Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/bSb1vKlFqm6Lgoy9mUt1MbjszKU.roa
File:                     bSb1vKlFqm6Lgoy9mUt1MbjszKU.roa (raw, json)
Hash identifier:          8Rm1aKWGejiopvOQal7M9IGwEZUMfEE7E/dgp4snH3E=
Subject key identifier:   6D:26:F5:BC:A9:45:AA:6E:8B:82:8C:BD:99:4B:75:31:B8:EC:CC:A5
Certificate issuer:       /CN=1ba51a0bc0f0afebbf6d5d927fe1f9816f52352d
Certificate serial:       019CBCE7B2ADDF3CA921C6F557D55296BA11
Authority key identifier: 1B:A5:1A:0B:C0:F0:AF:EB:BF:6D:5D:92:7F:E1:F9:81:6F:52:35:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/bSb1vKlFqm6Lgoy9mUt1MbjszKU.roa
Signing time:             Thu 05 Mar 2026 07:30:27 +0000
ROA not before:           Thu 05 Mar 2026 07:30:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3491
IP address blocks:        168.151.21.0/24 maxlen: 24
                          168.151.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 10:49:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bc:e7:b2:ad:df:3c:a9:21:c6:f5:57:d5:52:96:ba:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ba51a0bc0f0afebbf6d5d927fe1f9816f52352d
        Validity
            Not Before: Mar  5 07:30:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d26f5bca945aa6e8b828cbd994b7531b8eccca5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:9e:de:cd:5a:86:a7:2d:81:81:4d:cc:90:ee:
                    1f:17:a6:c6:71:e9:30:86:5b:04:09:91:1f:38:cb:
                    00:3c:d9:42:6f:ca:a5:12:56:29:f0:41:ce:88:e0:
                    4b:ec:be:29:4c:d7:10:18:98:16:fa:82:d4:5d:75:
                    3f:59:d9:85:6c:c8:92:d6:4e:95:eb:14:0b:52:b5:
                    7d:62:ea:2e:50:e3:5e:cc:fb:36:4c:8a:97:e5:2b:
                    9c:9e:a1:5c:09:3a:a1:b6:a5:e6:17:85:eb:82:84:
                    2e:d4:39:a1:6a:8d:01:0f:59:a7:8c:f6:ec:54:24:
                    0e:40:d7:d8:f6:fc:05:27:2e:a6:3b:e5:dc:e4:b3:
                    fa:1e:91:44:96:ae:2a:45:3c:21:9e:c2:fe:b9:34:
                    8e:49:74:05:36:d4:b0:da:d5:a9:d9:7d:22:89:a2:
                    2e:4d:e9:76:cc:8a:e7:05:bb:c5:05:0e:26:5f:8c:
                    e0:c5:3a:f0:52:91:3b:4b:93:a0:93:79:03:91:b1:
                    24:ad:fe:ec:28:96:4a:8d:97:bc:1e:65:d3:fb:cd:
                    6c:0a:09:28:de:1e:34:d7:2d:0c:5d:da:12:ac:b5:
                    e8:84:55:61:1c:c9:1e:38:8e:0c:52:39:e2:a5:8a:
                    b3:f0:87:08:d4:e6:47:ff:64:c2:a3:67:a0:c6:e5:
                    80:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:26:F5:BC:A9:45:AA:6E:8B:82:8C:BD:99:4B:75:31:B8:EC:CC:A5
            X509v3 Authority Key Identifier:
                keyid:1B:A5:1A:0B:C0:F0:AF:EB:BF:6D:5D:92:7F:E1:F9:81:6F:52:35:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/bSb1vKlFqm6Lgoy9mUt1MbjszKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.151.21.0/24
                  168.151.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:20:f7:92:45:89:2c:db:5a:23:3c:8e:f3:60:0b:be:ad:03:
         18:44:d5:c2:b0:4e:dc:3b:ed:99:45:45:9d:0d:c9:59:a0:92:
         f9:77:7e:46:89:98:c0:25:cb:93:60:b9:19:01:38:d9:b1:86:
         e1:1f:a2:f3:ec:32:cf:f1:30:eb:11:73:c2:8a:ac:ff:f9:fd:
         28:b9:73:a6:dc:8f:44:4d:db:7d:fd:c5:d9:e1:ea:2e:ca:c4:
         e7:7a:41:2f:16:7b:da:e5:d5:0c:46:fa:a1:3e:dd:55:f5:3b:
         8c:1e:42:d4:da:86:fd:bb:2d:b0:8d:2c:9d:9b:36:db:1c:4a:
         d2:89:ae:1f:c8:f8:a9:e1:9f:2e:1b:88:82:11:92:f5:17:a9:
         9a:9d:6d:86:b3:94:c7:3b:65:b6:30:ad:01:3a:ab:10:a4:16:
         94:b7:6e:b8:44:9a:4c:72:46:8b:c0:8f:82:23:70:56:54:b4:
         bc:e0:31:85:79:e9:33:96:c7:dd:b5:35:67:a4:ce:1a:cc:b3:
         96:3c:5e:36:65:31:ca:62:25:1f:ec:c7:c1:ca:cb:f0:a5:53:
         0b:6e:74:75:16:5a:73:3c:3d:12:3b:69:1e:d1:d6:a4:04:d8:
         fc:91:e0:43:87:71:a7:de:eb:b3:78:3e:2b:96:ba:83:19:2d:
         bd:66:97:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZy857Kt3zypIcb1V9VSlroRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiYTUxYTBiYzBmMGFmZWJiZjZkNWQ5MjdmZTFmOTgxNmY1
MjM1MmQwHhcNMjYwMzA1MDczMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDI2ZjViY2E5NDVhYTZlOGI4MjhjYmQ5OTRiNzUzMWI4ZWNjY2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs57ezVqGpy2BgU3MkO4fF6bGcekw
hlsECZEfOMsAPNlCb8qlElYp8EHOiOBL7L4pTNcQGJgW+oLUXXU/WdmFbMiS1k6V
6xQLUrV9YuouUONezPs2TIqX5SucnqFcCTqhtqXmF4XrgoQu1Dmhao0BD1mnjPbs
VCQOQNfY9vwFJy6mO+Xc5LP6HpFElq4qRTwhnsL+uTSOSXQFNtSw2tWp2X0iiaIu
Tel2zIrnBbvFBQ4mX4zgxTrwUpE7S5Ogk3kDkbEkrf7sKJZKjZe8HmXT+81sCgko
3h401y0MXdoSrLXohFVhHMkeOI4MUjnipYqz8IcI1OZH/2TCo2egxuWABwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG0m9bypRapui4KMvZlLdTG47MylMB8GA1UdIwQY
MBaAFBulGgvA8K/rv21dkn/h+YFvUjUtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzZVYUM4RHdyLXVfYlYyU2YtSDVnVzlTTlMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZjIxMWUtNzlkNy00NTA0LTllYWQt
ODcxZjllZDcwOGUwLzEvYlNiMXZLbEZxbTZMZ295OW1VdDFNYmpzektVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZjIxMWUtNzlkNy00NTA0LTllYWQtODcxZjllZDcwOGUw
LzEvRzZVYUM4RHdyLXVfYlYyU2YtSDVnVzlTTlMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAqJcVAwQA
qJccMA0GCSqGSIb3DQEBCwUAA4IBAQAIIPeSRYks21ojPI7zYAu+rQMYRNXCsE7c
O+2ZRUWdDclZoJL5d35GiZjAJcuTYLkZATjZsYbhH6Lz7DLP8TDrEXPCiqz/+f0o
uXOm3I9ETdt9/cXZ4eouysTnekEvFnva5dUMRvqhPt1V9TuMHkLU2ob9uy2wjSyd
mzbbHErSia4fyPip4Z8uG4iCEZL1F6manW2Gs5THO2W2MK0BOqsQpBaUt264RJpM
ckaLwI+CI3BWVLS84DGFeekzlsfdtTVnpM4azLOWPF42ZTHKYiUf7MfBysvwpVML
bnR1FlpzPD0SO2ke0dakBNj8keBDh3Gn3uuzeD4rlrqDGS29Zpch
-----END CERTIFICATE-----