Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/b30e30-6b81-4585-8b54-61a8ec8166fe/1/6jvFzq_4UsYldaOwxfJ_8ZSGbwo.roa
File:                     6jvFzq_4UsYldaOwxfJ_8ZSGbwo.roa (raw, json)
Hash identifier:          t00VjLWnYJWof/FCeEdXeWSPPPWivNxDIX6Z/k5etw4=
Subject key identifier:   EA:3B:C5:CE:AF:F8:52:C6:25:75:A3:B0:C5:F2:7F:F1:94:86:6F:0A
Certificate issuer:       /CN=ad4a1495484ce2bf9ec28199a82998ad02638316
Certificate serial:       019DDF7E4B47CD109199CF89D7732AC11109
Authority key identifier: AD:4A:14:95:48:4C:E2:BF:9E:C2:81:99:A8:29:98:AD:02:63:83:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rUoUlUhM4r-ewoGZqCmYrQJjgxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/b30e30-6b81-4585-8b54-61a8ec8166fe/1/6jvFzq_4UsYldaOwxfJ_8ZSGbwo.roa
Signing time:             Thu 30 Apr 2026 17:44:49 +0000
ROA not before:           Thu 30 Apr 2026 17:44:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203246
IP address blocks:        185.11.174.0/24 maxlen: 24
                          185.11.175.0/24 maxlen: 24
                          2a03:6ec0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/b30e30-6b81-4585-8b54-61a8ec8166fe/1/rUoUlUhM4r-ewoGZqCmYrQJjgxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/b30e30-6b81-4585-8b54-61a8ec8166fe/1/rUoUlUhM4r-ewoGZqCmYrQJjgxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rUoUlUhM4r-ewoGZqCmYrQJjgxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:df:7e:4b:47:cd:10:91:99:cf:89:d7:73:2a:c1:11:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad4a1495484ce2bf9ec28199a82998ad02638316
        Validity
            Not Before: Apr 30 17:44:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ea3bc5ceaff852c62575a3b0c5f27ff194866f0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:98:8a:51:b8:88:e2:6e:68:b1:85:49:45:d5:
                    43:0f:bf:d8:24:81:39:58:c5:a7:59:6d:97:a4:3d:
                    43:21:c8:80:6f:ea:74:de:9f:84:71:b6:35:28:24:
                    04:b4:84:f6:c9:78:25:3f:b3:f0:4b:cf:56:1e:37:
                    f8:2d:f4:a2:de:29:e3:58:79:e6:a5:4f:ea:f0:eb:
                    8d:45:29:c3:87:83:a2:51:cd:30:ca:9f:6f:6b:15:
                    26:5b:ce:eb:6a:ce:1b:08:0a:a0:92:b1:2c:fc:8f:
                    c8:f0:ac:0d:be:d4:a3:fe:14:b0:d2:33:c1:dd:d9:
                    65:cc:6b:8e:e7:d5:c4:d9:b5:fa:9d:7d:59:fc:cb:
                    5e:86:93:75:4b:73:6a:fa:a9:46:51:6e:8c:3e:f2:
                    0c:66:f2:5e:ce:87:ac:5c:72:12:49:16:ee:96:f8:
                    d4:d5:24:be:68:f3:bb:1f:3e:13:ad:c5:56:2d:4b:
                    58:53:e3:d0:d2:2a:de:02:f2:07:e9:f4:90:e9:87:
                    0f:d9:e4:26:a4:fc:7b:96:77:e0:2d:49:4c:28:74:
                    62:b2:fa:29:18:40:ab:98:03:99:c5:ea:4a:2c:1f:
                    6b:0e:cf:d0:99:51:af:86:d2:32:51:6d:de:e6:06:
                    30:29:2e:02:bd:28:80:7d:0a:48:f4:a2:24:53:c5:
                    b0:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:3B:C5:CE:AF:F8:52:C6:25:75:A3:B0:C5:F2:7F:F1:94:86:6F:0A
            X509v3 Authority Key Identifier:
                keyid:AD:4A:14:95:48:4C:E2:BF:9E:C2:81:99:A8:29:98:AD:02:63:83:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rUoUlUhM4r-ewoGZqCmYrQJjgxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/b30e30-6b81-4585-8b54-61a8ec8166fe/1/6jvFzq_4UsYldaOwxfJ_8ZSGbwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/b30e30-6b81-4585-8b54-61a8ec8166fe/1/rUoUlUhM4r-ewoGZqCmYrQJjgxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.174.0/23
                IPv6:
                  2a03:6ec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         7c:ee:5f:ec:ea:28:37:5c:3f:01:1e:8c:af:78:f8:60:03:3c:
         4c:7f:d7:47:92:ba:8f:a3:1f:b7:a3:39:ae:2a:94:66:f9:ae:
         df:b8:df:4d:48:8c:cd:ae:8e:f2:ed:8e:9a:0e:2b:14:c6:99:
         fe:27:7b:52:69:e0:7e:7d:cd:67:90:a9:eb:47:9b:7d:b2:9f:
         f1:ad:60:87:f3:1c:20:9c:5e:c4:1d:bc:14:5e:c1:82:43:d2:
         97:8c:b8:6e:9a:83:00:26:25:86:b7:dc:03:b0:17:1a:32:25:
         00:33:6c:45:3f:6d:d0:ea:75:ce:f2:d4:d7:38:d0:ff:c7:c3:
         9c:2e:b2:62:29:bc:26:52:32:53:58:3a:4a:f8:b0:df:23:5d:
         f8:b5:3f:eb:e6:fc:db:81:34:1d:4d:d6:41:2b:c0:e3:55:ab:
         7c:b5:6b:a5:87:6f:63:49:78:84:97:7d:bb:ef:9d:1b:ad:87:
         c3:16:01:7c:57:ba:d8:32:c9:1f:8f:eb:6e:15:2d:e4:e1:9f:
         32:69:a2:0f:23:2d:0e:fa:68:83:f0:bc:19:40:d6:1f:0b:aa:
         fe:d4:94:c6:9a:05:db:d7:0d:8e:22:3f:e5:a4:c9:9d:be:4b:
         09:88:c4:94:83:c5:22:38:6c:be:a5:ae:45:73:cc:f2:bd:f0:
         59:28:ec:dc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ3ffktHzRCRmc+J13MqwREJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkNGExNDk1NDg0Y2UyYmY5ZWMyODE5OWE4Mjk5OGFkMDI2
MzgzMTYwHhcNMjYwNDMwMTc0NDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTNiYzVjZWFmZjg1MmM2MjU3NWEzYjBjNWYyN2ZmMTk0ODY2ZjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpiKUbiI4m5osYVJRdVDD7/YJIE5
WMWnWW2XpD1DIciAb+p03p+EcbY1KCQEtIT2yXglP7PwS89WHjf4LfSi3injWHnm
pU/q8OuNRSnDh4OiUc0wyp9vaxUmW87ras4bCAqgkrEs/I/I8KwNvtSj/hSw0jPB
3dllzGuO59XE2bX6nX1Z/MtehpN1S3Nq+qlGUW6MPvIMZvJezoesXHISSRbulvjU
1SS+aPO7Hz4TrcVWLUtYU+PQ0ireAvIH6fSQ6YcP2eQmpPx7lnfgLUlMKHRisvop
GECrmAOZxepKLB9rDs/QmVGvhtIyUW3e5gYwKS4CvSiAfQpI9KIkU8WwjQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOo7xc6v+FLGJXWjsMXyf/GUhm8KMB8GA1UdIwQY
MBaAFK1KFJVITOK/nsKBmagpmK0CY4MWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclVvVWxVaE00ci1ld29HWnFDbVlyUUpqZ3hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9iMzBlMzAtNmI4MS00NTg1LThiNTQt
NjFhOGVjODE2NmZlLzEvNmp2RnpxXzRVc1lsZGFPd3hmSl84WlNHYndvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9iMzBlMzAtNmI4MS00NTg1LThiNTQtNjFhOGVjODE2NmZl
LzEvclVvVWxVaE00ci1ld29HWnFDbVlyUUpqZ3hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuQuuMA0E
AgACMAcDBQAqA27AMA0GCSqGSIb3DQEBCwUAA4IBAQB87l/s6ig3XD8BHoyvePhg
AzxMf9dHkrqPox+3ozmuKpRm+a7fuN9NSIzNro7y7Y6aDisUxpn+J3tSaeB+fc1n
kKnrR5t9sp/xrWCH8xwgnF7EHbwUXsGCQ9KXjLhumoMAJiWGt9wDsBcaMiUAM2xF
P23Q6nXO8tTXOND/x8OcLrJiKbwmUjJTWDpK+LDfI134tT/r5vzbgTQdTdZBK8Dj
Vat8tWulh29jSXiEl327750brYfDFgF8V7rYMskfj+tuFS3k4Z8yaaIPIy0O+miD
8LwZQNYfC6r+1JTGmgXb1w2OIj/lpMmdvksJiMSUg8UiOGy+pa5Fc8zyvfBZKOzc
-----END CERTIFICATE-----