Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/6SvDfX-QGUlPu6L1OSaGMGXzF2s.roa
File:                     6SvDfX-QGUlPu6L1OSaGMGXzF2s.roa (raw, json)
Hash identifier:          3GmsqZ8QW2E13cyyvxIwG9GG6s3Edi2fo8WV4BsAreU=
Subject key identifier:   E9:2B:C3:7D:7F:90:19:49:4F:BB:A2:F5:39:26:86:30:65:F3:17:6B
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019C4A7D075968660A0CC33E526CE589F65D
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/6SvDfX-QGUlPu6L1OSaGMGXzF2s.roa
Signing time:             Wed 11 Feb 2026 02:17:13 +0000
ROA not before:           Wed 11 Feb 2026 02:17:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201790
IP address blocks:        5.175.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4a:7d:07:59:68:66:0a:0c:c3:3e:52:6c:e5:89:f6:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Feb 11 02:17:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e92bc37d7f9019494fbba2f53926863065f3176b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:95:02:4e:78:8b:99:97:d2:77:8f:15:85:d1:
                    75:f9:79:bc:b6:65:f4:2f:d4:21:ee:56:9d:fd:90:
                    c3:55:a4:78:4a:9e:67:f7:8f:25:97:d1:54:5c:ed:
                    cc:f7:06:50:9a:9b:05:ee:1d:61:de:a9:aa:c2:d9:
                    dc:db:83:05:67:88:0f:c2:67:22:f4:e4:1c:af:17:
                    b8:61:89:37:2f:af:1e:f6:a0:27:d0:cf:da:f8:fd:
                    7e:56:3b:5d:ec:34:68:31:40:3c:14:88:c2:2f:30:
                    82:c1:ac:ab:91:e6:20:23:e6:ca:96:80:75:07:64:
                    60:50:cd:e5:9d:7b:9a:a7:a0:c2:b6:52:c7:37:1c:
                    ee:41:cd:3d:ac:ca:b2:8f:03:29:cc:3d:57:2b:c1:
                    e6:77:8d:61:b0:f8:77:09:6e:3c:05:06:1a:c2:d4:
                    59:9c:9c:b1:e2:50:61:a6:3f:21:70:41:18:c6:6b:
                    66:c4:e7:cc:4a:cf:50:27:9a:38:c4:ce:53:7e:f7:
                    23:37:b0:e0:99:65:63:44:5f:15:67:40:35:c8:35:
                    40:8e:54:ff:86:c4:05:95:1f:b7:c8:04:4d:73:6d:
                    f1:0d:27:f7:f5:8b:77:b2:e9:52:f2:54:bc:5b:cd:
                    32:40:b7:9e:eb:53:5e:f3:c5:1d:df:d4:e7:c4:e2:
                    5b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:2B:C3:7D:7F:90:19:49:4F:BB:A2:F5:39:26:86:30:65:F3:17:6B
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/6SvDfX-QGUlPu6L1OSaGMGXzF2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:c5:9f:08:a0:26:eb:8e:c8:d2:59:54:2c:e6:fa:73:70:07:
         d4:1e:a9:ee:bb:98:ef:4b:82:43:3f:01:da:cb:e0:e5:43:1e:
         13:66:e9:23:d8:14:8f:a3:6d:6f:b6:a9:dd:0d:b3:1a:cf:52:
         2f:80:8d:84:2e:7d:ce:90:ae:a1:a3:ca:3d:5f:f7:67:7f:e4:
         02:99:a8:7f:b3:9e:34:58:3f:ab:96:1d:7a:a5:61:94:0d:9f:
         b4:a0:ae:fe:bf:d6:3d:5a:bf:cc:c1:e0:5c:03:e5:a5:8f:37:
         90:9a:fa:f8:47:8a:58:8e:30:42:2f:23:4d:96:12:09:eb:e6:
         0a:f7:67:26:a8:05:63:fd:aa:2b:f9:f9:aa:f5:07:55:80:82:
         78:7b:09:33:47:03:27:17:89:13:43:af:16:45:6e:06:cc:86:
         da:a7:fc:b1:aa:a1:1d:6c:fe:59:31:e2:16:02:71:3c:b0:ce:
         3d:4f:0a:43:10:6f:2d:8d:6d:73:d7:31:a8:b3:5a:18:26:8e:
         15:e5:f0:9b:97:eb:ae:23:5c:5d:9a:d5:04:1b:fb:3a:9d:42:
         0b:56:b3:19:63:8e:1d:95:36:72:92:0d:9c:db:24:bd:66:ef:
         47:6c:b3:7d:2d:0a:84:93:e4:2c:c8:6d:57:bc:4a:0d:0c:8e:
         06:08:08:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxKfQdZaGYKDMM+UmzlifZdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMjExMDIxNzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTJiYzM3ZDdmOTAxOTQ5NGZiYmEyZjUzOTI2ODYzMDY1ZjMxNzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JUCTniLmZfSd48VhdF1+Xm8tmX0
L9Qh7lad/ZDDVaR4Sp5n948ll9FUXO3M9wZQmpsF7h1h3qmqwtnc24MFZ4gPwmci
9OQcrxe4YYk3L68e9qAn0M/a+P1+Vjtd7DRoMUA8FIjCLzCCwayrkeYgI+bKloB1
B2RgUM3lnXuap6DCtlLHNxzuQc09rMqyjwMpzD1XK8Hmd41hsPh3CW48BQYawtRZ
nJyx4lBhpj8hcEEYxmtmxOfMSs9QJ5o4xM5TfvcjN7DgmWVjRF8VZ0A1yDVAjlT/
hsQFlR+3yARNc23xDSf39Yt3sulS8lS8W80yQLee61Ne88Ud39TnxOJbiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOkrw31/kBlJT7ui9TkmhjBl8xdrMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvNlN2RGZYLVFHVWxQdTZMMU9TYUdNR1h6RjJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa/WMA0G
CSqGSIb3DQEBCwUAA4IBAQBExZ8IoCbrjsjSWVQs5vpzcAfUHqnuu5jvS4JDPwHa
y+DlQx4TZukj2BSPo21vtqndDbMaz1IvgI2ELn3OkK6ho8o9X/dnf+QCmah/s540
WD+rlh16pWGUDZ+0oK7+v9Y9Wr/MweBcA+WljzeQmvr4R4pYjjBCLyNNlhIJ6+YK
92cmqAVj/aor+fmq9QdVgIJ4ewkzRwMnF4kTQ68WRW4GzIbap/yxqqEdbP5ZMeIW
AnE8sM49TwpDEG8tjW1z1zGos1oYJo4V5fCbl+uuI1xdmtUEG/s6nUILVrMZY44d
lTZykg2c2yS9Zu9HbLN9LQqEk+QsyG1XvEoNDI4GCAg2
-----END CERTIFICATE-----