Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/6f5746-b406-4c05-9741-54d8f6b06b83/1/yTv4A2QemuCu068pABcxZnPnE90.roa
File:                     yTv4A2QemuCu068pABcxZnPnE90.roa (raw, json)
Hash identifier:          G1RRAME/chmFIOU4hWQ+CQwa53UITK1U1LSdGCURr4M=
Subject key identifier:   C9:3B:F8:03:64:1E:9A:E0:AE:D3:AF:29:00:17:31:66:73:E7:13:DD
Certificate issuer:       /CN=f6eea10afacf3a9c26ea1b1ec488e955e4dfa06a
Certificate serial:       019DBF71E9C66DE3B6D78C8B1D91058936A9
Authority key identifier: F6:EE:A1:0A:FA:CF:3A:9C:26:EA:1B:1E:C4:88:E9:55:E4:DF:A0:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9u6hCvrPOpwm6hsexIjpVeTfoGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/6f5746-b406-4c05-9741-54d8f6b06b83/1/yTv4A2QemuCu068pABcxZnPnE90.roa
Signing time:             Fri 24 Apr 2026 12:23:26 +0000
ROA not before:           Fri 24 Apr 2026 12:23:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213414
IP address blocks:        46.102.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/6f5746-b406-4c05-9741-54d8f6b06b83/1/9u6hCvrPOpwm6hsexIjpVeTfoGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/6f5746-b406-4c05-9741-54d8f6b06b83/1/9u6hCvrPOpwm6hsexIjpVeTfoGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9u6hCvrPOpwm6hsexIjpVeTfoGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bf:71:e9:c6:6d:e3:b6:d7:8c:8b:1d:91:05:89:36:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6eea10afacf3a9c26ea1b1ec488e955e4dfa06a
        Validity
            Not Before: Apr 24 12:23:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c93bf803641e9ae0aed3af290017316673e713dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:53:82:35:25:98:1a:50:f0:a6:05:72:44:28:
                    66:dd:39:e7:81:47:28:89:e3:59:7c:a3:48:b3:4f:
                    87:00:57:a6:26:c8:8b:29:f2:f3:a1:cd:3a:73:87:
                    95:db:ca:a3:d8:29:a9:dd:38:ad:04:e1:7d:c3:12:
                    72:d6:70:fe:8e:05:55:5a:8a:91:45:37:0b:24:19:
                    73:f9:d8:de:6c:a4:b9:2a:8d:47:00:1d:e9:ee:8f:
                    bb:73:dc:74:2e:97:f1:6b:50:52:d8:58:a6:67:1a:
                    e0:e0:5f:c3:a8:64:1d:0b:1d:54:b7:a2:a8:3c:e7:
                    90:0d:05:75:8f:06:28:a5:7a:af:b2:bd:35:cb:4c:
                    12:17:2b:81:e9:f9:a7:e1:38:67:ba:4e:b4:99:74:
                    89:a0:c8:d4:16:15:4b:4d:16:52:33:f1:47:17:85:
                    fa:ab:d4:b2:6a:86:56:35:f3:66:21:5e:8f:8f:9b:
                    bc:41:df:c4:e2:db:f9:03:48:39:01:e8:a7:57:b2:
                    e1:79:79:d2:61:b1:6d:01:86:a1:58:7a:0b:d3:87:
                    4e:fe:06:18:c9:eb:94:1f:9f:df:4f:99:31:36:c2:
                    d3:8e:4b:62:f0:3f:eb:97:99:75:47:b2:41:5f:13:
                    69:f1:7a:96:37:4d:7b:06:ca:fa:41:35:32:99:de:
                    a7:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:3B:F8:03:64:1E:9A:E0:AE:D3:AF:29:00:17:31:66:73:E7:13:DD
            X509v3 Authority Key Identifier:
                keyid:F6:EE:A1:0A:FA:CF:3A:9C:26:EA:1B:1E:C4:88:E9:55:E4:DF:A0:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9u6hCvrPOpwm6hsexIjpVeTfoGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/6f5746-b406-4c05-9741-54d8f6b06b83/1/yTv4A2QemuCu068pABcxZnPnE90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/6f5746-b406-4c05-9741-54d8f6b06b83/1/9u6hCvrPOpwm6hsexIjpVeTfoGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:ab:93:f5:67:f1:6e:bc:3e:0c:83:50:47:3a:61:90:98:1f:
         20:db:ef:27:c3:68:06:f3:b3:bb:62:fd:b6:05:50:ff:db:f1:
         91:ca:c7:c6:72:4d:85:c8:6d:96:f9:34:0e:2a:04:13:4e:75:
         0a:13:33:3c:f6:ae:2c:91:53:86:0e:f7:28:81:2d:1b:2e:8e:
         51:0d:bd:b5:bd:a0:59:d2:af:7d:dc:6b:79:4e:4b:7d:26:10:
         3d:05:53:d6:ff:8d:63:40:50:c7:c8:c3:df:0c:1f:ef:4f:57:
         d5:df:26:fb:10:b3:64:ed:15:a7:f4:13:aa:f4:d8:e0:80:21:
         8e:2f:89:1e:f9:19:ea:e7:93:fb:d6:90:a2:80:e3:3c:35:0c:
         3a:27:a2:47:f7:c3:8e:cf:c5:50:53:f5:dc:32:d0:75:65:41:
         da:1c:92:25:82:f4:6e:7f:c2:ba:34:3a:8e:ae:d4:bc:c5:b2:
         f1:52:02:7b:f4:75:d0:84:99:09:03:18:e7:cf:e0:7b:33:35:
         c4:7f:87:85:bc:7c:f0:70:b9:8d:5d:f5:be:2c:58:2a:4c:ba:
         0c:b4:68:55:eb:a8:61:54:25:54:c4:1b:31:62:8f:fe:f1:f2:
         f3:8d:c5:f9:9c:34:1a:6a:97:f9:51:c7:7e:8f:f4:bd:85:8f:
         a1:7a:84:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2/cenGbeO214yLHZEFiTapMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2ZWVhMTBhZmFjZjNhOWMyNmVhMWIxZWM0ODhlOTU1ZTRk
ZmEwNmEwHhcNMjYwNDI0MTIyMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTNiZjgwMzY0MWU5YWUwYWVkM2FmMjkwMDE3MzE2NjczZTcxM2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlOCNSWYGlDwpgVyRChm3TnngUco
ieNZfKNIs0+HAFemJsiLKfLzoc06c4eV28qj2Cmp3TitBOF9wxJy1nD+jgVVWoqR
RTcLJBlz+djebKS5Ko1HAB3p7o+7c9x0Lpfxa1BS2FimZxrg4F/DqGQdCx1Ut6Ko
POeQDQV1jwYopXqvsr01y0wSFyuB6fmn4Thnuk60mXSJoMjUFhVLTRZSM/FHF4X6
q9SyaoZWNfNmIV6Pj5u8Qd/E4tv5A0g5AeinV7LheXnSYbFtAYahWHoL04dO/gYY
yeuUH5/fT5kxNsLTjkti8D/rl5l1R7JBXxNp8XqWN017Bsr6QTUymd6nWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMk7+ANkHprgrtOvKQAXMWZz5xPdMB8GA1UdIwQY
MBaAFPbuoQr6zzqcJuobHsSI6VXk36BqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXU2aEN2clBPcHdtNmhzZXhJanBWZVRmb0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS82ZjU3NDYtYjQwNi00YzA1LTk3NDEt
NTRkOGY2YjA2YjgzLzEveVR2NEEyUWVtdUN1MDY4cEFCY3hablBuRTkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS82ZjU3NDYtYjQwNi00YzA1LTk3NDEtNTRkOGY2YjA2Yjgz
LzEvOXU2aEN2clBPcHdtNmhzZXhJanBWZVRmb0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALmatMA0G
CSqGSIb3DQEBCwUAA4IBAQAuq5P1Z/FuvD4Mg1BHOmGQmB8g2+8nw2gG87O7Yv22
BVD/2/GRysfGck2FyG2W+TQOKgQTTnUKEzM89q4skVOGDvcogS0bLo5RDb21vaBZ
0q993Gt5Tkt9JhA9BVPW/41jQFDHyMPfDB/vT1fV3yb7ELNk7RWn9BOq9NjggCGO
L4ke+Rnq55P71pCigOM8NQw6J6JH98OOz8VQU/XcMtB1ZUHaHJIlgvRuf8K6NDqO
rtS8xbLxUgJ79HXQhJkJAxjnz+B7MzXEf4eFvHzwcLmNXfW+LFgqTLoMtGhV66hh
VCVUxBsxYo/+8fLzjcX5nDQaapf5Ucd+j/S9hY+heoTv
-----END CERTIFICATE-----