Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/f4ca1c-35dd-4cb1-84fa-8115cafd38ce/1/m6LIV73xO4kHTsWdqgKGOHvaXtE.roa
File:                     m6LIV73xO4kHTsWdqgKGOHvaXtE.roa (raw, json)
Hash identifier:          xs1n0jReKeqXr1lEDMiVoEWUuyrVXL8g65tDgZej+UA=
Subject key identifier:   9B:A2:C8:57:BD:F1:3B:89:07:4E:C5:9D:AA:02:86:38:7B:DA:5E:D1
Certificate issuer:       /CN=b0bd68e370e7ec25bec8e01497b2138d95dc6ebc
Certificate serial:       019B7E37657688858D481211D81F452BCB36
Authority key identifier: B0:BD:68:E3:70:E7:EC:25:BE:C8:E0:14:97:B2:13:8D:95:DC:6E:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sL1o43Dn7CW-yOAUl7ITjZXcbrw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/f4ca1c-35dd-4cb1-84fa-8115cafd38ce/1/m6LIV73xO4kHTsWdqgKGOHvaXtE.roa
Signing time:             Fri 02 Jan 2026 10:18:38 +0000
ROA not before:           Fri 02 Jan 2026 10:18:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8423
IP address blocks:        193.200.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/f4ca1c-35dd-4cb1-84fa-8115cafd38ce/1/sL1o43Dn7CW-yOAUl7ITjZXcbrw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/f4ca1c-35dd-4cb1-84fa-8115cafd38ce/1/sL1o43Dn7CW-yOAUl7ITjZXcbrw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sL1o43Dn7CW-yOAUl7ITjZXcbrw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:65:76:88:85:8d:48:12:11:d8:1f:45:2b:cb:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0bd68e370e7ec25bec8e01497b2138d95dc6ebc
        Validity
            Not Before: Jan  2 10:18:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ba2c857bdf13b89074ec59daa0286387bda5ed1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:9d:85:d8:bb:2a:89:c9:61:1e:ff:b2:78:89:
                    5e:68:83:cf:69:36:40:1f:d3:13:22:fe:d3:c4:25:
                    8b:de:56:17:48:ad:28:b0:9a:a7:e8:ab:19:2b:5b:
                    01:b5:a9:2d:8b:26:33:30:81:22:c1:98:8b:7b:57:
                    26:31:d8:d8:6e:1b:d0:0a:89:d9:79:e7:09:e5:91:
                    fa:e3:3f:a1:c1:a5:2e:15:79:59:c3:0f:a9:cf:bd:
                    04:bd:3d:b6:f8:af:7a:28:fb:49:c9:84:61:a0:1a:
                    0e:87:3c:af:6f:87:8b:e1:fa:08:d5:5f:bc:26:98:
                    df:aa:35:9f:05:87:66:d3:e5:ac:46:65:fe:20:c3:
                    4e:b2:6c:b4:0f:47:77:60:95:26:73:ff:03:0b:df:
                    05:ea:a5:04:87:f1:68:9a:98:58:d3:84:d9:de:00:
                    99:d2:e4:79:fb:47:8f:af:d8:52:4e:6f:3f:70:09:
                    0c:03:d8:4e:2e:aa:8e:6a:df:07:f0:e8:38:9e:ee:
                    4e:8b:7c:d9:8d:1b:17:5d:79:ae:e7:f4:c1:32:6e:
                    78:ac:7c:11:db:f6:3a:f5:20:0f:7e:45:91:64:ed:
                    43:8d:6f:a0:f7:99:39:ae:74:b1:b8:99:aa:d1:99:
                    95:bd:31:1a:4c:75:49:8c:06:3b:71:b5:60:0b:81:
                    9a:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:A2:C8:57:BD:F1:3B:89:07:4E:C5:9D:AA:02:86:38:7B:DA:5E:D1
            X509v3 Authority Key Identifier:
                keyid:B0:BD:68:E3:70:E7:EC:25:BE:C8:E0:14:97:B2:13:8D:95:DC:6E:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sL1o43Dn7CW-yOAUl7ITjZXcbrw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/f4ca1c-35dd-4cb1-84fa-8115cafd38ce/1/m6LIV73xO4kHTsWdqgKGOHvaXtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/f4ca1c-35dd-4cb1-84fa-8115cafd38ce/1/sL1o43Dn7CW-yOAUl7ITjZXcbrw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:a2:f8:29:bd:fd:37:18:37:eb:ce:99:a7:f8:71:fb:07:2d:
         07:63:83:a0:0b:f9:9a:11:cb:41:94:e1:07:36:f5:73:e4:6f:
         5f:32:16:40:2b:86:de:71:02:12:bf:58:f5:12:64:85:74:10:
         07:a8:73:81:36:45:c4:0e:4e:3c:a5:80:7d:bb:d6:b1:6c:87:
         ce:62:9c:65:84:99:f6:e1:56:ea:e6:23:bf:8f:1d:f1:4a:b9:
         4f:a0:97:ac:21:70:83:dc:fd:02:b1:72:46:34:20:e8:33:f1:
         a5:dc:0b:1d:2a:ed:b1:f3:b8:d5:ab:dc:b3:ff:39:90:5c:6b:
         3b:fc:85:9f:fe:2a:33:37:c2:6d:72:82:dc:37:94:42:2b:04:
         2f:6f:74:17:7e:83:01:e4:76:c3:99:a0:d9:98:9a:d4:29:64:
         9f:3b:b9:25:00:b1:e6:9d:2a:60:23:f7:f6:86:26:09:fd:e8:
         95:39:b9:ee:11:bc:14:e6:4f:ce:5e:0c:e4:64:9e:a8:e5:e9:
         58:72:5f:f9:90:cd:7d:4c:bb:f3:cf:eb:bb:de:5d:57:13:e9:
         e6:24:d7:b7:35:4d:49:cb:9a:d6:fc:fb:86:43:b1:61:70:8b:
         f4:9b:35:be:b6:e2:ee:99:43:c4:b3:0f:96:f3:62:a1:c1:98:
         d2:2f:e9:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N2V2iIWNSBIR2B9FK8s2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYmQ2OGUzNzBlN2VjMjViZWM4ZTAxNDk3YjIxMzhkOTVk
YzZlYmMwHhcNMjYwMTAyMTAxODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmEyYzg1N2JkZjEzYjg5MDc0ZWM1OWRhYTAyODYzODdiZGE1ZWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZ2F2LsqiclhHv+yeIleaIPPaTZA
H9MTIv7TxCWL3lYXSK0osJqn6KsZK1sBtaktiyYzMIEiwZiLe1cmMdjYbhvQConZ
eecJ5ZH64z+hwaUuFXlZww+pz70EvT22+K96KPtJyYRhoBoOhzyvb4eL4foI1V+8
JpjfqjWfBYdm0+WsRmX+IMNOsmy0D0d3YJUmc/8DC98F6qUEh/FomphY04TZ3gCZ
0uR5+0ePr9hSTm8/cAkMA9hOLqqOat8H8Og4nu5Oi3zZjRsXXXmu5/TBMm54rHwR
2/Y69SAPfkWRZO1DjW+g95k5rnSxuJmq0ZmVvTEaTHVJjAY7cbVgC4GaUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJuiyFe98TuJB07FnaoChjh72l7RMB8GA1UdIwQY
MBaAFLC9aONw5+wlvsjgFJeyE42V3G68MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0wxbzQzRG43Q1cteU9BVWw3SVRqWlhjYnJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9mNGNhMWMtMzVkZC00Y2IxLTg0ZmEt
ODExNWNhZmQzOGNlLzEvbTZMSVY3M3hPNGtIVHNXZHFnS0dPSHZhWHRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9mNGNhMWMtMzVkZC00Y2IxLTg0ZmEtODExNWNhZmQzOGNl
LzEvc0wxbzQzRG43Q1cteU9BVWw3SVRqWlhjYnJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwciNMA0G
CSqGSIb3DQEBCwUAA4IBAQAQovgpvf03GDfrzpmn+HH7By0HY4OgC/maEctBlOEH
NvVz5G9fMhZAK4becQISv1j1EmSFdBAHqHOBNkXEDk48pYB9u9axbIfOYpxlhJn2
4Vbq5iO/jx3xSrlPoJesIXCD3P0CsXJGNCDoM/Gl3AsdKu2x87jVq9yz/zmQXGs7
/IWf/iozN8JtcoLcN5RCKwQvb3QXfoMB5HbDmaDZmJrUKWSfO7klALHmnSpgI/f2
hiYJ/eiVObnuEbwU5k/OXgzkZJ6o5elYcl/5kM19TLvzz+u73l1XE+nmJNe3NU1J
y5rW/PuGQ7FhcIv0mzW+tuLumUPEsw+W82KhwZjSL+mJ
-----END CERTIFICATE-----