Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/gt6O10M70oZpClO9a6i6El8hrUo.roa
File:                     gt6O10M70oZpClO9a6i6El8hrUo.roa (raw, json)
Hash identifier:          eGC6/RzGV3nXmQHjfKro3h+k1W53IQpH+vbs4ORuu8Q=
Subject key identifier:   82:DE:8E:D7:43:3B:D2:86:69:0A:53:BD:6B:A8:BA:12:5F:21:AD:4A
Certificate issuer:       /CN=29f6a300bf7d40b7f8d6181c5b8a7dbc71b7d123
Certificate serial:       019E91893995E9F46E940D7809066CEA6B8D
Authority key identifier: 29:F6:A3:00:BF:7D:40:B7:F8:D6:18:1C:5B:8A:7D:BC:71:B7:D1:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KfajAL99QLf41hgcW4p9vHG30SM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/gt6O10M70oZpClO9a6i6El8hrUo.roa
Signing time:             Thu 04 Jun 2026 07:29:09 +0000
ROA not before:           Thu 04 Jun 2026 07:29:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4913
IP address blocks:        89.21.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/KfajAL99QLf41hgcW4p9vHG30SM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/KfajAL99QLf41hgcW4p9vHG30SM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KfajAL99QLf41hgcW4p9vHG30SM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 13:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:91:89:39:95:e9:f4:6e:94:0d:78:09:06:6c:ea:6b:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29f6a300bf7d40b7f8d6181c5b8a7dbc71b7d123
        Validity
            Not Before: Jun  4 07:29:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=82de8ed7433bd286690a53bd6ba8ba125f21ad4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:28:95:48:83:7e:3d:a9:b0:c4:15:96:c5:a9:
                    e1:5c:5f:5f:1c:1a:c4:c6:2c:4f:0b:14:aa:3a:30:
                    6c:05:5e:05:d6:69:96:4a:98:d0:47:b5:7b:e7:1d:
                    37:08:bc:fc:0a:76:f8:19:94:fe:09:1e:3f:ce:28:
                    41:54:32:44:8c:f3:fb:94:02:7b:54:3c:73:9d:f0:
                    4f:3b:69:c4:49:7f:12:c5:73:c3:30:89:00:6c:0a:
                    a8:3c:57:73:b8:b9:d1:16:2c:10:66:d3:39:46:3b:
                    0b:63:18:3d:21:98:0c:bc:a0:de:27:ce:3b:ad:2d:
                    c3:1b:73:84:a9:2a:ad:04:da:72:ba:af:3c:d7:10:
                    7d:cb:6f:11:f2:ec:3f:50:16:67:3f:c2:d8:18:34:
                    f9:1c:16:5c:11:b8:82:31:b4:f4:3f:ab:97:96:09:
                    b9:77:b1:ee:37:0f:e0:d7:82:53:e2:4f:13:d7:a3:
                    25:74:dd:29:66:d3:39:05:14:fb:4f:84:88:6a:f1:
                    ab:0a:b0:63:b5:cd:4b:87:70:7c:4b:38:b4:72:2c:
                    72:4c:5d:db:6a:c4:4f:fb:e8:08:2f:c8:7c:02:4c:
                    54:bf:0d:23:5c:67:4a:62:c5:a9:73:d8:75:df:f9:
                    50:5a:ff:c8:21:da:b0:e8:ad:a0:98:64:58:fa:64:
                    9e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:DE:8E:D7:43:3B:D2:86:69:0A:53:BD:6B:A8:BA:12:5F:21:AD:4A
            X509v3 Authority Key Identifier:
                keyid:29:F6:A3:00:BF:7D:40:B7:F8:D6:18:1C:5B:8A:7D:BC:71:B7:D1:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KfajAL99QLf41hgcW4p9vHG30SM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/gt6O10M70oZpClO9a6i6El8hrUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/aaf49c-83dd-46aa-8ce7-b84c413dfaa4/1/KfajAL99QLf41hgcW4p9vHG30SM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.21.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:0d:9a:83:6c:0f:86:6d:42:80:e2:ea:70:a8:5e:03:c3:0f:
         c8:e6:3b:4c:a7:9e:90:64:8a:e3:20:aa:48:ae:78:af:4e:b8:
         cf:64:7f:56:42:d0:95:c2:9f:4c:48:e1:22:ea:3f:38:0c:1c:
         a2:e5:b7:79:30:89:af:41:91:73:da:81:d9:ba:89:d2:70:1d:
         40:01:34:44:de:d2:2d:7c:58:52:ea:ac:ae:66:3f:d6:4a:a1:
         5b:85:7a:ff:42:b3:2c:92:da:ef:67:db:5d:90:19:11:57:6b:
         e9:8f:18:67:22:79:67:4d:79:f0:36:6b:e4:de:bd:27:6f:3f:
         4f:3b:80:b2:a1:ec:a1:ea:ff:6d:9f:87:74:c7:b7:dd:92:6d:
         89:57:04:20:e2:cf:08:5e:80:d1:aa:10:fb:dc:62:63:ec:77:
         eb:ef:f1:47:c2:d0:3b:6a:b5:95:96:59:2a:d2:74:e2:c2:d3:
         94:66:08:82:c2:ef:10:d4:29:d9:20:0a:4f:3c:81:a0:d6:2e:
         42:43:a0:0c:42:5d:6f:82:9b:fc:22:04:1a:1e:68:93:79:ff:
         c0:21:da:05:3b:fd:bb:fc:20:0a:84:f0:43:25:f8:5c:94:c6:
         3b:e1:9b:ba:55:b4:fe:33:24:b5:db:d8:25:a4:3e:00:d5:6d:
         7b:80:73:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6RiTmV6fRulA14CQZs6muNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZjZhMzAwYmY3ZDQwYjdmOGQ2MTgxYzViOGE3ZGJjNzFi
N2QxMjMwHhcNMjYwNjA0MDcyOTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmRlOGVkNzQzM2JkMjg2NjkwYTUzYmQ2YmE4YmExMjVmMjFhZDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviiVSIN+PamwxBWWxanhXF9fHBrE
xixPCxSqOjBsBV4F1mmWSpjQR7V75x03CLz8Cnb4GZT+CR4/zihBVDJEjPP7lAJ7
VDxznfBPO2nESX8SxXPDMIkAbAqoPFdzuLnRFiwQZtM5RjsLYxg9IZgMvKDeJ847
rS3DG3OEqSqtBNpyuq881xB9y28R8uw/UBZnP8LYGDT5HBZcEbiCMbT0P6uXlgm5
d7HuNw/g14JT4k8T16MldN0pZtM5BRT7T4SIavGrCrBjtc1Lh3B8Szi0cixyTF3b
asRP++gIL8h8AkxUvw0jXGdKYsWpc9h13/lQWv/IIdqw6K2gmGRY+mSeSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILejtdDO9KGaQpTvWuouhJfIa1KMB8GA1UdIwQY
MBaAFCn2owC/fUC3+NYYHFuKfbxxt9EjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZhakFMOTlRTGY0MWhnY1c0cDl2SEczMFNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hYWY0OWMtODNkZC00NmFhLThjZTct
Yjg0YzQxM2RmYWE0LzEvZ3Q2TzEwTTcwb1pwQ2xPOWE2aTZFbDhoclVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hYWY0OWMtODNkZC00NmFhLThjZTctYjg0YzQxM2RmYWE0
LzEvS2ZhakFMOTlRTGY0MWhnY1c0cDl2SEczMFNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRW0MA0G
CSqGSIb3DQEBCwUAA4IBAQAfDZqDbA+GbUKA4upwqF4Dww/I5jtMp56QZIrjIKpI
rnivTrjPZH9WQtCVwp9MSOEi6j84DByi5bd5MImvQZFz2oHZuonScB1AATRE3tIt
fFhS6qyuZj/WSqFbhXr/QrMsktrvZ9tdkBkRV2vpjxhnInlnTXnwNmvk3r0nbz9P
O4Cyoeyh6v9tn4d0x7fdkm2JVwQg4s8IXoDRqhD73GJj7Hfr7/FHwtA7arWVllkq
0nTiwtOUZgiCwu8Q1CnZIApPPIGg1i5CQ6AMQl1vgpv8IgQaHmiTef/AIdoFO/27
/CAKhPBDJfhclMY74Zu6VbT+MyS129glpD4A1W17gHMJ
-----END CERTIFICATE-----