Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/9ade80-afe8-4a75-957a-83ac9f6fac73/1/1_6s-T8QaefbtMNamrKj-DA25wk.roa
File:                     1_6s-T8QaefbtMNamrKj-DA25wk.roa (raw, json)
Hash identifier:          yYUr/M+QIUzpx+GUhq6tUq9L7e7cvOQNhE+CyPESSIo=
Subject key identifier:   D7:FE:AC:F9:3F:10:69:E7:DB:B4:C3:5A:9A:B2:A3:F8:30:36:E7:09
Certificate issuer:       /CN=f40ebc74976cc3d0ac6c646d50770f8d9a16a9ea
Certificate serial:       019E04FE52F6EFAABAA551398D93315B9BAA
Authority key identifier: F4:0E:BC:74:97:6C:C3:D0:AC:6C:64:6D:50:77:0F:8D:9A:16:A9:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9A68dJdsw9CsbGRtUHcPjZoWqeo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/9ade80-afe8-4a75-957a-83ac9f6fac73/1/1_6s-T8QaefbtMNamrKj-DA25wk.roa
Signing time:             Fri 08 May 2026 00:30:36 +0000
ROA not before:           Fri 08 May 2026 00:30:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204224
IP address blocks:        207.241.179.0/24 maxlen: 24
                          2a10:b80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/9ade80-afe8-4a75-957a-83ac9f6fac73/1/9A68dJdsw9CsbGRtUHcPjZoWqeo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/9ade80-afe8-4a75-957a-83ac9f6fac73/1/9A68dJdsw9CsbGRtUHcPjZoWqeo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9A68dJdsw9CsbGRtUHcPjZoWqeo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:04:fe:52:f6:ef:aa:ba:a5:51:39:8d:93:31:5b:9b:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f40ebc74976cc3d0ac6c646d50770f8d9a16a9ea
        Validity
            Not Before: May  8 00:30:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d7feacf93f1069e7dbb4c35a9ab2a3f83036e709
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c7:3b:68:ac:d0:00:64:61:00:bc:73:7f:94:
                    06:40:82:4c:1f:f9:51:7f:5c:f1:49:35:37:9d:5a:
                    c1:89:d9:4d:1b:98:fd:7e:f6:34:68:0a:ce:60:27:
                    8c:c4:fb:90:c5:27:af:eb:56:17:81:10:92:78:9c:
                    15:0d:18:75:db:ec:79:0f:1b:66:dc:95:f8:ae:52:
                    79:f7:7e:97:bd:02:96:2e:7d:c1:54:ae:d8:a3:85:
                    63:54:63:87:75:f3:6b:64:46:00:21:9c:e3:78:aa:
                    07:e5:1d:83:4a:a9:bf:95:91:32:cf:6d:47:bc:b4:
                    74:49:1f:94:6c:c0:05:2a:ac:46:e5:b4:d6:dd:c3:
                    f8:13:23:94:8e:19:ee:59:ef:2d:1a:97:1a:e6:e9:
                    5a:63:29:99:16:a8:b5:d7:9c:fe:9e:40:85:b2:c3:
                    49:66:c9:4b:c4:51:90:0a:91:50:24:ce:ea:2b:63:
                    59:e3:24:79:c4:22:1f:33:19:1b:a6:5d:d8:85:14:
                    db:57:9d:5e:2f:e7:83:d6:93:47:20:f4:14:a5:0d:
                    68:41:5c:ab:c1:de:1b:45:9e:46:7b:a8:e3:82:84:
                    b9:a0:1c:47:1b:de:80:46:ef:c6:ba:af:10:df:e8:
                    8c:44:f0:2b:30:e8:c9:c0:01:d4:c8:61:46:4e:40:
                    12:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:FE:AC:F9:3F:10:69:E7:DB:B4:C3:5A:9A:B2:A3:F8:30:36:E7:09
            X509v3 Authority Key Identifier:
                keyid:F4:0E:BC:74:97:6C:C3:D0:AC:6C:64:6D:50:77:0F:8D:9A:16:A9:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9A68dJdsw9CsbGRtUHcPjZoWqeo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/9ade80-afe8-4a75-957a-83ac9f6fac73/1/1_6s-T8QaefbtMNamrKj-DA25wk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/9ade80-afe8-4a75-957a-83ac9f6fac73/1/9A68dJdsw9CsbGRtUHcPjZoWqeo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.241.179.0/24
                IPv6:
                  2a10:b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         b6:5f:27:38:6c:a8:80:91:d2:8a:a5:47:a1:d9:69:e1:52:9c:
         c6:31:27:84:82:55:0f:cf:ff:3d:fe:ff:ee:b9:cc:44:86:8c:
         51:c4:37:06:bb:a7:ce:47:55:24:06:d5:46:60:70:d1:3d:f4:
         ea:7a:8e:30:3c:e0:33:57:47:30:d2:c9:c6:5c:b6:88:9e:22:
         07:24:21:39:8f:03:1e:04:5b:14:c6:28:1c:60:c9:20:8e:46:
         bc:2f:a0:df:33:1b:8a:c7:35:0e:09:b9:cd:ec:5b:38:2e:b9:
         60:d2:75:fb:44:4e:42:07:f2:45:ad:e3:7f:b2:62:06:49:03:
         99:57:19:1c:52:c7:89:8f:1d:c3:bc:37:3c:b8:3b:86:de:b6:
         8f:50:ba:66:34:6b:e0:ff:2a:10:5d:5c:dd:79:12:ba:3f:62:
         30:cc:6c:d8:35:61:75:38:72:15:07:0f:2e:e8:5c:3a:36:b1:
         21:f4:b8:c6:4b:f5:1c:82:f6:ed:db:97:0e:44:d2:fa:8c:a6:
         33:78:49:f3:31:2e:9e:ef:68:c0:83:e2:0a:3b:a2:05:f0:db:
         80:bb:74:7d:84:61:af:05:75:57:a9:ed:0f:bc:53:ad:06:b7:
         50:2c:12:05:74:3a:35:ed:44:b1:ee:3d:da:48:26:8a:39:1c:
         c4:8c:22:ef
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ4E/lL276q6pVE5jZMxW5uqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0MGViYzc0OTc2Y2MzZDBhYzZjNjQ2ZDUwNzcwZjhkOWEx
NmE5ZWEwHhcNMjYwNTA4MDAzMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2ZlYWNmOTNmMTA2OWU3ZGJiNGMzNWE5YWIyYTNmODMwMzZlNzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsc7aKzQAGRhALxzf5QGQIJMH/lR
f1zxSTU3nVrBidlNG5j9fvY0aArOYCeMxPuQxSev61YXgRCSeJwVDRh12+x5Dxtm
3JX4rlJ5936XvQKWLn3BVK7Yo4VjVGOHdfNrZEYAIZzjeKoH5R2DSqm/lZEyz21H
vLR0SR+UbMAFKqxG5bTW3cP4EyOUjhnuWe8tGpca5ulaYymZFqi115z+nkCFssNJ
ZslLxFGQCpFQJM7qK2NZ4yR5xCIfMxkbpl3YhRTbV51eL+eD1pNHIPQUpQ1oQVyr
wd4bRZ5Ge6jjgoS5oBxHG96ARu/Guq8Q3+iMRPArMOjJwAHUyGFGTkAS1wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNf+rPk/EGnn27TDWpqyo/gwNucJMB8GA1UdIwQY
MBaAFPQOvHSXbMPQrGxkbVB3D42aFqnqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUE2OGRKZHN3OUNzYkdSdFVIY1BqWm9XcWVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC85YWRlODAtYWZlOC00YTc1LTk1N2Et
ODNhYzlmNmZhYzczLzEvMV82cy1UOFFhZWZidE1OYW1yS2otREEyNXdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC85YWRlODAtYWZlOC00YTc1LTk1N2EtODNhYzlmNmZhYzcz
LzEvOUE2OGRKZHN3OUNzYkdSdFVIY1BqWm9XcWVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAz/GzMA0E
AgACMAcDBQMqEAuAMA0GCSqGSIb3DQEBCwUAA4IBAQC2Xyc4bKiAkdKKpUeh2Wnh
UpzGMSeEglUPz/89/v/uucxEhoxRxDcGu6fOR1UkBtVGYHDRPfTqeo4wPOAzV0cw
0snGXLaIniIHJCE5jwMeBFsUxigcYMkgjka8L6DfMxuKxzUOCbnN7Fs4Lrlg0nX7
RE5CB/JFreN/smIGSQOZVxkcUseJjx3DvDc8uDuG3raPULpmNGvg/yoQXVzdeRK6
P2IwzGzYNWF1OHIVBw8u6Fw6NrEh9LjGS/Ucgvbt25cORNL6jKYzeEnzMS6e72jA
g+IKO6IF8NuAu3R9hGGvBXVXqe0PvFOtBrdQLBIFdDo17USx7j3aSCaKORzEjCLv
-----END CERTIFICATE-----