Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/06fSg1kB8ckHlCpjtqtFvEEoGmo.roa
File:                     06fSg1kB8ckHlCpjtqtFvEEoGmo.roa (raw, json)
Hash identifier:          f48NpMpstUXIPO7HPVODVDToQ8B0NiDFbk8U3q4Yolw=
Subject key identifier:   D3:A7:D2:83:59:01:F1:C9:07:94:2A:63:B6:AB:45:BC:41:28:1A:6A
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       019CE222AC51F4A207FD24E4AE45D7935704
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/06fSg1kB8ckHlCpjtqtFvEEoGmo.roa
Signing time:             Thu 12 Mar 2026 13:00:48 +0000
ROA not before:           Thu 12 Mar 2026 13:00:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135402
IP address blocks:        213.145.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 20:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:22:ac:51:f4:a2:07:fd:24:e4:ae:45:d7:93:57:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Mar 12 13:00:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3a7d2835901f1c907942a63b6ab45bc41281a6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ae:23:f2:b3:46:88:93:15:bf:f5:15:51:ca:
                    0b:10:eb:b2:69:89:71:aa:30:6f:75:51:ef:33:aa:
                    c6:1b:ee:81:e9:cb:74:b4:5b:ae:73:12:48:07:f6:
                    a9:4f:88:e5:78:40:d1:23:46:df:8a:ba:0d:ad:e9:
                    f7:13:aa:6c:7e:cf:92:83:8d:37:6d:b9:ce:8b:92:
                    b3:d7:aa:cb:f5:08:af:9b:b4:5a:bd:51:03:9e:75:
                    ec:96:85:d7:85:62:20:74:da:02:d2:f7:10:eb:e4:
                    66:1a:6b:4e:64:67:e5:a0:2b:7c:ae:30:f3:58:89:
                    82:60:63:9a:d7:fd:25:ae:e8:7b:a7:a8:e5:76:64:
                    d8:cb:49:65:4c:31:95:9f:ec:5e:7d:e5:4b:07:0e:
                    b9:38:6c:5a:58:e6:10:7f:73:7e:73:01:2c:61:91:
                    16:52:27:3e:d8:31:49:f4:07:e5:5f:0e:84:cc:95:
                    06:7f:89:0a:d5:ba:f7:27:d7:97:0d:5a:9c:b7:94:
                    c0:01:31:4b:24:65:a6:c9:d2:e6:05:b7:bf:0d:13:
                    7d:ef:8b:18:7f:35:52:e4:e0:59:1e:56:a1:61:10:
                    08:22:65:d8:49:b0:2f:33:e2:e8:e7:8f:10:29:1f:
                    e7:d0:74:37:7f:f8:f3:36:c6:1c:ed:9d:fe:4d:b1:
                    38:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:A7:D2:83:59:01:F1:C9:07:94:2A:63:B6:AB:45:BC:41:28:1A:6A
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/06fSg1kB8ckHlCpjtqtFvEEoGmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:e2:37:02:dd:78:60:13:9d:89:cd:90:3c:93:1e:31:a5:8e:
         3b:12:27:77:02:22:3f:b9:22:28:a4:ce:db:f3:2e:07:80:2b:
         09:60:81:d8:c2:60:9c:c7:b7:86:81:16:17:e5:6a:76:37:b1:
         5f:16:f0:24:3e:72:52:63:e9:3a:6d:35:2f:2f:f5:fa:ab:b6:
         1c:43:90:51:bd:66:5e:aa:20:a9:45:4d:a6:42:88:3b:ff:97:
         51:e0:cf:30:39:15:7c:65:e3:3b:7f:67:d8:21:fa:b3:c6:65:
         ce:5f:7e:c0:3b:25:22:ae:08:df:bf:ea:e1:b3:73:d7:28:b8:
         d2:33:f5:6f:6c:7a:49:77:6f:fd:3a:e4:8e:16:29:9f:fe:28:
         f0:32:4c:94:df:72:37:2d:52:bf:69:0b:ad:7c:f6:f5:fe:cd:
         b8:3d:5d:fb:dc:0d:62:aa:b8:53:80:0a:10:b0:05:89:60:ad:
         42:68:cf:c2:2b:be:b6:49:34:db:23:4d:85:11:52:dd:76:18:
         cb:ce:ef:71:ba:79:49:d9:0f:06:96:35:da:d9:f6:a9:4d:1c:
         5d:2e:6d:50:d4:26:bb:72:db:73:e3:3f:13:dc:4a:9f:9c:7c:
         e5:f8:ef:42:ed:d2:d3:06:4b:2b:00:04:27:73:44:a9:a2:89:
         62:9b:77:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZziIqxR9KIH/STkrkXXk1cEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjYwMzEyMTMwMDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2E3ZDI4MzU5MDFmMWM5MDc5NDJhNjNiNmFiNDViYzQxMjgxYTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAva4j8rNGiJMVv/UVUcoLEOuyaYlx
qjBvdVHvM6rGG+6B6ct0tFuucxJIB/apT4jleEDRI0bfiroNren3E6psfs+Sg403
bbnOi5Kz16rL9Qivm7RavVEDnnXsloXXhWIgdNoC0vcQ6+RmGmtOZGfloCt8rjDz
WImCYGOa1/0lruh7p6jldmTYy0llTDGVn+xefeVLBw65OGxaWOYQf3N+cwEsYZEW
Uic+2DFJ9AflXw6EzJUGf4kK1br3J9eXDVqct5TAATFLJGWmydLmBbe/DRN974sY
fzVS5OBZHlahYRAIImXYSbAvM+Lo548QKR/n0HQ3f/jzNsYc7Z3+TbE4cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNOn0oNZAfHJB5QqY7arRbxBKBpqMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvMDZmU2cxa0I4Y2tIbENwanRxdEZ2RUVvR21vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZFDMA0G
CSqGSIb3DQEBCwUAA4IBAQAs4jcC3XhgE52JzZA8kx4xpY47Eid3AiI/uSIopM7b
8y4HgCsJYIHYwmCcx7eGgRYX5Wp2N7FfFvAkPnJSY+k6bTUvL/X6q7YcQ5BRvWZe
qiCpRU2mQog7/5dR4M8wORV8ZeM7f2fYIfqzxmXOX37AOyUirgjfv+rhs3PXKLjS
M/VvbHpJd2/9OuSOFimf/ijwMkyU33I3LVK/aQutfPb1/s24PV373A1iqrhTgAoQ
sAWJYK1CaM/CK762STTbI02FEVLddhjLzu9xunlJ2Q8GljXa2fapTRxdLm1Q1Ca7
cttz4z8T3EqfnHzl+O9C7dLTBksrAAQnc0Spoolim3eS
-----END CERTIFICATE-----