Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/D6gsyuBvq-v8dHbQhkGm5ZATbvc.roa
File:                     D6gsyuBvq-v8dHbQhkGm5ZATbvc.roa (raw, json)
Hash identifier:          +ZoEMWFvRto5Iix5Aq4jw/RuVyb6nTqra5qXLRAnIkA=
Subject key identifier:   0F:A8:2C:CA:E0:6F:AB:EB:FC:74:76:D0:86:41:A6:E5:90:13:6E:F7
Certificate issuer:       /CN=2b6d142b5b6a5298d6b8fa5845f29878cfebbc54
Certificate serial:       019CCE3B6CB381F7C96E3AE97469C9AB3DD4
Authority key identifier: 2B:6D:14:2B:5B:6A:52:98:D6:B8:FA:58:45:F2:98:78:CF:EB:BC:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K20UK1tqUpjWuPpYRfKYeM_rvFQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/D6gsyuBvq-v8dHbQhkGm5ZATbvc.roa
Signing time:             Sun 08 Mar 2026 16:15:26 +0000
ROA not before:           Sun 08 Mar 2026 16:15:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44947
IP address blocks:        80.244.11.0/24 maxlen: 24
                          2a13:6fc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/K20UK1tqUpjWuPpYRfKYeM_rvFQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/K20UK1tqUpjWuPpYRfKYeM_rvFQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K20UK1tqUpjWuPpYRfKYeM_rvFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 04:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ce:3b:6c:b3:81:f7:c9:6e:3a:e9:74:69:c9:ab:3d:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b6d142b5b6a5298d6b8fa5845f29878cfebbc54
        Validity
            Not Before: Mar  8 16:15:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0fa82ccae06fabebfc7476d08641a6e590136ef7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8f:e2:d5:df:7b:41:a6:76:4c:52:ac:0f:e5:
                    f4:53:26:12:ca:ea:3b:c8:07:14:d8:d4:2f:ad:82:
                    21:40:89:fe:b1:78:49:3c:91:fe:1f:a1:ac:8c:87:
                    d3:42:f3:54:66:07:5a:44:49:2c:86:df:c1:cd:69:
                    05:76:fa:4a:a8:ea:84:4d:69:57:c8:15:a0:de:92:
                    34:4c:a2:97:15:9d:d7:a4:d9:92:03:4b:06:10:4b:
                    34:8d:6e:eb:29:c8:50:1a:e5:57:a7:08:69:ac:96:
                    a4:57:82:7b:4e:28:6b:72:8d:7a:e4:73:60:8d:d3:
                    44:3b:50:2c:83:28:2b:00:d3:da:bd:50:fd:c0:e1:
                    af:e8:ac:80:30:86:23:99:c7:e2:0a:6d:b1:3b:ee:
                    5d:d4:65:d9:f8:4f:c5:f8:64:cf:9c:6b:f9:d6:1d:
                    74:29:1a:70:3c:f7:be:79:20:f4:c6:d0:3d:7c:1b:
                    31:d8:bc:f0:77:1b:7d:66:31:6a:a3:b9:62:7d:4b:
                    6d:34:f9:09:f0:87:a7:54:84:51:35:30:e9:ec:1e:
                    e2:c1:63:e0:2e:02:c9:5c:78:89:8a:ac:58:52:cf:
                    e2:32:36:77:dc:10:ee:6c:e1:d6:dd:72:6d:3d:09:
                    da:d5:71:22:4b:72:01:a6:91:a8:60:12:de:a6:cd:
                    73:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:A8:2C:CA:E0:6F:AB:EB:FC:74:76:D0:86:41:A6:E5:90:13:6E:F7
            X509v3 Authority Key Identifier:
                keyid:2B:6D:14:2B:5B:6A:52:98:D6:B8:FA:58:45:F2:98:78:CF:EB:BC:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K20UK1tqUpjWuPpYRfKYeM_rvFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/D6gsyuBvq-v8dHbQhkGm5ZATbvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/1e3c12-3207-4325-86f5-8befee49ed4d/1/K20UK1tqUpjWuPpYRfKYeM_rvFQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.244.11.0/24
                IPv6:
                  2a13:6fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:8f:4c:8d:8e:1a:97:d5:81:e3:7e:b8:5c:5f:64:19:95:39:
         43:56:da:ae:2c:24:c1:05:44:ba:b8:d2:9e:f5:c6:ce:87:05:
         12:63:a7:86:c3:ec:88:0c:fb:c9:91:02:33:53:4a:b4:b8:36:
         86:24:ad:83:94:4b:27:38:41:7e:00:74:77:d6:60:e0:33:83:
         56:9f:9c:49:5a:81:63:32:74:f5:c8:c9:7b:9e:5a:9e:da:9f:
         d2:83:33:e6:c8:ee:f5:a7:23:82:60:09:dd:8a:8c:f4:e5:e1:
         01:d0:72:41:72:68:7b:a4:72:69:04:98:da:22:59:f4:54:bf:
         a4:c4:64:e8:0c:98:02:ab:22:92:bc:a2:25:07:56:7e:74:82:
         c0:59:80:a5:04:c1:95:be:0f:c3:eb:e6:be:03:da:4f:8c:32:
         66:a1:d0:0e:48:43:dc:78:bc:35:5a:17:43:2d:67:ca:11:01:
         7c:8d:f5:42:d2:31:d8:7f:54:86:d8:3d:12:b8:ec:6c:46:f6:
         11:b6:03:6a:2b:08:fe:42:cd:ea:32:3f:36:be:2d:97:c4:7e:
         22:20:e4:58:35:6b:60:3b:9d:e0:6e:96:fe:1a:c5:86:2b:a0:
         07:3c:8c:83:f2:78:7a:3a:f2:a6:e0:2a:85:c6:82:54:18:31:
         b1:33:53:3c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZzOO2yzgffJbjrpdGnJqz3UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNmQxNDJiNWI2YTUyOThkNmI4ZmE1ODQ1ZjI5ODc4Y2Zl
YmJjNTQwHhcNMjYwMzA4MTYxNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmE4MmNjYWUwNmZhYmViZmM3NDc2ZDA4NjQxYTZlNTkwMTM2ZWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtY/i1d97QaZ2TFKsD+X0UyYSyuo7
yAcU2NQvrYIhQIn+sXhJPJH+H6GsjIfTQvNUZgdaREksht/BzWkFdvpKqOqETWlX
yBWg3pI0TKKXFZ3XpNmSA0sGEEs0jW7rKchQGuVXpwhprJakV4J7Tihrco165HNg
jdNEO1AsgygrANPavVD9wOGv6KyAMIYjmcfiCm2xO+5d1GXZ+E/F+GTPnGv51h10
KRpwPPe+eSD0xtA9fBsx2Lzwdxt9ZjFqo7lifUttNPkJ8IenVIRRNTDp7B7iwWPg
LgLJXHiJiqxYUs/iMjZ33BDubOHW3XJtPQna1XEiS3IBppGoYBLeps1zFQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA+oLMrgb6vr/HR20IZBpuWQE273MB8GA1UdIwQY
MBaAFCttFCtbalKY1rj6WEXymHjP67xUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzIwVUsxdHFVcGpXdVBwWVJmS1llTV9ydkZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8xZTNjMTItMzIwNy00MzI1LTg2ZjUt
OGJlZmVlNDllZDRkLzEvRDZnc3l1QnZxLXY4ZEhiUWhrR201WkFUYnZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8xZTNjMTItMzIwNy00MzI1LTg2ZjUtOGJlZmVlNDllZDRk
LzEvSzIwVUsxdHFVcGpXdVBwWVJmS1llTV9ydkZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAUPQLMA0E
AgACMAcDBQMqE2/AMA0GCSqGSIb3DQEBCwUAA4IBAQAsj0yNjhqX1YHjfrhcX2QZ
lTlDVtquLCTBBUS6uNKe9cbOhwUSY6eGw+yIDPvJkQIzU0q0uDaGJK2DlEsnOEF+
AHR31mDgM4NWn5xJWoFjMnT1yMl7nlqe2p/SgzPmyO71pyOCYAndioz05eEB0HJB
cmh7pHJpBJjaIln0VL+kxGToDJgCqyKSvKIlB1Z+dILAWYClBMGVvg/D6+a+A9pP
jDJmodAOSEPceLw1WhdDLWfKEQF8jfVC0jHYf1SG2D0SuOxsRvYRtgNqKwj+Qs3q
Mj82vi2XxH4iIORYNWtgO53gbpb+GsWGK6AHPIyD8nh6OvKm4CqFxoJUGDGxM1M8
-----END CERTIFICATE-----