Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/6zmwiCnaR_RUV1zVvXd131O-Byk.roa
File:                     6zmwiCnaR_RUV1zVvXd131O-Byk.roa (raw, json)
Hash identifier:          wivF7cNRJAl3OyL7EJY6TuKfTwqgRld3+ZHQke6SRP8=
Subject key identifier:   EB:39:B0:88:29:DA:47:F4:54:57:5C:D5:BD:77:75:DF:53:BE:07:29
Certificate issuer:       /CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
Certificate serial:       019CAAFBFF3F0F98AB025FD2218A75D4486C
Authority key identifier: 49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/6zmwiCnaR_RUV1zVvXd131O-Byk.roa
Signing time:             Sun 01 Mar 2026 19:59:27 +0000
ROA not before:           Sun 01 Mar 2026 19:59:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202316
IP address blocks:        81.90.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 04:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:aa:fb:ff:3f:0f:98:ab:02:5f:d2:21:8a:75:d4:48:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
        Validity
            Not Before: Mar  1 19:59:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eb39b08829da47f454575cd5bd7775df53be0729
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:0b:9b:7d:e2:77:ea:37:13:53:91:7f:b0:78:
                    8d:75:9d:d3:96:ac:79:cf:bb:83:9d:66:d3:8a:6f:
                    a8:eb:95:16:87:b7:b2:3f:07:c1:f1:ba:0c:ad:9d:
                    b3:a5:ef:56:40:cb:79:c4:b1:2f:34:fc:49:48:13:
                    be:1d:de:ac:58:ce:d6:61:8a:26:00:97:73:28:d8:
                    f7:d6:d1:89:44:c6:33:21:c0:73:03:bb:6b:06:bb:
                    73:3a:21:4f:ee:d4:31:a9:8d:5e:76:65:a3:e7:4e:
                    20:b9:d8:e6:2e:dd:d8:43:69:fb:43:b6:8c:74:bb:
                    19:d1:48:b3:99:39:cf:40:b4:fd:85:87:fb:c5:19:
                    73:8b:79:26:c3:d4:46:be:25:ef:3a:57:d2:d9:12:
                    75:03:fc:12:0e:0d:f1:72:e8:2f:f7:8f:a6:5f:9a:
                    66:2f:98:09:8e:f5:3a:ad:63:b3:2a:a2:7f:99:ad:
                    ba:17:14:ad:f9:52:d7:15:4c:8b:37:8f:1b:1c:60:
                    16:6e:15:a5:b7:d5:9e:65:60:1c:a0:06:d9:4f:74:
                    11:59:cd:00:c3:30:7e:7e:ca:77:de:94:60:22:d9:
                    cc:60:9c:59:70:8f:d9:4c:f3:b1:4a:58:ea:66:75:
                    76:6a:12:8a:e2:cf:1a:cf:6f:7e:02:ea:39:f5:68:
                    15:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:39:B0:88:29:DA:47:F4:54:57:5C:D5:BD:77:75:DF:53:BE:07:29
            X509v3 Authority Key Identifier:
                keyid:49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/6zmwiCnaR_RUV1zVvXd131O-Byk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.90.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:69:96:71:24:b8:ca:83:19:c1:09:6f:e8:04:ab:b9:9a:6a:
         2f:c2:53:32:c2:6c:66:fa:39:0c:30:49:f7:0f:8c:98:95:f7:
         ab:66:8e:aa:0e:c3:a0:12:bc:5e:9c:04:ec:1d:90:b8:07:b8:
         b5:a1:dc:0d:35:3b:44:8c:e5:68:4b:d9:1e:d1:00:ef:6f:a7:
         16:9b:84:aa:47:33:cd:e2:bd:aa:f6:ee:ee:ac:68:f0:56:37:
         09:44:09:74:dc:71:e2:9b:9c:94:b6:80:49:8f:bd:2d:cb:a0:
         05:1e:71:a1:43:e8:1d:63:41:9c:63:21:d6:9e:b1:dd:df:27:
         07:1a:4c:89:2a:a5:5d:c1:e5:7d:7b:78:b9:8e:37:2b:64:1b:
         0d:76:87:e9:d9:63:79:c4:09:30:8a:e6:57:27:05:f2:6d:ee:
         20:0a:c0:72:20:c6:ce:45:c0:1d:13:6e:21:c1:f3:0f:8e:6f:
         07:ea:67:28:c2:d9:69:b6:9d:39:98:30:29:05:73:bd:62:3b:
         6d:76:ee:3f:62:b8:3a:5c:f0:9e:3d:0f:07:1a:29:60:86:f0:
         96:d1:e1:ec:1c:8e:b0:38:ed:fb:6e:51:42:e0:a2:4c:5e:bb:
         03:f3:34:2b:92:77:f9:f0:7a:bd:1a:79:d2:4b:3b:ff:8a:ac:
         7b:b1:f7:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyq+/8/D5irAl/SIYp11EhsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MjE2ZjVjMTY1YjgyN2E3ZmQ3M2Q4MTA3YWViZDJmNjNj
NjNlMjQwHhcNMjYwMzAxMTk1OTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjM5YjA4ODI5ZGE0N2Y0NTQ1NzVjZDViZDc3NzVkZjUzYmUwNzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAywubfeJ36jcTU5F/sHiNdZ3Tlqx5
z7uDnWbTim+o65UWh7eyPwfB8boMrZ2zpe9WQMt5xLEvNPxJSBO+Hd6sWM7WYYom
AJdzKNj31tGJRMYzIcBzA7trBrtzOiFP7tQxqY1edmWj504gudjmLt3YQ2n7Q7aM
dLsZ0UizmTnPQLT9hYf7xRlzi3kmw9RGviXvOlfS2RJ1A/wSDg3xcugv94+mX5pm
L5gJjvU6rWOzKqJ/ma26FxSt+VLXFUyLN48bHGAWbhWlt9WeZWAcoAbZT3QRWc0A
wzB+fsp33pRgItnMYJxZcI/ZTPOxSljqZnV2ahKK4s8az29+Auo59WgV2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOs5sIgp2kf0VFdc1b13dd9TvgcpMB8GA1UdIwQY
MBaAFEkhb1wWW4J6f9c9gQeuvS9jxj4kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQt
MGRiYmMyNDllNjU3LzEvNnptd2lDbmFSX1JVVjF6VnZYZDEzMU8tQnlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQtMGRiYmMyNDllNjU3
LzEvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUVoQMA0G
CSqGSIb3DQEBCwUAA4IBAQCGaZZxJLjKgxnBCW/oBKu5mmovwlMywmxm+jkMMEn3
D4yYlferZo6qDsOgErxenATsHZC4B7i1odwNNTtEjOVoS9ke0QDvb6cWm4SqRzPN
4r2q9u7urGjwVjcJRAl03HHim5yUtoBJj70ty6AFHnGhQ+gdY0GcYyHWnrHd3ycH
GkyJKqVdweV9e3i5jjcrZBsNdofp2WN5xAkwiuZXJwXybe4gCsByIMbORcAdE24h
wfMPjm8H6mcowtlptp05mDApBXO9Yjttdu4/Yrg6XPCePQ8HGilghvCW0eHsHI6w
OO37blFC4KJMXrsD8zQrknf58Hq9GnnSSzv/iqx7sfdh
-----END CERTIFICATE-----