Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/3d54b9-a763-4514-9467-8aaef76c2e98/1/rYhwjOOa4-7RvBsKuPyCuJ2kOac.roa
File:                     rYhwjOOa4-7RvBsKuPyCuJ2kOac.roa (raw, json)
Hash identifier:          EeI2oHDpvRTGlcgIn02601fBNayk3lM8V1SAStGUI1w=
Subject key identifier:   AD:88:70:8C:E3:9A:E3:EE:D1:BC:1B:0A:B8:FC:82:B8:9D:A4:39:A7
Certificate issuer:       /CN=69844e1374f1c4581bfbf7ad4638a112d316fbe4
Certificate serial:       019D019DC3EF71D4AD2FEB6C8B15D9810B75
Authority key identifier: 69:84:4E:13:74:F1:C4:58:1B:FB:F7:AD:46:38:A1:12:D3:16:FB:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aYROE3TxxFgb-_etRjihEtMW--Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/3d54b9-a763-4514-9467-8aaef76c2e98/1/rYhwjOOa4-7RvBsKuPyCuJ2kOac.roa
Signing time:             Wed 18 Mar 2026 15:43:29 +0000
ROA not before:           Wed 18 Mar 2026 15:43:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8987
IP address blocks:        195.146.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/3d54b9-a763-4514-9467-8aaef76c2e98/1/aYROE3TxxFgb-_etRjihEtMW--Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/3d54b9-a763-4514-9467-8aaef76c2e98/1/aYROE3TxxFgb-_etRjihEtMW--Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aYROE3TxxFgb-_etRjihEtMW--Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Mar 2026 08:03:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:01:9d:c3:ef:71:d4:ad:2f:eb:6c:8b:15:d9:81:0b:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69844e1374f1c4581bfbf7ad4638a112d316fbe4
        Validity
            Not Before: Mar 18 15:43:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad88708ce39ae3eed1bc1b0ab8fc82b89da439a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:7d:d2:68:1c:76:8a:45:63:e7:a8:97:bb:9d:
                    43:cd:32:b4:3f:35:9f:f9:3f:98:ed:3f:28:ad:a9:
                    13:8e:34:1f:d9:d1:5d:1a:11:b7:6e:46:fb:12:22:
                    c0:42:62:b8:14:d9:91:b9:14:c3:31:78:2b:44:0c:
                    5a:47:05:84:8e:0d:74:67:18:c8:de:e7:0f:b0:76:
                    70:5c:78:f5:52:c4:9e:33:93:a1:b1:0d:59:20:84:
                    e4:c3:bd:ce:6a:94:ef:c5:db:62:99:b6:d9:8b:89:
                    50:f4:34:5b:60:38:83:ab:12:b4:f9:fd:28:02:b4:
                    5a:1c:c8:c2:70:c6:9f:62:58:11:07:78:43:83:3d:
                    5f:5a:fe:04:82:57:6c:21:78:ad:d7:6d:76:54:4b:
                    28:54:5c:f7:3c:28:04:ab:33:23:03:92:e5:0d:e9:
                    59:46:58:0e:eb:59:18:68:16:0d:85:77:5b:7b:6e:
                    ad:61:5e:62:11:72:42:d2:c2:71:dc:de:59:32:fb:
                    d7:3f:0d:8c:cb:00:73:32:c3:a9:78:8a:ab:a5:00:
                    fc:18:e3:42:f7:96:2d:5c:87:24:f3:e7:de:0f:dd:
                    f0:53:48:ce:55:98:99:ad:2a:0c:31:88:f8:18:78:
                    5a:af:8e:30:2d:26:9e:cd:55:41:49:27:38:14:66:
                    7b:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:88:70:8C:E3:9A:E3:EE:D1:BC:1B:0A:B8:FC:82:B8:9D:A4:39:A7
            X509v3 Authority Key Identifier:
                keyid:69:84:4E:13:74:F1:C4:58:1B:FB:F7:AD:46:38:A1:12:D3:16:FB:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aYROE3TxxFgb-_etRjihEtMW--Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/3d54b9-a763-4514-9467-8aaef76c2e98/1/rYhwjOOa4-7RvBsKuPyCuJ2kOac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/3d54b9-a763-4514-9467-8aaef76c2e98/1/aYROE3TxxFgb-_etRjihEtMW--Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.146.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:30:10:6c:ff:f5:0a:39:c9:f5:34:44:f9:6f:47:4c:73:67:
         83:78:d3:d8:e0:a0:81:2c:e2:dd:66:a9:ef:e6:69:d2:c4:f4:
         93:37:bc:77:3b:46:f9:48:b9:72:58:98:27:9b:6b:6e:56:dd:
         96:05:bf:63:1c:03:01:83:65:11:ea:92:a1:03:51:a0:91:e7:
         e5:bf:99:4c:3a:3d:8b:f8:9a:7b:47:73:73:87:fd:09:d4:67:
         72:09:f8:25:14:40:12:d2:ee:4c:c0:04:a8:eb:fe:92:39:6c:
         16:10:d7:ad:40:ff:68:bb:61:d6:83:52:52:7a:d3:43:9d:51:
         33:e0:7a:31:0f:ce:a4:3e:40:c1:91:d1:78:53:3d:a6:d4:19:
         e8:64:3f:a0:40:6a:3c:e2:18:83:a4:f7:89:74:7e:34:f7:d3:
         ab:46:5e:49:a7:1c:e4:d0:65:ed:5e:8f:ca:c2:36:28:92:8d:
         c8:db:31:fc:3d:52:3b:25:45:8b:5f:2d:41:8d:fb:e5:bb:c6:
         37:0a:4f:14:11:cd:d1:03:1a:27:9a:b0:8a:9a:71:53:a0:45:
         60:45:9d:84:ca:8d:0d:89:e4:18:20:e0:f7:04:c1:6a:3e:1f:
         f7:38:4f:13:06:5e:b8:5b:bc:22:a1:80:f7:0b:0c:72:b3:d2:
         73:2e:90:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0BncPvcdStL+tsixXZgQt1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ODQ0ZTEzNzRmMWM0NTgxYmZiZjdhZDQ2MzhhMTEyZDMx
NmZiZTQwHhcNMjYwMzE4MTU0MzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDg4NzA4Y2UzOWFlM2VlZDFiYzFiMGFiOGZjODJiODlkYTQzOWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwn3SaBx2ikVj56iXu51DzTK0PzWf
+T+Y7T8orakTjjQf2dFdGhG3bkb7EiLAQmK4FNmRuRTDMXgrRAxaRwWEjg10ZxjI
3ucPsHZwXHj1UsSeM5OhsQ1ZIITkw73OapTvxdtimbbZi4lQ9DRbYDiDqxK0+f0o
ArRaHMjCcMafYlgRB3hDgz1fWv4EgldsIXit1212VEsoVFz3PCgEqzMjA5LlDelZ
RlgO61kYaBYNhXdbe26tYV5iEXJC0sJx3N5ZMvvXPw2MywBzMsOpeIqrpQD8GONC
95YtXIck8+feD93wU0jOVZiZrSoMMYj4GHhar44wLSaezVVBSSc4FGZ7tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK2IcIzjmuPu0bwbCrj8gridpDmnMB8GA1UdIwQY
MBaAFGmEThN08cRYG/v3rUY4oRLTFvvkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVlST0UzVHh4RmdiLV9ldFJqaWhFdE1XLS1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8zZDU0YjktYTc2My00NTE0LTk0Njct
OGFhZWY3NmMyZTk4LzEvcllod2pPT2E0LTdSdkJzS3VQeUN1SjJrT2FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8zZDU0YjktYTc2My00NTE0LTk0NjctOGFhZWY3NmMyZTk4
LzEvYVlST0UzVHh4RmdiLV9ldFJqaWhFdE1XLS1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5KrMA0G
CSqGSIb3DQEBCwUAA4IBAQAaMBBs//UKOcn1NET5b0dMc2eDeNPY4KCBLOLdZqnv
5mnSxPSTN7x3O0b5SLlyWJgnm2tuVt2WBb9jHAMBg2UR6pKhA1Ggkeflv5lMOj2L
+Jp7R3Nzh/0J1GdyCfglFEAS0u5MwASo6/6SOWwWENetQP9ou2HWg1JSetNDnVEz
4HoxD86kPkDBkdF4Uz2m1BnoZD+gQGo84hiDpPeJdH4099OrRl5Jpxzk0GXtXo/K
wjYoko3I2zH8PVI7JUWLXy1Bjfvlu8Y3Ck8UEc3RAxonmrCKmnFToEVgRZ2Eyo0N
ieQYIOD3BMFqPh/3OE8TBl64W7wioYD3Cwxys9JzLpBk
-----END CERTIFICATE-----