Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/b6wl6UOnM78Lu17GHxPqFqDhyUE.roa
File:                     b6wl6UOnM78Lu17GHxPqFqDhyUE.roa (raw, json)
Hash identifier:          kA09Zc9zhv3l/lp97KkUt2qpUA/O9aXdkknPhTyEEwI=
Subject key identifier:   6F:AC:25:E9:43:A7:33:BF:0B:BB:5E:C6:1F:13:EA:16:A0:E1:C9:41
Certificate issuer:       /CN=3b0bf18d6bbdb33da82fe61a28624ba72e235040
Certificate serial:       019C992CA99EF8AF160260EE3DD4C9FDD941
Authority key identifier: 3B:0B:F1:8D:6B:BD:B3:3D:A8:2F:E6:1A:28:62:4B:A7:2E:23:50:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwvxjWu9sz2oL-YaKGJLpy4jUEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/b6wl6UOnM78Lu17GHxPqFqDhyUE.roa
Signing time:             Thu 26 Feb 2026 08:59:26 +0000
ROA not before:           Thu 26 Feb 2026 08:59:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     976
IP address blocks:        209.33.176.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/OwvxjWu9sz2oL-YaKGJLpy4jUEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/OwvxjWu9sz2oL-YaKGJLpy4jUEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwvxjWu9sz2oL-YaKGJLpy4jUEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:99:2c:a9:9e:f8:af:16:02:60:ee:3d:d4:c9:fd:d9:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b0bf18d6bbdb33da82fe61a28624ba72e235040
        Validity
            Not Before: Feb 26 08:59:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6fac25e943a733bf0bbb5ec61f13ea16a0e1c941
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e5:e2:c3:43:f6:d9:08:83:69:12:19:63:2e:
                    bc:df:9e:6b:1b:e4:be:9c:7f:3d:14:ae:0b:65:49:
                    78:7c:ca:9d:a6:26:26:0a:a4:30:58:cb:10:81:04:
                    0d:68:ca:c9:a4:89:a8:91:38:f7:70:ac:2b:ca:9b:
                    84:2e:fe:6e:75:ed:81:19:c6:73:b0:f2:69:f0:1c:
                    74:f9:41:c2:9f:a4:6e:6a:2b:60:07:8b:82:16:55:
                    d5:a4:a1:bc:e9:4e:e8:9b:df:a3:8c:20:f6:8c:e8:
                    a7:41:6e:c9:9e:01:da:34:c1:f3:47:e0:28:8c:5a:
                    d4:0d:a4:6b:d5:df:58:f3:45:2e:48:e2:88:cd:6d:
                    36:41:7f:08:e6:c3:94:20:41:9b:6b:0b:56:fb:64:
                    1e:ff:4b:4d:af:43:79:57:cc:c1:64:84:c1:d2:ed:
                    02:7d:b7:6e:e7:05:75:42:c3:42:fb:d2:44:9f:f3:
                    8c:cd:41:b3:32:80:89:ab:4e:ec:d3:cf:0d:98:3a:
                    3d:2d:a9:b0:a6:89:a4:30:31:fc:57:01:66:b4:9b:
                    e1:01:b2:09:98:2a:ed:cc:bd:dd:42:f5:14:6c:e4:
                    df:83:e0:a4:bb:63:71:a4:79:7c:3d:81:cc:cd:5a:
                    70:ab:33:c0:62:42:55:00:8f:96:7c:da:51:e0:d9:
                    30:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:AC:25:E9:43:A7:33:BF:0B:BB:5E:C6:1F:13:EA:16:A0:E1:C9:41
            X509v3 Authority Key Identifier:
                keyid:3B:0B:F1:8D:6B:BD:B3:3D:A8:2F:E6:1A:28:62:4B:A7:2E:23:50:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwvxjWu9sz2oL-YaKGJLpy4jUEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/b6wl6UOnM78Lu17GHxPqFqDhyUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/5ddee9-c1c4-4b57-b6b8-d49916b5f2b4/1/OwvxjWu9sz2oL-YaKGJLpy4jUEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.33.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6f:79:2a:1f:5a:ef:45:67:8b:24:4c:fc:eb:e0:be:c8:6c:ea:
         ae:87:38:0e:17:6c:7b:5b:58:39:7d:ed:e8:f4:53:6f:39:40:
         21:a9:25:0b:de:b2:f2:fa:62:a4:df:de:b9:8c:a9:98:82:7a:
         7f:5e:9a:9d:fc:87:23:e4:bb:b1:23:83:05:83:15:43:16:e6:
         f5:07:99:3e:fe:ce:3a:a6:f7:ca:35:86:20:97:f0:bb:2d:26:
         3b:e3:71:d2:be:0a:f0:95:c4:3b:d3:b3:81:21:6c:d3:e7:a9:
         83:fd:97:b3:b3:30:0c:cc:5b:21:f3:da:be:7e:ed:15:da:e9:
         cb:66:fe:16:f1:77:3e:7c:75:90:a2:b7:df:d5:d8:6b:97:27:
         7c:22:f9:d0:55:6a:b1:e7:c1:ef:f5:cf:86:e0:e5:fa:0f:cd:
         b5:cf:48:41:e6:45:e4:48:9c:db:6c:3e:fb:66:58:29:45:cc:
         27:4a:86:8f:fb:7a:2a:41:46:e2:02:64:b7:e9:fa:60:a1:92:
         d4:05:f5:fa:f5:8b:5c:10:d0:3c:10:d6:c5:55:2f:33:00:b9:
         2e:fc:be:ab:35:e7:89:a3:94:b4:a4:89:c4:73:cd:db:f8:75:
         9b:33:80:e5:07:ab:88:55:a3:2c:0e:87:07:32:e9:09:22:6b:
         ca:2f:ec:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyZLKme+K8WAmDuPdTJ/dlBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMGJmMThkNmJiZGIzM2RhODJmZTYxYTI4NjI0YmE3MmUy
MzUwNDAwHhcNMjYwMjI2MDg1OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmFjMjVlOTQzYTczM2JmMGJiYjVlYzYxZjEzZWExNmEwZTFjOTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOXiw0P22QiDaRIZYy68355rG+S+
nH89FK4LZUl4fMqdpiYmCqQwWMsQgQQNaMrJpImokTj3cKwrypuELv5ude2BGcZz
sPJp8Bx0+UHCn6RuaitgB4uCFlXVpKG86U7om9+jjCD2jOinQW7JngHaNMHzR+Ao
jFrUDaRr1d9Y80UuSOKIzW02QX8I5sOUIEGbawtW+2Qe/0tNr0N5V8zBZITB0u0C
fbdu5wV1QsNC+9JEn/OMzUGzMoCJq07s088NmDo9LamwpomkMDH8VwFmtJvhAbIJ
mCrtzL3dQvUUbOTfg+Cku2NxpHl8PYHMzVpwqzPAYkJVAI+WfNpR4NkwYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+sJelDpzO/C7texh8T6hag4clBMB8GA1UdIwQY
MBaAFDsL8Y1rvbM9qC/mGihiS6cuI1BAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3d2eGpXdTlzejJvTC1ZYUtHSkxweTRqVUVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS81ZGRlZTktYzFjNC00YjU3LWI2Yjgt
ZDQ5OTE2YjVmMmI0LzEvYjZ3bDZVT25NNzhMdTE3R0h4UHFGcURoeVVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS81ZGRlZTktYzFjNC00YjU3LWI2YjgtZDQ5OTE2YjVmMmI0
LzEvT3d2eGpXdTlzejJvTC1ZYUtHSkxweTRqVUVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE0SGwMA0G
CSqGSIb3DQEBCwUAA4IBAQBveSofWu9FZ4skTPzr4L7IbOquhzgOF2x7W1g5fe3o
9FNvOUAhqSUL3rLy+mKk3965jKmYgnp/Xpqd/Icj5LuxI4MFgxVDFub1B5k+/s46
pvfKNYYgl/C7LSY743HSvgrwlcQ707OBIWzT56mD/ZezszAMzFsh89q+fu0V2unL
Zv4W8Xc+fHWQorff1dhrlyd8IvnQVWqx58Hv9c+G4OX6D821z0hB5kXkSJzbbD77
ZlgpRcwnSoaP+3oqQUbiAmS36fpgoZLUBfX69YtcENA8ENbFVS8zALku/L6rNeeJ
o5S0pInEc83b+HWbM4DlB6uIVaMsDocHMukJImvKL+zU
-----END CERTIFICATE-----