Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/6_nEtbPOwnDXFy-8i5b9sl1ByGc.roa
File:                     6_nEtbPOwnDXFy-8i5b9sl1ByGc.roa (raw, json)
Hash identifier:          AMDpLbysh7NtuUVsc212fbCqdT4L3j/7tc3OE68YULA=
Subject key identifier:   EB:F9:C4:B5:B3:CE:C2:70:D7:17:2F:BC:8B:96:FD:B2:5D:41:C8:67
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       019DE3E54F9C5095055DFF9AB395D8811B08
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/6_nEtbPOwnDXFy-8i5b9sl1ByGc.roa
Signing time:             Fri 01 May 2026 14:15:49 +0000
ROA not before:           Fri 01 May 2026 14:15:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209378
IP address blocks:        103.110.64.0/24 maxlen: 24
                          195.226.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e3:e5:4f:9c:50:95:05:5d:ff:9a:b3:95:d8:81:1b:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: May  1 14:15:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ebf9c4b5b3cec270d7172fbc8b96fdb25d41c867
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:fc:ba:5d:14:32:da:c5:82:7e:d2:14:16:d4:
                    6e:5d:c5:1f:4d:32:32:be:7e:c7:23:82:9d:6c:60:
                    b1:ac:76:1e:46:36:c1:70:e0:4e:93:24:b9:12:cc:
                    54:03:bc:7c:6d:43:d3:ed:0c:dd:7f:f7:50:5c:64:
                    e1:be:bd:7a:18:d7:4e:4a:64:0a:76:14:81:b0:ef:
                    b5:2b:51:38:00:56:0c:e0:8a:76:45:bc:aa:70:bf:
                    ea:4d:b8:be:70:b9:35:72:7f:0d:33:4f:8f:b0:f7:
                    ba:37:5f:8e:c6:35:1f:62:e9:57:0d:a0:5c:64:48:
                    5b:d9:d0:ff:49:73:b9:03:6a:66:fe:44:ac:af:39:
                    18:f2:76:00:15:68:ad:18:76:db:a4:1b:6b:30:ca:
                    32:9f:8a:36:2c:25:c4:3a:f6:61:7f:18:a6:34:79:
                    33:5f:3a:5c:e3:74:16:d4:64:2b:c2:19:b7:6f:bf:
                    b4:de:81:e0:73:5d:81:5f:71:41:d0:1b:56:64:92:
                    4a:cc:8b:4f:2c:87:ec:b0:0e:11:73:57:bc:11:80:
                    16:2d:3e:48:df:c9:6f:26:5a:cd:5c:e5:23:1c:72:
                    09:37:17:36:3d:f9:d5:11:5a:d5:10:49:63:78:84:
                    7c:c2:82:01:46:43:78:6c:d9:fc:a0:a9:15:2e:75:
                    2f:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:F9:C4:B5:B3:CE:C2:70:D7:17:2F:BC:8B:96:FD:B2:5D:41:C8:67
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/6_nEtbPOwnDXFy-8i5b9sl1ByGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.110.64.0/24
                  195.226.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:bf:01:2e:37:99:71:5b:bb:5f:18:6c:34:46:85:63:8e:24:
         c8:60:28:a8:68:db:64:23:68:1a:69:c0:b2:79:73:ee:93:fe:
         94:18:73:6a:ea:2b:46:90:a0:a0:2a:fa:61:7f:92:e4:9f:b6:
         3b:1a:75:cd:06:b7:60:fc:74:b2:c7:bf:90:06:78:af:0d:be:
         b4:e1:de:09:9a:19:ff:a4:99:83:ea:84:21:91:e3:a9:a0:03:
         de:40:73:fe:ae:21:23:47:57:a6:46:53:bc:bf:6a:be:fb:b2:
         89:15:c6:28:86:74:4f:d1:84:e5:2b:1a:46:55:50:51:3a:2f:
         78:aa:24:48:6d:57:12:00:a3:cb:2d:cb:7f:73:ea:96:05:f7:
         3c:bb:11:4f:93:cb:13:c0:63:65:be:43:9a:44:2b:82:99:da:
         ec:58:89:09:3c:e7:d0:9d:15:ff:7c:24:72:16:f6:5c:26:fb:
         ff:20:4b:b6:bf:45:50:a0:5f:b0:5c:5b:a8:3a:9b:2a:ca:44:
         4a:b2:3b:b7:9d:d0:33:08:70:5f:39:8d:8a:3b:12:0e:ca:5d:
         d2:74:45:66:f1:a5:dc:71:cb:be:cb:7f:d4:3f:d2:9e:f3:3d:
         21:2d:b6:fd:27:6b:b7:d1:0c:d5:a4:30:37:6c:1c:de:99:5e:
         85:6a:36:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3j5U+cUJUFXf+as5XYgRsIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwNTAxMTQxNTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmY5YzRiNWIzY2VjMjcwZDcxNzJmYmM4Yjk2ZmRiMjVkNDFjODY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPy6XRQy2sWCftIUFtRuXcUfTTIy
vn7HI4KdbGCxrHYeRjbBcOBOkyS5EsxUA7x8bUPT7Qzdf/dQXGThvr16GNdOSmQK
dhSBsO+1K1E4AFYM4Ip2RbyqcL/qTbi+cLk1cn8NM0+PsPe6N1+OxjUfYulXDaBc
ZEhb2dD/SXO5A2pm/kSsrzkY8nYAFWitGHbbpBtrMMoyn4o2LCXEOvZhfximNHkz
Xzpc43QW1GQrwhm3b7+03oHgc12BX3FB0BtWZJJKzItPLIfssA4Rc1e8EYAWLT5I
38lvJlrNXOUjHHIJNxc2PfnVEVrVEEljeIR8woIBRkN4bNn8oKkVLnUvzQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOv5xLWzzsJw1xcvvIuW/bJdQchnMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvNl9uRXRiUE93bkRYRnktOGk1YjlzbDFCeUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ25AAwQA
w+JcMA0GCSqGSIb3DQEBCwUAA4IBAQBnvwEuN5lxW7tfGGw0RoVjjiTIYCioaNtk
I2gaacCyeXPuk/6UGHNq6itGkKCgKvphf5Lkn7Y7GnXNBrdg/HSyx7+QBnivDb60
4d4Jmhn/pJmD6oQhkeOpoAPeQHP+riEjR1emRlO8v2q++7KJFcYohnRP0YTlKxpG
VVBROi94qiRIbVcSAKPLLct/c+qWBfc8uxFPk8sTwGNlvkOaRCuCmdrsWIkJPOfQ
nRX/fCRyFvZcJvv/IEu2v0VQoF+wXFuoOpsqykRKsju3ndAzCHBfOY2KOxIOyl3S
dEVm8aXcccu+y3/UP9Ke8z0hLbb9J2u30QzVpDA3bBzemV6FajZT
-----END CERTIFICATE-----