Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/6f5745-8a26-4f63-9e70-2b14be06e11a/1/0B6TTL2Ovm5IyyizUs5dyCiNfGY.roa
File:                     0B6TTL2Ovm5IyyizUs5dyCiNfGY.roa (raw, json)
Hash identifier:          iM7sj42gsr07BNC7So8eVXquELxcg4zLh2sPTtFgoK8=
Subject key identifier:   D0:1E:93:4C:BD:8E:BE:6E:48:CB:28:B3:52:CE:5D:C8:28:8D:7C:66
Certificate issuer:       /CN=9c90d8451f50c4f779c4392c31d08c1903d171b3
Certificate serial:       019EC2B4D6615F7157139A5D58345EA1E4E3
Authority key identifier: 9C:90:D8:45:1F:50:C4:F7:79:C4:39:2C:31:D0:8C:19:03:D1:71:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nJDYRR9QxPd5xDksMdCMGQPRcbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/6f5745-8a26-4f63-9e70-2b14be06e11a/1/0B6TTL2Ovm5IyyizUs5dyCiNfGY.roa
Signing time:             Sat 13 Jun 2026 20:38:11 +0000
ROA not before:           Sat 13 Jun 2026 20:38:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201331
IP address blocks:        185.133.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/6f5745-8a26-4f63-9e70-2b14be06e11a/1/nJDYRR9QxPd5xDksMdCMGQPRcbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/6f5745-8a26-4f63-9e70-2b14be06e11a/1/nJDYRR9QxPd5xDksMdCMGQPRcbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nJDYRR9QxPd5xDksMdCMGQPRcbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c2:b4:d6:61:5f:71:57:13:9a:5d:58:34:5e:a1:e4:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c90d8451f50c4f779c4392c31d08c1903d171b3
        Validity
            Not Before: Jun 13 20:38:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d01e934cbd8ebe6e48cb28b352ce5dc8288d7c66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:bb:32:5e:d3:96:02:3d:cb:7e:93:bf:2a:b5:
                    4e:46:95:29:b3:b8:51:5d:d5:5b:22:f6:36:dd:5f:
                    c6:f8:27:91:69:2d:c2:24:aa:85:f7:bb:27:8c:33:
                    36:5f:02:3b:92:da:42:48:7b:0e:ce:c6:d5:d2:80:
                    b3:af:4d:ec:25:4b:74:ff:50:4a:06:cc:89:5f:84:
                    fc:cc:f8:30:d2:b5:b1:34:cb:41:71:9d:9f:8a:3e:
                    77:a3:51:f7:e7:d7:e5:73:d2:df:97:fe:d4:69:53:
                    ba:e4:4c:d7:3a:e9:95:10:47:f8:ba:36:57:0b:bb:
                    05:6a:37:ca:55:53:67:b7:e5:2d:a3:63:fb:ff:0c:
                    8c:78:20:c5:fa:76:68:23:d5:85:63:8a:32:5d:c7:
                    90:c4:cf:66:48:ca:35:96:f7:8e:e5:1f:db:8c:e2:
                    1e:6b:85:15:58:e2:72:e0:20:5c:6c:e9:7e:8b:7c:
                    29:c9:8a:c7:fa:b5:45:08:8d:39:13:6e:0a:1a:0e:
                    f3:cf:cd:3a:1c:a3:31:df:66:18:74:61:df:82:2c:
                    9b:3b:fd:76:b3:31:96:43:84:14:98:6c:b2:7c:41:
                    d6:3e:4d:6d:32:61:e0:c7:74:e8:94:95:1c:5b:16:
                    ca:6b:3d:d6:a9:59:0b:41:16:16:5f:44:37:77:11:
                    19:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:1E:93:4C:BD:8E:BE:6E:48:CB:28:B3:52:CE:5D:C8:28:8D:7C:66
            X509v3 Authority Key Identifier:
                keyid:9C:90:D8:45:1F:50:C4:F7:79:C4:39:2C:31:D0:8C:19:03:D1:71:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nJDYRR9QxPd5xDksMdCMGQPRcbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/6f5745-8a26-4f63-9e70-2b14be06e11a/1/0B6TTL2Ovm5IyyizUs5dyCiNfGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/6f5745-8a26-4f63-9e70-2b14be06e11a/1/nJDYRR9QxPd5xDksMdCMGQPRcbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:1b:48:17:00:a2:dc:b4:fb:4e:bf:dd:c8:0e:a5:c1:f2:f8:
         6d:05:21:98:ce:44:e2:8d:1d:5c:52:3c:44:99:41:b7:90:02:
         11:27:ca:b1:1e:9e:79:ec:cf:05:f3:2f:60:44:1b:bb:82:c0:
         c6:f5:f8:b6:cb:82:6d:ef:0e:2c:30:54:c8:a6:95:a7:33:0c:
         d5:1f:ca:cc:99:33:e3:bc:70:d1:49:bf:ba:56:b9:53:e1:47:
         f9:c1:4b:ba:bf:d3:fe:a8:5c:92:dc:19:da:ab:cb:ba:60:43:
         f2:57:f9:3d:bc:db:3e:88:40:c6:d9:d4:86:cd:1e:56:b0:95:
         30:51:25:82:7f:ba:e0:31:e2:e0:d1:81:2a:49:ae:3e:2d:f9:
         3b:1f:25:3b:da:0d:28:38:83:79:1c:27:91:0a:64:ce:46:d1:
         08:70:9f:fd:2a:93:0d:06:8b:4e:6c:ee:11:c4:f1:d5:99:50:
         29:7f:bd:62:85:0a:d3:71:06:74:c5:83:ec:26:b0:6a:e2:da:
         be:96:47:97:81:fb:76:9e:e7:da:6b:33:85:b3:04:f1:6a:46:
         4e:26:57:d3:71:e0:91:94:d5:11:93:ce:bb:9a:4e:fb:ab:a8:
         50:d6:97:f4:fb:05:7d:44:f1:8c:55:01:bd:13:fc:3d:da:d8:
         f7:ab:cb:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7CtNZhX3FXE5pdWDReoeTjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljOTBkODQ1MWY1MGM0Zjc3OWM0MzkyYzMxZDA4YzE5MDNk
MTcxYjMwHhcNMjYwNjEzMjAzODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDFlOTM0Y2JkOGViZTZlNDhjYjI4YjM1MmNlNWRjODI4OGQ3YzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbsyXtOWAj3LfpO/KrVORpUps7hR
XdVbIvY23V/G+CeRaS3CJKqF97snjDM2XwI7ktpCSHsOzsbV0oCzr03sJUt0/1BK
BsyJX4T8zPgw0rWxNMtBcZ2fij53o1H359flc9Lfl/7UaVO65EzXOumVEEf4ujZX
C7sFajfKVVNnt+Uto2P7/wyMeCDF+nZoI9WFY4oyXceQxM9mSMo1lveO5R/bjOIe
a4UVWOJy4CBcbOl+i3wpyYrH+rVFCI05E24KGg7zz806HKMx32YYdGHfgiybO/12
szGWQ4QUmGyyfEHWPk1tMmHgx3TolJUcWxbKaz3WqVkLQRYWX0Q3dxEZ3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNAek0y9jr5uSMsos1LOXcgojXxmMB8GA1UdIwQY
MBaAFJyQ2EUfUMT3ecQ5LDHQjBkD0XGzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkpEWVJSOVF4UGQ1eERrc01kQ01HUVBSY2JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS82ZjU3NDUtOGEyNi00ZjYzLTllNzAt
MmIxNGJlMDZlMTFhLzEvMEI2VFRMMk92bTVJeXlpelVzNWR5Q2lOZkdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS82ZjU3NDUtOGEyNi00ZjYzLTllNzAtMmIxNGJlMDZlMTFh
LzEvbkpEWVJSOVF4UGQ1eERrc01kQ01HUVBSY2JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYV8MA0G
CSqGSIb3DQEBCwUAA4IBAQCGG0gXAKLctPtOv93IDqXB8vhtBSGYzkTijR1cUjxE
mUG3kAIRJ8qxHp557M8F8y9gRBu7gsDG9fi2y4Jt7w4sMFTIppWnMwzVH8rMmTPj
vHDRSb+6VrlT4Uf5wUu6v9P+qFyS3Bnaq8u6YEPyV/k9vNs+iEDG2dSGzR5WsJUw
USWCf7rgMeLg0YEqSa4+Lfk7HyU72g0oOIN5HCeRCmTORtEIcJ/9KpMNBotObO4R
xPHVmVApf71ihQrTcQZ0xYPsJrBq4tq+lkeXgft2nufaazOFswTxakZOJlfTceCR
lNURk867mk77q6hQ1pf0+wV9RPGMVQG9E/w92tj3q8vl
-----END CERTIFICATE-----