Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/6MCRb_uLtmBQw6bgjYXlHgMAexU.roa
File:                     6MCRb_uLtmBQw6bgjYXlHgMAexU.roa (raw, json)
Hash identifier:          GUUZ276iK8eMhzfPz4NuS/EkMjn8yjI9Vl2tv/TAr28=
Subject key identifier:   E8:C0:91:6F:FB:8B:B6:60:50:C3:A6:E0:8D:85:E5:1E:03:00:7B:15
Certificate issuer:       /CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
Certificate serial:       019EB75981CDD427188FA968FBC9F2C0330D
Authority key identifier: 1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/6MCRb_uLtmBQw6bgjYXlHgMAexU.roa
Signing time:             Thu 11 Jun 2026 15:42:36 +0000
ROA not before:           Thu 11 Jun 2026 15:42:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215749
IP address blocks:        153.56.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b7:59:81:cd:d4:27:18:8f:a9:68:fb:c9:f2:c0:33:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
        Validity
            Not Before: Jun 11 15:42:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e8c0916ffb8bb66050c3a6e08d85e51e03007b15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:47:2e:91:d3:03:44:40:02:03:04:a3:e0:5b:
                    1f:43:2a:f7:28:d2:65:f4:cb:0b:6f:a4:57:8d:cc:
                    a5:0c:7a:f1:55:b2:da:4f:b8:d3:34:7f:98:ec:16:
                    94:9e:d4:1b:5e:a1:60:9a:8c:2f:36:11:cc:d5:0d:
                    81:9d:86:1d:c7:1d:ad:2a:f5:d7:a2:b0:fe:6b:c0:
                    2c:12:35:f2:67:1c:6c:6a:54:84:a9:2b:fd:03:00:
                    93:5b:59:ac:85:d1:1d:f2:92:35:3e:29:f8:98:1d:
                    11:61:80:e2:5a:07:04:70:fc:1a:b1:75:36:a5:16:
                    a0:d8:79:8e:2a:78:7c:ef:5a:bb:69:fb:17:66:12:
                    c4:5d:65:8f:08:0e:92:30:62:47:dd:9b:25:56:ec:
                    be:ae:7e:47:9b:6f:27:00:b3:f7:26:58:e7:0b:94:
                    6a:dd:13:d5:5d:28:60:02:7d:0b:c1:06:ff:2b:13:
                    9d:3d:f9:03:36:9e:1b:87:14:53:89:69:49:f2:5f:
                    21:bb:82:b1:10:bf:d1:9c:3d:db:df:68:ce:b3:5c:
                    fb:b1:68:d0:01:11:4f:97:2f:0b:4c:18:7f:44:ea:
                    2e:97:23:b7:e3:e0:98:8a:3a:f0:47:2d:7b:68:98:
                    94:2d:02:e2:3a:a9:3b:15:be:56:fd:fa:5b:50:84:
                    2c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:C0:91:6F:FB:8B:B6:60:50:C3:A6:E0:8D:85:E5:1E:03:00:7B:15
            X509v3 Authority Key Identifier:
                keyid:1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/6MCRb_uLtmBQw6bgjYXlHgMAexU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.56.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:37:78:eb:af:3f:04:6a:fb:93:5c:61:8f:3c:d0:3e:70:71:
         41:d2:a8:22:98:1e:45:6c:85:2d:36:7a:bf:9a:24:7c:26:94:
         a8:11:64:cc:c2:61:d0:10:88:d5:18:85:57:96:ad:e4:9e:19:
         ac:6f:72:5e:2f:35:22:dc:93:65:32:65:5c:65:ab:63:24:3b:
         0f:7e:9a:d5:4c:01:7c:6f:72:63:35:fe:c4:29:6b:91:86:7f:
         26:0f:3c:cf:31:30:5f:c4:f3:60:f1:84:22:e4:a7:63:24:5f:
         be:d9:dc:d6:90:f0:7a:d5:f5:bb:8e:63:b0:8d:56:d0:85:f3:
         96:fd:22:31:04:4f:26:fb:40:f8:f9:dc:b3:cf:af:98:85:98:
         11:40:77:10:68:9a:7c:6f:8f:4e:3d:8a:19:22:33:03:b4:1f:
         a3:6b:fb:d1:ff:85:5d:6c:74:ec:4b:7e:c0:4c:a7:5f:f7:e3:
         0c:24:d8:4c:dc:43:c8:42:b2:ab:13:bb:f0:93:a0:06:70:48:
         18:29:17:5a:6f:49:ca:6a:d3:82:d3:58:ee:79:df:e5:81:b1:
         f8:11:30:fc:45:d9:eb:1d:61:29:b5:e7:7d:3c:d1:58:ce:c2:
         00:ad:0a:44:4c:8e:88:48:93:83:75:7e:ed:27:10:9e:0a:51:
         7b:b9:4b:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ63WYHN1CcYj6lo+8nywDMNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGRjMjI1OTVmYzFmNTg4ZmJjNGRkZTA3YzFjMzk0OTk4
ZjMzYTcwHhcNMjYwNjExMTU0MjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGMwOTE2ZmZiOGJiNjYwNTBjM2E2ZTA4ZDg1ZTUxZTAzMDA3YjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEcukdMDREACAwSj4FsfQyr3KNJl
9MsLb6RXjcylDHrxVbLaT7jTNH+Y7BaUntQbXqFgmowvNhHM1Q2BnYYdxx2tKvXX
orD+a8AsEjXyZxxsalSEqSv9AwCTW1mshdEd8pI1Pin4mB0RYYDiWgcEcPwasXU2
pRag2HmOKnh871q7afsXZhLEXWWPCA6SMGJH3ZslVuy+rn5Hm28nALP3JljnC5Rq
3RPVXShgAn0LwQb/KxOdPfkDNp4bhxRTiWlJ8l8hu4KxEL/RnD3b32jOs1z7sWjQ
ARFPly8LTBh/ROoulyO34+CYijrwRy17aJiULQLiOqk7Fb5W/fpbUIQszQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOjAkW/7i7ZgUMOm4I2F5R4DAHsVMB8GA1UdIwQY
MBaAFBpNwiWV/B9Yj7xN3gfBw5SZjzOnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYt
MmI3OGIxOWI1YTg3LzEvNk1DUmJfdUx0bUJRdzZiZ2pZWGxIZ01BZXhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYtMmI3OGIxOWI1YTg3
LzEvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmTi4MA0G
CSqGSIb3DQEBCwUAA4IBAQBbN3jrrz8EavuTXGGPPNA+cHFB0qgimB5FbIUtNnq/
miR8JpSoEWTMwmHQEIjVGIVXlq3knhmsb3JeLzUi3JNlMmVcZatjJDsPfprVTAF8
b3JjNf7EKWuRhn8mDzzPMTBfxPNg8YQi5KdjJF++2dzWkPB61fW7jmOwjVbQhfOW
/SIxBE8m+0D4+dyzz6+YhZgRQHcQaJp8b49OPYoZIjMDtB+ja/vR/4VdbHTsS37A
TKdf9+MMJNhM3EPIQrKrE7vwk6AGcEgYKRdab0nKatOC01jued/lgbH4ETD8Rdnr
HWEpted9PNFYzsIArQpETI6ISJODdX7tJxCeClF7uUsi
-----END CERTIFICATE-----