Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/jG6aepPboty3bhwMFNAy4j7PZLg.roa
File:                     jG6aepPboty3bhwMFNAy4j7PZLg.roa (raw, json)
Hash identifier:          RpAm5WQYOjhIalUzLd+dhvF8WQ0tVlQHMoKb6uwbMJc=
Subject key identifier:   8C:6E:9A:7A:93:DB:A2:DC:B7:6E:1C:0C:14:D0:32:E2:3E:CF:64:B8
Certificate issuer:       /CN=c6cfa94f6134e3960ea5f318846a30cf3e922dd7
Certificate serial:       019D1FF36905D46DDDF756ED86CBEB78343F
Authority key identifier: C6:CF:A9:4F:61:34:E3:96:0E:A5:F3:18:84:6A:30:CF:3E:92:2D:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xs-pT2E045YOpfMYhGowzz6SLdc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/jG6aepPboty3bhwMFNAy4j7PZLg.roa
Signing time:             Tue 24 Mar 2026 13:05:38 +0000
ROA not before:           Tue 24 Mar 2026 13:05:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58154
IP address blocks:        185.80.31.0/24 maxlen: 24
                          193.218.176.0/22 maxlen: 22
                          2a0e:6340::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/xs-pT2E045YOpfMYhGowzz6SLdc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/xs-pT2E045YOpfMYhGowzz6SLdc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xs-pT2E045YOpfMYhGowzz6SLdc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 19:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1f:f3:69:05:d4:6d:dd:f7:56:ed:86:cb:eb:78:34:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6cfa94f6134e3960ea5f318846a30cf3e922dd7
        Validity
            Not Before: Mar 24 13:05:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8c6e9a7a93dba2dcb76e1c0c14d032e23ecf64b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b3:0b:5a:9c:84:d2:64:67:de:5a:2a:c2:e1:
                    1c:24:cb:6c:09:52:d4:08:ae:de:7c:fa:2d:30:cd:
                    d6:95:b9:2a:ae:d1:e3:a1:eb:16:31:8a:01:b9:92:
                    bb:a7:85:b3:c1:77:10:18:69:08:72:4b:c5:af:b2:
                    be:b5:6d:4d:6b:b1:67:20:71:57:bd:6a:b8:28:ee:
                    e6:1d:a3:b2:72:62:f8:b4:4c:ff:d4:07:c0:8e:76:
                    9a:6c:17:56:71:bd:bc:16:08:67:b7:ae:be:cb:37:
                    c9:57:12:1e:ce:ab:41:1d:9d:d3:4a:bf:a4:04:d8:
                    f2:7e:31:a3:50:94:03:09:44:d4:eb:f6:69:38:d8:
                    fd:83:88:a7:47:ef:ec:01:93:51:de:88:3c:72:03:
                    96:22:09:1e:ee:02:3b:71:cb:f0:3a:fc:21:93:7c:
                    9c:84:ee:76:55:3c:39:96:3c:b0:ab:09:1d:ab:7c:
                    78:1c:4d:a2:fe:2d:51:ad:43:ee:9b:42:3c:a8:dc:
                    7c:ed:f0:d6:ee:9d:05:06:d4:7f:aa:7e:55:5f:f6:
                    57:31:64:2a:70:63:c6:91:3d:f1:6d:8d:e7:14:02:
                    59:f9:4e:b7:29:17:af:8a:ea:a5:5a:42:e9:ce:98:
                    af:61:0f:f0:59:2d:d6:50:05:66:d7:f3:4a:80:ed:
                    d9:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:6E:9A:7A:93:DB:A2:DC:B7:6E:1C:0C:14:D0:32:E2:3E:CF:64:B8
            X509v3 Authority Key Identifier:
                keyid:C6:CF:A9:4F:61:34:E3:96:0E:A5:F3:18:84:6A:30:CF:3E:92:2D:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xs-pT2E045YOpfMYhGowzz6SLdc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/jG6aepPboty3bhwMFNAy4j7PZLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/xs-pT2E045YOpfMYhGowzz6SLdc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.31.0/24
                  193.218.176.0/22
                IPv6:
                  2a0e:6340::/29

    Signature Algorithm: sha256WithRSAEncryption
         a9:de:1a:c8:a5:5c:7d:d3:1b:4c:02:72:c4:a0:14:11:86:c1:
         72:14:04:34:62:e8:77:87:08:2e:9c:dd:22:4e:d0:48:54:b0:
         4e:24:0a:d1:40:eb:e5:a5:53:6d:a7:f5:50:5b:29:75:f8:af:
         0b:61:db:c9:80:0f:ab:a5:a2:ac:aa:06:60:17:9b:0f:97:03:
         30:08:92:0e:9d:ba:bc:d7:b4:68:50:6f:39:e5:8c:67:b0:54:
         8e:c0:7f:7d:df:53:73:6e:be:19:6f:41:ab:f8:6e:fe:8d:60:
         a0:23:33:47:75:fa:f5:d9:7a:fa:08:2d:29:03:9b:32:00:f0:
         c1:c7:4c:21:11:95:3c:a5:b6:2b:0e:99:94:1b:8d:87:e8:c4:
         72:a0:f5:5a:0d:ee:d4:ce:1b:95:b7:0c:c2:f8:79:f7:76:1c:
         47:01:a5:f3:46:5c:ae:27:5c:1e:ac:63:c2:90:f2:e6:c9:10:
         cc:15:93:35:27:d5:ae:bb:9c:8f:56:ec:4a:47:37:3b:4c:3f:
         80:ef:32:fd:cf:83:38:53:20:86:c4:a2:ff:fe:27:c9:84:49:
         90:be:a5:28:81:6d:87:1a:61:aa:af:fc:72:dc:d2:67:69:13:
         14:71:bb:6f:0b:c4:df:72:ca:e4:5d:ea:d1:2e:0f:a6:9c:5b:
         0a:79:17:09
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ0f82kF1G3d91bthsvreDQ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2Y2ZhOTRmNjEzNGUzOTYwZWE1ZjMxODg0NmEzMGNmM2U5
MjJkZDcwHhcNMjYwMzI0MTMwNTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzZlOWE3YTkzZGJhMmRjYjc2ZTFjMGMxNGQwMzJlMjNlY2Y2NGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybMLWpyE0mRn3loqwuEcJMtsCVLU
CK7efPotMM3WlbkqrtHjoesWMYoBuZK7p4WzwXcQGGkIckvFr7K+tW1Na7FnIHFX
vWq4KO7mHaOycmL4tEz/1AfAjnaabBdWcb28Fghnt66+yzfJVxIezqtBHZ3TSr+k
BNjyfjGjUJQDCUTU6/ZpONj9g4inR+/sAZNR3og8cgOWIgke7gI7ccvwOvwhk3yc
hO52VTw5ljywqwkdq3x4HE2i/i1RrUPum0I8qNx87fDW7p0FBtR/qn5VX/ZXMWQq
cGPGkT3xbY3nFAJZ+U63KReviuqlWkLpzpivYQ/wWS3WUAVm1/NKgO3ZwQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIxumnqT26Lct24cDBTQMuI+z2S4MB8GA1UdIwQY
MBaAFMbPqU9hNOOWDqXzGIRqMM8+ki3XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHMtcFQyRTA0NVlPcGZNWWhHb3d6ejZTTGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi85NTllMDMtNzhmYy00NTg5LWFjZGUt
ZjlhNDM3MDlkMDBiLzEvakc2YWVwUGJvdHkzYmh3TUZOQXk0ajdQWkxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi85NTllMDMtNzhmYy00NTg5LWFjZGUtZjlhNDM3MDlkMDBi
LzEveHMtcFQyRTA0NVlPcGZNWWhHb3d6ejZTTGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuVAfAwQC
wdqwMA0EAgACMAcDBQMqDmNAMA0GCSqGSIb3DQEBCwUAA4IBAQCp3hrIpVx90xtM
AnLEoBQRhsFyFAQ0Yuh3hwgunN0iTtBIVLBOJArRQOvlpVNtp/VQWyl1+K8LYdvJ
gA+rpaKsqgZgF5sPlwMwCJIOnbq817RoUG855YxnsFSOwH9931Nzbr4Zb0Gr+G7+
jWCgIzNHdfr12Xr6CC0pA5syAPDBx0whEZU8pbYrDpmUG42H6MRyoPVaDe7UzhuV
twzC+Hn3dhxHAaXzRlyuJ1werGPCkPLmyRDMFZM1J9Wuu5yPVuxKRzc7TD+A7zL9
z4M4UyCGxKL//ifJhEmQvqUogW2HGmGqr/xy3NJnaRMUcbtvC8TfcsrkXerRLg+m
nFsKeRcJ
-----END CERTIFICATE-----