Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/l56qVr9EfjkuIuqRbPi1RVrlENc.roa
File:                     l56qVr9EfjkuIuqRbPi1RVrlENc.roa (raw, json)
Hash identifier:          RHICZe4ngewlLwOJPYf69Qf8z40sPtjTxmyQjpEWc+8=
Subject key identifier:   97:9E:AA:56:BF:44:7E:39:2E:22:EA:91:6C:F8:B5:45:5A:E5:10:D7
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019D9A030029EAB8F0082E05978F01F927F7
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/l56qVr9EfjkuIuqRbPi1RVrlENc.roa
Signing time:             Fri 17 Apr 2026 05:56:21 +0000
ROA not before:           Fri 17 Apr 2026 05:56:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402214
IP address blocks:        188.255.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:03:00:29:ea:b8:f0:08:2e:05:97:8f:01:f9:27:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Apr 17 05:56:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=979eaa56bf447e392e22ea916cf8b5455ae510d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:52:65:a9:17:45:8a:11:ec:78:f7:23:62:4e:
                    1e:a1:f1:42:84:6d:ef:94:c4:da:16:35:cb:55:c2:
                    d0:ff:3c:02:b2:d4:b5:f6:00:dc:66:e3:ca:2c:c3:
                    9c:a2:1b:e8:a1:e5:42:5e:5e:bb:b9:76:b9:7c:7f:
                    b5:e3:86:d8:1b:1e:12:23:f8:71:45:9b:b3:77:0d:
                    9c:f5:ce:7f:e0:b1:f8:18:6b:6c:69:11:97:0c:2f:
                    53:6e:21:d5:10:48:fc:d2:59:88:59:b0:e7:11:60:
                    8f:66:1b:95:51:11:d6:34:d4:58:f6:1f:cd:fd:1a:
                    32:f7:23:a1:01:a1:a9:dd:94:af:3d:16:18:98:91:
                    ca:3d:1d:b9:36:d8:85:d5:23:eb:56:2c:c5:54:25:
                    3a:8d:ed:3d:b3:70:ae:69:fe:4d:e1:a8:b4:03:26:
                    30:20:04:8c:62:a6:0b:c9:d9:cd:15:d6:85:b7:03:
                    15:a0:e4:de:1a:e5:72:1e:8c:1c:47:68:6a:65:19:
                    6a:73:77:f4:12:71:25:58:c3:ef:68:70:41:70:fb:
                    82:28:39:00:ab:67:ae:cd:df:7a:b3:80:a4:a4:e4:
                    b9:16:6d:b4:6f:b1:12:cb:d8:57:b2:36:73:98:4c:
                    c5:7d:73:d4:47:07:0f:db:62:f8:55:30:e4:d2:70:
                    db:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:9E:AA:56:BF:44:7E:39:2E:22:EA:91:6C:F8:B5:45:5A:E5:10:D7
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/l56qVr9EfjkuIuqRbPi1RVrlENc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:72:fd:1b:79:de:d8:f6:75:7c:de:22:ae:d0:e4:05:31:43:
         92:f7:68:ef:76:70:34:78:3b:e5:82:89:1c:a6:ee:f9:d5:37:
         17:48:9c:f9:ff:8e:89:07:a3:2a:15:e6:89:57:ff:7e:b1:b9:
         8d:1d:b9:cb:27:81:88:e0:dc:2a:b0:f1:6d:1f:63:d1:4f:fb:
         de:3d:67:15:5e:2d:48:59:6a:2b:61:ac:7a:e6:81:c8:9c:aa:
         82:6a:00:16:0e:cd:40:43:9b:43:ed:06:29:6e:50:56:32:22:
         8c:5e:09:76:d5:e5:50:45:5e:a7:74:49:de:68:e3:2a:4c:08:
         2e:ad:c8:8e:ae:e5:3c:9a:51:20:9c:d4:86:2d:0e:66:9f:b8:
         6f:a4:29:5e:5d:ff:7f:3b:3c:c6:d5:49:bd:33:ce:01:cf:f0:
         75:bf:76:e1:52:27:36:98:f8:bc:05:ba:c6:0c:21:43:1b:fe:
         99:fd:64:51:d0:8f:69:58:04:03:05:53:23:73:0d:9f:f4:e6:
         c9:b2:18:fc:09:db:d5:59:21:84:e6:1b:b1:ae:a2:9d:ca:37:
         7c:9b:fd:d3:8e:ad:98:11:3e:52:d6:29:61:7f:9f:f4:c2:e3:
         b6:60:1d:8b:10:eb:d8:c0:d9:dc:57:49:4a:a8:06:db:f7:bb:
         9c:a3:75:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2aAwAp6rjwCC4Fl48B+Sf3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNDE3MDU1NjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzllYWE1NmJmNDQ3ZTM5MmUyMmVhOTE2Y2Y4YjU0NTVhZTUxMGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0lJlqRdFihHsePcjYk4eofFChG3v
lMTaFjXLVcLQ/zwCstS19gDcZuPKLMOcohvooeVCXl67uXa5fH+144bYGx4SI/hx
RZuzdw2c9c5/4LH4GGtsaRGXDC9TbiHVEEj80lmIWbDnEWCPZhuVURHWNNRY9h/N
/Roy9yOhAaGp3ZSvPRYYmJHKPR25NtiF1SPrVizFVCU6je09s3Cuaf5N4ai0AyYw
IASMYqYLydnNFdaFtwMVoOTeGuVyHowcR2hqZRlqc3f0EnElWMPvaHBBcPuCKDkA
q2euzd96s4CkpOS5Fm20b7ESy9hXsjZzmEzFfXPURwcP22L4VTDk0nDbIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJeeqla/RH45LiLqkWz4tUVa5RDXMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvbDU2cVZyOUVmamt1SXVxUmJQaTFSVnJsRU5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP/FMA0G
CSqGSIb3DQEBCwUAA4IBAQANcv0bed7Y9nV83iKu0OQFMUOS92jvdnA0eDvlgokc
pu751TcXSJz5/46JB6MqFeaJV/9+sbmNHbnLJ4GI4NwqsPFtH2PRT/vePWcVXi1I
WWorYax65oHInKqCagAWDs1AQ5tD7QYpblBWMiKMXgl21eVQRV6ndEneaOMqTAgu
rciOruU8mlEgnNSGLQ5mn7hvpCleXf9/OzzG1Um9M84Bz/B1v3bhUic2mPi8BbrG
DCFDG/6Z/WRR0I9pWAQDBVMjcw2f9ObJshj8CdvVWSGE5huxrqKdyjd8m/3Tjq2Y
ET5S1ilhf5/0wuO2YB2LEOvYwNncV0lKqAbb97uco3WV
-----END CERTIFICATE-----