Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/st6PpxNzc658VtFlT-Zn2lQC-m4.roa
File:                     st6PpxNzc658VtFlT-Zn2lQC-m4.roa (raw, json)
Hash identifier:          W95r/R+SgURS888l3lfH6YKShbzwq5+KfmT/KdREE+Q=
Subject key identifier:   B2:DE:8F:A7:13:73:73:AE:7C:56:D1:65:4F:E6:67:DA:54:02:FA:6E
Certificate issuer:       /CN=1ebe3e521407f597f255f3fb4e0b569c32083552
Certificate serial:       019B79102CA894F21EA4A92CB0B69BDC3A07
Authority key identifier: 1E:BE:3E:52:14:07:F5:97:F2:55:F3:FB:4E:0B:56:9C:32:08:35:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/st6PpxNzc658VtFlT-Zn2lQC-m4.roa
Signing time:             Thu 01 Jan 2026 10:17:41 +0000
ROA not before:           Thu 01 Jan 2026 10:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43728
IP address blocks:        78.31.0.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:2c:a8:94:f2:1e:a4:a9:2c:b0:b6:9b:dc:3a:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ebe3e521407f597f255f3fb4e0b569c32083552
        Validity
            Not Before: Jan  1 10:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b2de8fa7137373ae7c56d1654fe667da5402fa6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:f5:d1:f5:d6:53:26:d5:fc:e3:8b:93:83:87:
                    18:4e:f1:14:9d:de:0b:6e:18:ed:59:89:43:db:97:
                    9d:53:e5:e2:68:11:d4:49:2f:6a:24:ed:fc:7d:e3:
                    50:09:72:44:47:4e:98:d0:f1:0d:a6:f0:77:04:b9:
                    c3:09:f3:21:2e:0f:cd:1f:ad:a3:cc:c3:81:ad:79:
                    51:d5:9c:f9:5e:d7:bf:1d:72:ec:6d:67:cb:b0:35:
                    86:d7:c6:7e:ce:c3:e8:9a:17:e3:ed:c1:56:31:31:
                    2e:05:aa:0c:b0:d9:08:d5:07:06:66:94:5e:32:8a:
                    41:9f:53:34:ab:62:aa:ba:fe:fa:82:0b:fa:36:d2:
                    30:83:ae:8c:a3:b0:80:e4:da:26:33:78:00:80:c8:
                    01:b7:0c:0d:40:28:f2:c0:ac:9d:c5:ef:02:8d:77:
                    fb:49:08:ba:c2:e8:fc:9c:c0:dc:eb:0e:1c:15:07:
                    8e:3c:ba:f2:7d:df:db:84:fe:25:f0:d9:69:60:39:
                    6f:0c:31:29:6f:47:76:07:cf:31:62:7e:4f:f9:f2:
                    56:c7:2d:89:58:b7:65:eb:e3:fd:2f:cc:2a:41:8e:
                    bb:27:a3:aa:ce:78:56:44:c8:2d:63:5b:75:f6:79:
                    15:67:9c:16:43:81:d3:fe:b8:bc:ae:d5:71:7b:5c:
                    57:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:DE:8F:A7:13:73:73:AE:7C:56:D1:65:4F:E6:67:DA:54:02:FA:6E
            X509v3 Authority Key Identifier:
                keyid:1E:BE:3E:52:14:07:F5:97:F2:55:F3:FB:4E:0B:56:9C:32:08:35:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/st6PpxNzc658VtFlT-Zn2lQC-m4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/124ac8-fa93-4c23-bd62-5b4aff7a6398/1/Hr4-UhQH9ZfyVfP7TgtWnDIINVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8b:05:c3:4a:4a:7a:30:18:db:fb:d1:67:52:de:37:8c:14:e8:
         36:b4:fd:a3:a2:93:14:f2:c6:59:17:c0:cb:ab:e4:88:02:28:
         c1:15:21:95:43:14:ff:e9:11:b1:29:5b:f4:27:a0:30:a0:09:
         2a:34:38:59:c3:d8:35:3e:07:26:35:75:7e:65:bb:b0:95:96:
         37:79:0c:fd:57:f2:1a:b8:58:ab:bd:0a:75:f2:19:bc:ae:2e:
         d1:b6:0b:a1:19:7a:52:33:4e:6b:4b:c0:bb:28:5f:7d:b5:10:
         41:9e:45:da:0c:7d:68:82:95:e5:a6:03:38:a2:e8:5a:87:d9:
         f3:dc:d0:e0:67:fd:9b:c3:5b:1b:28:da:fe:32:92:67:72:cf:
         9a:28:9c:99:de:2e:27:ab:68:74:6b:64:dd:c9:1d:aa:ac:33:
         08:55:67:a4:53:e0:ec:f8:2b:2a:20:5d:7a:ab:6d:09:55:51:
         0f:7c:66:d5:80:05:76:22:96:f3:4c:42:8e:6e:dc:c6:51:a8:
         a4:ca:00:75:e1:13:a0:57:4c:5f:be:5b:74:2c:77:28:c6:ed:
         11:58:71:5a:f5:f9:68:b2:d1:8b:50:20:fa:be:c7:20:be:92:
         32:52:73:27:c2:51:b9:5d:10:91:63:c9:f2:18:fc:c4:8f:51:
         79:bc:3a:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ECyolPIepKkssLab3DoHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYmUzZTUyMTQwN2Y1OTdmMjU1ZjNmYjRlMGI1NjljMzIw
ODM1NTIwHhcNMjYwMTAxMTAxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmRlOGZhNzEzNzM3M2FlN2M1NmQxNjU0ZmU2NjdkYTU0MDJmYTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/XR9dZTJtX844uTg4cYTvEUnd4L
bhjtWYlD25edU+XiaBHUSS9qJO38feNQCXJER06Y0PENpvB3BLnDCfMhLg/NH62j
zMOBrXlR1Zz5Xte/HXLsbWfLsDWG18Z+zsPomhfj7cFWMTEuBaoMsNkI1QcGZpRe
MopBn1M0q2Kquv76ggv6NtIwg66Mo7CA5NomM3gAgMgBtwwNQCjywKydxe8CjXf7
SQi6wuj8nMDc6w4cFQeOPLryfd/bhP4l8NlpYDlvDDEpb0d2B88xYn5P+fJWxy2J
WLdl6+P9L8wqQY67J6OqznhWRMgtY1t19nkVZ5wWQ4HT/ri8rtVxe1xXfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLLej6cTc3OufFbRZU/mZ9pUAvpuMB8GA1UdIwQY
MBaAFB6+PlIUB/WX8lXz+04LVpwyCDVSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHI0LVVoUUg5WmZ5VmZQN1RndFduRElJTlZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8xMjRhYzgtZmE5My00YzIzLWJkNjIt
NWI0YWZmN2E2Mzk4LzEvc3Q2UHB4TnpjNjU4VnRGbFQtWm4ybFFDLW00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8xMjRhYzgtZmE5My00YzIzLWJkNjItNWI0YWZmN2E2Mzk4
LzEvSHI0LVVoUUg5WmZ5VmZQN1RndFduRElJTlZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTh8AMA0G
CSqGSIb3DQEBCwUAA4IBAQCLBcNKSnowGNv70WdS3jeMFOg2tP2jopMU8sZZF8DL
q+SIAijBFSGVQxT/6RGxKVv0J6AwoAkqNDhZw9g1PgcmNXV+ZbuwlZY3eQz9V/Ia
uFirvQp18hm8ri7RtguhGXpSM05rS8C7KF99tRBBnkXaDH1ogpXlpgM4ouhah9nz
3NDgZ/2bw1sbKNr+MpJncs+aKJyZ3i4nq2h0a2TdyR2qrDMIVWekU+Ds+CsqIF16
q20JVVEPfGbVgAV2IpbzTEKObtzGUaikygB14ROgV0xfvlt0LHcoxu0RWHFa9flo
stGLUCD6vscgvpIyUnMnwlG5XRCRY8nyGPzEj1F5vDps
-----END CERTIFICATE-----