Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/6zk2n0UkuS3UJaGf_GckGXkUuCA.roa
File:                     6zk2n0UkuS3UJaGf_GckGXkUuCA.roa (raw, json)
Hash identifier:          f/UbVBfJTJi1aZwOjoBd2Eqfle16GqTODgYe4ob1IxA=
Subject key identifier:   EB:39:36:9F:45:24:B9:2D:D4:25:A1:9F:FC:67:24:19:79:14:B8:20
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019CF6F83E3142E047ED33C14CB3A722CA20
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/6zk2n0UkuS3UJaGf_GckGXkUuCA.roa
Signing time:             Mon 16 Mar 2026 14:06:29 +0000
ROA not before:           Mon 16 Mar 2026 14:06:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401819
IP address blocks:        193.93.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f6:f8:3e:31:42:e0:47:ed:33:c1:4c:b3:a7:22:ca:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Mar 16 14:06:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eb39369f4524b92dd425a19ffc6724197914b820
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ea:86:a0:09:e4:06:1a:3f:d7:54:2d:27:39:
                    67:7a:b9:19:24:e3:31:db:b2:d7:19:9f:83:a8:77:
                    6f:a5:93:43:53:9c:ae:bb:d4:a4:03:79:b4:aa:32:
                    42:6e:2d:d4:25:0e:57:79:b2:13:d2:67:a7:ed:d6:
                    d9:6e:9a:7c:4e:1d:0d:87:bb:00:0a:f0:39:39:9f:
                    1e:77:e9:71:7b:ca:34:e0:55:6a:7f:24:f7:41:fa:
                    71:58:35:11:79:55:27:64:e8:f5:31:0a:c5:50:0f:
                    40:cf:8f:20:fc:ea:b2:bb:fe:d5:7a:df:03:dd:4a:
                    d1:a7:90:b1:d5:66:43:65:41:55:f8:dd:ba:da:f3:
                    c4:e4:97:fe:01:39:06:04:b9:1f:77:5a:f3:01:cc:
                    6b:07:5f:e6:7f:7a:58:52:4f:2a:ba:ef:81:07:ab:
                    d0:b8:37:ed:3c:7e:7e:26:ad:84:68:66:1f:0d:ea:
                    c7:92:74:f7:f8:2c:09:40:a2:9a:12:97:a8:45:4b:
                    ce:27:d9:f5:b7:cc:a6:95:4f:9d:6a:00:29:4f:b0:
                    6f:4e:92:1f:aa:45:bb:68:c6:90:95:e9:f9:c0:3e:
                    7f:03:02:2d:72:50:f7:42:a7:d1:45:81:aa:a3:59:
                    9b:14:47:8f:15:c7:7e:61:43:8a:de:aa:8a:d1:cc:
                    13:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:39:36:9F:45:24:B9:2D:D4:25:A1:9F:FC:67:24:19:79:14:B8:20
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/6zk2n0UkuS3UJaGf_GckGXkUuCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:91:21:b1:d1:a8:ae:b1:1e:1f:34:88:3e:a6:d7:45:f7:49:
         e6:d7:da:df:6d:be:83:ea:fd:4f:c4:63:b1:1d:94:6c:d7:12:
         22:af:ee:a7:59:cc:27:04:79:a5:cb:12:60:d2:4a:8c:e1:a1:
         d0:d0:09:32:15:e1:5e:63:77:d1:32:6f:7d:4b:ba:6c:19:9a:
         6d:35:c8:8f:af:9a:d4:3b:14:6c:0d:22:22:d7:9d:0d:a1:50:
         cc:70:e2:6b:b0:31:67:71:27:ed:41:b9:84:58:9e:3b:05:02:
         93:c0:2c:3f:2c:af:b6:71:ce:54:65:f7:68:36:c2:c3:c7:bf:
         4a:3b:af:6a:d2:0c:57:e3:ea:78:ce:de:c0:27:42:c3:58:6a:
         f1:ac:e0:e7:e8:fb:ac:67:0f:6f:4e:10:60:ac:20:7a:59:9b:
         c6:9f:62:2c:b2:b7:4e:9e:f2:41:54:d8:81:ec:98:1b:39:44:
         09:b6:5b:31:84:c7:f3:9e:77:36:ad:ed:66:f6:3b:50:05:20:
         19:ca:c4:f1:60:3d:02:87:5a:02:67:ff:c7:c7:e5:0e:5a:9c:
         af:c5:1e:f1:93:1f:5f:f2:27:65:07:f7:5c:94:c0:61:47:ab:
         93:6f:16:fe:f0:96:1e:c8:ee:f0:0d:1d:d0:3d:d3:fd:67:3e:
         af:df:13:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz2+D4xQuBH7TPBTLOnIsogMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwMzE2MTQwNjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjM5MzY5ZjQ1MjRiOTJkZDQyNWExOWZmYzY3MjQxOTc5MTRiODIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuqGoAnkBho/11QtJzlnerkZJOMx
27LXGZ+DqHdvpZNDU5yuu9SkA3m0qjJCbi3UJQ5XebIT0men7dbZbpp8Th0Nh7sA
CvA5OZ8ed+lxe8o04FVqfyT3QfpxWDUReVUnZOj1MQrFUA9Az48g/Oqyu/7Vet8D
3UrRp5Cx1WZDZUFV+N262vPE5Jf+ATkGBLkfd1rzAcxrB1/mf3pYUk8quu+BB6vQ
uDftPH5+Jq2EaGYfDerHknT3+CwJQKKaEpeoRUvOJ9n1t8ymlU+dagApT7BvTpIf
qkW7aMaQlen5wD5/AwItclD3QqfRRYGqo1mbFEePFcd+YUOK3qqK0cwTrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOs5Np9FJLkt1CWhn/xnJBl5FLggMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvNnprMm4wVWt1UzNVSmFHZl9HY2tHWGtVdUNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwV02MA0G
CSqGSIb3DQEBCwUAA4IBAQAxkSGx0aiusR4fNIg+ptdF90nm19rfbb6D6v1PxGOx
HZRs1xIir+6nWcwnBHmlyxJg0kqM4aHQ0AkyFeFeY3fRMm99S7psGZptNciPr5rU
OxRsDSIi150NoVDMcOJrsDFncSftQbmEWJ47BQKTwCw/LK+2cc5UZfdoNsLDx79K
O69q0gxX4+p4zt7AJ0LDWGrxrODn6PusZw9vThBgrCB6WZvGn2IssrdOnvJBVNiB
7JgbOUQJtlsxhMfznnc2re1m9jtQBSAZysTxYD0Ch1oCZ//Hx+UOWpyvxR7xkx9f
8idlB/dclMBhR6uTbxb+8JYeyO7wDR3QPdP9Zz6v3xON
-----END CERTIFICATE-----