Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/B6LIx5SFj-LpvkMusTX6eylqB8Q.roa
File:                     B6LIx5SFj-LpvkMusTX6eylqB8Q.roa (raw, json)
Hash identifier:          8sXEje/NFZbddnD1ozsYpbMXZouncZaHmKPwgX4Mau8=
Subject key identifier:   07:A2:C8:C7:94:85:8F:E2:E9:BE:43:2E:B1:35:FA:7B:29:6A:07:C4
Certificate issuer:       /CN=6f9e9696dccf6c1a432090408514aecdc3f60739
Certificate serial:       019CB7F2C67142725DC577E7758DCD747675
Authority key identifier: 6F:9E:96:96:DC:CF:6C:1A:43:20:90:40:85:14:AE:CD:C3:F6:07:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b56WltzPbBpDIJBAhRSuzcP2Bzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/B6LIx5SFj-LpvkMusTX6eylqB8Q.roa
Signing time:             Wed 04 Mar 2026 08:24:26 +0000
ROA not before:           Wed 04 Mar 2026 08:24:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59948
IP address blocks:        194.92.118.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/b56WltzPbBpDIJBAhRSuzcP2Bzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/b56WltzPbBpDIJBAhRSuzcP2Bzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b56WltzPbBpDIJBAhRSuzcP2Bzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b7:f2:c6:71:42:72:5d:c5:77:e7:75:8d:cd:74:76:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f9e9696dccf6c1a432090408514aecdc3f60739
        Validity
            Not Before: Mar  4 08:24:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=07a2c8c794858fe2e9be432eb135fa7b296a07c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:2b:a9:b9:db:ed:a9:16:eb:39:62:9e:ce:9f:
                    b6:6d:60:db:05:4f:a9:0a:28:e1:f7:66:5c:b2:46:
                    ca:70:1a:13:fe:07:f2:f8:df:e6:f2:34:f5:02:0d:
                    65:74:4f:a9:11:82:6c:3c:62:44:b0:dd:7f:f6:37:
                    a3:ba:0c:f3:bc:32:f2:5f:80:a4:52:00:cc:13:c1:
                    fc:d0:6f:f0:c0:07:f8:3d:ff:a9:03:e9:86:19:54:
                    fe:5c:9f:d3:c0:4d:83:c5:af:15:80:2a:1f:d8:58:
                    c3:d9:29:46:b0:17:b2:06:6f:08:60:bb:59:a9:66:
                    c5:ca:85:51:86:af:60:e6:07:cb:d6:74:17:e9:9f:
                    20:3f:18:77:dc:b9:ed:d1:8c:14:b4:e4:fd:36:28:
                    89:94:7f:20:0b:4e:53:e1:98:8b:91:b3:da:66:f3:
                    15:34:22:38:11:4f:52:b5:d5:35:3c:12:57:b3:b6:
                    d9:f4:55:ee:45:04:8a:c5:43:bf:17:78:ff:80:fb:
                    88:de:9c:4a:b8:8f:72:27:f6:1e:77:ca:a6:a7:88:
                    25:0b:65:37:6a:e8:b3:4d:ff:d3:7a:76:30:c7:df:
                    1c:73:f0:63:4e:f8:c4:60:dc:b1:bf:bf:43:80:35:
                    e6:72:80:06:47:fb:53:d5:04:d1:61:4d:84:ea:d4:
                    b7:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:A2:C8:C7:94:85:8F:E2:E9:BE:43:2E:B1:35:FA:7B:29:6A:07:C4
            X509v3 Authority Key Identifier:
                keyid:6F:9E:96:96:DC:CF:6C:1A:43:20:90:40:85:14:AE:CD:C3:F6:07:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b56WltzPbBpDIJBAhRSuzcP2Bzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/B6LIx5SFj-LpvkMusTX6eylqB8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/b56WltzPbBpDIJBAhRSuzcP2Bzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.92.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:7f:c5:c9:b3:89:1e:c1:c3:83:4c:3c:55:43:03:10:e7:bc:
         54:66:ee:24:f6:80:ba:88:9d:54:56:ba:ca:fc:98:24:ed:89:
         b5:57:22:6c:98:f1:5f:cd:a3:5e:07:e1:83:01:3c:1f:ca:67:
         6e:b0:75:aa:55:69:f9:1f:ea:1a:3f:71:41:cc:eb:35:7d:62:
         a0:b5:8a:f6:5f:02:3b:65:3e:65:c0:8c:10:cd:fd:77:f3:48:
         08:6c:a0:cc:e4:f5:27:6d:3d:91:cd:e3:54:45:2f:50:40:e0:
         bc:35:99:b0:04:cc:4c:cf:b7:77:0e:51:d3:9e:51:86:71:6d:
         35:0e:fb:31:de:cc:a7:37:06:57:31:75:57:b6:94:c6:2d:96:
         9c:09:ce:84:52:6d:73:4f:d6:f8:83:2d:47:0b:7b:a5:14:bf:
         9e:89:01:7a:60:c8:20:56:f7:81:28:35:30:03:4e:83:81:ef:
         bd:57:29:d5:8d:fb:5b:0c:ef:dd:e9:9e:5f:a1:cc:4e:b5:e3:
         e9:45:ae:83:68:70:3b:a1:94:a9:86:1b:7d:16:59:ea:6f:d7:
         10:c4:f9:a6:16:cb:9f:a2:22:8a:dc:1b:6c:18:97:02:38:bd:
         8f:1a:f0:f6:fd:eb:eb:6a:8f:67:3a:31:93:d3:8e:44:27:ba:
         38:1d:b2:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy38sZxQnJdxXfndY3NdHZ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmOWU5Njk2ZGNjZjZjMWE0MzIwOTA0MDg1MTRhZWNkYzNm
NjA3MzkwHhcNMjYwMzA0MDgyNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2EyYzhjNzk0ODU4ZmUyZTliZTQzMmViMTM1ZmE3YjI5NmEwN2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSupudvtqRbrOWKezp+2bWDbBU+p
Cijh92ZcskbKcBoT/gfy+N/m8jT1Ag1ldE+pEYJsPGJEsN1/9jejugzzvDLyX4Ck
UgDME8H80G/wwAf4Pf+pA+mGGVT+XJ/TwE2Dxa8VgCof2FjD2SlGsBeyBm8IYLtZ
qWbFyoVRhq9g5gfL1nQX6Z8gPxh33Lnt0YwUtOT9NiiJlH8gC05T4ZiLkbPaZvMV
NCI4EU9StdU1PBJXs7bZ9FXuRQSKxUO/F3j/gPuI3pxKuI9yJ/Yed8qmp4glC2U3
auizTf/TenYwx98cc/BjTvjEYNyxv79DgDXmcoAGR/tT1QTRYU2E6tS3bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAeiyMeUhY/i6b5DLrE1+nspagfEMB8GA1UdIwQY
MBaAFG+elpbcz2waQyCQQIUUrs3D9gc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjU2V2x0elBiQnBESUpCQWhSU3V6Y1AyQnprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS81N2NkNzItMzNlNC00MmRkLTlmMjIt
YmFmNGUwYjRhNjllLzEvQjZMSXg1U0ZqLUxwdmtNdXNUWDZleWxxQjhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS81N2NkNzItMzNlNC00MmRkLTlmMjItYmFmNGUwYjRhNjll
LzEvYjU2V2x0elBiQnBESUpCQWhSU3V6Y1AyQnprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwlx2MA0G
CSqGSIb3DQEBCwUAA4IBAQBCf8XJs4kewcODTDxVQwMQ57xUZu4k9oC6iJ1UVrrK
/Jgk7Ym1VyJsmPFfzaNeB+GDATwfymdusHWqVWn5H+oaP3FBzOs1fWKgtYr2XwI7
ZT5lwIwQzf1380gIbKDM5PUnbT2RzeNURS9QQOC8NZmwBMxMz7d3DlHTnlGGcW01
Dvsx3synNwZXMXVXtpTGLZacCc6EUm1zT9b4gy1HC3ulFL+eiQF6YMggVveBKDUw
A06Dge+9VynVjftbDO/d6Z5focxOtePpRa6DaHA7oZSphht9Flnqb9cQxPmmFsuf
oiKK3BtsGJcCOL2PGvD2/evrao9nOjGT045EJ7o4HbKr
-----END CERTIFICATE-----