Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/kQdxt2HDKPdaMlFc6JvcibC2udk.roa
File:                     kQdxt2HDKPdaMlFc6JvcibC2udk.roa (raw, json)
Hash identifier:          PEWJwV3d6sgp5NXEgr5NQKhkO3j5aEeFoYdtJHfv4hU=
Subject key identifier:   91:07:71:B7:61:C3:28:F7:5A:32:51:5C:E8:9B:DC:89:B0:B6:B9:D9
Certificate issuer:       /CN=86170339c2bc664d600fa98b8061269d48e4f2c6
Certificate serial:       019EA8BB5CC15AA3319D65C92356B518C0E9
Authority key identifier: 86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/kQdxt2HDKPdaMlFc6JvcibC2udk.roa
Signing time:             Mon 08 Jun 2026 19:35:11 +0000
ROA not before:           Mon 08 Jun 2026 19:35:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6540
IP address blocks:        193.0.232.0/24 maxlen: 24
                          205.220.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 10:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a8:bb:5c:c1:5a:a3:31:9d:65:c9:23:56:b5:18:c0:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86170339c2bc664d600fa98b8061269d48e4f2c6
        Validity
            Not Before: Jun  8 19:35:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=910771b761c328f75a32515ce89bdc89b0b6b9d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9f:36:e9:34:f1:b1:ef:93:ac:34:32:32:43:
                    3c:ed:f0:71:62:ad:5e:51:ab:36:3c:ea:41:34:79:
                    2f:f6:73:1c:6d:5f:b7:84:ab:19:f2:80:87:1b:0c:
                    6e:ee:4c:23:6d:3e:a7:8b:54:96:cb:d8:1f:6d:a7:
                    c3:0d:9f:08:88:f7:e6:11:2b:f5:c7:1b:4e:bf:ac:
                    b6:88:a3:b0:fd:d7:0b:7d:94:e8:3f:c0:08:30:e0:
                    f0:85:4e:7e:32:b9:b1:e2:02:73:3e:55:76:74:75:
                    aa:61:af:94:d9:70:6e:26:7d:71:27:3e:7e:ff:ae:
                    44:52:14:97:04:2a:42:a7:6c:5d:57:81:38:57:e9:
                    ef:c4:6e:94:fd:51:48:1a:be:7f:f1:5f:cf:b6:17:
                    95:ac:83:f2:be:f6:49:05:00:1a:ab:4c:bd:2e:04:
                    09:65:8e:d5:9d:7b:66:4b:cb:79:7c:ac:4f:28:8c:
                    ed:53:51:a9:a3:07:74:ef:92:dc:a6:33:02:a2:42:
                    12:d1:22:f6:0a:38:bf:ba:70:b4:cc:4e:d4:41:bf:
                    dd:5d:9d:bc:3f:49:a4:f6:7a:ed:42:0f:58:fd:20:
                    24:12:69:10:f2:7c:b6:1c:82:32:f6:20:25:5b:74:
                    b3:3e:46:c8:ad:e2:e6:83:5d:3e:c6:5e:17:9e:0c:
                    0a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:07:71:B7:61:C3:28:F7:5A:32:51:5C:E8:9B:DC:89:B0:B6:B9:D9
            X509v3 Authority Key Identifier:
                keyid:86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/kQdxt2HDKPdaMlFc6JvcibC2udk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.232.0/24
                  205.220.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:ec:df:46:08:4a:95:0f:29:45:2c:2d:8c:9b:7b:dc:82:f8:
         b9:c1:9a:3d:ae:d0:b6:76:fd:13:f6:4b:2c:29:2d:ce:b6:ce:
         28:ef:9e:cd:3a:43:94:70:82:12:30:c5:34:ac:6d:a7:14:a1:
         9d:7b:c2:8d:72:fe:b6:75:24:44:44:ca:a4:31:c8:fb:f8:5b:
         8e:2b:c9:f0:6f:dd:53:ca:86:60:ca:ed:a9:55:2d:d9:44:3f:
         ea:72:8a:b7:6d:ae:ee:2e:be:18:5f:6e:9b:be:5d:e0:16:d7:
         c4:ec:e9:30:1c:7c:69:85:be:f3:81:b1:cc:c9:09:c9:b6:92:
         1a:75:8a:1e:6a:42:d4:b9:1b:65:ea:52:10:c9:ae:db:a2:bb:
         f6:d3:27:a9:d9:85:dc:ab:b6:50:97:ea:b2:d0:64:66:f9:44:
         a0:2a:ef:e1:64:ab:72:f5:f2:2d:49:a9:ee:4a:17:b9:cf:6a:
         dc:b5:67:bd:ff:66:2d:29:33:f2:95:4f:8f:31:51:97:59:6a:
         7b:8a:76:cf:88:c3:62:44:39:53:77:a3:1b:32:51:05:90:81:
         e6:f3:3d:e1:28:91:f0:3f:8b:49:4e:5b:6f:e0:b4:b6:e2:33:
         93:4c:f7:53:07:9b:a1:f9:c8:a3:ba:db:d4:68:13:27:42:42:
         48:33:ba:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6ou1zBWqMxnWXJI1a1GMDpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MTcwMzM5YzJiYzY2NGQ2MDBmYTk4YjgwNjEyNjlkNDhl
NGYyYzYwHhcNMjYwNjA4MTkzNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTA3NzFiNzYxYzMyOGY3NWEzMjUxNWNlODliZGM4OWIwYjZiOWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApp826TTxse+TrDQyMkM87fBxYq1e
Uas2POpBNHkv9nMcbV+3hKsZ8oCHGwxu7kwjbT6ni1SWy9gfbafDDZ8IiPfmESv1
xxtOv6y2iKOw/dcLfZToP8AIMODwhU5+Mrmx4gJzPlV2dHWqYa+U2XBuJn1xJz5+
/65EUhSXBCpCp2xdV4E4V+nvxG6U/VFIGr5/8V/PtheVrIPyvvZJBQAaq0y9LgQJ
ZY7VnXtmS8t5fKxPKIztU1Gpowd075LcpjMCokIS0SL2Cji/unC0zE7UQb/dXZ28
P0mk9nrtQg9Y/SAkEmkQ8ny2HIIy9iAlW3SzPkbIreLmg10+xl4XngwKNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJEHcbdhwyj3WjJRXOib3ImwtrnZMB8GA1UdIwQY
MBaAFIYXAznCvGZNYA+pi4BhJp1I5PLGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMt
NzRkOTFjZGJlMTk1LzEva1FkeHQySERLUGRhTWxGYzZKdmNpYkMydWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMtNzRkOTFjZGJlMTk1
LzEvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwQDoAwQA
zdziMA0GCSqGSIb3DQEBCwUAA4IBAQCP7N9GCEqVDylFLC2Mm3vcgvi5wZo9rtC2
dv0T9kssKS3Ots4o757NOkOUcIISMMU0rG2nFKGde8KNcv62dSRERMqkMcj7+FuO
K8nwb91TyoZgyu2pVS3ZRD/qcoq3ba7uLr4YX26bvl3gFtfE7OkwHHxphb7zgbHM
yQnJtpIadYoeakLUuRtl6lIQya7borv20yep2YXcq7ZQl+qy0GRm+USgKu/hZKty
9fItSanuShe5z2rctWe9/2YtKTPylU+PMVGXWWp7inbPiMNiRDlTd6MbMlEFkIHm
8z3hKJHwP4tJTltv4LS24jOTTPdTB5uh+cijutvUaBMnQkJIM7qY
-----END CERTIFICATE-----