Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/q6AprXpiRcVl5ELQQP4HzyoPU1s.roa
File:                     q6AprXpiRcVl5ELQQP4HzyoPU1s.roa (raw, json)
Hash identifier:          y1TzMFIAWDqXBEbPleIWHolHXjF7gfy6B7SVOuVhNiA=
Subject key identifier:   AB:A0:29:AD:7A:62:45:C5:65:E4:42:D0:40:FE:07:CF:2A:0F:53:5B
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019C24B3D2EB202A0BEB1F932BDE52DEF5F9
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/q6AprXpiRcVl5ELQQP4HzyoPU1s.roa
Signing time:             Tue 03 Feb 2026 18:11:30 +0000
ROA not before:           Tue 03 Feb 2026 18:11:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51847
IP address blocks:        212.42.208.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Feb 2026 10:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:24:b3:d2:eb:20:2a:0b:eb:1f:93:2b:de:52:de:f5:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Feb  3 18:11:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aba029ad7a6245c565e442d040fe07cf2a0f535b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a4:4e:bc:bc:b1:36:2b:69:6d:09:d9:d2:5b:
                    85:7b:f2:c1:99:8e:1e:c7:f3:10:d6:10:80:64:70:
                    54:91:64:5b:f2:fc:09:14:5f:23:08:9b:de:86:04:
                    56:66:0f:56:3a:88:58:06:48:b2:39:fe:69:f9:0a:
                    6c:6b:00:fd:02:18:e5:5a:0e:79:5d:63:f7:a4:2c:
                    d5:ac:ff:cf:2f:93:70:5a:13:d7:cd:fb:f8:63:f2:
                    40:4d:ba:4a:aa:61:a0:95:ee:9b:83:4b:55:be:2d:
                    12:f1:48:b4:c5:da:11:47:ce:b1:1b:0c:58:4a:59:
                    dd:b6:67:36:71:32:c9:dc:52:3c:c6:ef:ae:34:aa:
                    f3:4f:dd:1e:50:f4:53:a0:0c:73:cf:f0:da:dc:f9:
                    69:0c:d6:3b:f0:eb:03:7f:d7:91:4e:74:18:a6:4b:
                    68:2a:80:fc:c0:cb:a6:7d:91:f3:a9:e6:cf:d0:4f:
                    88:e0:12:7d:e8:a5:d1:cd:fa:9f:41:e5:e0:bc:51:
                    27:b3:25:18:60:57:c5:12:8c:be:a8:7f:68:d6:c3:
                    07:2b:9d:45:dd:a8:9e:d7:9e:2f:d6:b9:46:68:c5:
                    bf:62:3f:81:2d:55:bc:66:fe:97:26:da:65:58:a3:
                    5c:41:31:19:4a:17:e2:4c:c9:c2:3f:30:86:1f:3e:
                    e3:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:A0:29:AD:7A:62:45:C5:65:E4:42:D0:40:FE:07:CF:2A:0F:53:5B
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/q6AprXpiRcVl5ELQQP4HzyoPU1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.42.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         93:41:fd:8d:15:29:85:20:b6:c9:66:7a:8f:87:fb:70:da:7f:
         c7:ea:c8:9f:8e:f8:85:eb:a3:da:50:ce:61:1f:b4:3a:51:54:
         a6:fe:57:2d:6e:3d:45:a6:4e:d5:cd:f2:bb:41:c3:2a:7d:f7:
         15:ee:37:c4:cb:70:23:2d:93:a4:d0:26:03:82:27:65:85:29:
         72:2a:ca:ea:b6:a5:fe:70:b9:b4:48:65:71:29:cc:8b:1c:09:
         dd:40:a1:ec:61:22:65:7a:a3:1b:64:f9:51:89:f1:da:f8:b6:
         c9:1e:e0:c7:b6:40:15:aa:f4:e6:00:24:4b:14:12:e3:ba:b1:
         35:97:af:48:a6:cd:ad:ee:a5:b2:68:e0:0e:b9:44:ab:25:1e:
         de:1b:7d:0f:4c:1f:75:5a:b4:d0:9e:61:83:d4:59:13:6a:19:
         a8:57:8a:8c:11:0f:e8:b7:22:83:38:21:ed:af:b1:d8:9c:70:
         6d:5f:0b:f0:6c:87:c2:8f:b2:d7:2b:d1:ec:f1:5e:0b:8e:78:
         fc:13:e0:56:64:a2:73:12:58:19:b2:ab:a7:4b:df:e3:8d:40:
         b7:9d:cb:71:f0:70:00:42:c6:94:43:ed:6b:db:ed:b7:ae:9c:
         37:65:78:41:4f:f8:ad:86:82:69:2d:95:52:2a:5f:23:f8:f1:
         5b:50:5a:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwks9LrICoL6x+TK95S3vX5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjYwMjAzMTgxMTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmEwMjlhZDdhNjI0NWM1NjVlNDQyZDA0MGZlMDdjZjJhMGY1MzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqROvLyxNitpbQnZ0luFe/LBmY4e
x/MQ1hCAZHBUkWRb8vwJFF8jCJvehgRWZg9WOohYBkiyOf5p+QpsawD9AhjlWg55
XWP3pCzVrP/PL5NwWhPXzfv4Y/JATbpKqmGgle6bg0tVvi0S8Ui0xdoRR86xGwxY
Slndtmc2cTLJ3FI8xu+uNKrzT90eUPRToAxzz/Da3PlpDNY78OsDf9eRTnQYpkto
KoD8wMumfZHzqebP0E+I4BJ96KXRzfqfQeXgvFEnsyUYYFfFEoy+qH9o1sMHK51F
3aie154v1rlGaMW/Yj+BLVW8Zv6XJtplWKNcQTEZShfiTMnCPzCGHz7jrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKugKa16YkXFZeRC0ED+B88qD1NbMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvcTZBcHJYcGlSY1ZsNUVMUVFQNEh6eW9QVTFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE1CrQMA0G
CSqGSIb3DQEBCwUAA4IBAQCTQf2NFSmFILbJZnqPh/tw2n/H6sifjviF66PaUM5h
H7Q6UVSm/lctbj1Fpk7VzfK7QcMqffcV7jfEy3AjLZOk0CYDgidlhSlyKsrqtqX+
cLm0SGVxKcyLHAndQKHsYSJleqMbZPlRifHa+LbJHuDHtkAVqvTmACRLFBLjurE1
l69Ips2t7qWyaOAOuUSrJR7eG30PTB91WrTQnmGD1FkTahmoV4qMEQ/otyKDOCHt
r7HYnHBtXwvwbIfCj7LXK9Hs8V4Ljnj8E+BWZKJzElgZsqunS9/jjUC3nctx8HAA
QsaUQ+1r2+23rpw3ZXhBT/ithoJpLZVSKl8j+PFbUFql
-----END CERTIFICATE-----