Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/aT71ZWN5h-cswObEMjO5Tvlrkcg.roa
File:                     aT71ZWN5h-cswObEMjO5Tvlrkcg.roa (raw, json)
Hash identifier:          GNhZxrkE+Z927Gw94LnJmXE9nuO3vX08yH35TcM6zw4=
Subject key identifier:   69:3E:F5:65:63:79:87:E7:2C:C0:E6:C4:32:33:B9:4E:F9:6B:91:C8
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019CB7CC53E77FDF927EE24A953988FB01FC
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/aT71ZWN5h-cswObEMjO5Tvlrkcg.roa
Signing time:             Wed 04 Mar 2026 07:42:27 +0000
ROA not before:           Wed 04 Mar 2026 07:42:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211295
IP address blocks:        81.15.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 22:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b7:cc:53:e7:7f:df:92:7e:e2:4a:95:39:88:fb:01:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Mar  4 07:42:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=693ef565637987e72cc0e6c43233b94ef96b91c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e0:9d:ef:ce:21:45:40:4d:df:98:28:10:fc:
                    bd:f3:61:b5:63:bd:b6:0b:32:10:a8:44:30:89:2e:
                    e8:37:85:78:69:b6:f1:70:a5:2f:88:e5:4d:e0:4d:
                    81:57:39:f3:89:2c:b3:21:a9:4f:a6:ad:76:55:50:
                    e3:df:e8:bf:bb:89:ea:5c:a2:e2:e2:af:87:93:0e:
                    a2:4d:ff:b0:fa:97:6b:ac:ef:01:21:2e:b2:06:95:
                    f1:09:f8:9c:d9:90:39:a1:92:b7:65:bc:da:fd:53:
                    9a:a1:0e:49:78:8d:00:d4:9c:d1:f5:f8:c8:1a:e2:
                    7b:0a:e3:77:02:84:2d:f1:54:8d:30:95:ed:9d:11:
                    9c:5a:0e:89:bd:77:a5:a4:b6:02:b4:e3:5f:0e:d3:
                    a2:13:e3:87:ff:12:68:e1:22:3e:d2:3e:22:46:69:
                    7a:ab:8b:62:b4:8f:3a:4c:31:13:78:13:07:3b:06:
                    e4:38:ef:82:4b:69:26:4c:6a:27:4a:7d:89:06:fd:
                    5f:46:2c:3c:02:88:b0:5f:0f:f6:d3:87:1e:ac:77:
                    40:4b:f6:0b:66:7e:96:74:60:e9:b3:fe:3e:01:54:
                    75:a7:21:27:48:74:ec:9e:27:c2:73:c4:7a:d5:37:
                    df:49:28:48:fe:b1:bf:e4:5e:d0:fa:21:b4:66:f0:
                    15:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:3E:F5:65:63:79:87:E7:2C:C0:E6:C4:32:33:B9:4E:F9:6B:91:C8
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/aT71ZWN5h-cswObEMjO5Tvlrkcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.15.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:90:f6:ee:e8:1e:1d:ee:53:8a:8f:fd:d9:60:c8:7d:6c:67:
         59:75:c3:4c:21:bd:69:ed:4f:c4:69:12:82:4d:b4:b0:d7:e3:
         f5:2e:19:d9:f0:62:af:af:b1:ad:4d:e9:b1:2f:c2:f8:e2:46:
         1e:1e:b8:fc:9a:8e:1f:b3:83:71:c6:7d:ac:39:03:8b:f4:87:
         53:21:61:61:f0:67:b5:1f:6f:62:56:e1:fa:c9:18:f9:3e:ef:
         8e:29:a3:4b:5d:14:94:3d:f1:73:52:b7:f6:41:c7:02:be:d9:
         33:22:66:19:cc:14:11:8a:3e:1b:00:96:36:f3:e6:9a:74:dc:
         50:3b:4a:04:b2:b3:e4:b9:96:b8:f9:70:42:f3:35:2c:fe:2e:
         ad:c7:dc:47:53:c6:2c:c5:81:d0:0d:99:8a:64:8b:93:7d:bd:
         4a:15:7e:a6:a9:cd:9a:ad:97:33:60:56:79:9c:a8:ac:45:8e:
         87:7d:02:80:df:71:71:9a:a0:ca:87:ce:ef:7d:3a:9d:f8:f1:
         52:81:d9:f0:ef:91:92:60:f3:55:14:99:7a:e2:48:ba:0a:1f:
         d9:35:c8:c0:25:3d:09:3e:00:f3:3c:45:d9:d8:5e:1b:23:31:
         86:aa:08:6e:3a:04:0e:5c:49:29:b6:15:04:0a:7c:a3:77:72:
         23:b8:ab:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy3zFPnf9+SfuJKlTmI+wH8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjYwMzA0MDc0MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTNlZjU2NTYzNzk4N2U3MmNjMGU2YzQzMjMzYjk0ZWY5NmI5MWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuCd784hRUBN35goEPy982G1Y722
CzIQqEQwiS7oN4V4abbxcKUviOVN4E2BVznziSyzIalPpq12VVDj3+i/u4nqXKLi
4q+Hkw6iTf+w+pdrrO8BIS6yBpXxCfic2ZA5oZK3Zbza/VOaoQ5JeI0A1JzR9fjI
GuJ7CuN3AoQt8VSNMJXtnRGcWg6JvXelpLYCtONfDtOiE+OH/xJo4SI+0j4iRml6
q4titI86TDETeBMHOwbkOO+CS2kmTGonSn2JBv1fRiw8AoiwXw/204cerHdAS/YL
Zn6WdGDps/4+AVR1pyEnSHTsnifCc8R61TffSShI/rG/5F7Q+iG0ZvAVcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGk+9WVjeYfnLMDmxDIzuU75a5HIMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvYVQ3MVpXTjVoLWNzd09iRU1qTzVUdmxya2NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUQ+cMA0G
CSqGSIb3DQEBCwUAA4IBAQCzkPbu6B4d7lOKj/3ZYMh9bGdZdcNMIb1p7U/EaRKC
TbSw1+P1LhnZ8GKvr7GtTemxL8L44kYeHrj8mo4fs4Nxxn2sOQOL9IdTIWFh8Ge1
H29iVuH6yRj5Pu+OKaNLXRSUPfFzUrf2QccCvtkzImYZzBQRij4bAJY28+aadNxQ
O0oEsrPkuZa4+XBC8zUs/i6tx9xHU8YsxYHQDZmKZIuTfb1KFX6mqc2arZczYFZ5
nKisRY6HfQKA33FxmqDKh87vfTqd+PFSgdnw75GSYPNVFJl64ki6Ch/ZNcjAJT0J
PgDzPEXZ2F4bIzGGqghuOgQOXEkpthUECnyjd3IjuKum
-----END CERTIFICATE-----