Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/6ODB3kmkTycKUUGgaBw8CV0oyvg.roa
File:                     6ODB3kmkTycKUUGgaBw8CV0oyvg.roa (raw, json)
Hash identifier:          kh7B5e3SIqkOiZf6ijSJ9119+U/tXg+73Pb7ZEDw5Pw=
Subject key identifier:   E8:E0:C1:DE:49:A4:4F:27:0A:51:41:A0:68:1C:3C:09:5D:28:CA:F8
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019D5A2C00521BB84C4C5C0FD11AFAC56A5D
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/6ODB3kmkTycKUUGgaBw8CV0oyvg.roa
Signing time:             Sat 04 Apr 2026 20:25:26 +0000
ROA not before:           Sat 04 Apr 2026 20:25:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402289
IP address blocks:        185.220.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 Apr 2026 23:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5a:2c:00:52:1b:b8:4c:4c:5c:0f:d1:1a:fa:c5:6a:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Apr  4 20:25:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e8e0c1de49a44f270a5141a0681c3c095d28caf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:01:e3:2d:ed:d5:37:7e:54:cd:f3:35:31:cd:
                    73:41:d7:bc:20:ad:6e:6f:c9:8c:b3:0d:63:e9:11:
                    57:54:9e:5a:02:c8:85:a1:c5:11:d1:7c:04:68:40:
                    47:32:ab:26:6b:1e:8f:bb:d5:a1:a5:5d:36:47:17:
                    90:74:6c:a8:92:f2:de:8a:8a:33:25:de:c4:5c:94:
                    51:6a:56:60:a1:4b:59:c1:bb:ed:e8:80:0e:69:c6:
                    21:77:1b:fa:4a:78:77:85:6e:73:31:34:9b:e7:8d:
                    4e:06:2a:9e:28:12:0e:fc:22:60:9c:00:d6:c2:a7:
                    37:46:5e:ef:67:f6:98:3e:dc:f9:c9:7d:be:17:7f:
                    cd:02:b0:50:82:26:59:35:da:a5:a4:01:de:66:dd:
                    9f:ac:a3:90:c7:26:aa:33:03:82:8c:a1:22:44:ef:
                    e9:82:88:7d:dc:ba:0e:85:07:7a:48:9a:93:bc:c2:
                    3f:3b:7d:0c:53:4c:0b:99:f9:8b:34:d4:20:55:bd:
                    38:14:96:7e:17:47:7a:bf:99:4f:06:08:b5:2a:a2:
                    a6:bc:11:4d:a7:09:48:97:0a:f1:47:3a:9c:d5:27:
                    2c:b0:6a:66:e7:b7:43:56:f8:79:98:18:f8:b8:8d:
                    13:4e:d2:06:1b:0b:1a:a1:6f:b6:17:13:f0:62:1b:
                    cc:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:E0:C1:DE:49:A4:4F:27:0A:51:41:A0:68:1C:3C:09:5D:28:CA:F8
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/6ODB3kmkTycKUUGgaBw8CV0oyvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:4c:61:b1:88:1e:d2:76:9d:33:ee:26:be:a3:5c:81:56:7e:
         6e:67:b9:3d:a0:5b:e6:ce:3d:29:33:ff:bd:7a:e4:9d:7a:10:
         ab:cd:76:05:6d:4f:08:99:42:c4:8f:76:42:15:4d:9d:10:de:
         61:cd:ed:18:99:79:77:a8:88:f0:fe:f3:13:71:2a:63:0e:05:
         af:47:4b:15:53:78:fe:ad:1f:4b:2b:46:fb:c7:5b:e1:97:2c:
         51:f2:c5:24:5a:af:3e:f3:f8:c4:f7:2e:b2:24:86:d7:b7:eb:
         e7:15:87:6d:45:35:1d:ec:c7:a4:90:9b:49:f3:97:ca:5f:ff:
         a0:f8:43:85:3b:6f:f5:02:f7:46:c1:ea:0b:c7:72:e7:9f:7c:
         40:ab:5b:59:42:ea:90:fc:70:b4:44:d1:cd:44:42:a9:d6:2b:
         aa:a7:46:3a:f1:07:4d:05:1b:e4:fe:4b:35:ef:32:86:b2:23:
         67:85:45:f4:7d:53:41:28:66:2d:e9:5b:c4:bf:93:b3:f7:bd:
         ed:5e:bc:5c:b1:08:d6:c5:55:d2:f8:69:02:c6:2f:0d:f8:4f:
         21:40:a0:95:94:37:76:24:32:f6:e2:66:2c:3e:99:d4:fb:4b:
         97:74:b9:67:25:73:a9:49:a5:d7:31:19:d4:c5:8b:96:eb:11:
         3e:fc:25:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1aLABSG7hMTFwP0Rr6xWpdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwNDA0MjAyNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGUwYzFkZTQ5YTQ0ZjI3MGE1MTQxYTA2ODFjM2MwOTVkMjhjYWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQHjLe3VN35UzfM1Mc1zQde8IK1u
b8mMsw1j6RFXVJ5aAsiFocUR0XwEaEBHMqsmax6Pu9WhpV02RxeQdGyokvLeiooz
Jd7EXJRRalZgoUtZwbvt6IAOacYhdxv6Snh3hW5zMTSb541OBiqeKBIO/CJgnADW
wqc3Rl7vZ/aYPtz5yX2+F3/NArBQgiZZNdqlpAHeZt2frKOQxyaqMwOCjKEiRO/p
goh93LoOhQd6SJqTvMI/O30MU0wLmfmLNNQgVb04FJZ+F0d6v5lPBgi1KqKmvBFN
pwlIlwrxRzqc1ScssGpm57dDVvh5mBj4uI0TTtIGGwsaoW+2FxPwYhvM+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOjgwd5JpE8nClFBoGgcPAldKMr4MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvNk9EQjNrbWtUeWNLVVVHZ2FCdzhDVjBveXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudz5MA0G
CSqGSIb3DQEBCwUAA4IBAQCITGGxiB7Sdp0z7ia+o1yBVn5uZ7k9oFvmzj0pM/+9
euSdehCrzXYFbU8ImULEj3ZCFU2dEN5hze0YmXl3qIjw/vMTcSpjDgWvR0sVU3j+
rR9LK0b7x1vhlyxR8sUkWq8+8/jE9y6yJIbXt+vnFYdtRTUd7MekkJtJ85fKX/+g
+EOFO2/1AvdGweoLx3Lnn3xAq1tZQuqQ/HC0RNHNREKp1iuqp0Y68QdNBRvk/ks1
7zKGsiNnhUX0fVNBKGYt6VvEv5Oz973tXrxcsQjWxVXS+GkCxi8N+E8hQKCVlDd2
JDL24mYsPpnU+0uXdLlnJXOpSaXXMRnUxYuW6xE+/CW2
-----END CERTIFICATE-----