Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/a3bad7-7c93-4a07-9915-4f7cdc40de1c/1/6LfIaA-RGpt6UyHGaFPtgWSzWoo.roa
File:                     6LfIaA-RGpt6UyHGaFPtgWSzWoo.roa (raw, json)
Hash identifier:          aw5x8nH1XT0Cri8yXXadKOmXkKAkU7N+vk6+l2iRF90=
Subject key identifier:   E8:B7:C8:68:0F:91:1A:9B:7A:53:21:C6:68:53:ED:81:64:B3:5A:8A
Certificate issuer:       /CN=a30a9d60590a6899426386b1e36163ade169a3c6
Certificate serial:       019F11FF8A85C493C62741E4754D28AF9F25
Authority key identifier: A3:0A:9D:60:59:0A:68:99:42:63:86:B1:E3:61:63:AD:E1:69:A3:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/owqdYFkKaJlCY4ax42FjreFpo8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/a3bad7-7c93-4a07-9915-4f7cdc40de1c/1/6LfIaA-RGpt6UyHGaFPtgWSzWoo.roa
Signing time:             Mon 29 Jun 2026 06:09:47 +0000
ROA not before:           Mon 29 Jun 2026 06:09:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15943
IP address blocks:        91.227.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/a3bad7-7c93-4a07-9915-4f7cdc40de1c/1/owqdYFkKaJlCY4ax42FjreFpo8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/a3bad7-7c93-4a07-9915-4f7cdc40de1c/1/owqdYFkKaJlCY4ax42FjreFpo8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/owqdYFkKaJlCY4ax42FjreFpo8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 14:31:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:11:ff:8a:85:c4:93:c6:27:41:e4:75:4d:28:af:9f:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a30a9d60590a6899426386b1e36163ade169a3c6
        Validity
            Not Before: Jun 29 06:09:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e8b7c8680f911a9b7a5321c66853ed8164b35a8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:bc:fc:59:20:5d:8b:a3:dc:ce:87:b0:7d:7d:
                    ad:fe:c9:7a:43:bf:5b:0e:58:0c:1d:a5:b0:e8:40:
                    c0:41:e1:45:d7:8f:be:f6:98:10:a7:6d:c8:ea:46:
                    9b:1b:7e:94:25:1c:81:ea:ea:e5:75:cc:47:39:5e:
                    49:b6:8c:d2:3c:db:5e:81:ff:1a:91:e9:13:1b:13:
                    8f:cb:a9:4a:d7:77:a5:6f:1a:41:f0:0b:dc:2d:8b:
                    0e:ad:f6:97:e3:9d:e0:98:8f:a2:e0:a6:12:05:65:
                    e1:1f:59:98:ce:3f:43:c0:bd:e1:9c:9c:54:fb:99:
                    51:86:1c:fe:ba:b0:cb:21:91:0e:96:0a:9f:4b:b0:
                    65:e7:8a:bc:d4:2c:7a:ff:12:dd:f0:56:92:a4:95:
                    cf:0c:31:e8:c2:29:a0:e1:79:5b:61:e6:a7:c2:7b:
                    bc:22:1f:e1:7e:51:d6:56:27:86:bf:04:5e:91:9d:
                    c6:0c:4e:03:73:20:df:02:d1:b7:3f:37:d1:8b:34:
                    49:e9:60:b8:a7:20:3a:cf:47:00:14:fe:72:03:a9:
                    84:c6:ec:b3:b2:58:28:f1:78:3b:fb:6a:04:5b:93:
                    86:7e:b6:d1:ad:88:9f:f5:45:d7:48:12:db:e8:2f:
                    56:2e:25:a3:48:04:2a:a4:52:c0:62:70:2e:5d:4e:
                    24:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:B7:C8:68:0F:91:1A:9B:7A:53:21:C6:68:53:ED:81:64:B3:5A:8A
            X509v3 Authority Key Identifier:
                keyid:A3:0A:9D:60:59:0A:68:99:42:63:86:B1:E3:61:63:AD:E1:69:A3:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/owqdYFkKaJlCY4ax42FjreFpo8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/a3bad7-7c93-4a07-9915-4f7cdc40de1c/1/6LfIaA-RGpt6UyHGaFPtgWSzWoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/a3bad7-7c93-4a07-9915-4f7cdc40de1c/1/owqdYFkKaJlCY4ax42FjreFpo8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:33:91:cd:36:bc:06:fa:d6:b0:88:9f:aa:42:e4:30:9c:26:
         73:53:d9:a6:05:27:d7:9f:bf:05:10:bd:53:50:0a:99:74:19:
         3f:3e:43:28:49:92:42:e9:24:a6:7a:7d:fa:de:f2:4e:7a:f7:
         a9:53:d9:60:a4:f1:66:d0:25:f3:f2:d6:82:4c:51:4c:5e:c8:
         1f:02:ef:c2:1a:9e:4e:d1:48:28:12:10:18:31:89:4d:2f:cb:
         4a:33:ab:96:2f:1a:b7:20:ff:ca:54:a6:97:d1:ef:f8:cc:9b:
         53:be:d1:92:b4:9f:82:c9:79:3b:f7:eb:12:41:36:91:cb:d2:
         d5:e3:c6:48:77:94:1e:1e:3e:01:44:33:c6:4c:20:f7:ff:cb:
         55:33:60:23:04:b8:57:66:04:0d:0b:d8:89:ff:1a:c0:26:11:
         0f:a3:2b:10:e3:65:94:d1:c3:69:7d:bc:60:50:f2:9f:03:87:
         11:6a:36:d7:55:01:33:4f:01:f0:1a:f0:b2:0b:80:cc:8c:3d:
         ff:95:40:70:43:e7:e1:46:99:38:73:a3:ef:8c:06:7b:c5:75:
         d7:3a:96:7e:e8:ea:7d:58:de:24:af:ce:8b:fc:65:3a:e2:58:
         6b:ba:6d:ff:d0:ad:62:71:ae:8a:b9:38:cd:62:de:d5:f1:ac:
         d8:ab:a9:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8R/4qFxJPGJ0HkdU0or58lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMGE5ZDYwNTkwYTY4OTk0MjYzODZiMWUzNjE2M2FkZTE2
OWEzYzYwHhcNMjYwNjI5MDYwOTQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGI3Yzg2ODBmOTExYTliN2E1MzIxYzY2ODUzZWQ4MTY0YjM1YThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7z8WSBdi6PczoewfX2t/sl6Q79b
DlgMHaWw6EDAQeFF14++9pgQp23I6kabG36UJRyB6urldcxHOV5JtozSPNtegf8a
kekTGxOPy6lK13elbxpB8AvcLYsOrfaX453gmI+i4KYSBWXhH1mYzj9DwL3hnJxU
+5lRhhz+urDLIZEOlgqfS7Bl54q81Cx6/xLd8FaSpJXPDDHowimg4XlbYeanwnu8
Ih/hflHWVieGvwRekZ3GDE4DcyDfAtG3PzfRizRJ6WC4pyA6z0cAFP5yA6mExuyz
slgo8Xg7+2oEW5OGfrbRrYif9UXXSBLb6C9WLiWjSAQqpFLAYnAuXU4kbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOi3yGgPkRqbelMhxmhT7YFks1qKMB8GA1UdIwQY
MBaAFKMKnWBZCmiZQmOGseNhY63haaPGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3dxZFlGa0thSmxDWTRheDQyRmpyZUZwbzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9hM2JhZDctN2M5My00YTA3LTk5MTUt
NGY3Y2RjNDBkZTFjLzEvNkxmSWFBLVJHcHQ2VXlIR2FGUHRnV1N6V29vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9hM2JhZDctN2M5My00YTA3LTk5MTUtNGY3Y2RjNDBkZTFj
LzEvb3dxZFlGa0thSmxDWTRheDQyRmpyZUZwbzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+PwMA0G
CSqGSIb3DQEBCwUAA4IBAQBXM5HNNrwG+tawiJ+qQuQwnCZzU9mmBSfXn78FEL1T
UAqZdBk/PkMoSZJC6SSmen363vJOevepU9lgpPFm0CXz8taCTFFMXsgfAu/CGp5O
0UgoEhAYMYlNL8tKM6uWLxq3IP/KVKaX0e/4zJtTvtGStJ+CyXk79+sSQTaRy9LV
48ZId5QeHj4BRDPGTCD3/8tVM2AjBLhXZgQNC9iJ/xrAJhEPoysQ42WU0cNpfbxg
UPKfA4cRajbXVQEzTwHwGvCyC4DMjD3/lUBwQ+fhRpk4c6PvjAZ7xXXXOpZ+6Op9
WN4kr86L/GU64lhrum3/0K1ica6KuTjNYt7V8azYq6lj
-----END CERTIFICATE-----