Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/dba6c5-20e5-4073-853a-c9e29deba244/1/6kJ3PBkCijr-A9yGAIjkT0Whnvg.roa
File:                     6kJ3PBkCijr-A9yGAIjkT0Whnvg.roa (raw, json)
Hash identifier:          x3SAqnSBCxLWGRsChpxh6sJhNMm33GnNhcEkBfSZ2pk=
Subject key identifier:   EA:42:77:3C:19:02:8A:3A:FE:03:DC:86:00:88:E4:4F:45:A1:9E:F8
Certificate issuer:       /CN=8da02b1da4aa71e65b6fb9be23a6b208c25c57d8
Certificate serial:       019CC283A26C912D6F4469A9DB7FE6A204EA
Authority key identifier: 8D:A0:2B:1D:A4:AA:71:E6:5B:6F:B9:BE:23:A6:B2:08:C2:5C:57:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jaArHaSqceZbb7m-I6ayCMJcV9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/dba6c5-20e5-4073-853a-c9e29deba244/1/6kJ3PBkCijr-A9yGAIjkT0Whnvg.roa
Signing time:             Fri 06 Mar 2026 09:38:52 +0000
ROA not before:           Fri 06 Mar 2026 09:38:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208326
IP address blocks:        95.133.250.0/24 maxlen: 24
                          195.88.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/dba6c5-20e5-4073-853a-c9e29deba244/1/jaArHaSqceZbb7m-I6ayCMJcV9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/dba6c5-20e5-4073-853a-c9e29deba244/1/jaArHaSqceZbb7m-I6ayCMJcV9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jaArHaSqceZbb7m-I6ayCMJcV9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c2:83:a2:6c:91:2d:6f:44:69:a9:db:7f:e6:a2:04:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8da02b1da4aa71e65b6fb9be23a6b208c25c57d8
        Validity
            Not Before: Mar  6 09:38:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ea42773c19028a3afe03dc860088e44f45a19ef8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f9:5c:9f:7b:17:c8:35:cf:19:8d:bf:3e:07:
                    74:0a:86:a3:fc:10:10:da:d6:28:89:ef:48:24:f9:
                    11:da:2f:72:da:bd:3a:8a:8f:85:d4:94:26:b6:77:
                    ae:10:3f:d6:0f:ab:1b:77:09:38:98:af:24:ff:19:
                    56:42:af:ba:61:25:d5:bd:3f:1c:e5:de:18:53:86:
                    74:3e:7f:3e:64:b7:bf:4b:e9:ae:95:19:a5:68:b0:
                    26:ab:a1:41:be:7b:f2:eb:19:c7:11:26:d1:48:d3:
                    da:37:eb:1f:8e:78:ef:c8:06:9c:1b:00:78:26:f4:
                    64:4d:0c:64:48:50:22:86:2b:9b:78:80:62:48:93:
                    0e:4a:0b:bc:99:5b:1c:c4:55:42:06:5a:e8:a2:8b:
                    f0:b0:99:4c:de:f7:d1:f7:45:5a:52:7c:ee:15:5a:
                    7a:49:3e:50:17:1e:c6:4c:3c:d0:2d:80:0d:13:ff:
                    f3:ce:1b:ef:72:bb:af:a9:ee:05:e8:2f:85:e4:ec:
                    3e:26:b2:35:68:1e:98:cc:a1:fe:73:cf:89:15:59:
                    b1:82:49:38:9a:d9:e4:90:c5:ba:38:e4:24:a9:e7:
                    2e:76:92:1f:f4:8a:75:8e:5a:db:b0:fd:d5:26:9a:
                    21:0d:b5:ff:cd:c8:86:bd:ed:d6:b5:32:12:1c:9e:
                    51:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:42:77:3C:19:02:8A:3A:FE:03:DC:86:00:88:E4:4F:45:A1:9E:F8
            X509v3 Authority Key Identifier:
                keyid:8D:A0:2B:1D:A4:AA:71:E6:5B:6F:B9:BE:23:A6:B2:08:C2:5C:57:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jaArHaSqceZbb7m-I6ayCMJcV9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/dba6c5-20e5-4073-853a-c9e29deba244/1/6kJ3PBkCijr-A9yGAIjkT0Whnvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/dba6c5-20e5-4073-853a-c9e29deba244/1/jaArHaSqceZbb7m-I6ayCMJcV9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.133.250.0/24
                  195.88.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:b0:38:56:1f:67:51:d4:51:11:78:25:b1:75:4b:b8:e8:bb:
         7b:62:d6:52:f4:01:d3:b4:a5:a8:90:40:31:18:97:6e:d5:0a:
         ef:97:c6:0c:59:54:1e:e2:9f:c0:8d:1c:66:96:5b:83:aa:bf:
         d1:d1:56:89:ca:a4:e5:b1:bc:0f:f2:f9:14:5d:a9:8f:f8:15:
         74:89:27:fe:9b:88:69:98:09:59:3f:44:0f:d2:73:43:18:f3:
         99:6f:9f:1c:81:c7:0b:04:9d:f6:44:0c:25:bb:da:86:44:39:
         d3:dd:01:1a:67:40:ef:76:61:f6:3b:06:05:0c:39:24:70:cf:
         92:12:24:70:cc:99:14:47:67:25:62:88:c3:ce:e6:97:c5:7b:
         4e:f7:1b:9d:5c:9e:b9:38:43:71:b4:0f:64:68:b9:75:11:64:
         84:44:0c:56:34:63:e3:41:ef:8f:d8:25:fd:ad:c2:81:10:2b:
         9e:59:6a:a1:ac:25:91:fc:b0:b4:de:bb:da:46:ed:b0:a3:91:
         94:f6:50:0c:04:dd:f8:a3:6a:ee:37:8f:4b:ce:2d:d1:36:a6:
         40:5a:c0:17:9f:45:49:db:0b:8a:c2:e3:79:eb:ac:31:f5:15:
         0c:f0:92:4b:83:c8:82:10:dd:81:2d:76:9e:2a:66:08:7b:dc:
         b0:41:33:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzCg6JskS1vRGmp23/mogTqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYTAyYjFkYTRhYTcxZTY1YjZmYjliZTIzYTZiMjA4YzI1
YzU3ZDgwHhcNMjYwMzA2MDkzODUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTQyNzczYzE5MDI4YTNhZmUwM2RjODYwMDg4ZTQ0ZjQ1YTE5ZWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqflcn3sXyDXPGY2/Pgd0Coaj/BAQ
2tYoie9IJPkR2i9y2r06io+F1JQmtneuED/WD6sbdwk4mK8k/xlWQq+6YSXVvT8c
5d4YU4Z0Pn8+ZLe/S+mulRmlaLAmq6FBvnvy6xnHESbRSNPaN+sfjnjvyAacGwB4
JvRkTQxkSFAihiubeIBiSJMOSgu8mVscxFVCBlrooovwsJlM3vfR90VaUnzuFVp6
ST5QFx7GTDzQLYANE//zzhvvcruvqe4F6C+F5Ow+JrI1aB6YzKH+c8+JFVmxgkk4
mtnkkMW6OOQkqecudpIf9Ip1jlrbsP3VJpohDbX/zciGve3WtTISHJ5RFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOpCdzwZAoo6/gPchgCI5E9FoZ74MB8GA1UdIwQY
MBaAFI2gKx2kqnHmW2+5viOmsgjCXFfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamFBckhhU3FjZVpiYjdtLUk2YXlDTUpjVjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9kYmE2YzUtMjBlNS00MDczLTg1M2Et
YzllMjlkZWJhMjQ0LzEvNmtKM1BCa0NpanItQTl5R0FJamtUMFdobnZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9kYmE2YzUtMjBlNS00MDczLTg1M2EtYzllMjlkZWJhMjQ0
LzEvamFBckhhU3FjZVpiYjdtLUk2YXlDTUpjVjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX4X6AwQA
w1gTMA0GCSqGSIb3DQEBCwUAA4IBAQCdsDhWH2dR1FEReCWxdUu46Lt7YtZS9AHT
tKWokEAxGJdu1Qrvl8YMWVQe4p/AjRxmlluDqr/R0VaJyqTlsbwP8vkUXamP+BV0
iSf+m4hpmAlZP0QP0nNDGPOZb58cgccLBJ32RAwlu9qGRDnT3QEaZ0DvdmH2OwYF
DDkkcM+SEiRwzJkUR2clYojDzuaXxXtO9xudXJ65OENxtA9kaLl1EWSERAxWNGPj
Qe+P2CX9rcKBECueWWqhrCWR/LC03rvaRu2wo5GU9lAMBN34o2ruN49Lzi3RNqZA
WsAXn0VJ2wuKwuN566wx9RUM8JJLg8iCEN2BLXaeKmYIe9ywQTOT
-----END CERTIFICATE-----