Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/Xt7SYxDoMD7f1JMsQqo2iBPwXMs.roa
File:                     Xt7SYxDoMD7f1JMsQqo2iBPwXMs.roa (raw, json)
Hash identifier:          WGtYGe9kCICp8bvBpPPbaske1TWvTE4WqSyYb2snIwU=
Subject key identifier:   5E:DE:D2:63:10:E8:30:3E:DF:D4:93:2C:42:AA:36:88:13:F0:5C:CB
Certificate issuer:       /CN=f83faec93d403f3713823fa39c7d27c62e921471
Certificate serial:       019B791128C93894E3880CF855956C93A8A1
Authority key identifier: F8:3F:AE:C9:3D:40:3F:37:13:82:3F:A3:9C:7D:27:C6:2E:92:14:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-D-uyT1APzcTgj-jnH0nxi6SFHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/Xt7SYxDoMD7f1JMsQqo2iBPwXMs.roa
Signing time:             Thu 01 Jan 2026 10:18:46 +0000
ROA not before:           Thu 01 Jan 2026 10:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206468
IP address blocks:        185.174.171.0/24 maxlen: 24
                          2a0b:a907::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/1-D-uyT1APzcTgj-jnH0nxi6SFHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/1-D-uyT1APzcTgj-jnH0nxi6SFHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-D-uyT1APzcTgj-jnH0nxi6SFHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:28:c9:38:94:e3:88:0c:f8:55:95:6c:93:a8:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f83faec93d403f3713823fa39c7d27c62e921471
        Validity
            Not Before: Jan  1 10:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5eded26310e8303edfd4932c42aa368813f05ccb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e6:12:c0:68:2c:fc:e9:6a:c8:f8:03:68:83:
                    e2:29:b0:c5:1f:b1:07:0c:37:ba:b2:e8:d6:74:49:
                    3d:ef:25:02:e6:1c:b1:a1:76:b6:f9:97:c8:b0:a2:
                    9c:66:ed:bd:e3:75:58:2b:9f:78:f9:38:79:dc:52:
                    8e:26:40:82:13:ee:b2:d5:89:94:7e:ec:cf:d9:fa:
                    bb:b2:b0:86:49:b2:7b:55:53:1b:23:ef:5b:59:3e:
                    ca:8d:6e:53:b8:96:a4:c0:2f:7c:01:e1:79:19:7f:
                    db:44:fb:c8:1c:36:4f:6a:f5:8c:ed:c7:40:28:eb:
                    c1:b4:4c:fd:9c:d7:ac:23:52:e0:0f:31:19:3c:1f:
                    e0:e0:9f:c5:a9:de:6b:4f:2b:57:6d:5e:fe:20:e1:
                    58:95:48:72:0b:97:ae:18:87:c9:11:0c:b5:6a:7d:
                    a0:d4:d8:29:9a:ed:03:f7:36:51:d1:94:d1:2e:bf:
                    7a:5a:19:bb:2b:99:87:44:97:67:83:8d:34:8f:81:
                    77:cb:22:12:56:44:66:6a:19:72:48:5a:56:01:97:
                    a0:ee:3f:a3:6c:7f:3d:a5:c2:97:42:69:be:2a:02:
                    0d:b0:46:25:e6:0b:3f:53:8e:f7:d9:9e:e3:d6:4d:
                    9b:05:1e:2e:5f:e9:23:15:99:dc:eb:91:ff:92:45:
                    75:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:DE:D2:63:10:E8:30:3E:DF:D4:93:2C:42:AA:36:88:13:F0:5C:CB
            X509v3 Authority Key Identifier:
                keyid:F8:3F:AE:C9:3D:40:3F:37:13:82:3F:A3:9C:7D:27:C6:2E:92:14:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-D-uyT1APzcTgj-jnH0nxi6SFHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/Xt7SYxDoMD7f1JMsQqo2iBPwXMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/1-D-uyT1APzcTgj-jnH0nxi6SFHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.174.171.0/24
                IPv6:
                  2a0b:a907::/32

    Signature Algorithm: sha256WithRSAEncryption
         36:7e:d4:61:f4:05:da:8a:02:62:f7:98:3f:0a:e5:b3:38:89:
         2e:e1:06:ca:ff:7e:c9:74:72:3d:5a:dc:26:d1:4e:d4:2b:25:
         0d:9e:c5:30:95:f7:17:c1:c5:10:93:3a:c0:be:0f:81:42:c8:
         3f:10:88:f8:8a:2b:55:a3:ce:32:a4:fa:65:09:66:c2:f4:32:
         e8:79:f8:97:4f:ff:94:74:e9:62:31:b2:c9:47:c4:c7:4e:e6:
         af:74:81:97:70:0e:e2:df:75:b9:c7:3e:08:40:b9:b2:cc:14:
         89:04:7f:7a:db:d1:d6:84:51:6e:bb:80:a2:64:c0:2e:b5:45:
         ca:4c:6d:a1:ee:cb:7f:22:98:63:46:3a:ce:fe:a2:9f:2c:13:
         bc:05:43:7b:c6:4e:38:93:a0:81:30:8f:be:bd:ed:8b:5d:6e:
         1d:3d:54:86:47:9b:16:7d:11:6a:5e:3c:88:2a:1f:02:76:7a:
         13:8e:a0:b5:aa:d5:80:86:15:7d:20:ac:60:ae:47:d6:26:66:
         2f:b7:e7:f7:62:94:fe:84:08:02:62:ed:7d:aa:2a:5b:b3:9d:
         30:f8:9a:f6:18:d8:4c:80:f4:04:fd:07:b9:c9:6e:9a:dc:11:
         51:90:ea:40:5f:1e:8f:15:aa:ba:96:bd:6c:91:62:5f:59:7a:
         da:3a:3f:fb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt5ESjJOJTjiAz4VZVsk6ihMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4M2ZhZWM5M2Q0MDNmMzcxMzgyM2ZhMzljN2QyN2M2MmU5
MjE0NzEwHhcNMjYwMTAxMTAxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWRlZDI2MzEwZTgzMDNlZGZkNDkzMmM0MmFhMzY4ODEzZjA1Y2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuYSwGgs/OlqyPgDaIPiKbDFH7EH
DDe6sujWdEk97yUC5hyxoXa2+ZfIsKKcZu2943VYK594+Th53FKOJkCCE+6y1YmU
fuzP2fq7srCGSbJ7VVMbI+9bWT7KjW5TuJakwC98AeF5GX/bRPvIHDZPavWM7cdA
KOvBtEz9nNesI1LgDzEZPB/g4J/Fqd5rTytXbV7+IOFYlUhyC5euGIfJEQy1an2g
1Ngpmu0D9zZR0ZTRLr96Whm7K5mHRJdng400j4F3yyISVkRmahlySFpWAZeg7j+j
bH89pcKXQmm+KgINsEYl5gs/U4732Z7j1k2bBR4uX+kjFZnc65H/kkV10QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF7e0mMQ6DA+39STLEKqNogT8FzLMB8GA1UdIwQY
MBaAFPg/rsk9QD83E4I/o5x9J8YukhRxMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1ELXV5VDFBUHpjVGdqLWpuSDBueGk2U0ZIRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjkvOTcwY2YwLTkyOTgtNGZmMC1iYWY1
LTIxMGFlMDU2OWE0NS8xL1h0N1NZeERvTUQ3ZjFKTXNRcW8yaUJQd1hNcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjkvOTcwY2YwLTkyOTgtNGZmMC1iYWY1LTIxMGFlMDU2OWE0
NS8xLzEtRC11eVQxQVB6Y1Rnai1qbkgwbnhpNlNGSEUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAC5rqsw
DQQCAAIwBwMFACoLqQcwDQYJKoZIhvcNAQELBQADggEBADZ+1GH0BdqKAmL3mD8K
5bM4iS7hBsr/fsl0cj1a3CbRTtQrJQ2exTCV9xfBxRCTOsC+D4FCyD8QiPiKK1Wj
zjKk+mUJZsL0Muh5+JdP/5R06WIxsslHxMdO5q90gZdwDuLfdbnHPghAubLMFIkE
f3rb0daEUW67gKJkwC61RcpMbaHuy38imGNGOs7+op8sE7wFQ3vGTjiToIEwj769
7Ytdbh09VIZHmxZ9EWpePIgqHwJ2ehOOoLWq1YCGFX0grGCuR9YmZi+35/dilP6E
CAJi7X2qKluznTD4mvYY2EyA9AT9B7nJbprcEVGQ6kBfHo8VqrqWvWyRYl9Zeto6
P/s=
-----END CERTIFICATE-----