Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/3EanmD6DodOa3OjQ9Kx0qn9ri6Q.roa
File:                     3EanmD6DodOa3OjQ9Kx0qn9ri6Q.roa (raw, json)
Hash identifier:          4kaL0cFBeCDq0v8h0ILY1h3bjLeCtgIe5E5jCClpBsI=
Subject key identifier:   DC:46:A7:98:3E:83:A1:D3:9A:DC:E8:D0:F4:AC:74:AA:7F:6B:8B:A4
Certificate issuer:       /CN=6b233d75508b4e85cccf44349a7cb703198d1d26
Certificate serial:       019E270CE41F500D4B75B31400CA964E3A06
Authority key identifier: 6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/3EanmD6DodOa3OjQ9Kx0qn9ri6Q.roa
Signing time:             Thu 14 May 2026 15:13:36 +0000
ROA not before:           Thu 14 May 2026 15:13:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7979
IP address blocks:        146.66.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:27:0c:e4:1f:50:0d:4b:75:b3:14:00:ca:96:4e:3a:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b233d75508b4e85cccf44349a7cb703198d1d26
        Validity
            Not Before: May 14 15:13:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc46a7983e83a1d39adce8d0f4ac74aa7f6b8ba4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c5:6e:f3:84:e8:61:bf:0f:ca:3c:7b:c1:41:
                    a7:d5:ff:2b:ac:d0:7d:2c:ae:5d:28:a5:ba:3f:45:
                    2d:b0:bb:85:ae:6d:ff:b0:2a:6d:4d:d8:d2:a8:d1:
                    92:15:44:32:c9:29:8f:97:42:ee:be:63:a0:95:ed:
                    6f:ad:85:f9:a7:25:a3:6d:b1:d7:08:f6:43:04:b9:
                    f2:03:79:5d:f0:2e:0f:f9:8f:4d:bb:c1:cd:62:9e:
                    eb:52:90:64:ba:87:b2:49:59:4f:02:54:3c:55:e2:
                    99:62:e3:e5:63:c1:0b:ee:08:2a:43:c6:d3:fe:33:
                    5c:63:47:7f:ee:fa:7c:1b:21:2d:2b:31:d4:b0:62:
                    1d:bb:0f:b4:57:a6:87:a3:cf:d9:0f:26:05:e2:56:
                    74:40:de:66:38:fa:91:cc:19:16:9c:57:a2:40:7a:
                    b1:43:42:d5:77:e2:ee:be:37:95:1c:3d:6d:e2:54:
                    70:23:c8:05:c3:5f:92:f2:ec:12:d8:4b:26:f4:6b:
                    8a:f5:d6:56:6c:7b:e9:40:2e:2f:d5:f8:c6:ab:6b:
                    5d:0b:17:ed:c5:44:46:e6:05:2b:b8:6f:85:dd:ba:
                    b4:70:71:77:0f:ca:ed:d8:7f:93:8a:f0:af:08:a3:
                    68:dd:27:db:f2:fd:60:96:49:d2:ff:d8:db:06:be:
                    25:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:46:A7:98:3E:83:A1:D3:9A:DC:E8:D0:F4:AC:74:AA:7F:6B:8B:A4
            X509v3 Authority Key Identifier:
                keyid:6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/3EanmD6DodOa3OjQ9Kx0qn9ri6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.66.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:3f:f6:4f:8a:b3:b3:71:64:18:28:59:d7:c0:13:bf:4c:4d:
         1d:a7:c7:d8:91:3d:10:38:b7:dc:05:b5:b2:ac:70:39:eb:b7:
         8c:8b:a2:69:c2:b2:fa:c2:91:34:8e:b9:9a:59:7b:6e:3c:6e:
         ba:a2:e2:37:b4:b7:24:21:05:69:a8:7c:77:88:72:3b:45:e6:
         66:d3:62:08:52:23:4d:5c:42:65:2a:96:08:0c:66:a2:d7:43:
         55:a7:3f:44:f9:91:7d:ed:7b:78:e4:2c:fb:8c:89:bf:11:8c:
         9a:df:4a:ff:f5:2e:c5:78:2e:65:05:d4:40:8a:28:cf:08:72:
         7f:ac:e6:f3:c9:c4:8b:7c:f4:0b:be:6e:a2:6b:cd:77:f3:ab:
         ad:dd:ff:4f:c0:de:85:67:5c:b4:9c:b1:34:52:59:ad:93:fc:
         62:9f:bd:07:01:4e:e2:53:77:a5:d7:74:97:cd:63:03:72:39:
         c2:9c:71:18:09:e7:79:22:cc:f9:a6:3d:ab:f7:2e:80:9e:cf:
         ef:da:c0:2f:57:13:5f:ab:8e:2b:1d:83:06:8c:1a:d0:4d:1b:
         80:84:bc:41:28:d6:f1:3a:84:03:94:7a:69:b3:0a:ec:af:35:
         c8:d6:77:9d:f6:8f:6e:5a:76:8b:cc:73:43:19:4d:ca:ec:b8:
         38:8d:9b:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4nDOQfUA1LdbMUAMqWTjoGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMjMzZDc1NTA4YjRlODVjY2NmNDQzNDlhN2NiNzAzMTk4
ZDFkMjYwHhcNMjYwNTE0MTUxMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzQ2YTc5ODNlODNhMWQzOWFkY2U4ZDBmNGFjNzRhYTdmNmI4YmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMVu84ToYb8Pyjx7wUGn1f8rrNB9
LK5dKKW6P0UtsLuFrm3/sCptTdjSqNGSFUQyySmPl0LuvmOgle1vrYX5pyWjbbHX
CPZDBLnyA3ld8C4P+Y9Nu8HNYp7rUpBkuoeySVlPAlQ8VeKZYuPlY8EL7ggqQ8bT
/jNcY0d/7vp8GyEtKzHUsGIduw+0V6aHo8/ZDyYF4lZ0QN5mOPqRzBkWnFeiQHqx
Q0LVd+LuvjeVHD1t4lRwI8gFw1+S8uwS2Esm9GuK9dZWbHvpQC4v1fjGq2tdCxft
xURG5gUruG+F3bq0cHF3D8rt2H+TivCvCKNo3Sfb8v1glknS/9jbBr4l4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNxGp5g+g6HTmtzo0PSsdKp/a4ukMB8GA1UdIwQY
MBaAFGsjPXVQi06FzM9ENJp8twMZjR0mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEt
ZmE5Y2I1MWNkMGYxLzEvM0Vhbm1ENkRvZE9hM09qUTlLeDBxbjlyaTZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEtZmE5Y2I1MWNkMGYx
LzEvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkkLeMA0G
CSqGSIb3DQEBCwUAA4IBAQCnP/ZPirOzcWQYKFnXwBO/TE0dp8fYkT0QOLfcBbWy
rHA567eMi6JpwrL6wpE0jrmaWXtuPG66ouI3tLckIQVpqHx3iHI7ReZm02IIUiNN
XEJlKpYIDGai10NVpz9E+ZF97Xt45Cz7jIm/EYya30r/9S7FeC5lBdRAiijPCHJ/
rObzycSLfPQLvm6ia81386ut3f9PwN6FZ1y0nLE0Ulmtk/xin70HAU7iU3el13SX
zWMDcjnCnHEYCed5Isz5pj2r9y6Ans/v2sAvVxNfq44rHYMGjBrQTRuAhLxBKNbx
OoQDlHppswrsrzXI1ned9o9uWnaLzHNDGU3K7Lg4jZuz
-----END CERTIFICATE-----