Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/Vjw1xIKXLPhPofECmjxoTDeAlIw.roa
File:                     Vjw1xIKXLPhPofECmjxoTDeAlIw.roa (raw, json)
Hash identifier:          C3pE5kXDU05Zkhxf7E2TcdaG/XcNHdy26PhuyU//+hE=
Subject key identifier:   56:3C:35:C4:82:97:2C:F8:4F:A1:F1:02:9A:3C:68:4C:37:80:94:8C
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019E1CA774F18B006C2D6B1B06780CA9C683
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/Vjw1xIKXLPhPofECmjxoTDeAlIw.roa
Signing time:             Tue 12 May 2026 14:46:36 +0000
ROA not before:           Tue 12 May 2026 14:46:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     270764
IP address blocks:        188.255.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1c:a7:74:f1:8b:00:6c:2d:6b:1b:06:78:0c:a9:c6:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May 12 14:46:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=563c35c482972cf84fa1f1029a3c684c3780948c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:8d:fc:06:ec:03:8e:e5:62:c9:aa:13:0b:b3:
                    e2:58:c1:d6:4d:c6:cf:55:ac:e7:5d:49:4b:7b:d8:
                    2a:e2:81:09:46:80:9c:2c:36:65:d8:96:25:cd:09:
                    24:07:83:75:8c:94:96:56:84:59:ea:a0:ba:a9:b0:
                    2c:46:6f:84:87:5f:4f:de:4e:8c:a8:74:06:cb:54:
                    f8:86:5f:bc:43:df:f0:01:7a:9b:51:99:37:3f:24:
                    87:ea:19:52:95:cb:ae:d3:b6:77:3d:cb:13:2d:83:
                    f8:00:b9:f7:37:6f:c1:95:26:e5:a8:b1:ac:32:68:
                    d4:4a:cb:5b:f3:1a:d4:ac:dc:93:e3:a7:ea:5c:12:
                    f9:22:e3:d9:26:2b:d2:5f:c6:27:6c:b1:f6:55:91:
                    2b:89:e1:cc:6b:48:04:83:ea:07:63:f1:82:99:56:
                    8a:36:0b:5d:79:2e:76:fb:07:43:04:d7:8c:98:c5:
                    47:42:76:9b:63:a2:68:1b:03:91:9c:36:85:62:64:
                    5c:93:bf:44:68:f9:4c:61:66:04:ed:4d:b8:19:fd:
                    fa:b5:41:fa:be:46:1d:41:03:d0:96:79:32:18:8d:
                    4b:1d:58:09:f5:f1:75:38:b9:b2:41:03:46:9b:78:
                    a1:7a:b6:30:0e:98:2f:f3:a9:5f:07:49:35:aa:0f:
                    29:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:3C:35:C4:82:97:2C:F8:4F:A1:F1:02:9A:3C:68:4C:37:80:94:8C
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/Vjw1xIKXLPhPofECmjxoTDeAlIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:fe:9d:f0:9d:a0:77:24:87:fa:06:18:1c:45:67:c6:0c:c3:
         9e:c3:cf:43:ef:e8:49:72:2f:3e:57:90:9f:50:94:3f:c4:08:
         1e:4e:47:d3:34:cc:3f:66:a1:fb:7f:73:89:b0:ef:4b:a1:be:
         a1:5b:84:2c:58:45:09:54:e4:20:40:a5:1c:ab:7f:b4:d2:e2:
         9b:3c:ab:bd:ca:bc:65:c0:ab:f3:89:25:c5:f3:f0:9e:1d:9c:
         d9:71:be:ec:30:1d:e0:a6:4c:6a:41:75:67:66:aa:a8:3b:ca:
         09:97:5d:05:b1:25:93:4c:eb:d6:6f:cc:fd:08:c7:68:c6:2a:
         7e:a7:80:db:b3:d8:57:99:07:25:de:20:4a:e8:94:1c:af:c8:
         db:c0:f8:95:91:05:3e:62:2f:6a:0d:f8:52:fd:97:8f:ab:f3:
         0d:e1:1c:34:ca:4f:60:56:ef:a1:01:8c:93:4f:45:ee:93:e9:
         9c:63:1f:32:03:59:7f:4e:5a:06:a8:81:1a:b5:ee:ab:c4:57:
         18:a4:5a:c6:12:1b:ee:32:0d:02:b2:4a:d3:a0:89:25:d4:8e:
         4a:ba:3a:b7:5f:48:44:59:23:49:48:80:1b:77:32:90:22:09:
         41:24:bb:8a:ce:f1:07:3f:4d:4b:10:c6:39:ad:ef:d0:f8:d9:
         28:a2:b2:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4cp3TxiwBsLWsbBngMqcaDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTEyMTQ0NjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjNjMzVjNDgyOTcyY2Y4NGZhMWYxMDI5YTNjNjg0YzM3ODA5NDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq438BuwDjuViyaoTC7PiWMHWTcbP
VaznXUlLe9gq4oEJRoCcLDZl2JYlzQkkB4N1jJSWVoRZ6qC6qbAsRm+Eh19P3k6M
qHQGy1T4hl+8Q9/wAXqbUZk3PySH6hlSlcuu07Z3PcsTLYP4ALn3N2/BlSblqLGs
MmjUSstb8xrUrNyT46fqXBL5IuPZJivSX8YnbLH2VZErieHMa0gEg+oHY/GCmVaK
NgtdeS52+wdDBNeMmMVHQnabY6JoGwORnDaFYmRck79EaPlMYWYE7U24Gf36tUH6
vkYdQQPQlnkyGI1LHVgJ9fF1OLmyQQNGm3iherYwDpgv86lfB0k1qg8pOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFY8NcSClyz4T6HxApo8aEw3gJSMMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvVmp3MXhJS1hMUGhQb2ZFQ21qeG9URGVBbEl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP+rMA0G
CSqGSIb3DQEBCwUAA4IBAQAK/p3wnaB3JIf6BhgcRWfGDMOew89D7+hJci8+V5Cf
UJQ/xAgeTkfTNMw/ZqH7f3OJsO9Lob6hW4QsWEUJVOQgQKUcq3+00uKbPKu9yrxl
wKvziSXF8/CeHZzZcb7sMB3gpkxqQXVnZqqoO8oJl10FsSWTTOvWb8z9CMdoxip+
p4Dbs9hXmQcl3iBK6JQcr8jbwPiVkQU+Yi9qDfhS/ZePq/MN4Rw0yk9gVu+hAYyT
T0Xuk+mcYx8yA1l/TloGqIEate6rxFcYpFrGEhvuMg0CskrToIkl1I5Kujq3X0hE
WSNJSIAbdzKQIglBJLuKzvEHP01LEMY5re/Q+NkoorI8
-----END CERTIFICATE-----