Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/FfbuL1NsPqz_oOI2YFWe_jidZWQ.roa
File:                     FfbuL1NsPqz_oOI2YFWe_jidZWQ.roa (raw, json)
Hash identifier:          xTrWW0Q3nTMT/LdtoIpu3oN3dGDnM7py4l1pD0p9U8w=
Subject key identifier:   15:F6:EE:2F:53:6C:3E:AC:FF:A0:E2:36:60:55:9E:FE:38:9D:65:64
Certificate issuer:       /CN=313ebe436a75629b8f3db74a9a3fa1d5d30ad37f
Certificate serial:       019B7AC8793AE849F765639875C34A1F77DE
Authority key identifier: 31:3E:BE:43:6A:75:62:9B:8F:3D:B7:4A:9A:3F:A1:D5:D3:0A:D3:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MT6-Q2p1YpuPPbdKmj-h1dMK038.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/FfbuL1NsPqz_oOI2YFWe_jidZWQ.roa
Signing time:             Thu 01 Jan 2026 18:18:37 +0000
ROA not before:           Thu 01 Jan 2026 18:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202874
IP address blocks:        185.150.124.0/22 maxlen: 22
                          2a13:a540::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/MT6-Q2p1YpuPPbdKmj-h1dMK038.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/MT6-Q2p1YpuPPbdKmj-h1dMK038.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MT6-Q2p1YpuPPbdKmj-h1dMK038.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:79:3a:e8:49:f7:65:63:98:75:c3:4a:1f:77:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=313ebe436a75629b8f3db74a9a3fa1d5d30ad37f
        Validity
            Not Before: Jan  1 18:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=15f6ee2f536c3eacffa0e23660559efe389d6564
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:be:ea:32:e8:b3:2a:da:67:cd:f9:c5:37:fd:
                    f6:bb:36:b5:56:ef:80:7c:d3:78:64:4e:40:e0:49:
                    c1:91:2d:9b:78:86:fa:1b:5b:a9:21:41:27:7c:fd:
                    ff:75:d3:79:05:01:e3:c8:02:c2:5f:7a:26:e4:b4:
                    80:81:9f:19:43:56:b9:f7:bc:67:ee:f0:a6:24:f4:
                    01:67:51:36:19:15:03:f5:a1:56:e2:20:c0:63:ba:
                    94:1c:49:d9:82:ea:06:a1:25:3b:31:6b:70:a7:a8:
                    48:95:68:60:26:b5:42:ee:82:7b:56:6d:76:31:8d:
                    96:41:53:4a:ab:dc:c9:65:60:e2:80:bc:be:44:1b:
                    dd:b7:e5:b7:cf:ce:cf:4e:00:59:2e:9a:f4:ce:cb:
                    59:fa:74:11:02:57:2e:6e:63:fc:ca:03:b9:8d:49:
                    d0:d2:04:5e:e8:67:06:f7:9b:64:ec:04:c3:35:4d:
                    56:8a:78:78:f9:b9:92:8f:62:9d:aa:e3:b3:dd:63:
                    7e:2a:21:e5:c3:4c:ec:3a:ad:27:9c:ec:37:21:f3:
                    27:c2:c5:66:64:3a:7b:e0:67:ab:34:c5:70:d8:1c:
                    52:24:1c:73:4d:4a:26:58:51:60:cc:ac:4f:8e:9a:
                    a7:e1:e1:45:7f:b8:c4:e8:95:c5:6d:bc:a8:00:fb:
                    e5:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:F6:EE:2F:53:6C:3E:AC:FF:A0:E2:36:60:55:9E:FE:38:9D:65:64
            X509v3 Authority Key Identifier:
                keyid:31:3E:BE:43:6A:75:62:9B:8F:3D:B7:4A:9A:3F:A1:D5:D3:0A:D3:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MT6-Q2p1YpuPPbdKmj-h1dMK038.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/FfbuL1NsPqz_oOI2YFWe_jidZWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/72cc2b-7c1f-4a36-a700-960c8f0a95b2/1/MT6-Q2p1YpuPPbdKmj-h1dMK038.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.124.0/22
                IPv6:
                  2a13:a540::/29

    Signature Algorithm: sha256WithRSAEncryption
         b3:8c:e6:03:61:ca:20:86:fb:de:c8:6b:5f:c2:4a:7d:b9:84:
         96:e8:0e:33:54:96:a9:8f:25:cb:58:f6:12:66:ec:9a:1d:bf:
         74:6d:b8:f9:66:9a:02:78:4e:ac:60:ee:e7:38:17:d3:4b:23:
         fd:b5:55:bd:42:a4:88:16:7c:d2:03:c2:8d:f3:f1:98:f2:e2:
         36:08:08:2f:d0:2f:c7:72:60:2f:e0:15:21:09:c9:58:f4:9f:
         2b:b8:56:63:e6:53:26:bd:7c:35:4e:0b:6f:85:db:ec:92:41:
         17:43:03:b5:c1:de:0a:ae:e3:e8:52:dd:5f:b0:3a:44:ad:66:
         a2:52:e4:34:81:d5:31:2a:e0:48:40:ad:4d:6e:a2:fe:a3:4f:
         10:c1:7f:1e:66:80:bc:47:0a:c1:fc:39:57:75:44:84:e4:95:
         0b:93:64:b2:a5:6f:64:ef:e0:7c:df:fd:d5:f1:97:79:30:20:
         09:5c:55:f5:6c:2b:b5:7b:ad:7d:58:e5:95:1a:11:0e:92:29:
         13:12:2a:fb:68:46:ca:31:0b:fb:fe:f2:c7:57:ac:d3:0c:a3:
         79:db:5c:3f:2b:21:67:f5:26:7b:05:62:07:83:af:a6:57:e9:
         f3:c1:75:ae:72:56:d7:f5:19:7c:4d:b1:16:d7:1f:13:46:63:
         16:b8:3d:a6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt6yHk66En3ZWOYdcNKH3feMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxM2ViZTQzNmE3NTYyOWI4ZjNkYjc0YTlhM2ZhMWQ1ZDMw
YWQzN2YwHhcNMjYwMTAxMTgxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWY2ZWUyZjUzNmMzZWFjZmZhMGUyMzY2MDU1OWVmZTM4OWQ2NTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7r7qMuizKtpnzfnFN/32uza1Vu+A
fNN4ZE5A4EnBkS2beIb6G1upIUEnfP3/ddN5BQHjyALCX3om5LSAgZ8ZQ1a597xn
7vCmJPQBZ1E2GRUD9aFW4iDAY7qUHEnZguoGoSU7MWtwp6hIlWhgJrVC7oJ7Vm12
MY2WQVNKq9zJZWDigLy+RBvdt+W3z87PTgBZLpr0zstZ+nQRAlcubmP8ygO5jUnQ
0gRe6GcG95tk7ATDNU1Winh4+bmSj2KdquOz3WN+KiHlw0zsOq0nnOw3IfMnwsVm
ZDp74GerNMVw2BxSJBxzTUomWFFgzKxPjpqn4eFFf7jE6JXFbbyoAPvl+wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBX27i9TbD6s/6DiNmBVnv44nWVkMB8GA1UdIwQY
MBaAFDE+vkNqdWKbjz23Spo/odXTCtN/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVQ2LVEycDFZcHVQUGJkS21qLWgxZE1LMDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy83MmNjMmItN2MxZi00YTM2LWE3MDAt
OTYwYzhmMGE5NWIyLzEvRmZidUwxTnNQcXpfb09JMllGV2VfamlkWldRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy83MmNjMmItN2MxZi00YTM2LWE3MDAtOTYwYzhmMGE5NWIy
LzEvTVQ2LVEycDFZcHVQUGJkS21qLWgxZE1LMDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZZ8MA0E
AgACMAcDBQMqE6VAMA0GCSqGSIb3DQEBCwUAA4IBAQCzjOYDYcoghvveyGtfwkp9
uYSW6A4zVJapjyXLWPYSZuyaHb90bbj5ZpoCeE6sYO7nOBfTSyP9tVW9QqSIFnzS
A8KN8/GY8uI2CAgv0C/HcmAv4BUhCclY9J8ruFZj5lMmvXw1TgtvhdvskkEXQwO1
wd4KruPoUt1fsDpErWaiUuQ0gdUxKuBIQK1NbqL+o08QwX8eZoC8RwrB/DlXdUSE
5JULk2SypW9k7+B83/3V8Zd5MCAJXFX1bCu1e619WOWVGhEOkikTEir7aEbKMQv7
/vLHV6zTDKN521w/KyFn9SZ7BWIHg6+mV+nzwXWuclbX9Rl8TbEW1x8TRmMWuD2m
-----END CERTIFICATE-----