Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/2ca7c4-15bb-4728-8c9b-ae1799a3d914/1/8ckA-TW7EdXihYdZdkqiS3M4HTc.roa
File:                     8ckA-TW7EdXihYdZdkqiS3M4HTc.roa (raw, json)
Hash identifier:          e4A0NWF+aH4l7eHRDWs3d41SyQFvOrkVOSjq2z6q+xo=
Subject key identifier:   F1:C9:00:F9:35:BB:11:D5:E2:85:87:59:76:4A:A2:4B:73:38:1D:37
Certificate issuer:       /CN=b9461987d000d8e618854ce4e3ff819ff8f4d244
Certificate serial:       019B7CECF28423C0FB7F95C54B3C7776AD98
Authority key identifier: B9:46:19:87:D0:00:D8:E6:18:85:4C:E4:E3:FF:81:9F:F8:F4:D2:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUYZh9AA2OYYhUzk4_-Bn_j00kQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/2ca7c4-15bb-4728-8c9b-ae1799a3d914/1/8ckA-TW7EdXihYdZdkqiS3M4HTc.roa
Signing time:             Fri 02 Jan 2026 04:17:41 +0000
ROA not before:           Fri 02 Jan 2026 04:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197837
IP address blocks:        94.154.56.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/2ca7c4-15bb-4728-8c9b-ae1799a3d914/1/uUYZh9AA2OYYhUzk4_-Bn_j00kQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/2ca7c4-15bb-4728-8c9b-ae1799a3d914/1/uUYZh9AA2OYYhUzk4_-Bn_j00kQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUYZh9AA2OYYhUzk4_-Bn_j00kQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 19:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ec:f2:84:23:c0:fb:7f:95:c5:4b:3c:77:76:ad:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9461987d000d8e618854ce4e3ff819ff8f4d244
        Validity
            Not Before: Jan  2 04:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f1c900f935bb11d5e2858759764aa24b73381d37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ea:ac:29:8b:ad:cd:51:ae:c9:1d:98:99:62:
                    94:88:46:34:4e:88:94:71:fe:3b:25:e4:61:5b:3a:
                    81:c2:99:75:6f:88:5f:ce:d1:66:2d:58:a0:41:fe:
                    85:de:ff:3f:98:83:c9:40:2a:b8:36:d8:fa:45:9f:
                    5e:7a:40:ad:1a:1b:6d:b2:23:51:4d:ef:72:a2:22:
                    f9:3f:18:88:af:cd:f0:c9:f7:1e:e5:e6:18:71:13:
                    64:1e:58:7e:95:64:f2:dc:ca:80:6c:8e:29:1c:8c:
                    ce:b9:09:54:7c:e5:c3:97:11:00:8e:04:31:cf:f9:
                    c5:58:8a:d3:d5:a4:87:85:da:28:1d:23:34:84:f4:
                    ce:ec:cf:99:00:fb:d1:a0:97:05:55:8a:0b:fe:6e:
                    6e:e3:31:f8:8f:75:b2:cd:fd:da:71:bf:7d:24:54:
                    64:73:51:9d:b2:70:b1:6b:d6:bf:55:e1:8e:02:ce:
                    d1:db:94:36:11:e6:75:bb:d0:f6:d9:59:5b:b8:2f:
                    51:d2:6b:18:64:07:2c:8d:ed:f1:14:5d:46:3f:03:
                    7a:17:b5:0d:68:47:b2:91:1b:02:b7:51:9c:b2:fb:
                    74:7d:2f:5f:fd:8f:2e:79:c2:e4:58:9d:7e:a9:0b:
                    44:a0:f8:d9:88:53:5c:46:91:fa:b8:54:59:aa:4f:
                    fc:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:C9:00:F9:35:BB:11:D5:E2:85:87:59:76:4A:A2:4B:73:38:1D:37
            X509v3 Authority Key Identifier:
                keyid:B9:46:19:87:D0:00:D8:E6:18:85:4C:E4:E3:FF:81:9F:F8:F4:D2:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUYZh9AA2OYYhUzk4_-Bn_j00kQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/2ca7c4-15bb-4728-8c9b-ae1799a3d914/1/8ckA-TW7EdXihYdZdkqiS3M4HTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/2ca7c4-15bb-4728-8c9b-ae1799a3d914/1/uUYZh9AA2OYYhUzk4_-Bn_j00kQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         76:02:c9:5d:98:de:cb:2c:77:f5:7f:1e:60:50:f7:a5:fc:8c:
         54:b5:44:29:eb:02:aa:eb:30:c0:9b:cf:30:28:f2:bc:66:53:
         1f:4b:40:e4:58:2d:ea:c6:78:d7:64:9d:da:ef:46:e9:4a:69:
         79:e3:8e:b0:95:11:d6:d5:76:66:c4:9e:11:87:6e:33:32:11:
         88:66:9f:7b:1a:e0:c2:f7:7b:39:bf:ab:c0:d1:a0:51:00:66:
         31:cd:e2:a0:0a:ef:3f:19:42:a9:31:5c:f5:ad:e2:58:43:ff:
         69:f0:da:04:08:37:05:c0:3d:ee:ac:a2:70:53:4a:28:55:a0:
         e2:0c:ad:95:f1:74:19:45:c8:8c:86:a5:3e:77:e4:09:af:9b:
         c1:dc:77:e7:eb:26:f1:a2:06:df:a8:77:21:20:3c:5d:4a:e8:
         9f:bc:6c:cb:cd:da:77:3b:f8:c5:98:05:b5:17:87:13:2d:ed:
         49:b4:7d:bb:ec:02:1b:d5:8c:bf:b1:5c:a3:27:7c:35:40:7b:
         5f:a3:06:f7:b9:e1:d6:27:e7:ef:34:01:1b:30:ba:57:2d:76:
         0e:a3:0e:25:b1:74:a1:e8:74:38:20:a0:c8:f5:93:28:fc:b0:
         54:fd:2b:b9:3c:09:2b:be:a2:9f:7d:b4:95:12:92:fe:93:7f:
         16:76:39:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87PKEI8D7f5XFSzx3dq2YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDYxOTg3ZDAwMGQ4ZTYxODg1NGNlNGUzZmY4MTlmZjhm
NGQyNDQwHhcNMjYwMTAyMDQxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWM5MDBmOTM1YmIxMWQ1ZTI4NTg3NTk3NjRhYTI0YjczMzgxZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhuqsKYutzVGuyR2YmWKUiEY0ToiU
cf47JeRhWzqBwpl1b4hfztFmLVigQf6F3v8/mIPJQCq4Ntj6RZ9eekCtGhttsiNR
Te9yoiL5PxiIr83wyfce5eYYcRNkHlh+lWTy3MqAbI4pHIzOuQlUfOXDlxEAjgQx
z/nFWIrT1aSHhdooHSM0hPTO7M+ZAPvRoJcFVYoL/m5u4zH4j3Wyzf3acb99JFRk
c1GdsnCxa9a/VeGOAs7R25Q2EeZ1u9D22VlbuC9R0msYZAcsje3xFF1GPwN6F7UN
aEeykRsCt1Gcsvt0fS9f/Y8uecLkWJ1+qQtEoPjZiFNcRpH6uFRZqk/8jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHJAPk1uxHV4oWHWXZKoktzOB03MB8GA1UdIwQY
MBaAFLlGGYfQANjmGIVM5OP/gZ/49NJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVZWmg5QUEyT1lZaFV6azRfLUJuX2owMGtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8yY2E3YzQtMTViYi00NzI4LThjOWIt
YWUxNzk5YTNkOTE0LzEvOGNrQS1UVzdFZFhpaFlkWmRrcWlTM000SFRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8yY2E3YzQtMTViYi00NzI4LThjOWItYWUxNzk5YTNkOTE0
LzEvdVVZWmg5QUEyT1lZaFV6azRfLUJuX2owMGtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXpo4MA0G
CSqGSIb3DQEBCwUAA4IBAQB2AsldmN7LLHf1fx5gUPel/IxUtUQp6wKq6zDAm88w
KPK8ZlMfS0DkWC3qxnjXZJ3a70bpSml5446wlRHW1XZmxJ4Rh24zMhGIZp97GuDC
93s5v6vA0aBRAGYxzeKgCu8/GUKpMVz1reJYQ/9p8NoECDcFwD3urKJwU0ooVaDi
DK2V8XQZRciMhqU+d+QJr5vB3Hfn6ybxogbfqHchIDxdSuifvGzLzdp3O/jFmAW1
F4cTLe1JtH277AIb1Yy/sVyjJ3w1QHtfowb3ueHWJ+fvNAEbMLpXLXYOow4lsXSh
6HQ4IKDI9ZMo/LBU/Su5PAkrvqKffbSVEpL+k38WdjmW
-----END CERTIFICATE-----