Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/157c8b-8f27-47dd-995e-b436d76dad65/1/Q6W9LYcFYycxkbxck2CwubnHIBk.roa
File:                     Q6W9LYcFYycxkbxck2CwubnHIBk.roa (raw, json)
Hash identifier:          0LNTOFre19JPHdEo0rCszlO5y07uomdwgsNdpg2qnmw=
Subject key identifier:   43:A5:BD:2D:87:05:63:27:31:91:BC:5C:93:60:B0:B9:B9:C7:20:19
Certificate issuer:       /CN=7ec5f1896e9a44357c9d78acf37d48f4780520d9
Certificate serial:       019E82AF4DD418335385ABBEA507562EDDF2
Authority key identifier: 7E:C5:F1:89:6E:9A:44:35:7C:9D:78:AC:F3:7D:48:F4:78:05:20:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fsXxiW6aRDV8nXis831I9HgFINk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/157c8b-8f27-47dd-995e-b436d76dad65/1/Q6W9LYcFYycxkbxck2CwubnHIBk.roa
Signing time:             Mon 01 Jun 2026 10:16:27 +0000
ROA not before:           Mon 01 Jun 2026 10:16:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        185.208.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/157c8b-8f27-47dd-995e-b436d76dad65/1/fsXxiW6aRDV8nXis831I9HgFINk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/157c8b-8f27-47dd-995e-b436d76dad65/1/fsXxiW6aRDV8nXis831I9HgFINk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fsXxiW6aRDV8nXis831I9HgFINk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:82:af:4d:d4:18:33:53:85:ab:be:a5:07:56:2e:dd:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ec5f1896e9a44357c9d78acf37d48f4780520d9
        Validity
            Not Before: Jun  1 10:16:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43a5bd2d870563273191bc5c9360b0b9b9c72019
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:27:33:ba:06:f1:0e:a5:40:41:26:e6:6f:38:
                    c3:3f:73:c3:bb:c7:83:ad:ae:79:ca:83:4f:9e:27:
                    ad:40:c4:79:12:0b:48:cf:6b:d3:aa:06:14:a8:c2:
                    e4:79:a3:04:cf:64:7c:1f:72:8d:29:3b:b2:6e:7c:
                    d5:57:65:1b:e4:8a:12:37:c8:04:cc:99:02:77:cb:
                    ca:20:f8:7b:73:10:51:ef:71:38:d8:7f:53:28:bf:
                    d1:cc:dd:a6:08:d7:3f:b0:22:8a:bd:8e:b4:2d:36:
                    b9:f4:ad:17:80:3d:27:ba:7a:38:45:76:f5:c0:6c:
                    35:4a:ac:54:e7:e9:c9:22:dc:9f:d6:ed:54:2a:94:
                    b0:99:12:bf:1e:4d:e9:d3:bf:9d:0b:c2:78:c4:2d:
                    1c:ae:58:eb:d3:1e:00:94:7d:c3:bd:d4:b5:22:29:
                    41:9d:84:53:0f:9c:90:0b:0d:3d:41:82:ed:11:71:
                    23:93:c1:e6:61:a5:d0:96:77:58:24:54:a9:80:dd:
                    bc:f7:c6:89:79:a1:6c:83:d1:dc:59:9f:0a:4d:fa:
                    38:e3:5d:da:95:e0:88:7a:c6:3d:71:b8:69:d0:1d:
                    91:de:75:e6:59:6f:ec:c2:ea:aa:bc:9e:a8:d4:57:
                    86:92:7c:d1:7b:05:8e:55:e9:fc:97:dd:60:bc:f6:
                    0e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:A5:BD:2D:87:05:63:27:31:91:BC:5C:93:60:B0:B9:B9:C7:20:19
            X509v3 Authority Key Identifier:
                keyid:7E:C5:F1:89:6E:9A:44:35:7C:9D:78:AC:F3:7D:48:F4:78:05:20:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fsXxiW6aRDV8nXis831I9HgFINk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/157c8b-8f27-47dd-995e-b436d76dad65/1/Q6W9LYcFYycxkbxck2CwubnHIBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/157c8b-8f27-47dd-995e-b436d76dad65/1/fsXxiW6aRDV8nXis831I9HgFINk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:cf:f2:d4:0e:f7:61:1a:bc:74:06:8d:76:99:c6:ee:04:4c:
         b8:0a:64:d1:40:0e:00:da:2e:32:86:d9:ca:fb:14:fc:5f:fc:
         6c:26:f7:c9:73:17:52:e2:51:45:a3:5c:40:8e:b1:ed:6a:32:
         7c:9d:aa:fb:19:39:d3:8f:83:00:bb:94:68:9f:b5:55:95:92:
         7d:2a:aa:ef:11:82:f5:27:97:99:c6:10:b5:df:77:63:b8:ea:
         92:57:db:2b:18:75:f4:62:6a:e2:f9:b8:12:dd:df:e1:31:d0:
         a2:dc:e4:b1:a8:92:77:ea:57:96:04:6a:5b:4e:05:a1:e6:10:
         1c:49:69:84:87:87:07:e6:5f:25:1a:af:33:74:bd:4b:b1:9d:
         f9:60:aa:4c:2c:2e:05:64:f6:fa:eb:91:d2:84:c8:76:bc:bd:
         cb:28:14:40:f4:87:80:ad:9c:b8:38:7f:8a:28:b1:66:cf:7e:
         0d:2a:19:be:0e:78:2f:fe:a2:97:2d:00:16:44:59:a2:bb:00:
         a1:93:e3:64:bb:38:a8:fe:a7:e6:4b:88:63:bb:07:38:7f:72:
         e5:8c:5a:49:bd:9d:02:58:fc:dc:36:96:c8:44:2d:c6:b6:d5:
         e6:1b:05:5a:e3:15:f5:37:df:0b:bf:9e:fb:d7:ff:5d:f7:00:
         28:a2:ea:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6Cr03UGDNThau+pQdWLt3yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlYzVmMTg5NmU5YTQ0MzU3YzlkNzhhY2YzN2Q0OGY0Nzgw
NTIwZDkwHhcNMjYwNjAxMTAxNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2E1YmQyZDg3MDU2MzI3MzE5MWJjNWM5MzYwYjBiOWI5YzcyMDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2iczugbxDqVAQSbmbzjDP3PDu8eD
ra55yoNPnietQMR5EgtIz2vTqgYUqMLkeaMEz2R8H3KNKTuybnzVV2Ub5IoSN8gE
zJkCd8vKIPh7cxBR73E42H9TKL/RzN2mCNc/sCKKvY60LTa59K0XgD0nuno4RXb1
wGw1SqxU5+nJItyf1u1UKpSwmRK/Hk3p07+dC8J4xC0crljr0x4AlH3DvdS1IilB
nYRTD5yQCw09QYLtEXEjk8HmYaXQlndYJFSpgN2898aJeaFsg9HcWZ8KTfo4413a
leCIesY9cbhp0B2R3nXmWW/swuqqvJ6o1FeGknzRewWOVen8l91gvPYOAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOlvS2HBWMnMZG8XJNgsLm5xyAZMB8GA1UdIwQY
MBaAFH7F8YlumkQ1fJ14rPN9SPR4BSDZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnNYeGlXNmFSRFY4blhpczgzMUk5SGdGSU5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8xNTdjOGItOGYyNy00N2RkLTk5NWUt
YjQzNmQ3NmRhZDY1LzEvUTZXOUxZY0ZZeWN4a2J4Y2syQ3d1Ym5ISUJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8xNTdjOGItOGYyNy00N2RkLTk5NWUtYjQzNmQ3NmRhZDY1
LzEvZnNYeGlXNmFSRFY4blhpczgzMUk5SGdGSU5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudCHMA0G
CSqGSIb3DQEBCwUAA4IBAQBqz/LUDvdhGrx0Bo12mcbuBEy4CmTRQA4A2i4yhtnK
+xT8X/xsJvfJcxdS4lFFo1xAjrHtajJ8nar7GTnTj4MAu5Ron7VVlZJ9KqrvEYL1
J5eZxhC133djuOqSV9srGHX0Ymri+bgS3d/hMdCi3OSxqJJ36leWBGpbTgWh5hAc
SWmEh4cH5l8lGq8zdL1LsZ35YKpMLC4FZPb665HShMh2vL3LKBRA9IeArZy4OH+K
KLFmz34NKhm+Dngv/qKXLQAWRFmiuwChk+Nkuzio/qfmS4hjuwc4f3LljFpJvZ0C
WPzcNpbIRC3GttXmGwVa4xX1N98Lv5771/9d9wAoourA
-----END CERTIFICATE-----