Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/6fpTUBj4_bNH_UUZdkvOYnGb8NE.roa
File:                     6fpTUBj4_bNH_UUZdkvOYnGb8NE.roa (raw, json)
Hash identifier:          PlXgEgBQghszn8El/TxK0a2TFgaJeGliB29YkDf0Zsc=
Subject key identifier:   E9:FA:53:50:18:F8:FD:B3:47:FD:45:19:76:4B:CE:62:71:9B:F0:D1
Certificate issuer:       /CN=51cf732a8a7439e9280f23ef57849814af195ae0
Certificate serial:       019A6EA6D122BB134AAC3416B3FA50422CEB
Authority key identifier: 51:CF:73:2A:8A:74:39:E9:28:0F:23:EF:57:84:98:14:AF:19:5A:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uc9zKop0OekoDyPvV4SYFK8ZWuA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/6fpTUBj4_bNH_UUZdkvOYnGb8NE.roa
Signing time:             Mon 10 Nov 2025 16:43:37 +0000
ROA not before:           Mon 10 Nov 2025 16:43:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209336
IP address blocks:        91.246.26.0/24 maxlen: 24
                          212.74.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/Uc9zKop0OekoDyPvV4SYFK8ZWuA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/Uc9zKop0OekoDyPvV4SYFK8ZWuA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uc9zKop0OekoDyPvV4SYFK8ZWuA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 04:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:6e:a6:d1:22:bb:13:4a:ac:34:16:b3:fa:50:42:2c:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51cf732a8a7439e9280f23ef57849814af195ae0
        Validity
            Not Before: Nov 10 16:43:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9fa535018f8fdb347fd4519764bce62719bf0d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:bb:70:ea:36:c6:30:88:4f:c0:c2:dd:f8:46:
                    36:6c:16:5f:10:ac:6f:d3:57:8c:4c:cf:32:f0:1a:
                    3a:1c:11:d5:63:f0:e2:94:99:58:c4:1d:aa:fe:b9:
                    b9:30:33:35:a9:7d:39:7f:bd:ad:d4:22:f4:d6:ea:
                    f2:c9:3f:08:b6:b5:16:8c:6e:27:f4:1c:1c:17:e2:
                    f9:5d:57:2e:24:0b:e3:0a:b5:32:3f:3f:17:76:23:
                    68:8a:86:05:9e:19:59:e1:9d:98:fe:da:be:be:90:
                    ae:27:2f:d6:ee:65:bf:94:e4:18:36:8b:d5:9c:5e:
                    4d:a7:96:d3:8a:17:33:53:d7:27:1d:d0:a0:44:67:
                    f6:67:c5:74:c2:3a:b9:b0:67:7d:c8:95:63:bf:79:
                    c8:de:ea:9e:d9:d8:7f:18:af:f2:4b:09:08:27:f9:
                    bf:05:78:04:24:f3:2f:fa:29:ae:60:72:29:5e:29:
                    48:62:4a:05:16:c4:15:7f:68:11:2b:a9:b0:f9:12:
                    26:eb:3f:6e:09:1d:73:43:77:35:b6:2c:3a:af:e8:
                    a7:f7:8e:0d:8a:ef:f1:0a:de:d6:f0:e2:73:38:fd:
                    5c:ff:a1:1a:9f:84:61:25:5e:f5:cf:d3:23:26:cc:
                    39:66:a7:1e:61:02:d2:f0:0a:d5:da:22:8f:1b:f9:
                    33:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:FA:53:50:18:F8:FD:B3:47:FD:45:19:76:4B:CE:62:71:9B:F0:D1
            X509v3 Authority Key Identifier:
                keyid:51:CF:73:2A:8A:74:39:E9:28:0F:23:EF:57:84:98:14:AF:19:5A:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uc9zKop0OekoDyPvV4SYFK8ZWuA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/6fpTUBj4_bNH_UUZdkvOYnGb8NE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/9a6638-c8fd-43cf-b1c4-b071c7efd915/1/Uc9zKop0OekoDyPvV4SYFK8ZWuA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.246.26.0/24
                  212.74.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:74:bc:af:99:12:8a:99:c5:09:8b:93:31:19:58:35:a8:8a:
         9f:2f:1a:c8:58:91:05:81:bb:ab:b3:82:e9:c9:8a:f2:14:e8:
         58:1a:7e:40:6a:48:21:97:3f:8e:88:d2:b0:53:09:3c:d2:cd:
         ba:df:02:ba:99:22:c5:6d:2d:94:2b:94:42:62:6e:a4:bf:0e:
         88:67:bf:db:c6:ce:27:f6:20:ae:ca:3a:55:c1:25:99:9e:29:
         48:8e:66:3f:17:95:20:41:b0:14:c3:8f:15:f8:25:61:c5:6a:
         55:f5:b5:6f:46:79:87:6c:7f:a7:12:48:9c:0e:1f:e7:e8:83:
         b1:1a:12:a0:94:2b:93:f4:c9:96:d5:a3:ad:89:ec:2d:b7:26:
         30:e4:bb:7e:0e:c9:dc:a0:2d:5b:f9:73:4d:e7:7e:f7:2a:4d:
         c0:a7:5b:be:4e:63:45:ba:55:19:ae:1e:06:0a:d8:03:35:36:
         dd:b3:c7:cf:43:bf:c0:0b:46:6d:b0:fc:0b:24:25:14:e1:0e:
         b9:8c:06:e2:fb:21:31:1b:1b:30:cf:55:50:6c:1b:54:99:9a:
         d7:ab:0a:5d:7f:f1:70:a7:bf:9c:25:50:b0:03:07:ee:87:13:
         ac:72:98:bf:c8:c3:48:bd:b5:6e:64:d4:f0:b1:91:88:32:25:
         4f:42:da:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpuptEiuxNKrDQWs/pQQizrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxY2Y3MzJhOGE3NDM5ZTkyODBmMjNlZjU3ODQ5ODE0YWYx
OTVhZTAwHhcNMjUxMTEwMTY0MzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWZhNTM1MDE4ZjhmZGIzNDdmZDQ1MTk3NjRiY2U2MjcxOWJmMGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrtw6jbGMIhPwMLd+EY2bBZfEKxv
01eMTM8y8Bo6HBHVY/DilJlYxB2q/rm5MDM1qX05f72t1CL01uryyT8ItrUWjG4n
9BwcF+L5XVcuJAvjCrUyPz8XdiNoioYFnhlZ4Z2Y/tq+vpCuJy/W7mW/lOQYNovV
nF5Np5bTihczU9cnHdCgRGf2Z8V0wjq5sGd9yJVjv3nI3uqe2dh/GK/ySwkIJ/m/
BXgEJPMv+imuYHIpXilIYkoFFsQVf2gRK6mw+RIm6z9uCR1zQ3c1tiw6r+in944N
iu/xCt7W8OJzOP1c/6Ean4RhJV71z9MjJsw5ZqceYQLS8ArV2iKPG/kzQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOn6U1AY+P2zR/1FGXZLzmJxm/DRMB8GA1UdIwQY
MBaAFFHPcyqKdDnpKA8j71eEmBSvGVrgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWM5ektvcDBPZWtvRHlQdlY0U1lGSzhaV3VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy85YTY2MzgtYzhmZC00M2NmLWIxYzQt
YjA3MWM3ZWZkOTE1LzEvNmZwVFVCajRfYk5IX1VVWmRrdk9ZbkdiOE5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy85YTY2MzgtYzhmZC00M2NmLWIxYzQtYjA3MWM3ZWZkOTE1
LzEvVWM5ektvcDBPZWtvRHlQdlY0U1lGSzhaV3VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/YaAwQA
1EogMA0GCSqGSIb3DQEBCwUAA4IBAQBLdLyvmRKKmcUJi5MxGVg1qIqfLxrIWJEF
gburs4LpyYryFOhYGn5Aakghlz+OiNKwUwk80s263wK6mSLFbS2UK5RCYm6kvw6I
Z7/bxs4n9iCuyjpVwSWZnilIjmY/F5UgQbAUw48V+CVhxWpV9bVvRnmHbH+nEkic
Dh/n6IOxGhKglCuT9MmW1aOtiewttyYw5Lt+DsncoC1b+XNN5373Kk3Ap1u+TmNF
ulUZrh4GCtgDNTbds8fPQ7/AC0ZtsPwLJCUU4Q65jAbi+yExGxswz1VQbBtUmZrX
qwpdf/Fwp7+cJVCwAwfuhxOscpi/yMNIvbVuZNTwsZGIMiVPQtpS
-----END CERTIFICATE-----