Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/1f1ccb-ed10-4fe8-ae0b-61b982ada662/1/JgD7sSFnrb2xUGiELXOjiaZY0BI.roa
File:                     JgD7sSFnrb2xUGiELXOjiaZY0BI.roa (raw, json)
Hash identifier:          9teg4ZtPmwzMB8k8UcTSQ3ddbpx2ua0lA+j0ULnnCdQ=
Subject key identifier:   26:00:FB:B1:21:67:AD:BD:B1:50:68:84:2D:73:A3:89:A6:58:D0:12
Certificate issuer:       /CN=c0ab92de7eaf5fbb2d14a508a90cefc569b54ed4
Certificate serial:       019B79ED0B9E97156BBD8D5C510FE059E59A
Authority key identifier: C0:AB:92:DE:7E:AF:5F:BB:2D:14:A5:08:A9:0C:EF:C5:69:B5:4E:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wKuS3n6vX7stFKUIqQzvxWm1TtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/1f1ccb-ed10-4fe8-ae0b-61b982ada662/1/JgD7sSFnrb2xUGiELXOjiaZY0BI.roa
Signing time:             Thu 01 Jan 2026 14:18:56 +0000
ROA not before:           Thu 01 Jan 2026 14:18:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210026
IP address blocks:        151.90.0.0/16 maxlen: 24
                          185.86.84.0/22 maxlen: 24
                          2a05:b740::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/1f1ccb-ed10-4fe8-ae0b-61b982ada662/1/wKuS3n6vX7stFKUIqQzvxWm1TtQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/1f1ccb-ed10-4fe8-ae0b-61b982ada662/1/wKuS3n6vX7stFKUIqQzvxWm1TtQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wKuS3n6vX7stFKUIqQzvxWm1TtQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:0b:9e:97:15:6b:bd:8d:5c:51:0f:e0:59:e5:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0ab92de7eaf5fbb2d14a508a90cefc569b54ed4
        Validity
            Not Before: Jan  1 14:18:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2600fbb12167adbdb15068842d73a389a658d012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0e:26:d5:b1:83:89:cb:93:7d:ec:c4:59:d3:
                    4b:7b:7a:4e:0f:5d:e2:b6:f3:05:47:f1:bf:d7:d4:
                    40:24:27:a3:86:a2:ba:f3:94:2d:fe:25:f6:ab:a3:
                    16:03:03:49:9c:36:93:9d:1b:71:52:d8:3c:d7:9f:
                    7e:fc:4e:ce:8b:08:7b:a1:3e:fd:07:73:76:47:cb:
                    4f:51:d4:b8:38:78:7c:60:25:de:20:76:c6:81:0a:
                    21:a4:1c:26:fc:ab:28:15:a4:15:b8:80:8a:9f:36:
                    22:2c:d6:25:89:92:7d:a8:95:9a:5e:cb:ac:e7:0b:
                    99:fd:06:8e:0b:a9:14:83:9a:f3:7d:72:6b:3f:f9:
                    b1:9e:39:2c:34:00:c6:8e:81:6b:bb:40:e4:70:e7:
                    4e:f6:0e:18:9a:fb:43:98:66:af:3a:71:f0:04:e6:
                    fc:76:c1:da:d7:7b:a2:3d:df:17:03:49:0c:ae:1b:
                    a9:9a:eb:d2:9d:df:3a:db:4f:08:d7:0e:e4:b5:12:
                    ce:47:ca:8c:82:22:dd:46:1a:13:f4:37:14:59:02:
                    c9:9b:53:84:c3:1b:52:58:d0:8c:12:b7:15:8c:28:
                    d9:58:b5:f2:5e:35:01:63:9f:ff:02:47:b9:a5:b9:
                    c4:79:ee:cd:0b:1d:cf:26:9f:91:22:63:24:20:1f:
                    f9:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:00:FB:B1:21:67:AD:BD:B1:50:68:84:2D:73:A3:89:A6:58:D0:12
            X509v3 Authority Key Identifier:
                keyid:C0:AB:92:DE:7E:AF:5F:BB:2D:14:A5:08:A9:0C:EF:C5:69:B5:4E:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wKuS3n6vX7stFKUIqQzvxWm1TtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/1f1ccb-ed10-4fe8-ae0b-61b982ada662/1/JgD7sSFnrb2xUGiELXOjiaZY0BI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/1f1ccb-ed10-4fe8-ae0b-61b982ada662/1/wKuS3n6vX7stFKUIqQzvxWm1TtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.90.0.0/16
                  185.86.84.0/22
                IPv6:
                  2a05:b740::/29

    Signature Algorithm: sha256WithRSAEncryption
         6a:8f:0a:2f:04:d5:49:1f:b8:b2:e1:87:70:48:da:a6:cb:c8:
         90:e3:a8:9d:fd:a6:2a:1f:bf:0d:0d:48:00:2c:9b:7f:6d:74:
         40:cd:42:77:35:b1:2f:83:a4:db:eb:a5:43:7b:91:3a:fd:62:
         80:78:22:08:dd:4c:5a:3c:66:f2:5a:33:aa:cd:55:f9:01:57:
         83:4f:d6:06:29:34:9e:98:77:fe:83:81:3a:5e:dc:0d:77:46:
         d5:b1:04:7e:61:52:2e:80:de:b8:69:2d:50:48:f7:7d:34:a2:
         b8:06:d4:ef:9c:62:30:3b:1b:0a:fc:d6:61:1d:4b:8f:7e:3f:
         14:d2:8f:28:3b:c0:a9:72:22:85:9f:95:78:5e:de:66:2b:c7:
         d0:78:fe:87:37:4b:c0:fc:6a:1a:cc:ce:2b:1b:e8:da:25:18:
         de:01:1c:24:5d:47:3c:7e:61:a6:8a:52:0a:3f:77:08:1f:a4:
         05:64:11:5b:d5:f0:7e:f6:95:b9:54:24:51:fd:da:04:a5:4c:
         7c:ea:94:a6:f4:58:3d:20:94:ea:e6:d9:55:47:16:8f:3b:13:
         7e:cd:6f:c1:74:50:65:11:02:d1:16:16:d3:85:19:22:35:06:
         00:f5:ff:a9:39:9b:44:6a:f6:cb:8d:18:10:6e:c0:34:da:11:
         8d:3e:d9:a6
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZt57QuelxVrvY1cUQ/gWeWaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwYWI5MmRlN2VhZjVmYmIyZDE0YTUwOGE5MGNlZmM1Njli
NTRlZDQwHhcNMjYwMTAxMTQxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjAwZmJiMTIxNjdhZGJkYjE1MDY4ODQyZDczYTM4OWE2NThkMDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQ4m1bGDicuTfezEWdNLe3pOD13i
tvMFR/G/19RAJCejhqK685Qt/iX2q6MWAwNJnDaTnRtxUtg8159+/E7Oiwh7oT79
B3N2R8tPUdS4OHh8YCXeIHbGgQohpBwm/KsoFaQVuICKnzYiLNYliZJ9qJWaXsus
5wuZ/QaOC6kUg5rzfXJrP/mxnjksNADGjoFru0DkcOdO9g4YmvtDmGavOnHwBOb8
dsHa13uiPd8XA0kMrhupmuvSnd86208I1w7ktRLOR8qMgiLdRhoT9DcUWQLJm1OE
wxtSWNCMErcVjCjZWLXyXjUBY5//Ake5pbnEee7NCx3PJp+RImMkIB/5iwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFCYA+7EhZ629sVBohC1zo4mmWNASMB8GA1UdIwQY
MBaAFMCrkt5+r1+7LRSlCKkM78VptU7UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0t1UzNuNnZYN3N0RktVSXFRenZ4V20xVHRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8xZjFjY2ItZWQxMC00ZmU4LWFlMGIt
NjFiOTgyYWRhNjYyLzEvSmdEN3NTRm5yYjJ4VUdpRUxYT2ppYVpZMEJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8xZjFjY2ItZWQxMC00ZmU4LWFlMGItNjFiOTgyYWRhNjYy
LzEvd0t1UzNuNnZYN3N0RktVSXFRenZ4V20xVHRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAl1oDBAK5
VlQwDQQCAAIwBwMFAyoFt0AwDQYJKoZIhvcNAQELBQADggEBAGqPCi8E1UkfuLLh
h3BI2qbLyJDjqJ39piofvw0NSAAsm39tdEDNQnc1sS+DpNvrpUN7kTr9YoB4Igjd
TFo8ZvJaM6rNVfkBV4NP1gYpNJ6Yd/6DgTpe3A13RtWxBH5hUi6A3rhpLVBI9300
orgG1O+cYjA7Gwr81mEdS49+PxTSjyg7wKlyIoWflXhe3mYrx9B4/oc3S8D8ahrM
zisb6NolGN4BHCRdRzx+YaaKUgo/dwgfpAVkEVvV8H72lblUJFH92gSlTHzqlKb0
WD0glOrm2VVHFo87E37Nb8F0UGURAtEWFtOFGSI1BgD1/6k5m0Rq9suNGBBuwDTa
EY0+2aY=
-----END CERTIFICATE-----