Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/7d6f2f-984d-4961-a63b-495c6f2c5173/1/skgCaWxmIa3l2drnsUs1g9IHP6k.roa
File:                     skgCaWxmIa3l2drnsUs1g9IHP6k.roa (raw, json)
Hash identifier:          38OQkMAm1X1v8VW5NmpHGjFcQdQR+2I5zzoNHi9K3wk=
Subject key identifier:   B2:48:02:69:6C:66:21:AD:E5:D9:DA:E7:B1:4B:35:83:D2:07:3F:A9
Certificate issuer:       /CN=6ce2ee84ccf56cdc00fc2caa5929279dae14888a
Certificate serial:       019B7AC8A3BA4E90C8D696DAF9D20F4E3C92
Authority key identifier: 6C:E2:EE:84:CC:F5:6C:DC:00:FC:2C:AA:59:29:27:9D:AE:14:88:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOLuhMz1bNwA_CyqWSknna4UiIo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/7d6f2f-984d-4961-a63b-495c6f2c5173/1/skgCaWxmIa3l2drnsUs1g9IHP6k.roa
Signing time:             Thu 01 Jan 2026 18:18:47 +0000
ROA not before:           Thu 01 Jan 2026 18:18:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12450
IP address blocks:        185.162.132.0/22 maxlen: 22
                          2a0f:c900::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/7d6f2f-984d-4961-a63b-495c6f2c5173/1/bOLuhMz1bNwA_CyqWSknna4UiIo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/7d6f2f-984d-4961-a63b-495c6f2c5173/1/bOLuhMz1bNwA_CyqWSknna4UiIo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOLuhMz1bNwA_CyqWSknna4UiIo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:a3:ba:4e:90:c8:d6:96:da:f9:d2:0f:4e:3c:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce2ee84ccf56cdc00fc2caa5929279dae14888a
        Validity
            Not Before: Jan  1 18:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b24802696c6621ade5d9dae7b14b3583d2073fa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:0d:88:dd:8c:ce:f5:4a:f3:e8:71:00:66:1f:
                    32:ea:56:a7:8b:ec:63:38:57:19:c5:98:9f:53:ad:
                    d9:fb:15:8f:4f:05:1d:c8:d1:44:51:48:d6:b6:32:
                    ec:19:14:4d:87:8e:4a:e5:b1:c5:7a:23:58:76:75:
                    51:f8:f9:f9:00:3b:1b:43:72:e9:2f:b7:6b:7b:18:
                    16:58:09:e8:a6:e1:60:a4:99:ff:57:91:46:2f:5e:
                    12:13:2a:95:cf:21:c6:10:31:dd:bb:fe:b1:3a:39:
                    10:3c:01:c4:ed:ec:4f:a5:cc:5f:d6:54:b3:03:eb:
                    ab:d4:de:02:2b:7d:ff:f1:a3:5f:11:18:18:a1:85:
                    42:3d:30:c9:9a:6b:21:5f:03:da:38:9a:41:47:23:
                    c5:58:f5:b6:3b:1f:95:9f:db:7f:0a:12:8f:40:08:
                    84:56:05:b9:c0:c8:c6:12:42:1f:c4:3c:73:4b:63:
                    0e:0a:27:f5:77:9a:de:45:75:53:c2:93:64:22:12:
                    73:8e:b6:70:d2:be:f0:c6:74:f1:1f:b1:54:92:c8:
                    6b:b4:17:bc:fc:23:30:b0:f4:f4:39:f0:4b:50:8c:
                    5b:87:68:cc:ee:0f:62:64:0b:3a:ea:85:fb:a9:d2:
                    ff:05:c6:9c:41:f3:57:34:9d:7d:15:60:69:c2:2f:
                    32:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:48:02:69:6C:66:21:AD:E5:D9:DA:E7:B1:4B:35:83:D2:07:3F:A9
            X509v3 Authority Key Identifier:
                keyid:6C:E2:EE:84:CC:F5:6C:DC:00:FC:2C:AA:59:29:27:9D:AE:14:88:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOLuhMz1bNwA_CyqWSknna4UiIo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/7d6f2f-984d-4961-a63b-495c6f2c5173/1/skgCaWxmIa3l2drnsUs1g9IHP6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/7d6f2f-984d-4961-a63b-495c6f2c5173/1/bOLuhMz1bNwA_CyqWSknna4UiIo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.132.0/22
                IPv6:
                  2a0f:c900::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:88:ef:61:18:91:58:28:00:69:2a:3b:60:08:24:2e:bb:16:
         8c:23:e4:9f:e9:66:a9:5f:ed:3b:0f:77:15:00:7d:0a:29:6f:
         55:1d:cb:69:a5:91:b7:08:d2:fe:d9:26:9d:31:6e:78:69:55:
         c8:14:0b:55:94:33:9f:b8:ea:27:3a:dd:35:3e:2b:de:fe:ef:
         83:a4:54:31:98:1b:30:01:27:e3:c5:b9:ba:07:7d:4a:9a:c4:
         23:ac:85:89:72:fb:57:db:09:30:47:b0:e4:07:39:bc:ed:a4:
         e7:16:8d:75:ae:ba:17:34:b2:3a:c7:dc:f5:c0:03:66:8b:72:
         70:41:45:43:7c:12:91:e6:b2:e6:59:dd:ba:f7:54:e4:a8:2f:
         fc:f4:a3:b2:cb:42:fd:fc:4f:8d:ce:a7:6d:e4:b6:23:62:0d:
         9c:12:aa:d8:a5:16:6f:4f:61:ef:ac:c2:59:7a:71:ca:39:6b:
         21:75:96:9a:b8:bd:7c:09:b1:fd:81:7e:60:6c:c1:dd:c0:1b:
         43:a3:68:2f:df:16:e6:40:6c:86:f4:f2:a5:1b:cc:58:bf:d2:
         d0:7d:c8:e7:48:1c:41:c7:d4:78:41:19:a2:6b:3f:76:c0:ed:
         90:23:12:40:ce:04:e9:3f:56:f2:6f:d3:58:83:73:55:4b:66:
         75:8c:32:35
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt6yKO6TpDI1pba+dIPTjySMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTJlZTg0Y2NmNTZjZGMwMGZjMmNhYTU5MjkyNzlkYWUx
NDg4OGEwHhcNMjYwMTAxMTgxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjQ4MDI2OTZjNjYyMWFkZTVkOWRhZTdiMTRiMzU4M2QyMDczZmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArg2I3YzO9Urz6HEAZh8y6lani+xj
OFcZxZifU63Z+xWPTwUdyNFEUUjWtjLsGRRNh45K5bHFeiNYdnVR+Pn5ADsbQ3Lp
L7drexgWWAnopuFgpJn/V5FGL14SEyqVzyHGEDHdu/6xOjkQPAHE7exPpcxf1lSz
A+ur1N4CK33/8aNfERgYoYVCPTDJmmshXwPaOJpBRyPFWPW2Ox+Vn9t/ChKPQAiE
VgW5wMjGEkIfxDxzS2MOCif1d5reRXVTwpNkIhJzjrZw0r7wxnTxH7FUkshrtBe8
/CMwsPT0OfBLUIxbh2jM7g9iZAs66oX7qdL/BcacQfNXNJ19FWBpwi8ytQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLJIAmlsZiGt5dna57FLNYPSBz+pMB8GA1UdIwQY
MBaAFGzi7oTM9WzcAPwsqlkpJ52uFIiKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9MdWhNejFiTndBX0N5cVdTa25uYTRVaUlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC83ZDZmMmYtOTg0ZC00OTYxLWE2M2It
NDk1YzZmMmM1MTczLzEvc2tnQ2FXeG1JYTNsMmRybnNVczFnOUlIUDZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC83ZDZmMmYtOTg0ZC00OTYxLWE2M2ItNDk1YzZmMmM1MTcz
LzEvYk9MdWhNejFiTndBX0N5cVdTa25uYTRVaUlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaKEMA0E
AgACMAcDBQMqD8kAMA0GCSqGSIb3DQEBCwUAA4IBAQCOiO9hGJFYKABpKjtgCCQu
uxaMI+Sf6WapX+07D3cVAH0KKW9VHctppZG3CNL+2SadMW54aVXIFAtVlDOfuOon
Ot01Pive/u+DpFQxmBswASfjxbm6B31KmsQjrIWJcvtX2wkwR7DkBzm87aTnFo11
rroXNLI6x9z1wANmi3JwQUVDfBKR5rLmWd2691TkqC/89KOyy0L9/E+Nzqdt5LYj
Yg2cEqrYpRZvT2HvrMJZenHKOWshdZaauL18CbH9gX5gbMHdwBtDo2gv3xbmQGyG
9PKlG8xYv9LQfcjnSBxBx9R4QRmiaz92wO2QIxJAzgTpP1byb9NYg3NVS2Z1jDI1
-----END CERTIFICATE-----