Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/7ffba6-2489-4072-8298-fe1c8567297b/1/6e-FSaOiG0YmwQSP4zvNYIFuJkA.roa
File:                     6e-FSaOiG0YmwQSP4zvNYIFuJkA.roa (raw, json)
Hash identifier:          qxfS3larGXzhjEtCwiGdAe2kL2Cq8myApjZz1l7cLRY=
Subject key identifier:   E9:EF:85:49:A3:A2:1B:46:26:C1:04:8F:E3:3B:CD:60:81:6E:26:40
Certificate issuer:       /CN=d01a8e748a463b495083f74769139205dcb339b6
Certificate serial:       019B7DCB60197B9BBF1BB539D14E83839046
Authority key identifier: D0:1A:8E:74:8A:46:3B:49:50:83:F7:47:69:13:92:05:DC:B3:39:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BqOdIpGO0lQg_dHaROSBdyzObY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/7ffba6-2489-4072-8298-fe1c8567297b/1/6e-FSaOiG0YmwQSP4zvNYIFuJkA.roa
Signing time:             Fri 02 Jan 2026 08:20:39 +0000
ROA not before:           Fri 02 Jan 2026 08:20:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39643
IP address blocks:        194.50.106.0/24 maxlen: 24
                          2001:678:fac::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/7ffba6-2489-4072-8298-fe1c8567297b/1/0BqOdIpGO0lQg_dHaROSBdyzObY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/7ffba6-2489-4072-8298-fe1c8567297b/1/0BqOdIpGO0lQg_dHaROSBdyzObY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BqOdIpGO0lQg_dHaROSBdyzObY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:60:19:7b:9b:bf:1b:b5:39:d1:4e:83:83:90:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01a8e748a463b495083f74769139205dcb339b6
        Validity
            Not Before: Jan  2 08:20:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e9ef8549a3a21b4626c1048fe33bcd60816e2640
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0a:26:7e:a4:d7:8f:21:c7:80:e5:56:79:9f:
                    c1:0a:56:f8:4b:72:d6:0f:16:a1:e7:6e:8a:7e:40:
                    a2:29:70:76:38:e1:85:b2:32:6b:5f:d6:4c:63:63:
                    37:e3:86:33:fa:63:54:e8:d8:fa:76:d6:c2:17:ea:
                    a5:f5:bd:56:9e:03:72:87:81:eb:82:5c:af:8a:7d:
                    de:32:15:a6:58:c0:3f:fb:fc:d7:0f:ac:0f:44:ad:
                    f3:21:80:5d:ec:44:8d:1e:31:7b:b7:cf:c4:04:ef:
                    08:bc:ea:cc:2c:70:42:af:f3:52:8a:57:7f:01:d9:
                    a3:82:63:65:c6:96:01:5d:a6:23:a7:a4:e2:a3:a4:
                    42:d2:5d:b0:69:90:2b:d4:0a:c3:07:42:a9:cb:5e:
                    44:76:65:27:84:eb:5d:a6:6b:cb:05:2b:f2:5c:1a:
                    7f:74:2f:0c:e4:8c:a2:00:83:b7:c0:01:64:04:37:
                    16:5c:44:dd:e9:d6:d4:6f:9a:91:3b:fc:e7:59:68:
                    d1:8c:5f:e5:36:54:08:71:dc:9a:44:41:76:14:ae:
                    f4:ee:4c:68:46:91:1c:aa:85:b4:27:8f:25:cd:bd:
                    97:e2:26:d4:ee:c0:11:d6:8d:4a:56:5b:f6:e6:02:
                    dc:d7:a0:09:14:b0:50:13:39:f0:61:69:98:5d:20:
                    19:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:EF:85:49:A3:A2:1B:46:26:C1:04:8F:E3:3B:CD:60:81:6E:26:40
            X509v3 Authority Key Identifier:
                keyid:D0:1A:8E:74:8A:46:3B:49:50:83:F7:47:69:13:92:05:DC:B3:39:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BqOdIpGO0lQg_dHaROSBdyzObY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/7ffba6-2489-4072-8298-fe1c8567297b/1/6e-FSaOiG0YmwQSP4zvNYIFuJkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/7ffba6-2489-4072-8298-fe1c8567297b/1/0BqOdIpGO0lQg_dHaROSBdyzObY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.106.0/24
                IPv6:
                  2001:678:fac::/48

    Signature Algorithm: sha256WithRSAEncryption
         c6:ec:dd:87:8a:d6:f5:e6:96:7e:30:1a:b4:36:5e:d0:94:3c:
         9f:84:15:29:60:ab:9a:e8:34:44:f6:95:d1:33:6b:5f:5b:ef:
         ec:ac:d1:24:e0:bb:10:6f:b0:c4:22:12:d6:b2:e6:16:3d:03:
         bc:e1:84:61:15:db:39:b5:b6:59:1a:0b:df:5b:71:ad:ea:a6:
         66:2c:34:54:b0:58:fc:b3:dc:8a:0b:28:70:dc:f5:bd:21:e6:
         33:3c:d8:8d:23:3e:69:b1:7b:d8:89:01:9a:b2:95:1f:ac:ad:
         42:a4:a3:1f:4b:b8:44:4c:e2:0e:cf:50:30:87:8c:a0:fd:4d:
         65:e3:61:7b:b2:71:c2:fc:4f:33:5c:ab:e9:72:6c:97:b9:e9:
         55:b0:7b:7d:aa:5a:ad:13:b2:48:05:62:fa:c8:ca:00:4e:82:
         16:31:c8:26:c1:f4:63:f1:4d:98:a6:5c:d4:71:aa:82:be:c6:
         d3:74:c3:bd:fc:34:06:74:eb:ad:04:ac:de:1f:1c:1e:b6:f2:
         63:b9:f1:cc:7e:d7:67:67:ed:47:d6:84:e1:7c:92:2b:b1:ce:
         df:71:5b:04:3a:66:66:30:3c:88:05:a8:ce:c1:1b:ee:f3:8f:
         60:28:b3:c0:29:08:90:9b:ee:30:5b:c3:1a:f4:8b:e5:e1:53:
         2c:f4:14:ad
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt9y2AZe5u/G7U50U6Dg5BGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMWE4ZTc0OGE0NjNiNDk1MDgzZjc0NzY5MTM5MjA1ZGNi
MzM5YjYwHhcNMjYwMTAyMDgyMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWVmODU0OWEzYTIxYjQ2MjZjMTA0OGZlMzNiY2Q2MDgxNmUyNjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQomfqTXjyHHgOVWeZ/BClb4S3LW
Dxah526KfkCiKXB2OOGFsjJrX9ZMY2M344Yz+mNU6Nj6dtbCF+ql9b1WngNyh4Hr
glyvin3eMhWmWMA/+/zXD6wPRK3zIYBd7ESNHjF7t8/EBO8IvOrMLHBCr/NSild/
AdmjgmNlxpYBXaYjp6Tio6RC0l2waZAr1ArDB0Kpy15EdmUnhOtdpmvLBSvyXBp/
dC8M5IyiAIO3wAFkBDcWXETd6dbUb5qRO/znWWjRjF/lNlQIcdyaREF2FK707kxo
RpEcqoW0J48lzb2X4ibU7sAR1o1KVlv25gLc16AJFLBQEznwYWmYXSAZ9QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOnvhUmjohtGJsEEj+M7zWCBbiZAMB8GA1UdIwQY
MBaAFNAajnSKRjtJUIP3R2kTkgXcszm2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEJxT2RJcEdPMGxRZ19kSGFST1NCZHl6T2JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83ZmZiYTYtMjQ4OS00MDcyLTgyOTgt
ZmUxYzg1NjcyOTdiLzEvNmUtRlNhT2lHMFltd1FTUDR6dk5ZSUZ1SmtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83ZmZiYTYtMjQ4OS00MDcyLTgyOTgtZmUxYzg1NjcyOTdi
LzEvMEJxT2RJcEdPMGxRZ19kSGFST1NCZHl6T2JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwjJqMA8E
AgACMAkDBwAgAQZ4D6wwDQYJKoZIhvcNAQELBQADggEBAMbs3YeK1vXmln4wGrQ2
XtCUPJ+EFSlgq5roNET2ldEza19b7+ys0STguxBvsMQiEtay5hY9A7zhhGEV2zm1
tlkaC99bca3qpmYsNFSwWPyz3IoLKHDc9b0h5jM82I0jPmmxe9iJAZqylR+srUKk
ox9LuERM4g7PUDCHjKD9TWXjYXuyccL8TzNcq+lybJe56VWwe32qWq0TskgFYvrI
ygBOghYxyCbB9GPxTZimXNRxqoK+xtN0w738NAZ0660ErN4fHB628mO58cx+12dn
7UfWhOF8kiuxzt9xWwQ6ZmYwPIgFqM7BG+7zj2Aos8ApCJCb7jBbwxr0i+XhUyz0
FK0=
-----END CERTIFICATE-----