Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/1QyVG3mxG2Kv9gIND6C7DAyJRhE.roa
File:                     1QyVG3mxG2Kv9gIND6C7DAyJRhE.roa (raw, json)
Hash identifier:          GEGJ/9gdMmqUNvs39zCJc76PD/y3c88ohFq0EfvFHAM=
Subject key identifier:   D5:0C:95:1B:79:B1:1B:62:AF:F6:02:0D:0F:A0:BB:0C:0C:89:46:11
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019C8F4BFA43553860033F7CD9EF1D698910
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/1QyVG3mxG2Kv9gIND6C7DAyJRhE.roa
Signing time:             Tue 24 Feb 2026 10:57:27 +0000
ROA not before:           Tue 24 Feb 2026 10:57:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201002
IP address blocks:        212.80.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:4b:fa:43:55:38:60:03:3f:7c:d9:ef:1d:69:89:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Feb 24 10:57:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d50c951b79b11b62aff6020d0fa0bb0c0c894611
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:6e:9b:a1:cc:89:28:cb:8c:0c:8d:71:f4:84:
                    96:94:37:59:94:f1:5d:63:c7:91:03:29:40:a1:21:
                    7c:1a:33:1b:88:36:60:08:c3:da:16:87:f7:63:a2:
                    07:bd:a1:0e:90:9b:3f:02:13:76:be:e8:2b:a8:70:
                    91:37:24:7e:18:ec:46:bb:65:40:e0:7f:b7:ab:dd:
                    7a:1f:35:75:d0:07:1c:fa:97:21:7f:57:d2:e4:3d:
                    52:6c:13:af:57:d8:17:06:ad:ad:16:34:a3:c6:6a:
                    a5:80:06:0c:f0:86:d4:38:08:26:7c:1c:8b:93:98:
                    96:a0:d2:76:1c:80:a3:be:0e:c2:df:a1:38:f2:cf:
                    11:d7:b5:41:50:69:da:83:db:f4:ca:aa:40:dc:e6:
                    c0:9b:bb:9e:ce:e1:2f:31:c1:2d:34:6e:3c:ce:91:
                    9c:3d:83:1d:b0:94:db:d8:69:3e:3a:8c:bd:37:2d:
                    af:79:84:02:0e:f8:0d:b6:cb:40:8e:76:19:1e:38:
                    16:62:e6:6d:e8:77:1d:ac:d4:ab:0c:89:69:9a:04:
                    5c:1b:67:53:d2:0c:4c:6c:1d:f9:68:f8:4c:f2:b4:
                    84:85:a2:52:8d:fe:c0:19:28:4f:40:8d:c3:41:c0:
                    14:e6:df:e0:9e:72:47:bb:ee:68:2c:50:d7:69:9f:
                    1e:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:0C:95:1B:79:B1:1B:62:AF:F6:02:0D:0F:A0:BB:0C:0C:89:46:11
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/1QyVG3mxG2Kv9gIND6C7DAyJRhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.80.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:22:14:c4:c4:10:36:10:27:d9:d9:26:33:86:62:ce:ad:92:
         eb:45:ae:c0:e7:77:0b:e6:2a:9d:aa:0a:30:c1:b9:53:d3:4a:
         eb:d4:58:4a:8f:f7:ab:9c:c3:21:cb:e1:a7:4c:93:09:02:b9:
         e0:b0:06:b7:8a:95:e9:62:91:b2:51:ef:40:fe:05:49:9b:ae:
         24:c0:28:94:d5:e1:e2:c4:be:0e:1b:e5:43:ac:13:fb:48:0f:
         18:41:f6:d3:81:2c:b2:5a:b1:34:50:df:c2:b3:7c:ee:a1:a8:
         f1:9f:28:1b:72:53:ec:18:7c:bc:43:82:45:bd:7a:38:62:18:
         e3:5f:5e:0c:64:83:52:ff:ef:9e:1a:ad:91:a4:71:b2:a5:4f:
         9b:c2:8b:a6:df:62:81:72:ae:b0:cb:e6:87:33:d4:6b:5c:fd:
         d2:32:84:69:50:ed:36:ce:e7:e4:07:e2:b2:23:f5:5c:bf:ca:
         4e:e9:59:66:09:ec:37:38:32:3f:41:2d:74:02:ca:55:18:c9:
         24:bb:3a:0a:8b:79:27:31:f0:f9:ef:a7:f3:02:74:b7:d2:1d:
         da:49:92:77:ef:5c:86:56:27:23:aa:68:af:8f:d7:b4:15:61:
         0e:e0:e0:47:3e:1b:8b:28:be:5b:23:11:e9:34:13:6b:74:4f:
         3d:7d:aa:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyPS/pDVThgAz982e8daYkQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjYwMjI0MTA1NzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTBjOTUxYjc5YjExYjYyYWZmNjAyMGQwZmEwYmIwYzBjODk0NjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG6bocyJKMuMDI1x9ISWlDdZlPFd
Y8eRAylAoSF8GjMbiDZgCMPaFof3Y6IHvaEOkJs/AhN2vugrqHCRNyR+GOxGu2VA
4H+3q916HzV10Acc+pchf1fS5D1SbBOvV9gXBq2tFjSjxmqlgAYM8IbUOAgmfByL
k5iWoNJ2HICjvg7C36E48s8R17VBUGnag9v0yqpA3ObAm7uezuEvMcEtNG48zpGc
PYMdsJTb2Gk+Ooy9Ny2veYQCDvgNtstAjnYZHjgWYuZt6HcdrNSrDIlpmgRcG2dT
0gxMbB35aPhM8rSEhaJSjf7AGShPQI3DQcAU5t/gnnJHu+5oLFDXaZ8eCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUMlRt5sRtir/YCDQ+guwwMiUYRMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvMVF5VkczbXhHMkt2OWdJTkQ2QzdEQXlKUmhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FAGMA0G
CSqGSIb3DQEBCwUAA4IBAQA8IhTExBA2ECfZ2SYzhmLOrZLrRa7A53cL5iqdqgow
wblT00rr1FhKj/ernMMhy+GnTJMJArngsAa3ipXpYpGyUe9A/gVJm64kwCiU1eHi
xL4OG+VDrBP7SA8YQfbTgSyyWrE0UN/Cs3zuoajxnygbclPsGHy8Q4JFvXo4Yhjj
X14MZINS/++eGq2RpHGypU+bwoum32KBcq6wy+aHM9RrXP3SMoRpUO02zufkB+Ky
I/Vcv8pO6VlmCew3ODI/QS10AspVGMkkuzoKi3knMfD576fzAnS30h3aSZJ371yG
Vicjqmivj9e0FWEO4OBHPhuLKL5bIxHpNBNrdE89faqk
-----END CERTIFICATE-----