Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/b27704-ef52-44a7-bdd1-f9f91e4e31fa/1/6p1ednwrZQ_JDbcmNlbUx0LPSFQ.roa
File:                     6p1ednwrZQ_JDbcmNlbUx0LPSFQ.roa (raw, json)
Hash identifier:          hIJJSdmlqRlS5NfeTFhoCLt5Vs93+x5E1RzMdfdB3oA=
Subject key identifier:   EA:9D:5E:76:7C:2B:65:0F:C9:0D:B7:26:36:56:D4:C7:42:CF:48:54
Certificate issuer:       /CN=77724112f0285d830c87ee3256d51968f15bb90b
Certificate serial:       019CA8C8EFF1A8D5CBA4C0E5990D0A82EABF
Authority key identifier: 77:72:41:12:F0:28:5D:83:0C:87:EE:32:56:D5:19:68:F1:5B:B9:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d3JBEvAoXYMMh-4yVtUZaPFbuQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/b27704-ef52-44a7-bdd1-f9f91e4e31fa/1/6p1ednwrZQ_JDbcmNlbUx0LPSFQ.roa
Signing time:             Sun 01 Mar 2026 09:44:26 +0000
ROA not before:           Sun 01 Mar 2026 09:44:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208148
IP address blocks:        89.38.152.0/23 maxlen: 23
                          2a06:bd80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/b27704-ef52-44a7-bdd1-f9f91e4e31fa/1/d3JBEvAoXYMMh-4yVtUZaPFbuQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/b27704-ef52-44a7-bdd1-f9f91e4e31fa/1/d3JBEvAoXYMMh-4yVtUZaPFbuQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d3JBEvAoXYMMh-4yVtUZaPFbuQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 12:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a8:c8:ef:f1:a8:d5:cb:a4:c0:e5:99:0d:0a:82:ea:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77724112f0285d830c87ee3256d51968f15bb90b
        Validity
            Not Before: Mar  1 09:44:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ea9d5e767c2b650fc90db7263656d4c742cf4854
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ce:84:23:06:fe:5d:36:93:b2:bd:c2:98:b5:
                    e8:d0:53:87:d3:fb:79:77:db:9e:3c:26:9d:40:47:
                    6d:19:62:4b:48:83:cb:c6:30:b8:fc:20:1c:0b:48:
                    25:0b:69:f2:b5:43:76:0a:c5:1c:5e:4e:73:2b:02:
                    21:55:53:13:67:85:66:67:17:48:e0:aa:12:c1:f2:
                    f4:7a:40:11:34:b7:94:83:40:d1:e4:46:3a:86:b5:
                    53:1f:a9:60:f5:83:96:dc:b2:73:54:75:58:b5:05:
                    c0:7f:da:bd:3a:f0:64:15:fe:8e:12:52:e5:39:0c:
                    7e:de:e9:af:78:29:31:27:8a:60:f9:18:8c:bf:b6:
                    80:74:fa:ca:61:48:91:ae:c0:98:04:19:d7:a9:82:
                    81:6d:f8:33:49:df:a8:a4:53:16:2f:31:b7:2b:42:
                    68:18:7c:22:ef:5a:c3:74:5d:30:38:7c:03:bc:81:
                    d2:d2:3c:90:0c:ae:30:8e:24:17:27:bb:0a:f4:75:
                    b8:22:1f:5d:0a:b4:64:2d:36:a7:fe:d8:ae:fd:a1:
                    06:b0:9a:cd:0a:9d:99:d4:ac:ab:b2:81:67:a3:40:
                    02:df:aa:8b:85:80:40:41:4d:4b:ea:74:08:19:b1:
                    26:62:a5:b3:6a:ec:c4:84:34:9a:d3:87:5a:ab:07:
                    3d:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:9D:5E:76:7C:2B:65:0F:C9:0D:B7:26:36:56:D4:C7:42:CF:48:54
            X509v3 Authority Key Identifier:
                keyid:77:72:41:12:F0:28:5D:83:0C:87:EE:32:56:D5:19:68:F1:5B:B9:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3JBEvAoXYMMh-4yVtUZaPFbuQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/b27704-ef52-44a7-bdd1-f9f91e4e31fa/1/6p1ednwrZQ_JDbcmNlbUx0LPSFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/b27704-ef52-44a7-bdd1-f9f91e4e31fa/1/d3JBEvAoXYMMh-4yVtUZaPFbuQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.38.152.0/23
                IPv6:
                  2a06:bd80::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:b9:52:64:20:fa:d9:60:13:65:3c:8a:4c:c9:df:32:a8:01:
         39:b7:64:41:9d:ae:ee:2a:ae:c7:9f:b6:c4:97:4f:88:91:21:
         ac:8d:28:64:fd:4a:f8:b1:46:14:78:50:d0:4f:02:2e:a5:14:
         4d:08:d8:ec:09:dc:ed:60:84:d3:6f:ff:c2:f9:bb:ca:73:a1:
         8a:e4:93:4a:32:6c:d3:da:e8:9c:c1:6a:fd:5e:0a:da:a0:18:
         ed:b3:03:6a:ec:3b:a1:b8:38:7f:4b:1d:6f:e0:d7:e7:25:1a:
         41:79:f7:06:03:3c:f5:c7:72:49:70:43:66:d9:b8:95:01:9d:
         3a:6a:82:f2:15:ed:d2:d1:5a:7d:80:b9:d2:84:94:22:c9:91:
         9e:18:3a:63:4a:f0:69:5c:e3:09:e5:97:ea:12:60:75:7e:00:
         7b:d3:b6:4c:5c:a0:01:09:ed:0e:37:fb:e0:bd:23:56:40:99:
         29:1d:fc:40:ae:31:a1:37:ad:fc:c4:94:03:1c:7e:a9:50:4c:
         68:04:6a:2a:94:aa:81:6a:3f:98:d7:2c:71:42:fc:ed:42:2c:
         1c:1c:1e:7e:6f:1b:9e:3c:00:73:81:4f:a5:62:44:f3:ba:77:
         09:f8:da:ea:4a:6d:34:81:b6:ec:15:6e:98:21:67:53:99:9a:
         69:ba:db:07
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZyoyO/xqNXLpMDlmQ0Kguq/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3NzI0MTEyZjAyODVkODMwYzg3ZWUzMjU2ZDUxOTY4ZjE1
YmI5MGIwHhcNMjYwMzAxMDk0NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTlkNWU3NjdjMmI2NTBmYzkwZGI3MjYzNjU2ZDRjNzQyY2Y0ODU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0s6EIwb+XTaTsr3CmLXo0FOH0/t5
d9uePCadQEdtGWJLSIPLxjC4/CAcC0glC2nytUN2CsUcXk5zKwIhVVMTZ4VmZxdI
4KoSwfL0ekARNLeUg0DR5EY6hrVTH6lg9YOW3LJzVHVYtQXAf9q9OvBkFf6OElLl
OQx+3umveCkxJ4pg+RiMv7aAdPrKYUiRrsCYBBnXqYKBbfgzSd+opFMWLzG3K0Jo
GHwi71rDdF0wOHwDvIHS0jyQDK4wjiQXJ7sK9HW4Ih9dCrRkLTan/tiu/aEGsJrN
Cp2Z1KyrsoFno0AC36qLhYBAQU1L6nQIGbEmYqWzauzEhDSa04daqwc9WwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOqdXnZ8K2UPyQ23JjZW1MdCz0hUMB8GA1UdIwQY
MBaAFHdyQRLwKF2DDIfuMlbVGWjxW7kLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDNKQkV2QW9YWU1NaC00eVZ0VVphUEZidVFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9iMjc3MDQtZWY1Mi00NGE3LWJkZDEt
ZjlmOTFlNGUzMWZhLzEvNnAxZWRud3JaUV9KRGJjbU5sYlV4MExQU0ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9iMjc3MDQtZWY1Mi00NGE3LWJkZDEtZjlmOTFlNGUzMWZh
LzEvZDNKQkV2QW9YWU1NaC00eVZ0VVphUEZidVFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBWSaYMA0E
AgACMAcDBQMqBr2AMA0GCSqGSIb3DQEBCwUAA4IBAQAXuVJkIPrZYBNlPIpMyd8y
qAE5t2RBna7uKq7Hn7bEl0+IkSGsjShk/Ur4sUYUeFDQTwIupRRNCNjsCdztYITT
b//C+bvKc6GK5JNKMmzT2uicwWr9XgraoBjtswNq7DuhuDh/Sx1v4NfnJRpBefcG
Azz1x3JJcENm2biVAZ06aoLyFe3S0Vp9gLnShJQiyZGeGDpjSvBpXOMJ5ZfqEmB1
fgB707ZMXKABCe0ON/vgvSNWQJkpHfxArjGhN638xJQDHH6pUExoBGoqlKqBaj+Y
1yxxQvztQiwcHB5+bxuePABzgU+lYkTzuncJ+NrqSm00gbbsFW6YIWdTmZpputsH
-----END CERTIFICATE-----