Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/b9d2bf-2888-4b42-984d-f2f50b190ad0/1/7NWNrFh8i_yUOh1S1hCMP7auLcw.roa
File:                     7NWNrFh8i_yUOh1S1hCMP7auLcw.roa (raw, json)
Hash identifier:          gIvNWFICdPsChUMkKceiQEvtY8HIt5JegNK3D/PczuA=
Subject key identifier:   EC:D5:8D:AC:58:7C:8B:FC:94:3A:1D:52:D6:10:8C:3F:B6:AE:2D:CC
Certificate issuer:       /CN=6b3329da75b2c0c4f3d9d9cea2cb101686745336
Certificate serial:       019E9CFCEDC3CEA6CEF566C2D1B199177C9F
Authority key identifier: 6B:33:29:DA:75:B2:C0:C4:F3:D9:D9:CE:A2:CB:10:16:86:74:53:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/azMp2nWywMTz2dnOossQFoZ0UzY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/b9d2bf-2888-4b42-984d-f2f50b190ad0/1/7NWNrFh8i_yUOh1S1hCMP7auLcw.roa
Signing time:             Sat 06 Jun 2026 12:51:21 +0000
ROA not before:           Sat 06 Jun 2026 12:51:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199754
IP address blocks:        2001:678:121c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/b9d2bf-2888-4b42-984d-f2f50b190ad0/1/azMp2nWywMTz2dnOossQFoZ0UzY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/b9d2bf-2888-4b42-984d-f2f50b190ad0/1/azMp2nWywMTz2dnOossQFoZ0UzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/azMp2nWywMTz2dnOossQFoZ0UzY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 08:33:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9c:fc:ed:c3:ce:a6:ce:f5:66:c2:d1:b1:99:17:7c:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b3329da75b2c0c4f3d9d9cea2cb101686745336
        Validity
            Not Before: Jun  6 12:51:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ecd58dac587c8bfc943a1d52d6108c3fb6ae2dcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f3:28:04:9e:12:c2:21:a4:30:09:a0:09:f0:
                    ce:9d:93:5f:45:de:02:02:8d:f3:53:cc:e2:82:79:
                    97:d0:70:bb:81:1b:5f:1a:7c:80:5e:69:ca:6d:41:
                    78:a8:30:8c:82:6d:7b:df:94:1b:26:ab:e6:3e:95:
                    74:26:d7:46:3b:d9:05:5d:4f:1b:a4:eb:4e:d7:06:
                    61:e4:24:14:d8:5a:b0:af:c1:d6:2b:e5:3c:bb:c4:
                    fd:e6:67:63:50:6b:e3:73:e0:9d:1d:df:70:9d:85:
                    9d:98:c3:a3:3d:8f:bb:5e:a5:dc:c4:b8:f9:c8:58:
                    8b:ff:11:21:50:2e:c1:61:10:84:a6:38:bf:a4:4f:
                    33:10:fd:27:72:61:df:8c:85:8c:53:fb:f9:c8:4e:
                    65:61:0a:05:c1:25:8f:5d:36:92:ec:10:3d:91:28:
                    36:a5:d1:19:3a:11:51:ea:87:d2:92:10:d9:54:f1:
                    98:37:59:48:7e:04:b7:45:45:86:01:42:8a:f7:72:
                    33:36:6c:6b:dd:fb:ba:ec:b6:df:c8:f9:8b:06:e4:
                    5c:a4:8e:c0:1e:b0:5b:cc:1b:e6:59:2a:61:b2:e2:
                    8f:3c:67:1b:61:03:d4:11:96:6d:05:7a:28:19:a8:
                    87:82:3e:ee:34:05:be:9e:cf:9b:ff:d1:21:a6:a5:
                    73:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:D5:8D:AC:58:7C:8B:FC:94:3A:1D:52:D6:10:8C:3F:B6:AE:2D:CC
            X509v3 Authority Key Identifier:
                keyid:6B:33:29:DA:75:B2:C0:C4:F3:D9:D9:CE:A2:CB:10:16:86:74:53:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/azMp2nWywMTz2dnOossQFoZ0UzY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/b9d2bf-2888-4b42-984d-f2f50b190ad0/1/7NWNrFh8i_yUOh1S1hCMP7auLcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/b9d2bf-2888-4b42-984d-f2f50b190ad0/1/azMp2nWywMTz2dnOossQFoZ0UzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:121c::/48

    Signature Algorithm: sha256WithRSAEncryption
         bb:7c:1d:f0:54:fc:a9:43:95:b5:42:9b:e0:3a:74:6e:62:cf:
         f3:87:3a:16:52:de:23:22:a9:a9:32:c3:72:1a:dd:08:04:29:
         47:26:a5:07:08:90:38:6a:98:ef:0d:17:6c:54:db:fa:8a:64:
         77:c2:8b:5f:5b:7f:39:55:c5:87:2e:8c:c4:4a:80:bf:91:1d:
         43:4b:82:82:90:c8:75:40:4d:42:a6:d3:b9:5a:4c:82:fe:85:
         09:ab:23:95:f0:4c:f3:4b:75:67:43:35:02:dc:d3:73:a9:8f:
         ee:60:9a:ca:f3:6c:f4:57:f5:c0:e2:d1:d7:eb:16:9f:79:f4:
         41:b8:4d:64:fa:20:16:4a:70:ed:a6:fc:7c:79:ac:f7:f2:9b:
         39:bf:cc:8f:38:49:c0:d9:05:a3:42:44:58:93:c0:a6:3f:d3:
         ce:09:86:6b:74:2a:cf:ae:f5:b6:f1:fa:08:78:43:d7:fc:3f:
         d7:17:25:51:78:e1:72:b1:84:a5:5f:55:50:d7:a3:53:1c:77:
         9b:33:ab:62:f0:4b:ef:f6:ad:f5:e1:6a:79:85:04:6c:65:57:
         8b:e3:06:1c:b0:af:43:ee:67:4d:1a:0b:84:97:7f:52:9e:25:
         e2:5d:54:28:78:cd:db:a8:76:70:01:a4:49:d0:48:99:b7:7d:
         1e:37:18:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6c/O3DzqbO9WbC0bGZF3yfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMzMyOWRhNzViMmMwYzRmM2Q5ZDljZWEyY2IxMDE2ODY3
NDUzMzYwHhcNMjYwNjA2MTI1MTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2Q1OGRhYzU4N2M4YmZjOTQzYTFkNTJkNjEwOGMzZmI2YWUyZGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPMoBJ4SwiGkMAmgCfDOnZNfRd4C
Ao3zU8zignmX0HC7gRtfGnyAXmnKbUF4qDCMgm1735QbJqvmPpV0JtdGO9kFXU8b
pOtO1wZh5CQU2Fqwr8HWK+U8u8T95mdjUGvjc+CdHd9wnYWdmMOjPY+7XqXcxLj5
yFiL/xEhUC7BYRCEpji/pE8zEP0ncmHfjIWMU/v5yE5lYQoFwSWPXTaS7BA9kSg2
pdEZOhFR6ofSkhDZVPGYN1lIfgS3RUWGAUKK93IzNmxr3fu67LbfyPmLBuRcpI7A
HrBbzBvmWSphsuKPPGcbYQPUEZZtBXooGaiHgj7uNAW+ns+b/9EhpqVz8wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOzVjaxYfIv8lDodUtYQjD+2ri3MMB8GA1UdIwQY
MBaAFGszKdp1ssDE89nZzqLLEBaGdFM2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXpNcDJuV3l3TVR6MmRuT29zc1FGb1owVXpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iOWQyYmYtMjg4OC00YjQyLTk4NGQt
ZjJmNTBiMTkwYWQwLzEvN05XTnJGaDhpX3lVT2gxUzFoQ01QN2F1TGN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iOWQyYmYtMjg4OC00YjQyLTk4NGQtZjJmNTBiMTkwYWQw
LzEvYXpNcDJuV3l3TVR6MmRuT29zc1FGb1owVXpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBIc
MA0GCSqGSIb3DQEBCwUAA4IBAQC7fB3wVPypQ5W1QpvgOnRuYs/zhzoWUt4jIqmp
MsNyGt0IBClHJqUHCJA4apjvDRdsVNv6imR3wotfW385VcWHLozESoC/kR1DS4KC
kMh1QE1CptO5WkyC/oUJqyOV8EzzS3VnQzUC3NNzqY/uYJrK82z0V/XA4tHX6xaf
efRBuE1k+iAWSnDtpvx8eaz38ps5v8yPOEnA2QWjQkRYk8CmP9POCYZrdCrPrvW2
8foIeEPX/D/XFyVReOFysYSlX1VQ16NTHHebM6ti8Evv9q314Wp5hQRsZVeL4wYc
sK9D7mdNGguEl39SniXiXVQoeM3bqHZwAaRJ0EiZt30eNxj4
-----END CERTIFICATE-----