Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/OgA6SenI0Qh6Rrq6QhQgxfTVY1U.roa
File:                     OgA6SenI0Qh6Rrq6QhQgxfTVY1U.roa (raw, json)
Hash identifier:          RgL3X+AHAJJvfKNOdnyAmQTMBXbzTv1lOr4qJIYk6W8=
Subject key identifier:   3A:00:3A:49:E9:C8:D1:08:7A:46:BA:BA:42:14:20:C5:F4:D5:63:55
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019EBC47A4849B54C552CAD84368628144A6
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/OgA6SenI0Qh6Rrq6QhQgxfTVY1U.roa
Signing time:             Fri 12 Jun 2026 14:41:12 +0000
ROA not before:           Fri 12 Jun 2026 14:41:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     151338
IP address blocks:        82.108.61.0/24 maxlen: 24
                          82.108.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 15:15:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bc:47:a4:84:9b:54:c5:52:ca:d8:43:68:62:81:44:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun 12 14:41:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a003a49e9c8d1087a46baba421420c5f4d56355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:1b:6e:3c:82:35:8f:2e:3f:e1:c6:26:97:81:
                    b6:a2:16:15:67:a5:93:f1:ac:40:91:5d:2b:52:17:
                    a0:34:c0:58:27:4a:ce:35:ca:29:fd:9d:90:74:e9:
                    ec:3b:8c:85:d3:b2:96:50:ff:33:79:6d:7a:9a:d6:
                    62:ec:d3:13:21:f3:47:e9:ce:a7:83:64:9f:f9:37:
                    4e:bd:b9:ab:31:19:b8:f4:28:c2:ad:e7:cc:31:51:
                    7d:4c:6d:95:9e:09:4b:a7:12:91:ac:17:b4:81:d8:
                    3f:70:c0:9c:ab:c3:1c:9a:34:1a:e4:7f:06:d6:8b:
                    33:ae:93:62:2c:f0:f0:20:78:ef:f6:81:2f:2a:65:
                    f4:ed:da:62:ee:a8:ac:a7:f2:0a:fb:6a:58:0b:51:
                    b8:b8:7d:dd:98:50:12:0d:5c:7d:9e:16:12:be:68:
                    71:36:65:a2:e2:95:8b:8b:ec:35:36:8b:4c:76:54:
                    ff:4d:9e:5a:a9:2d:d6:59:a6:f8:e2:59:5e:fa:f0:
                    ac:e4:69:b0:9a:3c:fe:42:f3:7a:48:94:2c:7d:2c:
                    73:81:84:e9:ab:61:28:f3:39:84:71:48:3c:ca:b1:
                    f6:fd:86:cd:8c:b8:1d:7a:bd:4d:ee:7d:b4:ce:a1:
                    1c:ad:fe:85:06:4d:4b:e0:3f:9b:05:40:c0:e8:96:
                    f8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:00:3A:49:E9:C8:D1:08:7A:46:BA:BA:42:14:20:C5:F4:D5:63:55
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/OgA6SenI0Qh6Rrq6QhQgxfTVY1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.108.61.0/24
                  82.108.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:73:d1:b3:1c:ad:e0:58:8d:ee:f2:e7:ba:4f:5f:40:53:6e:
         e1:35:06:12:47:bb:29:10:c2:99:49:14:be:4d:f3:61:e4:d0:
         da:06:e7:7f:4c:d2:b3:31:a9:9e:d3:7f:78:a2:04:9c:0c:00:
         0d:56:63:d2:90:19:be:48:fc:66:52:02:1d:fc:4b:f0:a7:6b:
         98:48:e7:1f:56:94:80:04:5b:92:3c:c9:2a:1e:05:cc:78:53:
         c3:3b:88:1b:52:1e:cf:0a:4f:a5:7a:c6:1c:7f:c5:18:59:92:
         12:94:19:92:58:48:11:bc:2a:39:43:a9:c6:e5:c8:9c:aa:9d:
         ef:08:f4:1e:63:bb:9d:38:08:28:dd:f0:d3:ba:70:c8:54:a8:
         74:04:b9:47:c5:be:86:79:72:58:91:dc:20:ba:6d:3a:a0:32:
         8a:0c:f6:d2:86:4f:8c:cf:df:55:8b:58:90:af:69:89:45:92:
         f7:6f:83:45:1c:1f:f0:82:22:b2:13:83:1e:bf:9f:06:09:44:
         bb:46:34:12:49:9c:18:20:9b:88:85:6b:9f:91:61:2f:9c:24:
         c0:5a:ab:eb:ec:c9:8b:98:3b:88:58:21:c8:79:5a:59:0f:77:
         74:14:69:04:46:59:f2:01:b8:46:b5:20:c2:8a:1c:14:4d:ad:
         e9:d1:07:77
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ68R6SEm1TFUsrYQ2higUSmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjEyMTQ0MTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTAwM2E0OWU5YzhkMTA4N2E0NmJhYmE0MjE0MjBjNWY0ZDU2MzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRtuPII1jy4/4cYml4G2ohYVZ6WT
8axAkV0rUhegNMBYJ0rONcop/Z2QdOnsO4yF07KWUP8zeW16mtZi7NMTIfNH6c6n
g2Sf+TdOvbmrMRm49CjCrefMMVF9TG2VnglLpxKRrBe0gdg/cMCcq8McmjQa5H8G
1oszrpNiLPDwIHjv9oEvKmX07dpi7qisp/IK+2pYC1G4uH3dmFASDVx9nhYSvmhx
NmWi4pWLi+w1NotMdlT/TZ5aqS3WWab44lle+vCs5Gmwmjz+QvN6SJQsfSxzgYTp
q2Eo8zmEcUg8yrH2/YbNjLgder1N7n20zqEcrf6FBk1L4D+bBUDA6Jb4eQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDoAOknpyNEIeka6ukIUIMX01WNVMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvT2dBNlNlbkkwUWg2UnJxNlFoUWd4ZlRWWTFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUmw9AwQA
UmxJMA0GCSqGSIb3DQEBCwUAA4IBAQB/c9GzHK3gWI3u8ue6T19AU27hNQYSR7sp
EMKZSRS+TfNh5NDaBud/TNKzMame0394ogScDAANVmPSkBm+SPxmUgId/Evwp2uY
SOcfVpSABFuSPMkqHgXMeFPDO4gbUh7PCk+lesYcf8UYWZISlBmSWEgRvCo5Q6nG
5cicqp3vCPQeY7udOAgo3fDTunDIVKh0BLlHxb6GeXJYkdwgum06oDKKDPbShk+M
z99Vi1iQr2mJRZL3b4NFHB/wgiKyE4Mev58GCUS7RjQSSZwYIJuIhWufkWEvnCTA
Wqvr7MmLmDuIWCHIeVpZD3d0FGkERlnyAbhGtSDCihwUTa3p0Qd3
-----END CERTIFICATE-----