Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/j69Tmk-cYF1RdAaQG24DpXoifA8.roa
File:                     j69Tmk-cYF1RdAaQG24DpXoifA8.roa (raw, json)
Hash identifier:          x4SRD0jT8IWzIkvz2gl1WLLom/bAWTem3hRFNhwoz6c=
Subject key identifier:   8F:AF:53:9A:4F:9C:60:5D:51:74:06:90:1B:6E:03:A5:7A:22:7C:0F
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       019E5118BFBF6C9919118BD4E05F3F7E36E4
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/j69Tmk-cYF1RdAaQG24DpXoifA8.roa
Signing time:             Fri 22 May 2026 19:10:36 +0000
ROA not before:           Fri 22 May 2026 19:10:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402547
IP address blocks:        153.76.4.0/24 maxlen: 24
                          2a0f:b240:80::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 May 2026 17:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:51:18:bf:bf:6c:99:19:11:8b:d4:e0:5f:3f:7e:36:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: May 22 19:10:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8faf539a4f9c605d517406901b6e03a57a227c0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6f:0b:8d:32:ac:ff:b8:e1:1c:90:c2:0a:24:
                    5f:d0:f4:83:6c:ee:bf:01:78:ef:3f:5a:eb:46:aa:
                    04:cc:18:15:e8:c7:ca:73:48:ab:ee:95:6c:f8:8d:
                    da:bc:9e:5d:cf:cd:f4:30:32:8e:71:f8:a6:a4:42:
                    79:ef:b9:f8:1b:86:b8:47:7d:c6:02:2c:53:d2:6e:
                    9c:e4:a2:40:18:bd:f7:a9:0a:1e:ac:21:8d:e2:9b:
                    4f:32:54:b0:71:a9:24:39:4d:db:84:40:46:07:f7:
                    97:54:d8:fe:cc:2d:7f:95:ff:8e:5c:0a:40:5b:2b:
                    d8:a4:6e:df:11:4a:b9:dc:c2:dc:63:76:74:aa:1a:
                    5c:ed:6d:16:14:78:96:39:59:76:aa:ea:9a:ce:6c:
                    77:43:39:db:7d:07:52:83:82:09:51:92:08:81:8b:
                    ae:a6:8c:4f:e9:6a:bd:f1:92:74:dd:f5:3b:13:55:
                    66:78:84:b2:23:01:e6:84:5a:c9:90:e6:fc:7f:54:
                    dc:10:4e:5f:d0:b9:0b:4f:ea:7c:5c:01:0e:5f:d0:
                    57:ef:e2:6d:5a:38:31:5c:75:c0:2f:b7:e4:09:2c:
                    47:3c:0e:71:91:46:fd:9c:ed:34:c2:90:98:da:f8:
                    1c:3f:97:0b:1b:bf:87:62:50:d6:56:78:a9:4f:f3:
                    7d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:AF:53:9A:4F:9C:60:5D:51:74:06:90:1B:6E:03:A5:7A:22:7C:0F
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/j69Tmk-cYF1RdAaQG24DpXoifA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.76.4.0/24
                IPv6:
                  2a0f:b240:80::/44

    Signature Algorithm: sha256WithRSAEncryption
         70:71:b3:5f:2a:57:96:c6:fb:01:b3:4c:dd:2a:ee:5c:5c:ff:
         23:e8:4a:37:02:7a:8e:a9:b2:58:ab:a8:83:57:d1:c6:33:d5:
         a7:dd:d3:78:48:f3:46:fb:2f:b1:e8:05:55:7e:45:5f:6b:60:
         13:f9:be:94:f5:4e:f7:6b:97:f5:c8:97:83:b2:f4:aa:21:d4:
         52:11:eb:68:18:93:36:0c:78:73:bd:79:2b:13:78:27:cc:43:
         21:77:97:82:b2:ce:9a:81:c2:33:49:db:16:bc:18:6d:a4:3d:
         d0:60:d0:c7:4f:1e:a5:35:d9:0f:52:4e:39:82:91:73:a4:4e:
         f5:55:1b:f9:39:fa:e6:c9:55:71:9b:d4:17:17:3d:c3:51:71:
         8a:a5:c6:80:7e:4b:83:03:62:24:df:ba:fe:6b:84:c2:b8:0b:
         e5:de:71:62:23:19:fb:3c:f6:5a:6b:37:e6:71:d6:ea:c5:5e:
         6d:62:3c:e8:15:63:a6:01:f6:df:ab:7f:28:bc:cd:f7:78:d1:
         aa:84:88:8e:67:50:ab:9b:2d:a4:23:67:68:3c:d8:af:16:d6:
         45:a0:50:24:95:36:30:77:14:53:44:7e:20:b4:c9:c3:40:81:
         32:7f:01:fa:02:77:ec:76:60:32:b9:75:5c:8e:7a:8a:54:87:
         aa:71:f7:1b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ5RGL+/bJkZEYvU4F8/fjbkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjYwNTIyMTkxMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmFmNTM5YTRmOWM2MDVkNTE3NDA2OTAxYjZlMDNhNTdhMjI3YzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn28LjTKs/7jhHJDCCiRf0PSDbO6/
AXjvP1rrRqoEzBgV6MfKc0ir7pVs+I3avJ5dz830MDKOcfimpEJ577n4G4a4R33G
AixT0m6c5KJAGL33qQoerCGN4ptPMlSwcakkOU3bhEBGB/eXVNj+zC1/lf+OXApA
WyvYpG7fEUq53MLcY3Z0qhpc7W0WFHiWOVl2quqazmx3QznbfQdSg4IJUZIIgYuu
poxP6Wq98ZJ03fU7E1VmeISyIwHmhFrJkOb8f1TcEE5f0LkLT+p8XAEOX9BX7+Jt
WjgxXHXAL7fkCSxHPA5xkUb9nO00wpCY2vgcP5cLG7+HYlDWVnipT/N9lQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI+vU5pPnGBdUXQGkBtuA6V6InwPMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvajY5VG1rLWNZRjFSZEFhUUcyNERwWG9pZkE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAmUwEMA8E
AgACMAkDBwQqD7JAAIAwDQYJKoZIhvcNAQELBQADggEBAHBxs18qV5bG+wGzTN0q
7lxc/yPoSjcCeo6pslirqINX0cYz1afd03hI80b7L7HoBVV+RV9rYBP5vpT1Tvdr
l/XIl4Oy9Koh1FIR62gYkzYMeHO9eSsTeCfMQyF3l4KyzpqBwjNJ2xa8GG2kPdBg
0MdPHqU12Q9STjmCkXOkTvVVG/k5+ubJVXGb1BcXPcNRcYqlxoB+S4MDYiTfuv5r
hMK4C+XecWIjGfs89lprN+Zx1urFXm1iPOgVY6YB9t+rfyi8zfd40aqEiI5nUKub
LaQjZ2g82K8W1kWgUCSVNjB3FFNEfiC0ycNAgTJ/AfoCd+x2YDK5dVyOeopUh6px
9xs=
-----END CERTIFICATE-----