Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/6JL2P3Wx5KUujyjwpS6fgSOZDho.roa
File:                     6JL2P3Wx5KUujyjwpS6fgSOZDho.roa (raw, json)
Hash identifier:          BvHf4jmbc2TRFKv84yyYWIr0ZXk8ffouUwzDiThVP24=
Subject key identifier:   E8:92:F6:3F:75:B1:E4:A5:2E:8F:28:F0:A5:2E:9F:81:23:99:0E:1A
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019CADB1F648E58E572C8BFA4664FEC06E02
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/6JL2P3Wx5KUujyjwpS6fgSOZDho.roa
Signing time:             Mon 02 Mar 2026 08:37:27 +0000
ROA not before:           Mon 02 Mar 2026 08:37:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206092
IP address blocks:        45.151.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ad:b1:f6:48:e5:8e:57:2c:8b:fa:46:64:fe:c0:6e:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Mar  2 08:37:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e892f63f75b1e4a52e8f28f0a52e9f8123990e1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a6:67:48:4b:72:5c:1d:57:55:56:2c:84:03:
                    e1:b6:e4:70:41:be:70:2b:c2:49:d0:10:03:95:a7:
                    a3:81:ec:e5:d2:e3:3b:3c:8c:35:6c:3e:84:0f:d7:
                    1b:a7:03:c0:45:2c:73:3b:0d:2b:c6:e8:22:a6:a5:
                    d4:eb:11:9a:28:af:a7:4f:43:ae:28:13:49:23:af:
                    12:f8:6a:21:5c:da:68:2d:bd:ff:9c:ac:de:8b:c8:
                    2a:ef:34:36:3d:f5:c2:b6:4f:04:90:ff:36:13:8e:
                    df:ba:e0:a7:57:58:cb:32:4d:38:6c:07:f6:a3:85:
                    25:16:2b:53:8f:c4:a8:7a:2b:a3:21:54:8e:b7:79:
                    46:b2:2f:17:50:d8:d2:b8:15:6c:cb:db:47:4f:f8:
                    5c:29:67:7c:e0:77:5f:93:fc:f0:e2:99:f2:ea:97:
                    f7:68:13:f4:82:de:a7:51:5d:28:31:23:74:12:7d:
                    e7:77:e8:f9:35:6d:a2:42:c4:d4:f5:07:6b:e0:63:
                    27:63:19:3a:72:89:76:55:46:24:46:f6:d9:d3:51:
                    0e:45:e9:b2:b7:eb:eb:f3:ad:cf:8e:5b:20:5a:a6:
                    49:c4:17:67:c0:2a:13:26:b5:e4:fb:e8:b1:a9:56:
                    d6:73:7b:0e:56:ba:36:d8:e4:d5:1a:ac:73:6b:c5:
                    90:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:92:F6:3F:75:B1:E4:A5:2E:8F:28:F0:A5:2E:9F:81:23:99:0E:1A
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/6JL2P3Wx5KUujyjwpS6fgSOZDho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:5c:1c:e3:ce:c5:2a:f4:6b:53:26:a5:9d:30:09:13:6a:0a:
         8a:fc:75:e6:57:76:13:11:c0:32:88:9d:72:d3:42:2a:1c:6f:
         42:a2:3f:d2:9b:1f:bf:f1:6d:11:e9:bd:b3:f5:c9:2a:d8:df:
         fc:20:e5:90:70:a8:9d:4d:b8:05:06:0e:81:86:2f:9e:5f:3b:
         8f:5c:b6:f4:01:bc:34:be:5b:a3:c2:94:80:0e:c3:36:c5:3a:
         93:e6:5d:b3:e4:f8:aa:b9:37:64:75:e8:75:6f:e5:5f:fb:f1:
         f6:e5:3a:91:7d:eb:06:a3:90:15:ac:e4:75:29:35:ac:62:10:
         ff:4b:4c:92:67:b7:1e:42:de:06:1b:12:6f:a6:ab:17:68:0f:
         a1:b8:29:b8:c6:e2:37:d3:59:06:a6:86:71:93:b9:ba:e7:e8:
         d5:c2:cc:8f:c2:0a:bf:6b:36:03:58:35:15:4c:2c:18:6b:ae:
         39:38:93:25:a8:42:ee:ee:e9:c3:31:3a:07:39:a1:7d:d3:76:
         e8:57:6c:73:04:bd:6c:ae:ee:35:03:84:4c:15:f4:47:2a:12:
         0e:52:5d:88:82:e5:b4:d8:16:66:8e:1e:cd:74:00:e5:f7:83:
         c9:48:77:ad:1d:40:ac:01:ee:be:d9:19:d6:29:91:8f:d5:8a:
         89:2d:cd:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZytsfZI5Y5XLIv6RmT+wG4CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwMzAyMDgzNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODkyZjYzZjc1YjFlNGE1MmU4ZjI4ZjBhNTJlOWY4MTIzOTkwZTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaZnSEtyXB1XVVYshAPhtuRwQb5w
K8JJ0BADlaejgezl0uM7PIw1bD6ED9cbpwPARSxzOw0rxugipqXU6xGaKK+nT0Ou
KBNJI68S+GohXNpoLb3/nKzei8gq7zQ2PfXCtk8EkP82E47fuuCnV1jLMk04bAf2
o4UlFitTj8SoeiujIVSOt3lGsi8XUNjSuBVsy9tHT/hcKWd84Hdfk/zw4pny6pf3
aBP0gt6nUV0oMSN0En3nd+j5NW2iQsTU9Qdr4GMnYxk6col2VUYkRvbZ01EORemy
t+vr863PjlsgWqZJxBdnwCoTJrXk++ixqVbWc3sOVro22OTVGqxza8WQowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOiS9j91seSlLo8o8KUun4EjmQ4aMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvNkpMMlAzV3g1S1V1anlqd3BTNmZnU09aRGhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZcBMA0G
CSqGSIb3DQEBCwUAA4IBAQBqXBzjzsUq9GtTJqWdMAkTagqK/HXmV3YTEcAyiJ1y
00IqHG9Coj/Smx+/8W0R6b2z9ckq2N/8IOWQcKidTbgFBg6Bhi+eXzuPXLb0Abw0
vlujwpSADsM2xTqT5l2z5PiquTdkdeh1b+Vf+/H25TqRfesGo5AVrOR1KTWsYhD/
S0ySZ7ceQt4GGxJvpqsXaA+huCm4xuI301kGpoZxk7m65+jVwsyPwgq/azYDWDUV
TCwYa645OJMlqELu7unDMToHOaF903boV2xzBL1sru41A4RMFfRHKhIOUl2IguW0
2BZmjh7NdADl94PJSHetHUCsAe6+2RnWKZGP1YqJLc1t
-----END CERTIFICATE-----