Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/ff2ceb-e9a8-478c-88c1-3de4ece3ab2a/1/KbkgC7W04AC2dfiCKLffjYIdfm0.roa
File:                     KbkgC7W04AC2dfiCKLffjYIdfm0.roa (raw, json)
Hash identifier:          b+1XnR1qClXgo0+h2XFqiEy+RpYXEzB0EWpEqBHm3rM=
Subject key identifier:   29:B9:20:0B:B5:B4:E0:00:B6:75:F8:82:28:B7:DF:8D:82:1D:7E:6D
Certificate issuer:       /CN=6b6199e55c353ef7f3d2bf4a4fe38dd1a0ad8565
Certificate serial:       01997A6242745B4D957296ED93C227E1FE32
Authority key identifier: 6B:61:99:E5:5C:35:3E:F7:F3:D2:BF:4A:4F:E3:8D:D1:A0:AD:85:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a2GZ5Vw1Pvfz0r9KT-ON0aCthWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/ff2ceb-e9a8-478c-88c1-3de4ece3ab2a/1/KbkgC7W04AC2dfiCKLffjYIdfm0.roa
Signing time:             Wed 24 Sep 2025 06:21:23 +0000
ROA not before:           Wed 24 Sep 2025 06:21:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61395
IP address blocks:        5.83.56.0/21 maxlen: 21
                          2a04:680::/29 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/ff2ceb-e9a8-478c-88c1-3de4ece3ab2a/1/a2GZ5Vw1Pvfz0r9KT-ON0aCthWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/ff2ceb-e9a8-478c-88c1-3de4ece3ab2a/1/a2GZ5Vw1Pvfz0r9KT-ON0aCthWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a2GZ5Vw1Pvfz0r9KT-ON0aCthWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7a:62:42:74:5b:4d:95:72:96:ed:93:c2:27:e1:fe:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b6199e55c353ef7f3d2bf4a4fe38dd1a0ad8565
        Validity
            Not Before: Sep 24 06:21:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29b9200bb5b4e000b675f88228b7df8d821d7e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:18:4b:61:fe:1f:4b:cb:14:01:51:09:07:e7:
                    b3:9c:7f:25:40:2f:25:05:d6:e8:af:8d:44:00:52:
                    f7:c0:f8:cb:8c:4a:3c:ec:57:d0:fd:65:56:63:c0:
                    e2:b2:c0:0d:56:db:ab:de:5b:74:09:ff:73:b2:0f:
                    11:b7:3b:55:41:b9:56:a3:2d:f3:fc:a9:ac:c9:74:
                    52:a5:2c:5e:a2:01:a3:1c:a7:eb:da:8d:2b:78:e0:
                    23:ec:56:c0:d0:3d:ad:8c:d4:68:f0:88:70:79:af:
                    af:a3:0b:64:4e:41:e3:a7:cc:45:08:72:bb:81:e4:
                    67:5c:e3:7d:77:db:bb:a3:1d:16:3f:54:56:39:ef:
                    8a:c1:f8:c0:97:e3:ef:80:db:f2:e1:cb:2e:07:42:
                    ed:9d:3f:69:c9:20:7f:8d:fa:fb:2e:05:26:29:e6:
                    2a:a0:ff:b5:1f:05:60:ca:f2:96:81:3e:9e:42:85:
                    02:06:2d:75:76:86:a0:b8:67:8b:45:e0:fb:1a:ee:
                    3b:76:9e:72:4f:ee:9e:12:ee:b2:b7:ed:1e:5e:a7:
                    33:2c:a8:98:7c:a3:90:5a:c1:bc:b2:4c:2f:f7:98:
                    82:df:1b:c2:de:f1:fe:1b:2c:69:f3:a0:f9:f5:05:
                    73:33:9c:b6:df:41:83:12:ea:d2:8a:69:c2:0e:3f:
                    08:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B9:20:0B:B5:B4:E0:00:B6:75:F8:82:28:B7:DF:8D:82:1D:7E:6D
            X509v3 Authority Key Identifier:
                keyid:6B:61:99:E5:5C:35:3E:F7:F3:D2:BF:4A:4F:E3:8D:D1:A0:AD:85:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2GZ5Vw1Pvfz0r9KT-ON0aCthWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/ff2ceb-e9a8-478c-88c1-3de4ece3ab2a/1/KbkgC7W04AC2dfiCKLffjYIdfm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/ff2ceb-e9a8-478c-88c1-3de4ece3ab2a/1/a2GZ5Vw1Pvfz0r9KT-ON0aCthWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.56.0/21
                IPv6:
                  2a04:680::/29

    Signature Algorithm: sha256WithRSAEncryption
         40:16:a0:0d:65:07:5d:5b:19:63:a8:4b:02:08:a2:ea:38:86:
         ff:04:d0:ad:60:26:43:c1:09:39:07:94:b0:ca:2d:e0:87:dc:
         50:59:a8:c9:a7:1d:04:ea:ec:ea:cf:5a:f2:9a:89:4e:31:33:
         4f:5d:1d:dd:99:3f:1c:f6:7b:00:54:51:ab:af:23:9b:e0:97:
         e1:99:17:76:7b:3e:68:56:b4:d8:57:46:03:0f:6e:2c:0d:58:
         e1:ff:12:d6:dc:a6:4f:80:b0:41:9d:5c:e3:45:c6:eb:86:0c:
         b5:d4:fa:79:19:e4:99:8e:9f:11:c5:d5:28:02:d3:9c:17:35:
         21:9a:aa:ae:fd:b9:75:a1:81:76:a7:2f:fc:1b:7a:b5:7e:6e:
         94:09:88:db:71:6b:5f:8c:8b:da:b4:09:12:d7:ff:b9:76:b2:
         a3:4b:22:bd:54:4d:97:d2:bc:5d:7a:37:9a:64:c9:e6:52:f5:
         cb:99:d3:dd:87:c5:a9:e7:82:00:d4:6f:a2:99:e2:ce:8a:6a:
         ad:9c:e7:00:ca:2b:c9:ee:cb:71:fe:64:9e:a6:53:25:c3:9f:
         01:25:0f:b4:eb:09:7b:26:44:ca:30:bf:e2:f5:f7:94:fb:37:
         da:c0:15:c1:27:52:5e:29:37:b8:10:33:9e:27:75:1a:35:78:
         13:06:ef:c1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZl6YkJ0W02Vcpbtk8In4f4yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNjE5OWU1NWMzNTNlZjdmM2QyYmY0YTRmZTM4ZGQxYTBh
ZDg1NjUwHhcNMjUwOTI0MDYyMTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWI5MjAwYmI1YjRlMDAwYjY3NWY4ODIyOGI3ZGY4ZDgyMWQ3ZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRhLYf4fS8sUAVEJB+eznH8lQC8l
Bdbor41EAFL3wPjLjEo87FfQ/WVWY8DissANVtur3lt0Cf9zsg8RtztVQblWoy3z
/KmsyXRSpSxeogGjHKfr2o0reOAj7FbA0D2tjNRo8Ihwea+vowtkTkHjp8xFCHK7
geRnXON9d9u7ox0WP1RWOe+KwfjAl+PvgNvy4csuB0LtnT9pySB/jfr7LgUmKeYq
oP+1HwVgyvKWgT6eQoUCBi11doaguGeLReD7Gu47dp5yT+6eEu6yt+0eXqczLKiY
fKOQWsG8skwv95iC3xvC3vH+Gyxp86D59QVzM5y230GDEurSimnCDj8ITQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCm5IAu1tOAAtnX4gii3342CHX5tMB8GA1UdIwQY
MBaAFGthmeVcNT7389K/Sk/jjdGgrYVlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTJHWjVWdzFQdmZ6MHI5S1QtT04wYUN0aFdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9mZjJjZWItZTlhOC00NzhjLTg4YzEt
M2RlNGVjZTNhYjJhLzEvS2JrZ0M3VzA0QUMyZGZpQ0tMZmZqWUlkZm0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9mZjJjZWItZTlhOC00NzhjLTg4YzEtM2RlNGVjZTNhYjJh
LzEvYTJHWjVWdzFQdmZ6MHI5S1QtT04wYUN0aFdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDBVM4MA0E
AgACMAcDBQMqBAaAMA0GCSqGSIb3DQEBCwUAA4IBAQBAFqANZQddWxljqEsCCKLq
OIb/BNCtYCZDwQk5B5Swyi3gh9xQWajJpx0E6uzqz1rymolOMTNPXR3dmT8c9nsA
VFGrryOb4JfhmRd2ez5oVrTYV0YDD24sDVjh/xLW3KZPgLBBnVzjRcbrhgy11Pp5
GeSZjp8RxdUoAtOcFzUhmqqu/bl1oYF2py/8G3q1fm6UCYjbcWtfjIvatAkS1/+5
drKjSyK9VE2X0rxdejeaZMnmUvXLmdPdh8Wp54IA1G+imeLOimqtnOcAyivJ7stx
/mSeplMlw58BJQ+06wl7JkTKML/i9feU+zfawBXBJ1JeKTe4EDOeJ3UaNXgTBu/B
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:52:44 2025 by rpki-client