Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/i6okwVbrTtfuit9n-3umsPdQdEA.roa
File:                     i6okwVbrTtfuit9n-3umsPdQdEA.roa (raw, json)
Hash identifier:          05A1VffTViaIqq4UnGI1Gfzk2GYDzcVqLbVV9XUXQL4=
Subject key identifier:   8B:AA:24:C1:56:EB:4E:D7:EE:8A:DF:67:FB:7B:A6:B0:F7:50:74:40
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       019EBCF93F32E25059EB1ED35DF47CA5AB7A
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/i6okwVbrTtfuit9n-3umsPdQdEA.roa
Signing time:             Fri 12 Jun 2026 17:55:11 +0000
ROA not before:           Fri 12 Jun 2026 17:55:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209847
IP address blocks:        45.142.212.0/24 maxlen: 24
                          45.142.214.0/24 maxlen: 24
                          213.226.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bc:f9:3f:32:e2:50:59:eb:1e:d3:5d:f4:7c:a5:ab:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jun 12 17:55:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8baa24c156eb4ed7ee8adf67fb7ba6b0f7507440
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:a7:e3:94:c4:8a:d7:37:c3:c5:7d:1e:96:be:
                    ea:0c:a8:80:6b:f1:9b:7b:fa:f9:72:96:5d:7f:95:
                    1a:77:bf:d0:ed:80:b9:12:5f:12:35:46:33:bd:98:
                    f0:80:64:2a:e9:dd:2f:62:7d:ee:73:81:0b:5d:80:
                    3d:7e:bb:ea:95:76:10:96:c5:ec:19:92:4c:10:d6:
                    43:7c:83:2b:42:11:5f:ae:65:02:2c:f3:69:d1:6c:
                    9d:71:10:20:5b:0e:ee:90:37:6c:aa:3d:f8:a1:97:
                    36:a9:97:37:f8:f3:63:0a:90:da:82:9a:74:38:6b:
                    6b:cc:fd:49:dc:b1:73:b9:60:2c:e1:d8:3c:d5:88:
                    63:1e:07:d3:aa:ac:6f:1e:e0:7b:e9:f0:57:c8:89:
                    1f:ff:6f:a8:27:89:02:26:ae:f6:90:d2:6b:c8:04:
                    1c:3d:1a:a4:0e:19:c7:06:2c:79:a7:22:74:1a:38:
                    04:d6:f3:67:d1:30:86:d4:2d:b7:0b:82:b2:78:b5:
                    6e:29:bb:b3:cd:6e:9e:94:e8:42:0c:53:77:07:04:
                    4f:cc:c2:97:5e:e4:44:d2:94:ff:c4:5c:b3:0c:c7:
                    61:0e:9a:2b:95:ff:e5:f5:1e:ed:72:f4:93:3d:4f:
                    2f:a2:78:2a:a9:91:1c:1d:82:f5:2e:07:b2:34:6a:
                    8c:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:AA:24:C1:56:EB:4E:D7:EE:8A:DF:67:FB:7B:A6:B0:F7:50:74:40
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/i6okwVbrTtfuit9n-3umsPdQdEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.212.0/24
                  45.142.214.0/24
                  213.226.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:6e:34:ad:02:31:10:02:c5:dd:2a:00:5a:ee:6c:50:b7:bc:
         eb:8d:72:88:45:09:cf:bc:87:be:83:74:61:ce:e8:d3:c7:22:
         61:29:71:66:67:31:37:51:04:4b:d8:1a:80:48:af:c6:e7:d5:
         f3:86:87:7a:59:90:da:c1:f4:97:eb:2d:6e:11:8c:7c:67:0a:
         6a:a2:78:ee:45:78:ce:b9:a4:dd:b9:c7:ba:b9:36:dc:fa:5d:
         fd:29:a4:ae:df:87:c5:6a:a5:da:ed:39:cd:84:48:4f:98:9d:
         15:4b:ba:cf:cf:1f:5a:f7:ad:1d:a1:4b:ff:12:3b:eb:61:9c:
         92:2c:e5:2c:ed:48:08:95:c3:ab:40:32:e8:d0:85:4f:f6:12:
         e9:5b:39:67:c0:6b:99:4d:9a:c3:60:a2:75:07:92:f2:3c:a6:
         7e:fa:5a:aa:8d:b8:fa:2c:b8:d9:f4:a3:35:8d:9a:db:44:70:
         6b:4a:67:fc:df:b8:d7:5d:01:90:8a:9c:4d:12:5a:c9:16:a9:
         3b:75:8d:40:e9:a4:45:2e:d5:b0:b5:9e:1c:f8:fd:f2:e1:fc:
         a0:5d:29:44:20:40:72:fb:5b:2e:d4:a8:f1:eb:c9:be:81:2d:
         5c:07:05:59:73:7c:d9:41:5c:1a:ba:dd:2d:c0:9e:fd:28:e0:
         7f:27:d6:02
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ68+T8y4lBZ6x7TXfR8pat6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjYwNjEyMTc1NTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmFhMjRjMTU2ZWI0ZWQ3ZWU4YWRmNjdmYjdiYTZiMGY3NTA3NDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9qfjlMSK1zfDxX0elr7qDKiAa/Gb
e/r5cpZdf5Uad7/Q7YC5El8SNUYzvZjwgGQq6d0vYn3uc4ELXYA9frvqlXYQlsXs
GZJMENZDfIMrQhFfrmUCLPNp0WydcRAgWw7ukDdsqj34oZc2qZc3+PNjCpDagpp0
OGtrzP1J3LFzuWAs4dg81YhjHgfTqqxvHuB76fBXyIkf/2+oJ4kCJq72kNJryAQc
PRqkDhnHBix5pyJ0GjgE1vNn0TCG1C23C4KyeLVuKbuzzW6elOhCDFN3BwRPzMKX
XuRE0pT/xFyzDMdhDporlf/l9R7tcvSTPU8vongqqZEcHYL1LgeyNGqMHQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIuqJMFW607X7orfZ/t7prD3UHRAMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvaTZva3dWYnJUdGZ1aXQ5bi0zdW1zUGRRZEVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALY7UAwQA
LY7WAwQA1eJkMA0GCSqGSIb3DQEBCwUAA4IBAQCYbjStAjEQAsXdKgBa7mxQt7zr
jXKIRQnPvIe+g3RhzujTxyJhKXFmZzE3UQRL2BqASK/G59Xzhod6WZDawfSX6y1u
EYx8ZwpqonjuRXjOuaTduce6uTbc+l39KaSu34fFaqXa7TnNhEhPmJ0VS7rPzx9a
960doUv/EjvrYZySLOUs7UgIlcOrQDLo0IVP9hLpWzlnwGuZTZrDYKJ1B5LyPKZ+
+lqqjbj6LLjZ9KM1jZrbRHBrSmf837jXXQGQipxNElrJFqk7dY1A6aRFLtWwtZ4c
+P3y4fygXSlEIEBy+1su1Kjx68m+gS1cBwVZc3zZQVwaut0twJ79KOB/J9YC
-----END CERTIFICATE-----