Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/c77dfd-2ce6-4f2f-a9b2-2e68903e7cb9/1/6wwyHetaWlbuQqBi8km0Pln5kLU.roa
File:                     6wwyHetaWlbuQqBi8km0Pln5kLU.roa (raw, json)
Hash identifier:          NfTKPcEnOPcVeUQUwx5+VFtDZy/ENtzf3n4eNOFkcHM=
Subject key identifier:   EB:0C:32:1D:EB:5A:5A:56:EE:42:A0:62:F2:49:B4:3E:59:F9:90:B5
Certificate issuer:       /CN=a7c7529d9884da3088ab8f3b58fb3e635179d35a
Certificate serial:       019E8D14C7316231E5A05076E3F17ED76591
Authority key identifier: A7:C7:52:9D:98:84:DA:30:88:AB:8F:3B:58:FB:3E:63:51:79:D3:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p8dSnZiE2jCIq487WPs-Y1F501o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/c77dfd-2ce6-4f2f-a9b2-2e68903e7cb9/1/6wwyHetaWlbuQqBi8km0Pln5kLU.roa
Signing time:             Wed 03 Jun 2026 10:43:29 +0000
ROA not before:           Wed 03 Jun 2026 10:43:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56798
IP address blocks:        185.169.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/c77dfd-2ce6-4f2f-a9b2-2e68903e7cb9/1/p8dSnZiE2jCIq487WPs-Y1F501o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/c77dfd-2ce6-4f2f-a9b2-2e68903e7cb9/1/p8dSnZiE2jCIq487WPs-Y1F501o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p8dSnZiE2jCIq487WPs-Y1F501o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8d:14:c7:31:62:31:e5:a0:50:76:e3:f1:7e:d7:65:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7c7529d9884da3088ab8f3b58fb3e635179d35a
        Validity
            Not Before: Jun  3 10:43:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eb0c321deb5a5a56ee42a062f249b43e59f990b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ad:eb:2c:69:3a:d3:d3:af:04:b9:25:22:8b:
                    c5:f5:21:d3:95:89:42:1b:ff:c7:0b:14:6e:d5:2f:
                    55:89:9e:d6:9f:96:71:ea:d2:d7:2c:1a:93:3c:89:
                    76:12:4f:e2:45:47:0b:b3:3d:9c:9f:c1:5f:be:d6:
                    38:48:ae:79:98:70:f4:66:b0:8e:c9:e0:08:df:76:
                    d4:d1:f8:1e:0f:4e:c1:73:ae:bf:f1:4a:e5:e0:fb:
                    fc:f5:95:df:c9:24:1d:71:3e:67:2f:b0:21:06:6b:
                    be:00:8b:4a:75:1f:5b:3f:35:9f:62:ab:dd:f3:66:
                    56:8e:ab:ad:f4:33:b9:18:3b:27:bf:5b:80:83:31:
                    16:83:ba:98:8a:7a:6e:df:af:1d:8a:06:80:f8:aa:
                    f5:33:1f:03:38:67:7a:2b:4c:d6:cf:2c:99:a3:44:
                    2b:da:8b:58:9d:96:56:60:af:91:b3:de:a6:24:53:
                    7a:f3:25:98:18:b9:dc:24:8b:33:88:6b:b0:fb:64:
                    78:cb:14:b4:a0:17:e4:2c:ff:3f:ec:63:f4:c0:df:
                    b5:cd:c8:d9:20:3d:31:15:9e:61:28:3b:ce:83:ac:
                    c8:d7:44:ef:89:59:c3:e4:3c:e8:08:4e:ef:89:76:
                    5d:c8:1b:a5:ef:59:7e:1c:3a:b3:2a:de:99:28:20:
                    79:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:0C:32:1D:EB:5A:5A:56:EE:42:A0:62:F2:49:B4:3E:59:F9:90:B5
            X509v3 Authority Key Identifier:
                keyid:A7:C7:52:9D:98:84:DA:30:88:AB:8F:3B:58:FB:3E:63:51:79:D3:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p8dSnZiE2jCIq487WPs-Y1F501o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/c77dfd-2ce6-4f2f-a9b2-2e68903e7cb9/1/6wwyHetaWlbuQqBi8km0Pln5kLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/c77dfd-2ce6-4f2f-a9b2-2e68903e7cb9/1/p8dSnZiE2jCIq487WPs-Y1F501o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:20:05:d4:cf:5f:4a:64:26:bb:1e:52:ed:46:e9:84:1f:6b:
         2a:a5:87:e2:d0:ec:63:d7:3a:f6:26:96:34:17:ba:9a:ae:40:
         2a:d3:fa:d9:e5:58:61:76:0c:61:25:f9:61:3d:a5:e8:1d:6e:
         76:34:55:b7:52:04:b6:40:fe:11:bc:73:e1:f5:79:bf:38:d3:
         03:87:f5:54:55:44:12:9e:3c:08:5a:d8:4d:58:1b:8d:1c:c8:
         00:71:3e:95:a1:09:23:33:83:b6:b8:bd:82:20:79:72:79:5d:
         a8:36:a5:42:6d:4a:83:c9:00:70:b6:a1:c4:f0:01:af:8f:87:
         00:be:fe:4d:18:1d:06:e6:89:cd:4b:f2:e0:20:cc:2c:60:11:
         15:d4:5b:dc:7f:43:b3:60:26:93:82:7f:3a:87:46:c6:6d:a4:
         a5:10:8f:07:a6:6f:09:73:05:f6:d3:d7:15:63:ce:91:9d:fd:
         05:85:95:ad:8f:69:44:e9:a3:44:ff:c0:9e:83:4d:69:1e:7b:
         81:44:08:c0:3a:88:fa:b9:77:f9:34:c2:1b:d6:9d:f1:70:0f:
         17:c1:b2:cf:b2:24:07:60:d4:5f:ca:49:8e:82:33:ac:94:53:
         07:fb:1b:b7:80:f9:2a:13:b1:57:e4:52:af:d0:f9:0f:2d:f4:
         d6:17:c1:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6NFMcxYjHloFB24/F+12WRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3Yzc1MjlkOTg4NGRhMzA4OGFiOGYzYjU4ZmIzZTYzNTE3
OWQzNWEwHhcNMjYwNjAzMTA0MzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjBjMzIxZGViNWE1YTU2ZWU0MmEwNjJmMjQ5YjQzZTU5Zjk5MGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvq3rLGk609OvBLklIovF9SHTlYlC
G//HCxRu1S9ViZ7Wn5Zx6tLXLBqTPIl2Ek/iRUcLsz2cn8FfvtY4SK55mHD0ZrCO
yeAI33bU0fgeD07Bc66/8Url4Pv89ZXfySQdcT5nL7AhBmu+AItKdR9bPzWfYqvd
82ZWjqut9DO5GDsnv1uAgzEWg7qYinpu368digaA+Kr1Mx8DOGd6K0zWzyyZo0Qr
2otYnZZWYK+Rs96mJFN68yWYGLncJIsziGuw+2R4yxS0oBfkLP8/7GP0wN+1zcjZ
ID0xFZ5hKDvOg6zI10TviVnD5DzoCE7viXZdyBul71l+HDqzKt6ZKCB5UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOsMMh3rWlpW7kKgYvJJtD5Z+ZC1MB8GA1UdIwQY
MBaAFKfHUp2YhNowiKuPO1j7PmNRedNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDhkU25aaUUyakNJcTQ4N1dQcy1ZMUY1MDFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9jNzdkZmQtMmNlNi00ZjJmLWE5YjIt
MmU2ODkwM2U3Y2I5LzEvNnd3eUhldGFXbGJ1UXFCaThrbTBQbG41a0xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9jNzdkZmQtMmNlNi00ZjJmLWE5YjItMmU2ODkwM2U3Y2I5
LzEvcDhkU25aaUUyakNJcTQ4N1dQcy1ZMUY1MDFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAualeMA0G
CSqGSIb3DQEBCwUAA4IBAQAiIAXUz19KZCa7HlLtRumEH2sqpYfi0Oxj1zr2JpY0
F7qarkAq0/rZ5VhhdgxhJflhPaXoHW52NFW3UgS2QP4RvHPh9Xm/ONMDh/VUVUQS
njwIWthNWBuNHMgAcT6VoQkjM4O2uL2CIHlyeV2oNqVCbUqDyQBwtqHE8AGvj4cA
vv5NGB0G5onNS/LgIMwsYBEV1Fvcf0OzYCaTgn86h0bGbaSlEI8Hpm8JcwX209cV
Y86Rnf0FhZWtj2lE6aNE/8Ceg01pHnuBRAjAOoj6uXf5NMIb1p3xcA8XwbLPsiQH
YNRfykmOgjOslFMH+xu3gPkqE7FX5FKv0PkPLfTWF8FF
-----END CERTIFICATE-----