Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/6TpoatGKSPSrwq794kzIl2Er6NE.roa
File:                     6TpoatGKSPSrwq794kzIl2Er6NE.roa (raw, json)
Hash identifier:          10DNCuCmmf7tQjJWk0XlymUIhyygXD24DUUyEcOANN0=
Subject key identifier:   E9:3A:68:6A:D1:8A:48:F4:AB:C2:AE:FD:E2:4C:C8:97:61:2B:E8:D1
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019C9AA05E2EF8045587F4769DCEF6A3F9C9
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/6TpoatGKSPSrwq794kzIl2Er6NE.roa
Signing time:             Thu 26 Feb 2026 15:45:26 +0000
ROA not before:           Thu 26 Feb 2026 15:45:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201541
IP address blocks:        2a0d:d940:70::/44 maxlen: 48
                          2a0d:d940:2002::/48 maxlen: 48
                          2a0d:d940:200e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9a:a0:5e:2e:f8:04:55:87:f4:76:9d:ce:f6:a3:f9:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Feb 26 15:45:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e93a686ad18a48f4abc2aefde24cc897612be8d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:41:b9:b1:c3:c7:df:01:53:b8:9f:a5:3e:2f:
                    e4:cc:7b:d9:bf:3a:c8:0c:30:7f:b4:32:d2:92:6d:
                    ca:2e:62:37:10:fd:1b:2a:6d:8e:59:b1:30:1b:9b:
                    61:32:1a:65:28:d0:d2:e8:70:11:4d:e1:0a:cb:25:
                    92:8c:c9:6e:f2:0d:34:ef:9a:7a:0a:ad:ab:91:9d:
                    bd:40:10:34:69:d5:4a:e8:e7:1e:0d:3e:39:ba:7d:
                    92:f7:42:92:68:12:6a:64:6b:dc:f2:91:7c:38:4e:
                    03:8c:4d:55:48:e1:3e:f4:61:b5:3d:87:45:d5:2a:
                    45:f3:ed:28:68:c1:0f:43:5c:dd:e9:75:73:b4:a2:
                    44:a7:ec:02:f6:99:21:8c:d8:5a:8b:26:15:9b:7d:
                    32:98:29:44:90:3b:ab:e1:b0:ab:54:02:c8:c2:65:
                    a3:5c:72:b0:f5:46:0c:6a:66:e7:3c:34:81:b6:76:
                    58:d8:3c:29:bf:c2:74:31:a9:d3:48:66:bc:47:e0:
                    30:ec:6a:97:56:aa:e3:6b:57:6f:cd:56:61:6e:47:
                    b4:2e:cb:81:b7:9f:eb:e6:fc:d5:fb:58:b9:9e:ff:
                    ce:50:9a:93:a5:2b:f0:64:b3:ea:00:9b:84:52:90:
                    82:30:6c:a7:6b:ad:ba:0b:f2:8a:6e:2b:f7:c8:d1:
                    3a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:3A:68:6A:D1:8A:48:F4:AB:C2:AE:FD:E2:4C:C8:97:61:2B:E8:D1
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/6TpoatGKSPSrwq794kzIl2Er6NE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:70::/44
                  2a0d:d940:2002::/48
                  2a0d:d940:200e::/48

    Signature Algorithm: sha256WithRSAEncryption
         b6:6e:fc:bb:85:68:05:8c:3b:01:da:0d:ee:e4:34:d6:71:46:
         4f:f8:b3:f7:df:37:b3:63:38:e9:17:08:1a:b9:16:ab:85:be:
         eb:07:19:7a:91:8f:60:a5:94:d6:da:af:bd:bf:58:d2:23:3d:
         38:a6:fd:6c:d4:6a:93:e1:57:52:7c:4f:8a:37:37:fc:07:bc:
         e6:88:e0:03:98:6c:2b:a4:88:7e:51:da:78:2d:75:22:70:1d:
         da:21:44:f4:16:32:5d:65:37:20:9b:a0:52:a2:5d:6e:d6:12:
         ca:ef:79:94:da:ff:c9:98:d5:bd:c3:e4:a0:cf:0f:d7:16:15:
         fd:1e:df:58:58:0b:e3:6a:c6:32:a9:cc:62:9f:17:c5:0e:5b:
         7e:5e:63:62:32:56:9b:b3:aa:e6:7b:82:c8:f9:b6:f2:0c:03:
         f5:3b:69:cd:f5:cc:d1:c3:ed:b9:a8:a3:7a:69:da:86:4f:fd:
         9b:1d:4d:b3:d4:a8:26:55:dc:31:64:0d:14:87:c6:4a:f8:b2:
         e4:54:dd:3d:b0:8d:4f:4c:72:c2:b8:90:f9:20:62:8a:50:c1:
         92:ec:02:b1:60:62:e2:1b:6d:52:84:9f:83:55:e6:e5:d4:22:
         36:1e:88:0b:7d:5d:d4:1c:c2:60:9b:ba:96:5e:d7:2c:a7:8c:
         f1:1c:45:76
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZyaoF4u+ARVh/R2nc72o/nJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwMjI2MTU0NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTNhNjg2YWQxOGE0OGY0YWJjMmFlZmRlMjRjYzg5NzYxMmJlOGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8UG5scPH3wFTuJ+lPi/kzHvZvzrI
DDB/tDLSkm3KLmI3EP0bKm2OWbEwG5thMhplKNDS6HARTeEKyyWSjMlu8g0075p6
Cq2rkZ29QBA0adVK6OceDT45un2S90KSaBJqZGvc8pF8OE4DjE1VSOE+9GG1PYdF
1SpF8+0oaMEPQ1zd6XVztKJEp+wC9pkhjNhaiyYVm30ymClEkDur4bCrVALIwmWj
XHKw9UYMambnPDSBtnZY2Dwpv8J0ManTSGa8R+Aw7GqXVqrja1dvzVZhbke0LsuB
t5/r5vzV+1i5nv/OUJqTpSvwZLPqAJuEUpCCMGyna626C/KKbiv3yNE6CwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOk6aGrRikj0q8Ku/eJMyJdhK+jRMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvNlRwb2F0R0tTUFNyd3E3OTRreklsMkVyNk5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcEKg3ZQABw
AwcAKg3ZQCACAwcAKg3ZQCAOMA0GCSqGSIb3DQEBCwUAA4IBAQC2bvy7hWgFjDsB
2g3u5DTWcUZP+LP33zezYzjpFwgauRarhb7rBxl6kY9gpZTW2q+9v1jSIz04pv1s
1GqT4VdSfE+KNzf8B7zmiOADmGwrpIh+Udp4LXUicB3aIUT0FjJdZTcgm6BSol1u
1hLK73mU2v/JmNW9w+Sgzw/XFhX9Ht9YWAvjasYyqcxinxfFDlt+XmNiMlabs6rm
e4LI+bbyDAP1O2nN9czRw+25qKN6adqGT/2bHU2z1KgmVdwxZA0Uh8ZK+LLkVN09
sI1PTHLCuJD5IGKKUMGS7AKxYGLiG21ShJ+DVebl1CI2HogLfV3UHMJgm7qWXtcs
p4zxHEV2
-----END CERTIFICATE-----