Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/6XFljtVK2V0PF6GXRVQaEjH3Eoo.roa
File:                     6XFljtVK2V0PF6GXRVQaEjH3Eoo.roa (raw, json)
Hash identifier:          JvGvYE3ny1jx3z80vidwb1suh41eSZYf4UKZ7JMDcio=
Subject key identifier:   E9:71:65:8E:D5:4A:D9:5D:0F:17:A1:97:45:54:1A:12:31:F7:12:8A
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       019C05395A777C3BE34FF9B89AE803E4B29D
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/6XFljtVK2V0PF6GXRVQaEjH3Eoo.roa
Signing time:             Wed 28 Jan 2026 15:29:30 +0000
ROA not before:           Wed 28 Jan 2026 15:29:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209702
IP address blocks:        80.66.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:05:39:5a:77:7c:3b:e3:4f:f9:b8:9a:e8:03:e4:b2:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan 28 15:29:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e971658ed54ad95d0f17a19745541a1231f7128a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:68:1e:dc:57:91:f1:e2:6f:ee:75:aa:5e:c8:
                    26:29:07:46:7b:50:b6:85:fe:a8:f8:7c:16:d6:77:
                    92:a7:d3:e1:ef:34:ee:6e:d0:e3:7d:f2:c3:0a:25:
                    27:19:7f:3a:96:0d:b7:db:5c:5e:47:a1:d9:70:f9:
                    07:9f:86:50:1e:37:77:51:1b:ee:4c:5e:95:7d:9d:
                    63:3f:00:fb:b0:45:6d:cc:92:f1:03:ec:a1:00:9c:
                    b3:38:69:e5:e6:f9:ef:f3:91:69:24:1d:18:70:98:
                    7d:d7:d1:4d:eb:a2:20:95:28:49:1a:05:ed:a4:4a:
                    13:c5:b1:f9:24:c5:2f:05:82:08:cb:f4:3e:d9:95:
                    72:35:fe:d7:9d:44:a0:ed:cb:1c:90:1a:83:09:20:
                    75:f2:a9:fe:60:fa:44:23:e5:15:0e:51:c2:5b:df:
                    46:3b:3f:16:11:11:16:13:ff:bc:72:d7:d2:5d:39:
                    31:12:a8:a7:f9:29:ca:6c:d1:65:36:cc:af:c6:8e:
                    ba:53:22:7f:8a:83:b5:27:02:0a:b5:83:1a:75:be:
                    92:82:c7:d0:f2:7e:27:d8:7d:78:ac:19:d8:78:89:
                    b6:e8:24:8c:e9:c8:22:7c:38:07:78:4d:36:32:09:
                    00:d2:e0:52:9b:5f:da:e1:a7:43:43:f1:05:cb:2a:
                    ff:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:71:65:8E:D5:4A:D9:5D:0F:17:A1:97:45:54:1A:12:31:F7:12:8A
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/6XFljtVK2V0PF6GXRVQaEjH3Eoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.66.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:0d:6b:82:34:c9:19:16:78:52:1e:4f:35:7b:99:75:32:45:
         e4:22:d1:29:af:87:8b:1e:75:4a:dc:7b:82:85:e5:26:8d:67:
         b7:98:57:f7:a1:cc:d3:35:0b:a9:46:27:26:64:e3:66:d3:e8:
         97:91:9a:51:c8:0e:08:a6:24:ab:60:31:8e:ba:70:6c:aa:6b:
         a2:fe:88:50:d6:bd:18:1e:9f:55:8b:37:a8:47:06:b8:cf:45:
         8f:40:3c:d4:de:11:e7:fb:c1:bd:60:e8:aa:42:64:e6:92:c1:
         b3:8b:f5:51:dc:da:79:28:36:03:f5:19:46:2a:fc:ab:bf:d8:
         55:2b:3b:09:02:6c:7a:49:3a:54:91:07:79:e8:4f:ec:12:da:
         fc:31:b0:96:cc:96:c4:d3:bd:0e:4a:01:67:01:8d:ae:93:05:
         35:38:dc:34:80:43:17:af:7d:ef:f8:ae:ba:15:e3:73:54:be:
         02:b2:21:02:c8:c3:9d:50:4b:7e:96:a0:31:28:e7:fd:5b:b7:
         28:19:77:b5:c8:c9:e2:e9:37:43:c8:85:a9:c5:b9:0d:ce:3e:
         db:a5:5b:14:62:28:6f:bd:a6:cb:42:10:c6:47:14:8b:eb:84:
         28:30:fb:e4:59:8c:ed:d4:ac:5f:d9:e7:82:62:e0:ca:97:3e:
         3a:e3:42:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwFOVp3fDvjT/m4mugD5LKdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjYwMTI4MTUyOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTcxNjU4ZWQ1NGFkOTVkMGYxN2ExOTc0NTU0MWExMjMxZjcxMjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomge3FeR8eJv7nWqXsgmKQdGe1C2
hf6o+HwW1neSp9Ph7zTubtDjffLDCiUnGX86lg2321xeR6HZcPkHn4ZQHjd3URvu
TF6VfZ1jPwD7sEVtzJLxA+yhAJyzOGnl5vnv85FpJB0YcJh919FN66IglShJGgXt
pEoTxbH5JMUvBYIIy/Q+2ZVyNf7XnUSg7csckBqDCSB18qn+YPpEI+UVDlHCW99G
Oz8WEREWE/+8ctfSXTkxEqin+SnKbNFlNsyvxo66UyJ/ioO1JwIKtYMadb6SgsfQ
8n4n2H14rBnYeIm26CSM6cgifDgHeE02MgkA0uBSm1/a4adDQ/EFyyr/OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOlxZY7VStldDxehl0VUGhIx9xKKMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvNlhGbGp0VksyVjBQRjZHWFJWUWFFakgzRW9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEJCMA0G
CSqGSIb3DQEBCwUAA4IBAQBrDWuCNMkZFnhSHk81e5l1MkXkItEpr4eLHnVK3HuC
heUmjWe3mFf3oczTNQupRicmZONm0+iXkZpRyA4IpiSrYDGOunBsqmui/ohQ1r0Y
Hp9VizeoRwa4z0WPQDzU3hHn+8G9YOiqQmTmksGzi/VR3Np5KDYD9RlGKvyrv9hV
KzsJAmx6STpUkQd56E/sEtr8MbCWzJbE070OSgFnAY2ukwU1ONw0gEMXr33v+K66
FeNzVL4CsiECyMOdUEt+lqAxKOf9W7coGXe1yMni6TdDyIWpxbkNzj7bpVsUYihv
vabLQhDGRxSL64QoMPvkWYzt1Kxf2eeCYuDKlz4640Jg
-----END CERTIFICATE-----