Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/e76a95-f7ae-44b9-9d8d-65dd7f52e46c/1/6tHZhT7N21w3Z616ewGEbAeKLdw.roa
File:                     6tHZhT7N21w3Z616ewGEbAeKLdw.roa (raw, json)
Hash identifier:          drk0jZRid095U5sVAWQhFh5KREeBBkf7MnZyeJizYAc=
Subject key identifier:   EA:D1:D9:85:3E:CD:DB:5C:37:67:AD:7A:7B:01:84:6C:07:8A:2D:DC
Certificate issuer:       /CN=8b73f83735c8ab10a0a8d44e170128f023846e79
Certificate serial:       019B7CED1CAA06789AF22B6E49C51C17979A
Authority key identifier: 8B:73:F8:37:35:C8:AB:10:A0:A8:D4:4E:17:01:28:F0:23:84:6E:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i3P4NzXIqxCgqNROFwEo8COEbnk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/e76a95-f7ae-44b9-9d8d-65dd7f52e46c/1/6tHZhT7N21w3Z616ewGEbAeKLdw.roa
Signing time:             Fri 02 Jan 2026 04:17:52 +0000
ROA not before:           Fri 02 Jan 2026 04:17:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202100
IP address blocks:        185.46.244.0/22 maxlen: 22
                          2a01:8ba0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/e76a95-f7ae-44b9-9d8d-65dd7f52e46c/1/i3P4NzXIqxCgqNROFwEo8COEbnk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/e76a95-f7ae-44b9-9d8d-65dd7f52e46c/1/i3P4NzXIqxCgqNROFwEo8COEbnk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i3P4NzXIqxCgqNROFwEo8COEbnk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 10:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:1c:aa:06:78:9a:f2:2b:6e:49:c5:1c:17:97:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b73f83735c8ab10a0a8d44e170128f023846e79
        Validity
            Not Before: Jan  2 04:17:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ead1d9853ecddb5c3767ad7a7b01846c078a2ddc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:2c:b1:cb:2b:fd:37:5e:ac:a4:9e:e9:ac:13:
                    a2:2d:f1:cb:27:c1:04:31:25:e3:bf:6c:60:30:b8:
                    63:ae:af:54:96:ba:bc:d1:71:18:6f:2b:e5:0f:c9:
                    0f:5e:6b:5a:20:56:74:b2:82:a5:2c:30:57:ea:94:
                    1c:2d:7b:71:04:0a:9a:3a:f8:f2:9f:65:52:6d:82:
                    e8:5f:b9:7f:03:11:ec:40:25:8d:ad:46:0f:4d:ca:
                    49:ff:df:0d:10:60:aa:37:38:c9:5e:83:19:e1:0e:
                    88:ea:a6:8f:e4:58:8f:b6:ce:6c:2a:41:ba:2f:14:
                    1f:8e:a2:5c:78:71:7f:97:07:c9:4e:15:19:77:86:
                    90:8c:39:b5:64:12:25:6c:16:71:d6:c8:ac:17:32:
                    19:3e:1b:4b:7c:77:2b:55:26:7a:c1:88:e9:0f:99:
                    93:50:aa:6b:5c:de:1e:9b:3c:2f:4a:4b:46:53:dd:
                    7e:b8:e9:8a:f4:e0:63:86:3a:c4:c0:90:41:c9:0a:
                    5e:9e:f5:1d:f8:12:2e:b9:b3:3d:5a:f1:6f:98:44:
                    73:4b:e5:7c:de:c7:18:a2:da:d3:b6:50:e8:16:9d:
                    5d:76:bb:21:10:91:e9:4d:d8:6f:26:45:c4:8d:1e:
                    1c:b3:0e:de:86:33:4a:33:50:fe:c0:b1:f9:c0:78:
                    89:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:D1:D9:85:3E:CD:DB:5C:37:67:AD:7A:7B:01:84:6C:07:8A:2D:DC
            X509v3 Authority Key Identifier:
                keyid:8B:73:F8:37:35:C8:AB:10:A0:A8:D4:4E:17:01:28:F0:23:84:6E:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i3P4NzXIqxCgqNROFwEo8COEbnk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/e76a95-f7ae-44b9-9d8d-65dd7f52e46c/1/6tHZhT7N21w3Z616ewGEbAeKLdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/e76a95-f7ae-44b9-9d8d-65dd7f52e46c/1/i3P4NzXIqxCgqNROFwEo8COEbnk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.244.0/22
                IPv6:
                  2a01:8ba0::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:d7:53:d9:55:3e:f7:7b:77:02:f4:ad:19:55:23:80:c2:c0:
         22:16:39:7b:64:57:72:34:82:98:32:70:cc:c0:47:ed:dc:c5:
         23:b6:81:af:46:aa:54:49:0d:75:fc:b7:c4:64:e2:46:33:60:
         94:18:cd:0d:f5:ee:07:67:69:51:95:f3:d6:16:de:49:0b:52:
         c9:db:2d:b3:ee:a1:70:0f:e6:6e:36:9d:20:1a:a9:ae:b0:34:
         e6:0f:d6:e1:33:42:95:75:6a:79:37:ef:6c:f4:07:97:7c:1c:
         6b:c3:42:11:53:a5:db:66:b5:53:1a:f9:52:67:6f:a7:fb:32:
         bc:e8:1e:a5:62:b9:07:af:a4:34:9a:f7:2e:c5:9a:c1:a7:ca:
         eb:76:a8:1e:24:22:76:9b:b8:99:9e:e6:4c:34:f5:ee:f4:6f:
         c8:54:d6:60:64:55:20:8f:75:16:ea:a8:42:d6:5e:1d:db:c6:
         1b:98:77:2c:22:1a:86:b5:b4:f4:5e:5d:c7:d0:31:ae:de:c9:
         da:bf:b3:58:d9:fa:13:33:11:e8:7a:08:94:75:b0:75:b2:d4:
         05:aa:29:ba:96:3c:63:a0:56:6d:4a:bc:84:02:13:c0:39:24:
         39:24:17:d2:06:39:4c:1e:a5:c2:b7:7b:95:bb:be:c5:9d:78:
         f6:6a:fd:37
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt87RyqBnia8ituScUcF5eaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNzNmODM3MzVjOGFiMTBhMGE4ZDQ0ZTE3MDEyOGYwMjM4
NDZlNzkwHhcNMjYwMTAyMDQxNzUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWQxZDk4NTNlY2RkYjVjMzc2N2FkN2E3YjAxODQ2YzA3OGEyZGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yyxyyv9N16spJ7prBOiLfHLJ8EE
MSXjv2xgMLhjrq9Ulrq80XEYbyvlD8kPXmtaIFZ0soKlLDBX6pQcLXtxBAqaOvjy
n2VSbYLoX7l/AxHsQCWNrUYPTcpJ/98NEGCqNzjJXoMZ4Q6I6qaP5FiPts5sKkG6
LxQfjqJceHF/lwfJThUZd4aQjDm1ZBIlbBZx1sisFzIZPhtLfHcrVSZ6wYjpD5mT
UKprXN4emzwvSktGU91+uOmK9OBjhjrEwJBByQpenvUd+BIuubM9WvFvmERzS+V8
3scYotrTtlDoFp1ddrshEJHpTdhvJkXEjR4csw7ehjNKM1D+wLH5wHiJ9QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOrR2YU+zdtcN2etensBhGwHii3cMB8GA1UdIwQY
MBaAFItz+Dc1yKsQoKjUThcBKPAjhG55MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTNQNE56WElxeENncU5ST0Z3RW84Q09FYm5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lNzZhOTUtZjdhZS00NGI5LTlkOGQt
NjVkZDdmNTJlNDZjLzEvNnRIWmhUN04yMXczWjYxNmV3R0ViQWVLTGR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lNzZhOTUtZjdhZS00NGI5LTlkOGQtNjVkZDdmNTJlNDZj
LzEvaTNQNE56WElxeENncU5ST0Z3RW84Q09FYm5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuS70MA0E
AgACMAcDBQMqAYugMA0GCSqGSIb3DQEBCwUAA4IBAQAV11PZVT73e3cC9K0ZVSOA
wsAiFjl7ZFdyNIKYMnDMwEft3MUjtoGvRqpUSQ11/LfEZOJGM2CUGM0N9e4HZ2lR
lfPWFt5JC1LJ2y2z7qFwD+ZuNp0gGqmusDTmD9bhM0KVdWp5N+9s9AeXfBxrw0IR
U6XbZrVTGvlSZ2+n+zK86B6lYrkHr6Q0mvcuxZrBp8rrdqgeJCJ2m7iZnuZMNPXu
9G/IVNZgZFUgj3UW6qhC1l4d28YbmHcsIhqGtbT0Xl3H0DGu3snav7NY2foTMxHo
egiUdbB1stQFqim6ljxjoFZtSryEAhPAOSQ5JBfSBjlMHqXCt3uVu77FnXj2av03
-----END CERTIFICATE-----