Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/94aab2-b41e-460e-9fcb-242b58140e37/1/S6JRzdPpGObhz0VldQpk2KnV2uI.roa
File:                     S6JRzdPpGObhz0VldQpk2KnV2uI.roa (raw, json)
Hash identifier:          lJGmLlkU+7M1+xw3eyjs66v6c+81KsPPae1DO4AI0OQ=
Subject key identifier:   4B:A2:51:CD:D3:E9:18:E6:E1:CF:45:65:75:0A:64:D8:A9:D5:DA:E2
Certificate issuer:       /CN=d99becd088794b11daf34c7f54e59f6939fe9864
Certificate serial:       019B7F147F415A44AAFC6B77CC593FCD4551
Authority key identifier: D9:9B:EC:D0:88:79:4B:11:DA:F3:4C:7F:54:E5:9F:69:39:FE:98:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Zvs0Ih5SxHa80x_VOWfaTn-mGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/94aab2-b41e-460e-9fcb-242b58140e37/1/S6JRzdPpGObhz0VldQpk2KnV2uI.roa
Signing time:             Fri 02 Jan 2026 14:20:08 +0000
ROA not before:           Fri 02 Jan 2026 14:20:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211573
IP address blocks:        5.42.201.0/24 maxlen: 24
                          2a13:3c00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/94aab2-b41e-460e-9fcb-242b58140e37/1/2Zvs0Ih5SxHa80x_VOWfaTn-mGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/94aab2-b41e-460e-9fcb-242b58140e37/1/2Zvs0Ih5SxHa80x_VOWfaTn-mGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Zvs0Ih5SxHa80x_VOWfaTn-mGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:7f:41:5a:44:aa:fc:6b:77:cc:59:3f:cd:45:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d99becd088794b11daf34c7f54e59f6939fe9864
        Validity
            Not Before: Jan  2 14:20:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4ba251cdd3e918e6e1cf4565750a64d8a9d5dae2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:87:c3:7f:58:24:43:4b:00:de:54:52:29:0b:
                    f5:a9:9a:11:45:3f:fb:8b:50:77:6d:0d:96:ce:8b:
                    35:48:fe:0a:d7:cb:9c:0e:e8:60:b2:c4:4b:0e:2b:
                    03:08:3f:64:2b:10:a1:69:98:d5:ed:86:cd:37:67:
                    77:e0:82:6b:88:87:f3:e0:03:bd:a0:d6:fe:dc:0d:
                    f6:16:30:85:ac:5a:49:9d:b4:6d:80:92:04:5f:38:
                    ba:ef:91:8f:cc:87:60:ab:c7:cb:fc:03:ca:4b:ca:
                    a8:8e:64:8f:f1:ec:16:8f:38:24:b9:29:31:c8:09:
                    70:57:29:16:d5:e2:85:8a:dc:d1:e0:82:88:f6:ac:
                    f9:ba:b2:5c:ef:c4:d9:bc:92:2e:5b:39:63:56:96:
                    d2:25:0b:fb:f3:e1:7a:63:bf:8c:09:0b:1c:7b:a2:
                    a9:f9:f2:87:11:a1:be:31:df:db:0e:74:bb:a6:f0:
                    61:4b:b5:57:df:7d:b6:f2:dd:31:57:cb:57:ee:51:
                    57:ae:f7:0f:72:86:cd:51:10:14:83:ff:79:19:40:
                    d6:61:d4:40:4f:93:c7:c7:f7:bc:f9:51:0b:7d:ab:
                    13:01:15:32:41:48:f1:0c:d7:7f:d3:3e:cd:b2:07:
                    91:f5:ce:f4:b6:e1:83:09:f8:2f:de:ae:dc:26:e6:
                    f3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:A2:51:CD:D3:E9:18:E6:E1:CF:45:65:75:0A:64:D8:A9:D5:DA:E2
            X509v3 Authority Key Identifier:
                keyid:D9:9B:EC:D0:88:79:4B:11:DA:F3:4C:7F:54:E5:9F:69:39:FE:98:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Zvs0Ih5SxHa80x_VOWfaTn-mGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/94aab2-b41e-460e-9fcb-242b58140e37/1/S6JRzdPpGObhz0VldQpk2KnV2uI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/94aab2-b41e-460e-9fcb-242b58140e37/1/2Zvs0Ih5SxHa80x_VOWfaTn-mGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.201.0/24
                IPv6:
                  2a13:3c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         37:b6:3b:65:07:9a:d2:ab:3b:05:f2:3a:73:8e:fb:c3:54:ea:
         d4:47:01:5e:63:92:61:cd:6e:5f:19:6b:35:23:3e:f8:62:ff:
         c8:25:e8:e8:f8:e1:bb:d8:d8:53:9f:93:e9:70:86:84:5f:44:
         72:be:96:bf:47:d8:b3:22:cd:ad:65:fc:df:c5:16:4f:d5:15:
         b0:f5:0a:0e:e4:c2:b1:b5:0d:db:db:b5:4a:4c:ae:c1:de:13:
         8a:96:51:23:18:c3:77:a0:84:aa:b8:d3:d7:27:86:71:e6:ba:
         8f:49:c1:fb:cb:ab:25:ca:c2:72:9b:ba:a1:32:62:53:b3:f4:
         d7:ce:7e:d6:ee:04:da:d7:fe:f0:c3:da:b1:c1:a7:31:1b:b8:
         a9:9f:0f:33:24:34:68:f9:31:4a:a7:16:79:b5:de:f6:e4:ec:
         8d:a4:c9:70:05:72:15:38:46:ab:8c:d5:94:96:38:69:5e:d5:
         34:d9:99:1d:24:f0:d6:3e:7b:7d:69:b1:c8:41:b3:45:b1:b5:
         7c:f0:b4:c2:eb:a0:b9:a3:dc:dc:f5:1d:e3:0e:88:95:7a:6e:
         13:24:3c:e3:3c:f4:32:4e:b1:56:89:9f:58:0e:19:e1:5b:cd:
         93:a9:80:a0:1f:c5:ff:4a:18:ed:83:da:e5:21:d2:55:40:ad:
         80:17:78:9c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt/FH9BWkSq/Gt3zFk/zUVRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5OWJlY2QwODg3OTRiMTFkYWYzNGM3ZjU0ZTU5ZjY5Mzlm
ZTk4NjQwHhcNMjYwMTAyMTQyMDA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmEyNTFjZGQzZTkxOGU2ZTFjZjQ1NjU3NTBhNjRkOGE5ZDVkYWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiofDf1gkQ0sA3lRSKQv1qZoRRT/7
i1B3bQ2Wzos1SP4K18ucDuhgssRLDisDCD9kKxChaZjV7YbNN2d34IJriIfz4AO9
oNb+3A32FjCFrFpJnbRtgJIEXzi675GPzIdgq8fL/APKS8qojmSP8ewWjzgkuSkx
yAlwVykW1eKFitzR4IKI9qz5urJc78TZvJIuWzljVpbSJQv78+F6Y7+MCQsce6Kp
+fKHEaG+Md/bDnS7pvBhS7VX33228t0xV8tX7lFXrvcPcobNURAUg/95GUDWYdRA
T5PHx/e8+VELfasTARUyQUjxDNd/0z7NsgeR9c70tuGDCfgv3q7cJubzzQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEuiUc3T6Rjm4c9FZXUKZNip1driMB8GA1UdIwQY
MBaAFNmb7NCIeUsR2vNMf1Tln2k5/phkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlp2czBJaDVTeEhhODB4X1ZPV2ZhVG4tbUdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS85NGFhYjItYjQxZS00NjBlLTlmY2It
MjQyYjU4MTQwZTM3LzEvUzZKUnpkUHBHT2JoejBWbGRRcGsyS25WMnVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS85NGFhYjItYjQxZS00NjBlLTlmY2ItMjQyYjU4MTQwZTM3
LzEvMlp2czBJaDVTeEhhODB4X1ZPV2ZhVG4tbUdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQABSrJMA0E
AgACMAcDBQMqEzwAMA0GCSqGSIb3DQEBCwUAA4IBAQA3tjtlB5rSqzsF8jpzjvvD
VOrURwFeY5JhzW5fGWs1Iz74Yv/IJejo+OG72NhTn5PpcIaEX0Ryvpa/R9izIs2t
ZfzfxRZP1RWw9QoO5MKxtQ3b27VKTK7B3hOKllEjGMN3oISquNPXJ4Zx5rqPScH7
y6slysJym7qhMmJTs/TXzn7W7gTa1/7ww9qxwacxG7ipnw8zJDRo+TFKpxZ5td72
5OyNpMlwBXIVOEarjNWUljhpXtU02ZkdJPDWPnt9abHIQbNFsbV88LTC66C5o9zc
9R3jDoiVem4TJDzjPPQyTrFWiZ9YDhnhW82TqYCgH8X/Shjtg9rlIdJVQK2AF3ic
-----END CERTIFICATE-----