Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/6YAkFA187szpAJENw4LMQBB1hQY.roa
File:                     6YAkFA187szpAJENw4LMQBB1hQY.roa (raw, json)
Hash identifier:          Z77kG9JsB/MeYi4jnzslb7Ms/3fontCjGBqAILjLihM=
Subject key identifier:   E9:80:24:14:0D:7C:EE:CC:E9:00:91:0D:C3:82:CC:40:10:75:85:06
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019DD3F6C66FA7963111967E5ADD999347AF
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/6YAkFA187szpAJENw4LMQBB1hQY.roa
Signing time:             Tue 28 Apr 2026 12:00:58 +0000
ROA not before:           Tue 28 Apr 2026 12:00:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210546
IP address blocks:        93.115.175.0/24 maxlen: 24
                          193.228.139.0/24 maxlen: 24
                          212.192.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:f6:c6:6f:a7:96:31:11:96:7e:5a:dd:99:93:47:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr 28 12:00:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e98024140d7ceecce900910dc382cc4010758506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:c3:50:11:ed:b1:d8:7a:cd:d7:7a:19:f5:e8:
                    ca:a7:1a:39:30:fe:2d:c2:39:04:14:1a:de:5a:00:
                    9d:4a:91:a5:2d:46:43:0d:ea:1e:41:24:c3:4e:ab:
                    13:f3:27:de:b0:00:5e:38:f9:66:a9:0a:d5:f4:d7:
                    eb:21:a6:2b:7b:9c:64:a2:e1:f4:2d:69:b9:dc:5a:
                    b4:19:29:76:68:f9:e5:f1:23:4b:49:fb:15:fc:60:
                    74:bd:34:0e:95:3f:59:61:a5:b3:8c:5a:ee:95:57:
                    f9:33:d9:16:3d:4a:3f:b2:b3:9c:40:a5:63:ef:e7:
                    c6:3b:51:4a:1e:ad:d3:f8:70:46:5e:61:46:e4:c2:
                    9e:7b:72:21:d9:70:95:b2:41:b5:10:25:1e:84:45:
                    cc:b5:8b:41:ab:70:38:69:8e:b8:51:87:ca:71:be:
                    bc:78:2f:e3:84:1d:68:8c:f6:49:67:05:b2:9f:52:
                    45:83:b2:0c:81:b3:8a:23:c6:c4:62:68:d9:e0:d0:
                    68:21:e2:94:8a:0d:9d:0a:3c:2c:0f:aa:34:2d:06:
                    ca:7b:09:8b:09:64:37:d9:8a:5f:c7:e4:45:4c:17:
                    0d:ff:57:ae:b6:78:4a:28:4f:5d:94:61:04:08:84:
                    a7:0c:0f:dd:c3:cd:7d:ae:f0:38:81:39:c9:00:98:
                    a4:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:80:24:14:0D:7C:EE:CC:E9:00:91:0D:C3:82:CC:40:10:75:85:06
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/6YAkFA187szpAJENw4LMQBB1hQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.115.175.0/24
                  193.228.139.0/24
                  212.192.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:d2:2a:88:9e:58:8d:c6:8a:d4:60:10:90:81:0e:38:af:ad:
         50:02:38:b8:b1:91:bd:2a:11:79:f6:d3:b3:b4:62:af:2f:81:
         84:67:1d:fd:b1:e1:ef:9c:16:b6:d7:54:79:a1:ed:dc:d8:0f:
         f7:32:24:53:7a:6f:a7:f9:9c:95:cd:62:38:06:89:87:72:dc:
         c7:9c:65:48:a1:a3:5e:00:44:17:00:ff:21:3f:42:bc:f1:36:
         fc:17:58:1f:00:7c:43:3b:53:d6:94:0a:a1:a8:82:b9:86:be:
         f7:9e:d2:01:06:2b:a3:0d:46:ae:5d:29:fd:78:e1:df:34:ab:
         08:02:fb:9d:11:02:21:64:dc:f8:68:f8:1d:98:1f:47:09:02:
         06:94:41:db:51:6e:98:a1:d9:61:e6:74:28:c2:e2:b6:64:ae:
         1b:50:29:bb:11:0d:95:22:a3:b3:14:89:74:88:dc:ce:c2:c8:
         70:17:92:48:21:b1:a7:23:de:c6:81:03:12:8e:a5:e7:6e:70:
         d9:7d:5f:42:e4:e6:71:c4:16:c3:e9:21:ce:42:fe:cc:9b:3a:
         5e:00:d6:57:b1:da:6b:d8:11:23:a1:4d:c9:ca:4e:58:14:6f:
         91:30:a4:e7:45:1a:04:32:3d:fe:26:ef:da:1b:b1:c3:8a:ab:
         24:67:60:a3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3T9sZvp5YxEZZ+Wt2Zk0evMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDI4MTIwMDU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTgwMjQxNDBkN2NlZWNjZTkwMDkxMGRjMzgyY2M0MDEwNzU4NTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MNQEe2x2HrN13oZ9ejKpxo5MP4t
wjkEFBreWgCdSpGlLUZDDeoeQSTDTqsT8yfesABeOPlmqQrV9NfrIaYre5xkouH0
LWm53Fq0GSl2aPnl8SNLSfsV/GB0vTQOlT9ZYaWzjFrulVf5M9kWPUo/srOcQKVj
7+fGO1FKHq3T+HBGXmFG5MKee3Ih2XCVskG1ECUehEXMtYtBq3A4aY64UYfKcb68
eC/jhB1ojPZJZwWyn1JFg7IMgbOKI8bEYmjZ4NBoIeKUig2dCjwsD6o0LQbKewmL
CWQ32Ypfx+RFTBcN/1eutnhKKE9dlGEECISnDA/dw819rvA4gTnJAJikzwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOmAJBQNfO7M6QCRDcOCzEAQdYUGMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvNllBa0ZBMTg3c3pwQUpFTnc0TE1RQkIxaFFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXXOvAwQA
weSLAwQA1MAfMA0GCSqGSIb3DQEBCwUAA4IBAQBI0iqInliNxorUYBCQgQ44r61Q
Aji4sZG9KhF59tOztGKvL4GEZx39seHvnBa211R5oe3c2A/3MiRTem+n+ZyVzWI4
BomHctzHnGVIoaNeAEQXAP8hP0K88Tb8F1gfAHxDO1PWlAqhqIK5hr73ntIBBiuj
DUauXSn9eOHfNKsIAvudEQIhZNz4aPgdmB9HCQIGlEHbUW6Yodlh5nQowuK2ZK4b
UCm7EQ2VIqOzFIl0iNzOwshwF5JIIbGnI97GgQMSjqXnbnDZfV9C5OZxxBbD6SHO
Qv7MmzpeANZXsdpr2BEjoU3Jyk5YFG+RMKTnRRoEMj3+Ju/aG7HDiqskZ2Cj
-----END CERTIFICATE-----