Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/b6002c-ef1f-48bb-8f50-5f10b42ec8cb/1/AhNUipw6fXOGhf2_abI-Q7MxJMI.roa
File:                     AhNUipw6fXOGhf2_abI-Q7MxJMI.roa (raw, json)
Hash identifier:          CDXwzR9qMT3a0bTmgjPfa63co3/DY62CHCQ822ruJ0E=
Subject key identifier:   02:13:54:8A:9C:3A:7D:73:86:85:FD:BF:69:B2:3E:43:B3:31:24:C2
Certificate issuer:       /CN=e9938a1e9011f2269e67a63da380019d296d9983
Certificate serial:       019B7C1286F22375A7EFCFB18426F2762626
Authority key identifier: E9:93:8A:1E:90:11:F2:26:9E:67:A6:3D:A3:80:01:9D:29:6D:99:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6ZOKHpAR8iaeZ6Y9o4ABnSltmYM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/b6002c-ef1f-48bb-8f50-5f10b42ec8cb/1/AhNUipw6fXOGhf2_abI-Q7MxJMI.roa
Signing time:             Fri 02 Jan 2026 00:19:07 +0000
ROA not before:           Fri 02 Jan 2026 00:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29051
IP address blocks:        195.47.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/b6002c-ef1f-48bb-8f50-5f10b42ec8cb/1/6ZOKHpAR8iaeZ6Y9o4ABnSltmYM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/b6002c-ef1f-48bb-8f50-5f10b42ec8cb/1/6ZOKHpAR8iaeZ6Y9o4ABnSltmYM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6ZOKHpAR8iaeZ6Y9o4ABnSltmYM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:86:f2:23:75:a7:ef:cf:b1:84:26:f2:76:26:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9938a1e9011f2269e67a63da380019d296d9983
        Validity
            Not Before: Jan  2 00:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0213548a9c3a7d738685fdbf69b23e43b33124c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:46:b7:cf:54:1b:d4:f7:c2:80:2e:a8:51:62:
                    8e:9d:fa:45:a8:17:6f:7e:11:fb:38:72:c2:04:31:
                    25:67:1c:1d:7c:25:02:ea:dd:27:cd:30:f8:9f:1e:
                    2d:8e:8c:63:a8:5d:f4:f4:9b:97:6c:99:85:2b:2b:
                    2c:63:5d:d3:e9:65:a7:c2:dd:51:24:75:44:a0:52:
                    46:ef:50:8c:57:95:29:c9:a0:82:38:49:49:16:0b:
                    38:59:c0:07:10:25:6a:ae:b3:1f:79:31:3a:5f:f2:
                    4d:5d:f0:30:cb:41:21:a1:41:e8:2b:2e:e5:27:80:
                    25:6f:c0:e3:54:0e:81:51:95:b0:d0:c9:10:50:c2:
                    14:bc:ff:10:1a:ea:aa:14:7c:07:b9:f6:2b:25:54:
                    dc:ad:da:3d:51:40:e1:b7:51:66:3a:a0:dd:fc:99:
                    ad:2b:ca:2e:74:b9:2f:f9:9f:1f:d8:48:e1:6e:51:
                    7d:bf:72:3b:d1:03:b5:11:76:c7:49:48:6d:f0:7a:
                    d4:45:23:27:88:7a:b0:0f:84:3a:c1:3a:4e:a0:ef:
                    a8:b8:5e:12:ef:10:d3:e3:19:dd:1f:f6:a5:3e:0b:
                    eb:fd:f4:4d:99:a6:d2:0f:a9:97:0e:40:e3:97:cd:
                    31:a0:b8:28:db:6c:83:e8:09:c6:0a:87:75:6b:69:
                    34:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:13:54:8A:9C:3A:7D:73:86:85:FD:BF:69:B2:3E:43:B3:31:24:C2
            X509v3 Authority Key Identifier:
                keyid:E9:93:8A:1E:90:11:F2:26:9E:67:A6:3D:A3:80:01:9D:29:6D:99:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6ZOKHpAR8iaeZ6Y9o4ABnSltmYM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/b6002c-ef1f-48bb-8f50-5f10b42ec8cb/1/AhNUipw6fXOGhf2_abI-Q7MxJMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/b6002c-ef1f-48bb-8f50-5f10b42ec8cb/1/6ZOKHpAR8iaeZ6Y9o4ABnSltmYM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.47.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:20:38:ba:27:5d:26:d3:bc:b6:df:c6:b7:28:3b:7f:96:4d:
         17:75:f8:a3:03:e7:67:96:e4:1e:26:02:04:2f:e6:e9:65:82:
         91:90:d3:41:13:48:18:9d:81:c6:f2:6a:38:cc:a4:52:d1:42:
         34:ff:51:e0:08:fd:0b:c3:7a:24:3e:15:1e:3e:3c:4a:7a:71:
         9f:e2:17:2f:79:d3:bc:03:a3:65:7f:3d:a2:a8:d9:d2:6a:e3:
         21:04:bb:bb:10:f1:9c:67:f6:82:d9:a7:7d:e7:46:4d:f3:a0:
         dd:26:8e:08:28:e2:47:86:83:b9:d0:4c:99:12:ab:3b:6a:65:
         70:58:76:ae:1f:2f:d1:b7:67:e3:2e:b1:21:7c:ec:38:9e:39:
         08:71:6a:76:fc:09:35:5e:22:01:77:92:01:16:ce:8a:a9:6e:
         ca:9d:1e:c6:cc:f5:cb:c0:d3:f2:55:43:0c:e1:42:26:63:d8:
         1a:47:05:16:98:3a:9d:54:78:4f:c9:8d:68:f5:82:55:3c:53:
         c0:ba:24:f5:33:cb:61:47:21:cd:ba:af:96:32:63:b2:e6:98:
         9d:17:a2:2f:a2:bb:d7:d2:11:1d:01:89:d0:63:d6:21:67:8f:
         16:6b:45:8a:0c:16:f0:2c:c0:34:8f:e5:69:83:12:cd:47:ba:
         f7:71:b8:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EobyI3Wn78+xhCbydiYmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5OTM4YTFlOTAxMWYyMjY5ZTY3YTYzZGEzODAwMTlkMjk2
ZDk5ODMwHhcNMjYwMTAyMDAxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjEzNTQ4YTljM2E3ZDczODY4NWZkYmY2OWIyM2U0M2IzMzEyNGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUa3z1Qb1PfCgC6oUWKOnfpFqBdv
fhH7OHLCBDElZxwdfCUC6t0nzTD4nx4tjoxjqF309JuXbJmFKyssY13T6WWnwt1R
JHVEoFJG71CMV5UpyaCCOElJFgs4WcAHECVqrrMfeTE6X/JNXfAwy0EhoUHoKy7l
J4Alb8DjVA6BUZWw0MkQUMIUvP8QGuqqFHwHufYrJVTcrdo9UUDht1FmOqDd/Jmt
K8oudLkv+Z8f2EjhblF9v3I70QO1EXbHSUht8HrURSMniHqwD4Q6wTpOoO+ouF4S
7xDT4xndH/alPgvr/fRNmabSD6mXDkDjl80xoLgo22yD6AnGCod1a2k0RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAITVIqcOn1zhoX9v2myPkOzMSTCMB8GA1UdIwQY
MBaAFOmTih6QEfImnmemPaOAAZ0pbZmDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlpPS0hwQVI4aWFlWjZZOW80QUJuU2x0bVlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9iNjAwMmMtZWYxZi00OGJiLThmNTAt
NWYxMGI0MmVjOGNiLzEvQWhOVWlwdzZmWE9HaGYyX2FiSS1RN014Sk1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9iNjAwMmMtZWYxZi00OGJiLThmNTAtNWYxMGI0MmVjOGNi
LzEvNlpPS0hwQVI4aWFlWjZZOW80QUJuU2x0bVlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwy/iMA0G
CSqGSIb3DQEBCwUAA4IBAQB+IDi6J10m07y238a3KDt/lk0XdfijA+dnluQeJgIE
L+bpZYKRkNNBE0gYnYHG8mo4zKRS0UI0/1HgCP0Lw3okPhUePjxKenGf4hcvedO8
A6Nlfz2iqNnSauMhBLu7EPGcZ/aC2ad950ZN86DdJo4IKOJHhoO50EyZEqs7amVw
WHauHy/Rt2fjLrEhfOw4njkIcWp2/Ak1XiIBd5IBFs6KqW7KnR7GzPXLwNPyVUMM
4UImY9gaRwUWmDqdVHhPyY1o9YJVPFPAuiT1M8thRyHNuq+WMmOy5pidF6IvorvX
0hEdAYnQY9YhZ48Wa0WKDBbwLMA0j+VpgxLNR7r3cbjG
-----END CERTIFICATE-----