Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/abZqCK-5KuH2tfKsI4SD5xjvWzE.roa
File:                     abZqCK-5KuH2tfKsI4SD5xjvWzE.roa (raw, json)
Hash identifier:          GEORyf1vDmMauAzxfhABnWujhX3+RLKPCLKT2awN3CE=
Subject key identifier:   69:B6:6A:08:AF:B9:2A:E1:F6:B5:F2:AC:23:84:83:E7:18:EF:5B:31
Certificate issuer:       /CN=93e272611139f15d037d7a4be545696cd2853867
Certificate serial:       019EBADA5A730C66DEF06D5A6FE6D584DF5F
Authority key identifier: 93:E2:72:61:11:39:F1:5D:03:7D:7A:4B:E5:45:69:6C:D2:85:38:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/abZqCK-5KuH2tfKsI4SD5xjvWzE.roa
Signing time:             Fri 12 Jun 2026 08:02:12 +0000
ROA not before:           Fri 12 Jun 2026 08:02:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209554
IP address blocks:        209.248.32.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ba:da:5a:73:0c:66:de:f0:6d:5a:6f:e6:d5:84:df:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e272611139f15d037d7a4be545696cd2853867
        Validity
            Not Before: Jun 12 08:02:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=69b66a08afb92ae1f6b5f2ac238483e718ef5b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b9:06:6f:8a:96:39:b0:76:d0:67:79:95:6a:
                    8f:4f:f4:83:c2:55:a2:f3:5d:7a:57:38:53:ec:e9:
                    f6:92:38:c4:cf:28:70:46:82:da:ec:28:f7:ad:03:
                    8b:41:b2:ef:32:04:6b:2a:d6:26:86:cb:7b:c4:64:
                    3c:63:8c:cb:c6:8f:ef:e6:da:6c:06:72:81:bf:70:
                    88:90:e9:13:74:22:98:bd:ef:56:d0:b1:1e:cb:30:
                    ab:85:cc:31:38:ba:b8:d2:1d:91:bb:99:0a:73:7d:
                    3e:b1:af:ff:42:1a:76:f0:5b:e9:2d:e3:6c:24:f9:
                    61:97:e4:64:e2:90:35:7e:62:a3:60:2c:42:d2:26:
                    c3:cf:cb:2e:ec:8b:5b:34:f8:15:12:94:9d:73:e0:
                    1b:ec:f0:3d:b1:9c:b1:95:12:10:1d:27:63:cc:d2:
                    59:f3:60:be:59:e3:86:47:c1:12:10:32:d8:71:d1:
                    1d:99:c9:f1:2d:fa:ed:7f:69:b4:1d:e9:f9:b5:57:
                    3e:6b:2c:f3:a1:ab:37:8e:a0:b8:85:e1:fc:84:00:
                    5c:63:93:99:df:ee:04:d9:c2:fd:f4:d2:62:76:34:
                    e5:15:85:07:dc:f0:fa:e9:1c:9e:a7:81:82:b8:3a:
                    89:3c:ab:ef:07:fb:53:3f:06:b6:ba:c8:04:48:41:
                    d2:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:B6:6A:08:AF:B9:2A:E1:F6:B5:F2:AC:23:84:83:E7:18:EF:5B:31
            X509v3 Authority Key Identifier:
                keyid:93:E2:72:61:11:39:F1:5D:03:7D:7A:4B:E5:45:69:6C:D2:85:38:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-JyYRE58V0DfXpL5UVpbNKFOGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/abZqCK-5KuH2tfKsI4SD5xjvWzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/db42ab-49cc-427d-86ca-47a2c250e5aa/1/k-JyYRE58V0DfXpL5UVpbNKFOGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.248.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         05:c6:45:1f:f8:dc:b0:29:bf:da:f6:6f:d9:51:62:af:16:71:
         6c:ff:53:75:8e:0c:ff:c7:63:87:20:57:9e:34:29:e2:b0:8f:
         50:e5:61:48:7a:7d:7e:f0:e3:67:3c:90:09:16:3d:8e:9d:c4:
         0f:b7:f3:98:38:59:4d:0c:91:cf:7c:fd:87:e4:bc:bc:22:2b:
         89:a8:22:b8:be:2f:a2:8a:18:31:77:69:bf:23:c4:fa:63:89:
         0c:13:14:2a:17:b5:79:00:39:cf:61:77:48:70:63:8a:17:ca:
         ff:7a:dd:3c:ac:e4:9e:a5:56:b9:47:7a:79:f0:95:da:97:80:
         67:bb:ca:51:24:fd:0e:b9:2b:37:bf:64:b6:7e:5a:86:1e:f5:
         6f:49:b3:76:e8:16:b9:d7:56:f8:08:6e:7f:ab:48:62:7c:93:
         0a:e4:95:ec:1a:3a:e7:42:19:76:08:9f:0a:9b:7f:66:76:44:
         c2:72:7b:3a:aa:15:e4:c7:aa:ab:b7:c8:54:f2:f5:37:79:18:
         b3:10:a3:6e:63:26:00:6e:7c:81:07:d4:30:03:f2:23:a2:84:
         c2:a1:9e:51:e6:4a:4f:3f:a0:e2:6f:60:f4:57:b0:1c:11:3c:
         d0:85:43:6f:e7:bc:12:1c:e0:b6:58:a2:1e:4a:db:a0:10:5d:
         17:33:26:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ662lpzDGbe8G1ab+bVhN9fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZTI3MjYxMTEzOWYxNWQwMzdkN2E0YmU1NDU2OTZjZDI4
NTM4NjcwHhcNMjYwNjEyMDgwMjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWI2NmEwOGFmYjkyYWUxZjZiNWYyYWMyMzg0ODNlNzE4ZWY1YjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrkGb4qWObB20Gd5lWqPT/SDwlWi
8116VzhT7On2kjjEzyhwRoLa7Cj3rQOLQbLvMgRrKtYmhst7xGQ8Y4zLxo/v5tps
BnKBv3CIkOkTdCKYve9W0LEeyzCrhcwxOLq40h2Ru5kKc30+sa//Qhp28FvpLeNs
JPlhl+Rk4pA1fmKjYCxC0ibDz8su7ItbNPgVEpSdc+Ab7PA9sZyxlRIQHSdjzNJZ
82C+WeOGR8ESEDLYcdEdmcnxLfrtf2m0Hen5tVc+ayzzoas3jqC4heH8hABcY5OZ
3+4E2cL99NJidjTlFYUH3PD66Ryep4GCuDqJPKvvB/tTPwa2usgESEHS7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGm2agivuSrh9rXyrCOEg+cY71sxMB8GA1UdIwQY
MBaAFJPicmEROfFdA316S+VFaWzShThnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1KeVlSRTU4VjBEZlhwTDVVVnBiTktGT0djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9kYjQyYWItNDljYy00MjdkLTg2Y2Et
NDdhMmMyNTBlNWFhLzEvYWJacUNLLTVLdUgydGZLc0k0U0Q1eGp2V3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9kYjQyYWItNDljYy00MjdkLTg2Y2EtNDdhMmMyNTBlNWFh
LzEvay1KeVlSRTU4VjBEZlhwTDVVVnBiTktGT0djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF0fggMA0G
CSqGSIb3DQEBCwUAA4IBAQAFxkUf+NywKb/a9m/ZUWKvFnFs/1N1jgz/x2OHIFee
NCnisI9Q5WFIen1+8ONnPJAJFj2OncQPt/OYOFlNDJHPfP2H5Ly8IiuJqCK4vi+i
ihgxd2m/I8T6Y4kMExQqF7V5ADnPYXdIcGOKF8r/et08rOSepVa5R3p58JXal4Bn
u8pRJP0OuSs3v2S2flqGHvVvSbN26Ba511b4CG5/q0hifJMK5JXsGjrnQhl2CJ8K
m39mdkTCcns6qhXkx6qrt8hU8vU3eRizEKNuYyYAbnyBB9QwA/IjooTCoZ5R5kpP
P6Dib2D0V7AcETzQhUNv57wSHOC2WKIeStugEF0XMyZ5
-----END CERTIFICATE-----