Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/6pBv9rKYxwjjKOpT9lg6FT4kUQA.roa
File:                     6pBv9rKYxwjjKOpT9lg6FT4kUQA.roa (raw, json)
Hash identifier:          IB3HEiPAgwZs0ZTzyeRwb6dl6LY+fOatj7OxrAXQUsE=
Subject key identifier:   EA:90:6F:F6:B2:98:C7:08:E3:28:EA:53:F6:58:3A:15:3E:24:51:00
Certificate issuer:       /CN=1e95a069669ed5a766eee8ebdc32e39fb148410b
Certificate serial:       019C8EAEBEDB586F89B991073F43C9D3B1BF
Authority key identifier: 1E:95:A0:69:66:9E:D5:A7:66:EE:E8:EB:DC:32:E3:9F:B1:48:41:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/6pBv9rKYxwjjKOpT9lg6FT4kUQA.roa
Signing time:             Tue 24 Feb 2026 08:05:42 +0000
ROA not before:           Tue 24 Feb 2026 08:05:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215503
IP address blocks:        185.178.244.0/24 maxlen: 24
                          185.178.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 10:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8e:ae:be:db:58:6f:89:b9:91:07:3f:43:c9:d3:b1:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e95a069669ed5a766eee8ebdc32e39fb148410b
        Validity
            Not Before: Feb 24 08:05:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ea906ff6b298c708e328ea53f6583a153e245100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:9d:09:01:cc:1c:c5:ff:e7:ba:77:1e:0f:5a:
                    f1:67:0d:77:cc:0f:d6:8c:33:21:c9:d0:a0:9a:24:
                    8a:02:c5:41:0e:ac:52:ce:c2:a4:cd:36:56:c4:eb:
                    97:06:60:a8:8d:1a:d3:a1:5a:9a:3e:30:85:cf:92:
                    38:da:78:b8:41:52:cc:8d:57:b9:a2:da:02:b3:4b:
                    65:ca:20:d7:9f:21:72:a5:94:ee:ba:e6:c1:47:8d:
                    45:8e:d1:1c:ca:7e:6c:b9:1b:34:63:20:ec:62:84:
                    dd:57:98:2e:47:1b:d0:25:c9:7c:0a:f1:12:01:8f:
                    3c:02:c4:54:1a:c9:7c:8d:da:68:ce:7d:c2:b2:4c:
                    c9:21:c0:9d:1a:67:d3:b7:b1:4b:c1:07:bc:da:6e:
                    1a:89:14:47:30:87:47:29:8e:b4:42:98:91:db:53:
                    44:39:ac:7e:d5:5c:e8:4d:ac:1c:4e:b2:ec:b6:82:
                    a9:17:1d:bc:83:79:0e:6d:48:b5:64:80:d7:01:b4:
                    7f:e1:c2:03:02:a6:da:2f:dc:eb:22:e8:1d:71:65:
                    92:d2:16:6b:31:4e:fe:b3:96:eb:07:e5:98:7f:04:
                    e9:75:41:d5:3c:50:07:ab:47:d2:67:01:eb:79:1b:
                    a4:b2:4e:18:d6:88:b0:30:94:03:d3:2e:be:d8:bf:
                    3d:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:90:6F:F6:B2:98:C7:08:E3:28:EA:53:F6:58:3A:15:3E:24:51:00
            X509v3 Authority Key Identifier:
                keyid:1E:95:A0:69:66:9E:D5:A7:66:EE:E8:EB:DC:32:E3:9F:B1:48:41:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpWgaWae1adm7ujr3DLjn7FIQQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/6pBv9rKYxwjjKOpT9lg6FT4kUQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/107456-df53-424d-9320-933bfa592b1d/1/HpWgaWae1adm7ujr3DLjn7FIQQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.244.0/24
                  185.178.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:42:eb:34:f5:e1:8e:72:9d:24:56:5c:a8:08:f6:77:39:56:
         cd:71:e5:95:bd:4a:bd:a2:a1:7e:00:b4:13:20:44:6b:24:ff:
         b0:9f:eb:15:0a:3d:b4:a8:2b:0c:6b:1a:3e:85:72:93:48:f1:
         41:73:72:f1:ee:d0:cf:35:a0:2b:f9:f4:a8:77:21:ac:4a:61:
         ca:20:9f:4f:c7:82:7d:16:40:a5:50:8e:6a:2a:60:6e:a1:78:
         89:3d:ff:1e:80:85:cf:a6:05:70:0a:c1:a6:6d:45:29:fb:39:
         1f:52:6c:e9:1c:ce:2b:15:dd:f3:b1:d4:a3:c8:e0:ab:25:21:
         28:2b:46:3d:1e:40:92:15:64:61:76:db:db:0d:b9:01:cb:21:
         1f:6b:fb:46:c2:8c:85:31:fe:32:63:14:f6:87:41:b4:18:15:
         9f:88:2d:ec:20:ce:bf:0a:23:27:d2:e3:4c:26:91:24:59:b9:
         a5:61:dd:16:bc:1a:54:d1:f1:b7:69:8c:23:03:d1:e9:18:13:
         0a:7d:cc:86:2a:a9:27:b8:f5:f8:a1:0a:95:78:20:65:86:9a:
         3e:48:a8:ae:e6:98:e0:f5:0c:0a:ad:db:2b:aa:0f:ff:c2:45:
         fd:27:7f:f2:e8:fe:47:2c:b2:8c:b9:51:58:d3:cf:dc:2a:e7:
         79:8a:be:f4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyOrr7bWG+JuZEHP0PJ07G/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOTVhMDY5NjY5ZWQ1YTc2NmVlZThlYmRjMzJlMzlmYjE0
ODQxMGIwHhcNMjYwMjI0MDgwNTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTkwNmZmNmIyOThjNzA4ZTMyOGVhNTNmNjU4M2ExNTNlMjQ1MTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZ0JAcwcxf/nunceD1rxZw13zA/W
jDMhydCgmiSKAsVBDqxSzsKkzTZWxOuXBmCojRrToVqaPjCFz5I42ni4QVLMjVe5
otoCs0tlyiDXnyFypZTuuubBR41FjtEcyn5suRs0YyDsYoTdV5guRxvQJcl8CvES
AY88AsRUGsl8jdpozn3CskzJIcCdGmfTt7FLwQe82m4aiRRHMIdHKY60QpiR21NE
Oax+1VzoTawcTrLstoKpFx28g3kObUi1ZIDXAbR/4cIDAqbaL9zrIugdcWWS0hZr
MU7+s5brB+WYfwTpdUHVPFAHq0fSZwHreRuksk4Y1oiwMJQD0y6+2L89DwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOqQb/aymMcI4yjqU/ZYOhU+JFEAMB8GA1UdIwQY
MBaAFB6VoGlmntWnZu7o69wy45+xSEELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBXZ2FXYWUxYWRtN3VqcjNETGpuN0ZJUVFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8xMDc0NTYtZGY1My00MjRkLTkzMjAt
OTMzYmZhNTkyYjFkLzEvNnBCdjlyS1l4d2pqS09wVDlsZzZGVDRrVVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8xMDc0NTYtZGY1My00MjRkLTkzMjAtOTMzYmZhNTkyYjFk
LzEvSHBXZ2FXYWUxYWRtN3VqcjNETGpuN0ZJUVFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAubL0AwQA
ubL3MA0GCSqGSIb3DQEBCwUAA4IBAQA7Qus09eGOcp0kVlyoCPZ3OVbNceWVvUq9
oqF+ALQTIERrJP+wn+sVCj20qCsMaxo+hXKTSPFBc3Lx7tDPNaAr+fSodyGsSmHK
IJ9Px4J9FkClUI5qKmBuoXiJPf8egIXPpgVwCsGmbUUp+zkfUmzpHM4rFd3zsdSj
yOCrJSEoK0Y9HkCSFWRhdtvbDbkByyEfa/tGwoyFMf4yYxT2h0G0GBWfiC3sIM6/
CiMn0uNMJpEkWbmlYd0WvBpU0fG3aYwjA9HpGBMKfcyGKqknuPX4oQqVeCBlhpo+
SKiu5pjg9QwKrdsrqg//wkX9J3/y6P5HLLKMuVFY08/cKud5ir70
-----END CERTIFICATE-----