Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/5c265e-4187-4a74-996e-ae8c5830cc20/1/sA6Qf2_ToIyGcsbWCFpl1ww3zYM.roa
File:                     sA6Qf2_ToIyGcsbWCFpl1ww3zYM.roa (raw, json)
Hash identifier:          wfbilCSxn7pd6CKUaeLQcmM0OSGs3jIpHSCViiEgaxU=
Subject key identifier:   B0:0E:90:7F:6F:D3:A0:8C:86:72:C6:D6:08:5A:65:D7:0C:37:CD:83
Certificate issuer:       /CN=e67100679f07282cd48cb5107bf97af7af3889c9
Certificate serial:       019B78354CF8C34DC7DF0129F1372156EADC
Authority key identifier: E6:71:00:67:9F:07:28:2C:D4:8C:B5:10:7B:F9:7A:F7:AF:38:89:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5nEAZ58HKCzUjLUQe_l69684ick.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/5c265e-4187-4a74-996e-ae8c5830cc20/1/sA6Qf2_ToIyGcsbWCFpl1ww3zYM.roa
Signing time:             Thu 01 Jan 2026 06:18:37 +0000
ROA not before:           Thu 01 Jan 2026 06:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204220
IP address blocks:        217.14.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/5c265e-4187-4a74-996e-ae8c5830cc20/1/5nEAZ58HKCzUjLUQe_l69684ick.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/5c265e-4187-4a74-996e-ae8c5830cc20/1/5nEAZ58HKCzUjLUQe_l69684ick.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5nEAZ58HKCzUjLUQe_l69684ick.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:4c:f8:c3:4d:c7:df:01:29:f1:37:21:56:ea:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e67100679f07282cd48cb5107bf97af7af3889c9
        Validity
            Not Before: Jan  1 06:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b00e907f6fd3a08c8672c6d6085a65d70c37cd83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:56:29:ea:78:b0:52:79:a3:b6:37:5c:7d:ad:
                    f0:2c:4f:00:15:92:1c:12:67:66:3b:bb:89:88:f4:
                    07:ec:c7:bb:de:72:da:06:c7:4d:ba:e2:81:1f:69:
                    05:e6:77:33:74:63:fd:4f:e2:a7:9e:5a:1c:37:6c:
                    29:07:d4:86:5e:64:d6:b8:dd:5f:91:8e:5b:f9:94:
                    3f:c0:35:3a:7a:b7:0a:87:87:6b:98:dd:84:cb:2b:
                    d5:e3:65:1c:b2:67:c6:99:c7:63:ba:78:3d:3a:9f:
                    10:c3:78:94:7c:af:b9:cc:d2:0f:81:4a:71:08:2c:
                    1e:45:d3:00:10:af:c0:3f:21:32:95:2d:9f:7d:82:
                    ac:77:5f:23:d2:cd:f9:b9:32:ca:06:75:bf:8f:5f:
                    45:f0:b3:d6:7e:9f:96:1f:92:7e:9b:57:05:13:2f:
                    09:20:f9:4d:1c:1d:8f:ca:99:00:4a:ee:0e:b0:de:
                    c7:6d:84:3b:42:c1:c9:1c:86:6b:87:ac:a1:e4:58:
                    e4:66:10:13:81:79:ba:5a:41:cc:54:e9:28:a3:ab:
                    51:1f:08:06:5e:57:a1:a4:a3:fe:71:32:ff:9d:d4:
                    07:c0:91:88:1c:5e:e3:4a:13:90:ea:6d:99:e5:e1:
                    26:c0:4d:11:2a:38:46:78:39:41:22:a6:3c:ef:43:
                    7b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:0E:90:7F:6F:D3:A0:8C:86:72:C6:D6:08:5A:65:D7:0C:37:CD:83
            X509v3 Authority Key Identifier:
                keyid:E6:71:00:67:9F:07:28:2C:D4:8C:B5:10:7B:F9:7A:F7:AF:38:89:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5nEAZ58HKCzUjLUQe_l69684ick.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/5c265e-4187-4a74-996e-ae8c5830cc20/1/sA6Qf2_ToIyGcsbWCFpl1ww3zYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/5c265e-4187-4a74-996e-ae8c5830cc20/1/5nEAZ58HKCzUjLUQe_l69684ick.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.14.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:70:d8:d8:58:e3:4f:31:6d:0a:e0:2b:16:50:52:fc:62:f5:
         5c:f2:e3:20:71:bf:cd:f1:65:db:83:13:58:26:ee:08:1b:63:
         5f:a8:83:5b:88:1d:fe:30:f6:28:fd:ee:f1:5a:2c:eb:7c:f6:
         a4:60:62:d9:4a:61:55:bc:92:67:95:0b:b9:bd:f7:66:6a:df:
         ce:ae:d3:1d:9d:b0:98:61:90:e3:e3:2d:7e:62:09:32:86:fd:
         9b:d5:e9:e8:c6:93:a8:b0:75:70:ee:00:4e:93:35:d7:00:fd:
         6c:e6:51:18:75:71:a5:e4:3f:66:72:17:d8:3e:99:2a:c3:11:
         28:98:3b:1c:8c:4b:64:10:12:0f:09:fe:ac:66:0e:d7:06:62:
         d3:c8:dc:5e:f2:67:cd:7a:6a:c9:aa:d4:83:de:5c:cc:89:3f:
         6e:4b:9e:47:df:b9:2c:b1:49:b5:81:94:45:09:b9:a5:c3:20:
         92:c5:3e:a2:45:c6:a2:9b:d3:c9:95:40:9d:58:a3:4a:79:78:
         bc:80:31:31:03:8d:a5:38:a0:7e:e1:39:00:9e:66:24:54:18:
         22:b8:9a:8f:d3:1a:2a:7c:99:cb:56:67:8f:ad:31:b1:55:d2:
         55:39:53:7d:b4:18:1f:d8:5b:44:7c:0d:89:c7:b0:46:d3:36:
         a6:71:df:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NUz4w03H3wEp8TchVurcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2NzEwMDY3OWYwNzI4MmNkNDhjYjUxMDdiZjk3YWY3YWYz
ODg5YzkwHhcNMjYwMTAxMDYxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDBlOTA3ZjZmZDNhMDhjODY3MmM2ZDYwODVhNjVkNzBjMzdjZDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1Yp6niwUnmjtjdcfa3wLE8AFZIc
EmdmO7uJiPQH7Me73nLaBsdNuuKBH2kF5nczdGP9T+KnnlocN2wpB9SGXmTWuN1f
kY5b+ZQ/wDU6ercKh4drmN2EyyvV42UcsmfGmcdjung9Op8Qw3iUfK+5zNIPgUpx
CCweRdMAEK/APyEylS2ffYKsd18j0s35uTLKBnW/j19F8LPWfp+WH5J+m1cFEy8J
IPlNHB2PypkASu4OsN7HbYQ7QsHJHIZrh6yh5FjkZhATgXm6WkHMVOkoo6tRHwgG
XlehpKP+cTL/ndQHwJGIHF7jShOQ6m2Z5eEmwE0RKjhGeDlBIqY870N7OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLAOkH9v06CMhnLG1ghaZdcMN82DMB8GA1UdIwQY
MBaAFOZxAGefBygs1Iy1EHv5evevOInJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNW5FQVo1OEhLQ3pVakxVUWVfbDY5Njg0aWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy81YzI2NWUtNDE4Ny00YTc0LTk5NmUt
YWU4YzU4MzBjYzIwLzEvc0E2UWYyX1RvSXlHY3NiV0NGcGwxd3czellNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy81YzI2NWUtNDE4Ny00YTc0LTk5NmUtYWU4YzU4MzBjYzIw
LzEvNW5FQVo1OEhLQ3pVakxVUWVfbDY5Njg0aWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Q6KMA0G
CSqGSIb3DQEBCwUAA4IBAQDHcNjYWONPMW0K4CsWUFL8YvVc8uMgcb/N8WXbgxNY
Ju4IG2NfqINbiB3+MPYo/e7xWizrfPakYGLZSmFVvJJnlQu5vfdmat/OrtMdnbCY
YZDj4y1+Ygkyhv2b1enoxpOosHVw7gBOkzXXAP1s5lEYdXGl5D9mchfYPpkqwxEo
mDscjEtkEBIPCf6sZg7XBmLTyNxe8mfNemrJqtSD3lzMiT9uS55H37kssUm1gZRF
CbmlwyCSxT6iRcaim9PJlUCdWKNKeXi8gDExA42lOKB+4TkAnmYkVBgiuJqP0xoq
fJnLVmePrTGxVdJVOVN9tBgf2FtEfA2Jx7BG0zamcd/t
-----END CERTIFICATE-----