9f:8f:db:
         71:97:fc:40:96:0a:b3:0f:29:76:2e:02:c5:86:5f:23:2a:95:
         13:b4:42:cc:e5:14:1b:04:5a:98:88:82:cc:17:7b:09:3d:05:
         25:83:f6:45:0a:57:02:7d:ba:54:42:03:05:eb:e6:17:41:58:
         e3:39:da:4d:fc:7e:a7:0b:e4:50:65:ef:57:0f:20:de:3a:ef:
         2d:13:e8:ac:12:a9:63:ee:9a:29:58:13:9d:47:9a:b7:2f:95:
         61:92:aa:05:06:0c:9f:c2:4b:13:09:d0:40:6e:b1:0f:66:50:
         18:ae:60:a0:2f:92:f9:88:57:31:e5:ce:2d:bb:1c:50:d6:17:
         f8:95:1c:f1:8b:ab:2e:51:e4:a6:94:3c:5e:0d:88:c9:3a:45:
         d7:9d:e9:c5:4d:90:05:81:4c:c7:50:1d:4d:66:6e:25:5b:c5:
         f9:af:4d:df:b7:1e:d2:f8:af:a4:59:ac:b2:4b:bf:02:68:b7:
         56:db:a0:62:04:83:ab:30:e9:1b:de:1e:d9:fe:7b:91:d8:c2:
         bc:99:c4:70:6a:2b:05:b7:34:f3:df:ea:e7:59:61:02:9e:50:
         02:75:51:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6uTcBnS0h4zdYJS+vPZzW8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMjM5ZmI5YWYxMjg0MjhmODRmZWQ5ZjM1ODY4NjcxN2Vk
OTc2MDEwHhcNMjYwNjA5MjEzMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWYwYWE0ODI5NjM2YWIwZDQ5YmFhMzFjNDg0MzdhNWJkNjQ2NDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzO22b4IT6F2xZ0bKY6cjQnI2BbDl
AYVvL7ilj2soh/pVw7IRtXjMw351ift7lZbEbL06u2QkO83upwkt26KCPlHN8UgM
7ls+E0kqg6x0jesrm8Vh7rKxhL8YfbiCxapTXXg+5S1Uudo5OoBSdTvIpL4OEyvt
DxAFhI7yM2BGtGi5mgC5EChOa+LCBlqDh6dlUtHgUt2AFfbTa6ojppghVlTN/N0v
on5l0o3JFesGaLwgpl/Awa3Y5sMzZJYApBFUa2ipMWQviAVo7C/pj48+vA2UcpBB
uMDTAB+yhCkMoFKY5bXeSfNX9j4cR/WM3nPJTt6G4MLc9qTxMXefnobfqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOrwqkgpY2qw1JuqMcSEN6W9ZGRcMB8GA1UdIwQY
MBaAFEIjn7mvEoQo+E/tnzWGhnF+2XYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWlPZnVhOFNoQ2o0VC0yZk5ZYUdjWDdaZGdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8zZTNkNDAtMmFlNC00M2YzLWFlN2Mt
YmM1NDAzYWMyYTk1LzEvNnZDcVNDbGphckRVbTZveHhJUTNwYjFrWkZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8zZTNkNDAtMmFlNC00M2YzLWFlN2MtYmM1NDAzYWMyYTk1
LzEvUWlPZnVhOFNoQ2o0VC0yZk5ZYUdjWDdaZGdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmTR/MA0G
CSqGSIb3DQEBCwUAA4IBAQANFxdElRgNgcdBE/vzWRtBYKadMDP0A2qu1X2hUHgQ
jNOfj9txl/xAlgqzDyl2LgLFhl8jKpUTtELM5RQbBFqYiILMF3sJPQUlg/ZFClcC
fbpUQgMF6+YXQVjjOdpN/H6nC+RQZe9XDyDeOu8tE+isEqlj7popWBOdR5q3L5Vh
kqoFBgyfwksTCdBAbrEPZlAYrmCgL5L5iFcx5c4tuxxQ1hf4lRzxi6suUeSmlDxe
DYjJOkXXnenFTZAFgUzHUB1NZm4lW8X5r03ftx7S+K+kWayyS78CaLdW26BiBIOr
MOkb3h7Z/nuR2MK8mcRwaisFtzTz3+rnWWECnlACdVHk
-----END CERTIFICATE-----