Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/n3aPILIh7giuoDUK56sOpHcItYE.roa
File:                     n3aPILIh7giuoDUK56sOpHcItYE.roa (raw, json)
Hash identifier:          lZgrxhhUmWtrA9FtAOz5wAIODFYdd/saRuVJ0sfDMlI=
Subject key identifier:   9F:76:8F:20:B2:21:EE:08:AE:A0:35:0A:E7:AB:0E:A4:77:08:B5:81
Certificate issuer:       /CN=6b104f1e4abaec1eff80f262c62f96c25438c8e1
Certificate serial:       019EBAB6A1DB13AEA9069C743872D386F703
Authority key identifier: 6B:10:4F:1E:4A:BA:EC:1E:FF:80:F2:62:C6:2F:96:C2:54:38:C8:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/n3aPILIh7giuoDUK56sOpHcItYE.roa
Signing time:             Fri 12 Jun 2026 07:23:11 +0000
ROA not before:           Fri 12 Jun 2026 07:23:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197540
IP address blocks:        153.51.168.0/24 maxlen: 24
                          153.51.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ba:b6:a1:db:13:ae:a9:06:9c:74:38:72:d3:86:f7:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b104f1e4abaec1eff80f262c62f96c25438c8e1
        Validity
            Not Before: Jun 12 07:23:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9f768f20b221ee08aea0350ae7ab0ea47708b581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:33:81:8a:28:9a:09:93:c2:f4:73:28:be:8e:
                    63:ab:0e:f4:1d:11:e4:e4:40:58:21:60:00:6e:4d:
                    bd:d3:97:e5:46:0a:0c:89:c1:84:33:f9:24:6b:ef:
                    1a:c6:29:74:8d:c5:01:c4:79:89:65:82:f5:5a:86:
                    2c:b2:7e:c5:3b:17:2d:43:1c:a1:78:0c:12:59:75:
                    7f:05:dd:32:19:58:18:40:fa:bb:7d:f9:cc:1c:01:
                    b4:9b:a6:18:eb:f4:ed:df:94:da:e7:90:8f:14:24:
                    fb:a6:00:52:2f:74:37:33:02:5e:27:ba:b3:2b:25:
                    3f:ce:63:d5:c0:c3:d6:a6:25:79:1c:a3:41:09:4a:
                    93:42:53:f0:54:5a:a4:35:31:48:8b:fc:e0:c9:21:
                    74:18:a5:9f:fa:6c:8f:08:07:7a:d5:ed:c3:dd:e7:
                    cf:86:1c:ff:f2:21:e3:f0:21:95:3d:41:a2:a9:52:
                    39:50:af:81:1a:a3:04:9d:40:a5:4e:fd:a9:f8:c5:
                    07:cc:6c:d2:16:74:16:5a:18:f3:01:ca:bc:e7:be:
                    a4:66:7f:73:83:2e:5e:ff:ad:21:b0:03:29:9e:a8:
                    f2:bb:02:f2:a8:d1:45:7b:f7:74:b9:f9:88:d6:fc:
                    83:79:25:76:32:63:7e:48:fa:a1:c1:73:d3:b0:e7:
                    84:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:76:8F:20:B2:21:EE:08:AE:A0:35:0A:E7:AB:0E:A4:77:08:B5:81
            X509v3 Authority Key Identifier:
                keyid:6B:10:4F:1E:4A:BA:EC:1E:FF:80:F2:62:C6:2F:96:C2:54:38:C8:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/axBPHkq67B7_gPJixi-WwlQ4yOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/n3aPILIh7giuoDUK56sOpHcItYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/653c24-68e5-4ad8-b763-30c9de205afc/1/axBPHkq67B7_gPJixi-WwlQ4yOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.51.168.0/24
                  153.51.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:eb:6f:93:fa:fa:cd:c0:f1:b2:19:07:b7:6a:de:16:b5:46:
         59:80:b7:a0:b0:62:87:eb:c3:cb:d2:30:82:13:bb:38:63:f9:
         ad:4c:6e:00:54:b3:c1:b0:80:3f:1f:27:16:4e:43:a4:a0:8b:
         4b:ce:ec:7b:0c:3d:9a:84:d3:1a:77:a5:22:25:02:bd:13:3b:
         0f:f0:89:09:aa:d0:0f:08:bb:ff:86:79:aa:08:9c:ae:a1:18:
         f2:78:83:8c:4d:88:a6:45:82:6c:df:b1:f2:9e:bc:b9:6a:a8:
         e2:a2:dc:1d:02:76:6a:87:21:c5:e7:64:68:69:ee:fe:54:e3:
         4d:0c:b7:06:bc:aa:df:2f:25:60:59:2f:49:68:96:e7:7e:1c:
         b7:8b:97:c4:d4:ab:4a:fe:74:65:84:2f:a2:b4:55:1f:6a:a0:
         03:98:f5:f9:38:46:cf:77:87:e6:27:9c:6d:59:a1:52:bd:18:
         e6:fa:14:73:db:7a:2b:b4:64:bb:43:cd:1e:36:01:54:b8:72:
         81:17:97:c5:e7:f1:87:eb:ae:ca:c0:47:70:fa:c9:52:bc:f3:
         c4:df:6b:00:b1:7b:e4:05:97:6e:7c:3f:a0:56:0c:98:2e:d6:
         9d:04:e4:3f:47:8e:02:9c:cd:5d:ce:6c:da:f8:f6:9f:cc:f2:
         fb:3e:78:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ66tqHbE66pBpx0OHLThvcDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMTA0ZjFlNGFiYWVjMWVmZjgwZjI2MmM2MmY5NmMyNTQz
OGM4ZTEwHhcNMjYwNjEyMDcyMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjc2OGYyMGIyMjFlZTA4YWVhMDM1MGFlN2FiMGVhNDc3MDhiNTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTOBiiiaCZPC9HMovo5jqw70HRHk
5EBYIWAAbk2905flRgoMicGEM/kka+8axil0jcUBxHmJZYL1WoYssn7FOxctQxyh
eAwSWXV/Bd0yGVgYQPq7ffnMHAG0m6YY6/Tt35Ta55CPFCT7pgBSL3Q3MwJeJ7qz
KyU/zmPVwMPWpiV5HKNBCUqTQlPwVFqkNTFIi/zgySF0GKWf+myPCAd61e3D3efP
hhz/8iHj8CGVPUGiqVI5UK+BGqMEnUClTv2p+MUHzGzSFnQWWhjzAcq8576kZn9z
gy5e/60hsAMpnqjyuwLyqNFFe/d0ufmI1vyDeSV2MmN+SPqhwXPTsOeEPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ92jyCyIe4IrqA1CuerDqR3CLWBMB8GA1UdIwQY
MBaAFGsQTx5Kuuwe/4DyYsYvlsJUOMjhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXhCUEhrcTY3QjdfZ1BKaXhpLVd3bFE0eU9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS82NTNjMjQtNjhlNS00YWQ4LWI3NjMt
MzBjOWRlMjA1YWZjLzEvbjNhUElMSWg3Z2l1b0RVSzU2c09wSGNJdFlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS82NTNjMjQtNjhlNS00YWQ4LWI3NjMtMzBjOWRlMjA1YWZj
LzEvYXhCUEhrcTY3QjdfZ1BKaXhpLVd3bFE0eU9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAmTOoAwQC
mTOsMA0GCSqGSIb3DQEBCwUAA4IBAQAD62+T+vrNwPGyGQe3at4WtUZZgLegsGKH
68PL0jCCE7s4Y/mtTG4AVLPBsIA/HycWTkOkoItLzux7DD2ahNMad6UiJQK9EzsP
8IkJqtAPCLv/hnmqCJyuoRjyeIOMTYimRYJs37Hynry5aqjiotwdAnZqhyHF52Ro
ae7+VONNDLcGvKrfLyVgWS9JaJbnfhy3i5fE1KtK/nRlhC+itFUfaqADmPX5OEbP
d4fmJ5xtWaFSvRjm+hRz23ortGS7Q80eNgFUuHKBF5fF5/GH667KwEdw+slSvPPE
32sAsXvkBZdufD+gVgyYLtadBOQ/R44CnM1dzmza+PafzPL7Pnjm
-----END CERTIFICATE-----