Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/m6mcSmpfmNAj9RbqZcHLhm1-GBQ.roa
File:                     m6mcSmpfmNAj9RbqZcHLhm1-GBQ.roa (raw, json)
Hash identifier:          p83WPoiu14c7eyRfswAFJNoQrZPR/HEj5misljpRM2U=
Subject key identifier:   9B:A9:9C:4A:6A:5F:98:D0:23:F5:16:EA:65:C1:CB:86:6D:7E:18:14
Certificate issuer:       /CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
Certificate serial:       019C30253E5A4F7C00B2DEC73098B91DDE67
Authority key identifier: 89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/m6mcSmpfmNAj9RbqZcHLhm1-GBQ.roa
Signing time:             Thu 05 Feb 2026 23:31:13 +0000
ROA not before:           Thu 05 Feb 2026 23:31:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59584
IP address blocks:        94.137.72.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 23:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:30:25:3e:5a:4f:7c:00:b2:de:c7:30:98:b9:1d:de:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89ac0acbfdb7a274ef36c16f5860ada2a2470697
        Validity
            Not Before: Feb  5 23:31:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ba99c4a6a5f98d023f516ea65c1cb866d7e1814
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b5:68:25:9d:a9:0d:81:a6:87:e8:8c:31:7e:
                    31:3c:1b:eb:2f:95:01:74:01:c0:a2:4d:0e:40:75:
                    cd:d7:5a:cb:21:03:59:6d:8d:e0:70:bb:96:67:44:
                    fe:04:cc:c1:ff:9e:ae:5e:c9:0e:33:f9:11:36:78:
                    49:66:cb:55:8c:35:f9:02:b7:03:9d:fa:dc:f0:f5:
                    38:92:c2:9f:41:5a:0e:a3:5c:f1:c6:7c:e8:aa:bc:
                    70:d3:b8:93:c9:04:8a:f1:d8:7e:fa:c7:5b:b8:ce:
                    95:4c:a3:95:87:8e:10:24:47:eb:e6:64:16:e2:01:
                    75:47:7f:c3:e8:f7:bf:7c:6f:e7:76:df:3a:82:b8:
                    5c:ee:99:53:ce:3a:b1:44:35:0b:9a:16:1f:9b:bb:
                    24:31:7b:75:80:4b:2c:dc:2c:93:e2:34:c4:87:71:
                    c2:56:e1:74:44:56:dd:df:97:98:3c:2a:40:a1:9d:
                    fe:2b:fb:5c:ec:80:b2:a3:6f:e8:08:e2:66:b0:b2:
                    26:1d:a7:59:48:04:de:be:c8:a1:b2:a9:46:71:d4:
                    ca:e8:91:5c:cc:72:06:30:9e:37:d0:90:0f:18:37:
                    94:12:6b:82:67:2e:12:9d:25:24:4b:f2:08:99:67:
                    52:d5:1c:25:06:61:74:26:25:df:61:93:9c:17:47:
                    d0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:A9:9C:4A:6A:5F:98:D0:23:F5:16:EA:65:C1:CB:86:6D:7E:18:14
            X509v3 Authority Key Identifier:
                keyid:89:AC:0A:CB:FD:B7:A2:74:EF:36:C1:6F:58:60:AD:A2:A2:47:06:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iawKy_23onTvNsFvWGCtoqJHBpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/m6mcSmpfmNAj9RbqZcHLhm1-GBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/93a768-2677-48d6-914c-d4dbf7066fd3/1/iawKy_23onTvNsFvWGCtoqJHBpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.137.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:a2:85:c4:c5:ce:c1:ca:58:9c:ff:8a:8f:b8:dd:dd:73:b9:
         22:54:af:81:2e:8c:9b:4d:f9:8e:65:48:bd:5e:d1:74:80:00:
         a2:58:45:b2:07:ff:55:f8:a3:63:52:24:df:df:13:ad:8d:44:
         ae:35:ab:75:04:8c:f8:7a:52:dd:39:4c:31:d4:0b:b5:c7:b9:
         f9:43:49:3b:b3:31:f0:70:a9:34:a4:3a:ae:a0:19:93:d2:80:
         eb:cb:c7:8b:e6:26:d4:92:85:ca:8e:a7:63:01:f0:28:d5:ae:
         f4:7d:5a:7f:d8:33:44:34:e3:22:a3:5f:7f:87:6e:7f:f6:4c:
         de:e0:29:4a:5b:aa:93:70:4f:6d:43:a6:22:a9:ca:ee:64:87:
         b0:ce:02:0b:26:67:f0:35:37:c3:a7:86:e1:ea:39:5e:8e:57:
         6c:5a:e9:95:06:e5:1a:0a:24:52:6d:16:48:93:33:e2:f2:39:
         1a:42:a6:99:fd:7d:d8:52:11:14:d6:26:d0:b2:e3:ce:c6:36:
         52:69:48:29:18:f5:69:1a:71:0d:86:99:17:d1:ff:fc:41:c1:
         39:72:15:9d:12:c0:b5:57:f0:1a:37:f4:fb:26:59:a5:9e:98:
         cc:fa:5f:68:94:13:ed:5b:42:97:1e:20:a0:3d:0a:0d:75:8f:
         54:e4:e3:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwwJT5aT3wAst7HMJi5Hd5nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWMwYWNiZmRiN2EyNzRlZjM2YzE2ZjU4NjBhZGEyYTI0
NzA2OTcwHhcNMjYwMjA1MjMzMTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmE5OWM0YTZhNWY5OGQwMjNmNTE2ZWE2NWMxY2I4NjZkN2UxODE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rVoJZ2pDYGmh+iMMX4xPBvrL5UB
dAHAok0OQHXN11rLIQNZbY3gcLuWZ0T+BMzB/56uXskOM/kRNnhJZstVjDX5ArcD
nfrc8PU4ksKfQVoOo1zxxnzoqrxw07iTyQSK8dh++sdbuM6VTKOVh44QJEfr5mQW
4gF1R3/D6Pe/fG/ndt86grhc7plTzjqxRDULmhYfm7skMXt1gEss3CyT4jTEh3HC
VuF0RFbd35eYPCpAoZ3+K/tc7ICyo2/oCOJmsLImHadZSATevsihsqlGcdTK6JFc
zHIGMJ430JAPGDeUEmuCZy4SnSUkS/IImWdS1RwlBmF0JiXfYZOcF0fQ0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJupnEpqX5jQI/UW6mXBy4ZtfhgUMB8GA1UdIwQY
MBaAFImsCsv9t6J07zbBb1hgraKiRwaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMt
ZDRkYmY3MDY2ZmQzLzEvbTZtY1NtcGZtTkFqOVJicVpjSExobTEtR0JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS85M2E3NjgtMjY3Ny00OGQ2LTkxNGMtZDRkYmY3MDY2ZmQz
LzEvaWF3S3lfMjNvblR2TnNGdldHQ3RvcUpIQnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXolIMA0G
CSqGSIb3DQEBCwUAA4IBAQCSooXExc7Bylic/4qPuN3dc7kiVK+BLoybTfmOZUi9
XtF0gACiWEWyB/9V+KNjUiTf3xOtjUSuNat1BIz4elLdOUwx1Au1x7n5Q0k7szHw
cKk0pDquoBmT0oDry8eL5ibUkoXKjqdjAfAo1a70fVp/2DNENOMio19/h25/9kze
4ClKW6qTcE9tQ6YiqcruZIewzgILJmfwNTfDp4bh6jlejldsWumVBuUaCiRSbRZI
kzPi8jkaQqaZ/X3YUhEU1ibQsuPOxjZSaUgpGPVpGnENhpkX0f/8QcE5chWdEsC1
V/AaN/T7JlmlnpjM+l9olBPtW0KXHiCgPQoNdY9U5ONE
-----END CERTIFICATE-----