Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/q6VI7hOuPNwkA5OfPLZgeMAzcLc.roa
File:                     q6VI7hOuPNwkA5OfPLZgeMAzcLc.roa (raw, json)
Hash identifier:          4kKMTMijEB9eXMczmF8YRDpforyaG1mUNsBXXMgMmCc=
Subject key identifier:   AB:A5:48:EE:13:AE:3C:DC:24:03:93:9F:3C:B6:60:78:C0:33:70:B7
Certificate issuer:       /CN=c04db7623241d7e6678fc25751fa4e0b6665186b
Certificate serial:       019EDAA548F4DD3F81A5D12605FD6A602068
Authority key identifier: C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/q6VI7hOuPNwkA5OfPLZgeMAzcLc.roa
Signing time:             Thu 18 Jun 2026 12:12:05 +0000
ROA not before:           Thu 18 Jun 2026 12:12:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48810
IP address blocks:        193.105.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 20:30:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:da:a5:48:f4:dd:3f:81:a5:d1:26:05:fd:6a:60:20:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c04db7623241d7e6678fc25751fa4e0b6665186b
        Validity
            Not Before: Jun 18 12:12:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aba548ee13ae3cdc2403939f3cb66078c03370b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f8:e4:55:45:38:89:d3:8f:20:16:fd:99:7e:
                    c3:f1:d6:b6:80:89:c3:40:de:5e:76:43:fb:ad:e9:
                    94:59:7b:2e:fd:56:80:b4:27:71:4d:22:2d:86:d3:
                    d8:9a:1c:ba:20:da:3a:80:f9:34:78:35:bc:85:44:
                    93:61:cf:c3:5a:2b:6b:37:d0:3f:b8:ae:83:82:93:
                    59:d9:ef:76:01:48:39:98:22:4c:b9:b5:3c:b4:a5:
                    b5:4d:c0:6f:fb:04:c2:ea:65:4a:61:90:cc:1c:cd:
                    53:1d:13:5a:3a:60:6b:01:da:27:e8:17:9d:3d:f3:
                    68:89:ba:d7:c8:9d:ed:4d:28:d4:bc:9e:c6:99:b5:
                    4f:87:e7:17:92:2d:ff:9c:84:5b:da:f1:10:be:55:
                    aa:87:0f:4f:aa:93:a3:27:dd:2b:4b:34:84:6a:72:
                    c4:88:6c:9b:bb:12:9f:fa:20:4b:ad:d1:eb:35:f8:
                    3c:0d:e1:26:d1:6f:8e:80:1e:0f:ed:c9:4d:83:ff:
                    57:dc:e7:01:bf:36:6c:9c:03:75:ef:11:af:c6:96:
                    41:5c:36:86:5e:d6:09:ad:4a:14:a3:ed:76:05:19:
                    37:41:d3:4c:1b:87:a3:b6:6e:ae:04:ea:5b:c9:3c:
                    dd:29:69:a4:7f:b9:9b:70:64:8d:06:f0:6d:0b:01:
                    8d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:A5:48:EE:13:AE:3C:DC:24:03:93:9F:3C:B6:60:78:C0:33:70:B7
            X509v3 Authority Key Identifier:
                keyid:C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/q6VI7hOuPNwkA5OfPLZgeMAzcLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:9d:c2:b0:e9:8e:31:c2:90:5c:1d:78:30:b0:dd:38:d8:a8:
         87:a4:4f:d1:57:61:4a:eb:d5:be:fa:d3:42:9a:f6:33:75:30:
         af:52:6a:03:31:42:07:4a:03:9a:f0:b2:42:57:e3:af:ff:2c:
         88:33:80:1e:41:93:d0:d0:8c:73:ce:45:10:75:2d:3e:dc:31:
         a9:e9:c0:9c:8c:49:66:7d:ee:a0:1d:51:21:a5:a9:ff:da:ea:
         8c:27:3e:ec:17:1c:5d:95:18:1a:36:d1:b0:fa:b8:a0:6b:76:
         85:60:5b:5d:62:cd:1d:a1:9b:83:00:70:dc:d8:40:69:86:9b:
         a1:ab:2a:01:95:5b:fb:19:68:ed:19:b0:1d:75:bf:15:83:30:
         a1:be:d6:25:ca:6d:c6:81:f1:80:d0:b1:08:c1:59:45:48:c0:
         bf:38:ac:03:c6:80:7e:0f:38:72:f8:69:60:d6:3a:5a:23:b4:
         e2:a7:82:28:5d:15:bd:5e:5e:50:79:a4:a2:34:1b:b1:50:0b:
         cc:51:da:fa:93:33:72:bb:e7:82:5e:ea:29:34:69:8b:1d:38:
         06:8d:8b:da:4c:0f:b4:50:44:c2:43:61:15:df:0c:11:90:7a:
         36:fa:82:1b:8c:45:6f:70:d5:c1:93:1a:82:b1:9d:71:d9:3a:
         7f:b1:e6:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7apUj03T+BpdEmBf1qYCBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNGRiNzYyMzI0MWQ3ZTY2NzhmYzI1NzUxZmE0ZTBiNjY2
NTE4NmIwHhcNMjYwNjE4MTIxMjA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmE1NDhlZTEzYWUzY2RjMjQwMzkzOWYzY2I2NjA3OGMwMzM3MGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifjkVUU4idOPIBb9mX7D8da2gInD
QN5edkP7remUWXsu/VaAtCdxTSIthtPYmhy6INo6gPk0eDW8hUSTYc/DWitrN9A/
uK6DgpNZ2e92AUg5mCJMubU8tKW1TcBv+wTC6mVKYZDMHM1THRNaOmBrAdon6Bed
PfNoibrXyJ3tTSjUvJ7GmbVPh+cXki3/nIRb2vEQvlWqhw9PqpOjJ90rSzSEanLE
iGybuxKf+iBLrdHrNfg8DeEm0W+OgB4P7clNg/9X3OcBvzZsnAN17xGvxpZBXDaG
XtYJrUoUo+12BRk3QdNMG4ejtm6uBOpbyTzdKWmkf7mbcGSNBvBtCwGN0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKulSO4TrjzcJAOTnzy2YHjAM3C3MB8GA1UdIwQY
MBaAFMBNt2IyQdfmZ4/CV1H6TgtmZRhrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMt
MDQyM2YyNjNmMmNiLzEvcTZWSTdoT3VQTndrQTVPZlBMWmdlTUF6Y0xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMtMDQyM2YyNjNmMmNi
LzEvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWlbMA0G
CSqGSIb3DQEBCwUAA4IBAQALncKw6Y4xwpBcHXgwsN042KiHpE/RV2FK69W++tNC
mvYzdTCvUmoDMUIHSgOa8LJCV+Ov/yyIM4AeQZPQ0IxzzkUQdS0+3DGp6cCcjElm
fe6gHVEhpan/2uqMJz7sFxxdlRgaNtGw+riga3aFYFtdYs0doZuDAHDc2EBphpuh
qyoBlVv7GWjtGbAddb8VgzChvtYlym3GgfGA0LEIwVlFSMC/OKwDxoB+Dzhy+Glg
1jpaI7Tip4IoXRW9Xl5QeaSiNBuxUAvMUdr6kzNyu+eCXuopNGmLHTgGjYvaTA+0
UETCQ2EV3wwRkHo2+oIbjEVvcNXBkxqCsZ1x2Tp/seap
-----END CERTIFICATE-----
Generated at Wed Jul 1 03:30:03 2026 by rpki-client