Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/0fPiuwb4X2weC-gKDNJaEbSPHqw.roa
File:                     0fPiuwb4X2weC-gKDNJaEbSPHqw.roa (raw, json)
Hash identifier:          S57h9JaZkZt0GA+n+fixlPL0kJI1rFB4fls5bIvI/yg=
Subject key identifier:   D1:F3:E2:BB:06:F8:5F:6C:1E:0B:E8:0A:0C:D2:5A:11:B4:8F:1E:AC
Certificate issuer:       /CN=6c3250a5c1bdab74b1bd23c01c54a8d70b6def20
Certificate serial:       019EC9D0E8E12761C73E31E05C15E755313B
Authority key identifier: 6C:32:50:A5:C1:BD:AB:74:B1:BD:23:C0:1C:54:A8:D7:0B:6D:EF:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/0fPiuwb4X2weC-gKDNJaEbSPHqw.roa
Signing time:             Mon 15 Jun 2026 05:46:11 +0000
ROA not before:           Mon 15 Jun 2026 05:46:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15731
IP address blocks:        212.102.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c9:d0:e8:e1:27:61:c7:3e:31:e0:5c:15:e7:55:31:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c3250a5c1bdab74b1bd23c01c54a8d70b6def20
        Validity
            Not Before: Jun 15 05:46:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d1f3e2bb06f85f6c1e0be80a0cd25a11b48f1eac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:84:54:28:2c:6b:d7:e3:e7:a7:73:3d:09:23:
                    f7:e6:70:6d:6e:1f:db:d4:68:86:15:98:63:e8:f1:
                    a5:59:44:48:4a:61:ef:ea:f4:6e:4e:86:3c:4b:4e:
                    8a:f0:1d:f0:3c:37:2d:65:e8:9c:5a:bd:03:a1:3b:
                    ef:f2:f3:07:7b:2c:77:ff:cf:f7:c9:52:32:1b:4e:
                    4c:c2:a2:be:ee:46:4c:f1:e0:a0:d8:48:26:00:35:
                    59:ff:66:92:24:58:a9:c0:17:2d:86:91:4c:03:2c:
                    18:57:f0:25:81:24:4b:37:98:81:2f:f9:a0:2c:7e:
                    b0:b3:dd:9c:87:de:2d:1a:e8:d1:c6:5c:6e:bf:02:
                    f2:68:99:8e:fd:5f:c1:62:0b:e6:98:f6:85:20:c2:
                    aa:83:13:2e:d7:ce:7c:2e:56:69:f4:d3:3b:d0:76:
                    83:a0:b0:4b:03:3b:91:1b:6d:eb:8d:9a:2c:a2:37:
                    85:31:83:95:da:8f:bf:bc:ac:1d:30:18:85:2c:c8:
                    fa:5f:ec:74:fe:ff:ea:e4:e1:65:23:c9:1a:68:ed:
                    64:f1:dd:e2:8d:3e:cc:fd:62:bc:2f:58:73:1c:c5:
                    c9:2a:e2:ca:d4:46:72:66:f7:19:bf:6f:4d:1b:69:
                    20:60:93:42:91:17:d3:a6:9c:7e:1c:14:02:cb:89:
                    76:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:F3:E2:BB:06:F8:5F:6C:1E:0B:E8:0A:0C:D2:5A:11:B4:8F:1E:AC
            X509v3 Authority Key Identifier:
                keyid:6C:32:50:A5:C1:BD:AB:74:B1:BD:23:C0:1C:54:A8:D7:0B:6D:EF:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bDJQpcG9q3SxvSPAHFSo1wtt7yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/0fPiuwb4X2weC-gKDNJaEbSPHqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/724c97-f149-446f-bbf1-2544683aa125/1/bDJQpcG9q3SxvSPAHFSo1wtt7yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.102.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:c2:9b:e0:73:95:00:ee:69:ec:eb:e7:f4:c7:ef:8c:ca:4e:
         55:f0:cf:b8:2b:b2:7f:8b:6b:e3:72:14:e1:1e:3d:56:75:a2:
         76:1c:10:cf:ec:a5:40:6c:63:4a:c7:3b:66:69:8c:ed:3c:a1:
         9e:7d:db:44:14:a8:87:93:d4:ff:ef:db:7a:3b:05:35:5d:fa:
         d3:7d:d4:bf:20:c2:e5:c0:f2:06:5f:d9:2e:f9:8d:6f:99:59:
         9d:b4:e8:c6:72:23:df:cd:07:55:73:20:ee:46:01:d2:a1:9b:
         c4:c0:ea:86:1d:11:08:f8:5b:1e:fd:a8:c1:41:02:91:b2:10:
         82:77:1c:20:fc:d5:b7:c6:33:c0:e7:f6:5d:12:06:c7:bc:30:
         35:cc:7a:9b:1e:5c:05:4c:1d:6c:d5:35:b8:12:4a:b3:26:ba:
         9a:26:be:17:f1:98:5b:aa:68:d1:d3:4c:b1:78:1a:d9:25:3d:
         56:52:c9:9b:cf:c6:9b:75:7b:14:27:7c:0e:e9:79:aa:8f:3b:
         87:61:ca:63:f6:a3:0f:4b:22:25:33:11:63:66:7b:7c:a3:0f:
         77:4f:45:31:83:e4:6e:10:7c:81:fd:bc:ca:26:f5:33:86:c1:
         e6:67:46:60:f4:99:5a:3d:be:2a:77:33:f4:df:cf:d9:ba:8c:
         bb:cd:30:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7J0OjhJ2HHPjHgXBXnVTE7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMzI1MGE1YzFiZGFiNzRiMWJkMjNjMDFjNTRhOGQ3MGI2
ZGVmMjAwHhcNMjYwNjE1MDU0NjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWYzZTJiYjA2Zjg1ZjZjMWUwYmU4MGEwY2QyNWExMWI0OGYxZWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4RUKCxr1+Pnp3M9CSP35nBtbh/b
1GiGFZhj6PGlWURISmHv6vRuToY8S06K8B3wPDctZeicWr0DoTvv8vMHeyx3/8/3
yVIyG05MwqK+7kZM8eCg2EgmADVZ/2aSJFipwBcthpFMAywYV/AlgSRLN5iBL/mg
LH6ws92ch94tGujRxlxuvwLyaJmO/V/BYgvmmPaFIMKqgxMu1858LlZp9NM70HaD
oLBLAzuRG23rjZosojeFMYOV2o+/vKwdMBiFLMj6X+x0/v/q5OFlI8kaaO1k8d3i
jT7M/WK8L1hzHMXJKuLK1EZyZvcZv29NG2kgYJNCkRfTppx+HBQCy4l2VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNHz4rsG+F9sHgvoCgzSWhG0jx6sMB8GA1UdIwQY
MBaAFGwyUKXBvat0sb0jwBxUqNcLbe8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkRKUXBjRzlxM1N4dlNQQUhGU28xd3R0N3lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS83MjRjOTctZjE0OS00NDZmLWJiZjEt
MjU0NDY4M2FhMTI1LzEvMGZQaXV3YjRYMndlQy1nS0ROSmFFYlNQSHF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS83MjRjOTctZjE0OS00NDZmLWJiZjEtMjU0NDY4M2FhMTI1
LzEvYkRKUXBjRzlxM1N4dlNQQUhGU28xd3R0N3lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Gb/MA0G
CSqGSIb3DQEBCwUAA4IBAQBBwpvgc5UA7mns6+f0x++Myk5V8M+4K7J/i2vjchTh
Hj1WdaJ2HBDP7KVAbGNKxztmaYztPKGefdtEFKiHk9T/79t6OwU1XfrTfdS/IMLl
wPIGX9ku+Y1vmVmdtOjGciPfzQdVcyDuRgHSoZvEwOqGHREI+Fse/ajBQQKRshCC
dxwg/NW3xjPA5/ZdEgbHvDA1zHqbHlwFTB1s1TW4EkqzJrqaJr4X8ZhbqmjR00yx
eBrZJT1WUsmbz8abdXsUJ3wO6XmqjzuHYcpj9qMPSyIlMxFjZnt8ow93T0Uxg+Ru
EHyB/bzKJvUzhsHmZ0Zg9JlaPb4qdzP038/Zuoy7zTDx
-----END CERTIFICATE-----