Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/n6Q7Dz0YljZRgjb4Ej38nYOG1kE.roa
File:                     n6Q7Dz0YljZRgjb4Ej38nYOG1kE.roa (raw, json)
Hash identifier:          A8op5Re6jPP6C2oorXQWf6MTZbk9dP/pw1d5qjwWEks=
Subject key identifier:   9F:A4:3B:0F:3D:18:96:36:51:82:36:F8:12:3D:FC:9D:83:86:D6:41
Certificate issuer:       /CN=ec9c685cf6671cc656f92e764557a38378f2827c
Certificate serial:       019CFAA825B0B41294B15BD880CBD7703F7F
Authority key identifier: EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/n6Q7Dz0YljZRgjb4Ej38nYOG1kE.roa
Signing time:             Tue 17 Mar 2026 07:17:29 +0000
ROA not before:           Tue 17 Mar 2026 07:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205489
IP address blocks:        212.114.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fa:a8:25:b0:b4:12:94:b1:5b:d8:80:cb:d7:70:3f:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec9c685cf6671cc656f92e764557a38378f2827c
        Validity
            Not Before: Mar 17 07:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9fa43b0f3d189636518236f8123dfc9d8386d641
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8b:06:5e:84:3b:5b:01:7b:7d:14:59:c3:d1:
                    5b:5d:70:13:77:97:37:ea:fe:87:f8:11:d8:d9:76:
                    3c:98:c4:36:6c:7c:7d:bd:a2:b1:07:f7:c5:9a:a4:
                    e3:8a:c7:69:6b:5b:cb:35:48:ef:d7:3a:86:df:c5:
                    b0:20:34:b4:d8:be:31:19:e6:b0:40:fa:44:7c:73:
                    65:73:e7:3e:64:0a:fc:9e:2a:5a:ce:dc:01:cc:b5:
                    63:96:8d:4e:01:ff:78:fd:24:f8:b4:96:b1:d4:08:
                    4a:e0:3b:87:2b:64:45:99:07:48:40:78:5b:cd:51:
                    e9:17:73:b8:26:e4:f1:96:77:62:ef:f0:b0:c2:df:
                    9d:25:87:e1:55:c8:bf:62:09:42:e1:a0:a3:f7:98:
                    31:6b:dd:d3:4c:10:6a:b5:9b:ff:46:bf:28:a6:56:
                    16:62:fd:0f:13:30:57:d8:dd:c3:87:f9:c9:56:3e:
                    a9:53:10:b2:22:6f:b8:82:cc:9a:08:5e:d4:60:13:
                    b7:16:f3:55:0c:39:9e:9c:c0:00:18:62:6d:2e:1e:
                    e6:ae:48:5b:be:45:c7:c8:1c:bb:56:09:d8:9d:89:
                    74:1b:70:06:c3:08:e8:de:d1:67:f0:a4:c3:1b:0b:
                    b6:67:cf:93:0e:99:b0:c3:ed:8e:85:d6:26:7d:7d:
                    7a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:A4:3B:0F:3D:18:96:36:51:82:36:F8:12:3D:FC:9D:83:86:D6:41
            X509v3 Authority Key Identifier:
                keyid:EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/n6Q7Dz0YljZRgjb4Ej38nYOG1kE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.114.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:ee:69:b3:b2:dc:95:78:f2:0f:69:63:6c:83:b4:e7:d3:ad:
         ce:9b:8a:19:56:a7:49:94:5c:b5:0f:27:62:70:6e:79:98:ce:
         77:6e:7e:16:01:90:1a:a2:05:69:1e:b2:80:66:1d:52:a8:1b:
         d6:dc:d3:e3:4d:96:37:58:99:1d:89:43:cd:22:9e:ae:43:98:
         fe:2f:7c:de:e6:4a:14:1b:64:d3:07:97:1e:3a:cc:20:a3:dc:
         35:d5:ae:78:ca:da:e1:3c:a8:99:4a:53:f9:b9:9a:97:81:32:
         6a:31:31:67:80:ed:a1:c9:a6:4e:97:65:22:e7:b9:02:79:58:
         35:97:9b:0f:ca:dd:d7:2c:16:d7:9a:70:a8:95:c6:69:0a:74:
         c7:6a:08:f5:64:ed:83:24:7a:51:42:d1:78:aa:b9:cd:e4:5c:
         9e:ec:29:34:36:dc:0a:22:12:cd:6a:52:f6:d6:64:64:13:f9:
         6e:de:02:7b:de:d3:b8:5b:5d:5d:63:f4:e9:aa:18:80:ea:20:
         1e:f9:74:08:a1:13:6d:6e:5e:51:c6:cd:9e:53:7b:dc:7a:a2:
         a2:8d:65:20:46:7c:ce:f7:1c:d1:7d:5a:60:64:5e:ef:bd:bb:
         36:88:13:11:db:e8:87:87:b4:e2:27:57:fc:0a:cf:72:02:30:
         ec:dd:2f:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz6qCWwtBKUsVvYgMvXcD9/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjOWM2ODVjZjY2NzFjYzY1NmY5MmU3NjQ1NTdhMzgzNzhm
MjgyN2MwHhcNMjYwMzE3MDcxNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmE0M2IwZjNkMTg5NjM2NTE4MjM2ZjgxMjNkZmM5ZDgzODZkNjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYsGXoQ7WwF7fRRZw9FbXXATd5c3
6v6H+BHY2XY8mMQ2bHx9vaKxB/fFmqTjisdpa1vLNUjv1zqG38WwIDS02L4xGeaw
QPpEfHNlc+c+ZAr8nipaztwBzLVjlo1OAf94/ST4tJax1AhK4DuHK2RFmQdIQHhb
zVHpF3O4JuTxlndi7/Cwwt+dJYfhVci/YglC4aCj95gxa93TTBBqtZv/Rr8oplYW
Yv0PEzBX2N3Dh/nJVj6pUxCyIm+4gsyaCF7UYBO3FvNVDDmenMAAGGJtLh7mrkhb
vkXHyBy7VgnYnYl0G3AGwwjo3tFn8KTDGwu2Z8+TDpmww+2OhdYmfX16MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ+kOw89GJY2UYI2+BI9/J2DhtZBMB8GA1UdIwQY
MBaAFOycaFz2ZxzGVvkudkVXo4N48oJ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0p4b1hQWm5ITVpXLVM1MlJWZWpnM2p5Z253LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9lOWI1NmUtM2I1Yi00M2IxLThiYjUt
YmFiNDhkYWI0Y2Q2LzEvbjZRN0R6MFlsalpSZ2piNEVqMzhuWU9HMWtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9lOWI1NmUtM2I1Yi00M2IxLThiYjUtYmFiNDhkYWI0Y2Q2
LzEvN0p4b1hQWm5ITVpXLVM1MlJWZWpnM2p5Z253LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HIpMA0G
CSqGSIb3DQEBCwUAA4IBAQAp7mmzstyVePIPaWNsg7Tn063Om4oZVqdJlFy1Dydi
cG55mM53bn4WAZAaogVpHrKAZh1SqBvW3NPjTZY3WJkdiUPNIp6uQ5j+L3ze5koU
G2TTB5ceOswgo9w11a54ytrhPKiZSlP5uZqXgTJqMTFngO2hyaZOl2Ui57kCeVg1
l5sPyt3XLBbXmnColcZpCnTHagj1ZO2DJHpRQtF4qrnN5Fye7Ck0NtwKIhLNalL2
1mRkE/lu3gJ73tO4W11dY/TpqhiA6iAe+XQIoRNtbl5Rxs2eU3vceqKijWUgRnzO
9xzRfVpgZF7vvbs2iBMR2+iHh7TiJ1f8Cs9yAjDs3S/0
-----END CERTIFICATE-----