Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/e49afe-15ae-485a-af76-66516ffce750/1/ISfG2ceyWuWYeRgRuKuH6VXmeXE.roa
File:                     ISfG2ceyWuWYeRgRuKuH6VXmeXE.roa (raw, json)
Hash identifier:          dFAyLFozLbvyA3OIY3CyaWsZeKTyXIGDjyZDQv/swnk=
Subject key identifier:   21:27:C6:D9:C7:B2:5A:E5:98:79:18:11:B8:AB:87:E9:55:E6:79:71
Certificate issuer:       /CN=b69422476e1ae5ea0d58e4f8fdf91f05f102fefb
Certificate serial:       019B78A21B1277387BE7CEF35FD89D9670D4
Authority key identifier: B6:94:22:47:6E:1A:E5:EA:0D:58:E4:F8:FD:F9:1F:05:F1:02:FE:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tpQiR24a5eoNWOT4_fkfBfEC_vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/e49afe-15ae-485a-af76-66516ffce750/1/ISfG2ceyWuWYeRgRuKuH6VXmeXE.roa
Signing time:             Thu 01 Jan 2026 08:17:28 +0000
ROA not before:           Thu 01 Jan 2026 08:17:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59756
IP address blocks:        146.0.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/e49afe-15ae-485a-af76-66516ffce750/1/tpQiR24a5eoNWOT4_fkfBfEC_vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/e49afe-15ae-485a-af76-66516ffce750/1/tpQiR24a5eoNWOT4_fkfBfEC_vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tpQiR24a5eoNWOT4_fkfBfEC_vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:1b:12:77:38:7b:e7:ce:f3:5f:d8:9d:96:70:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b69422476e1ae5ea0d58e4f8fdf91f05f102fefb
        Validity
            Not Before: Jan  1 08:17:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2127c6d9c7b25ae598791811b8ab87e955e67971
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:78:f6:10:31:c6:7b:ef:b2:4f:8f:5e:97:a2:
                    3d:9f:93:8d:79:26:25:ea:38:df:31:73:7b:2f:7c:
                    61:8a:74:8c:b1:62:e0:8e:63:3b:4d:c3:ac:f3:d4:
                    a7:2f:02:c1:63:4b:86:2e:79:03:75:3d:73:a4:9f:
                    0b:39:24:0c:55:42:22:2b:09:48:a3:3c:6c:93:e0:
                    70:01:d6:16:83:e9:54:38:46:76:a6:bb:c6:ff:48:
                    7a:46:fa:24:0a:ce:c5:85:63:59:5e:74:a8:0a:30:
                    97:4f:94:cb:7b:d7:9a:1e:58:26:a1:72:7f:54:b2:
                    9c:f1:41:ba:98:a2:57:a9:a1:64:a3:1c:87:eb:7f:
                    ef:9d:32:a2:78:09:64:fb:0b:a8:c9:c9:dc:11:ed:
                    c8:27:93:68:d7:f9:df:fb:39:4e:df:90:1c:41:53:
                    86:1e:d2:f0:3d:6d:48:26:07:c9:43:08:0a:8d:b4:
                    e9:aa:68:cd:e9:06:5a:ed:a9:75:45:50:62:81:8a:
                    7c:85:98:19:e0:92:29:02:bf:ad:d3:66:c3:bc:f2:
                    9f:68:c0:27:72:ea:03:24:35:6e:72:fe:09:33:8b:
                    0d:2d:e5:77:ea:e5:5e:df:07:01:b1:a3:e7:7b:50:
                    a9:49:6c:86:b9:b3:3b:92:28:e4:59:b7:e1:10:88:
                    0c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:27:C6:D9:C7:B2:5A:E5:98:79:18:11:B8:AB:87:E9:55:E6:79:71
            X509v3 Authority Key Identifier:
                keyid:B6:94:22:47:6E:1A:E5:EA:0D:58:E4:F8:FD:F9:1F:05:F1:02:FE:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tpQiR24a5eoNWOT4_fkfBfEC_vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/e49afe-15ae-485a-af76-66516ffce750/1/ISfG2ceyWuWYeRgRuKuH6VXmeXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/e49afe-15ae-485a-af76-66516ffce750/1/tpQiR24a5eoNWOT4_fkfBfEC_vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.0.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:e7:d5:06:5c:fd:28:9c:af:d1:1e:c7:3d:24:a4:fb:8b:3f:
         57:02:11:95:5e:4c:c8:77:df:65:1b:80:68:3a:70:47:c3:3e:
         36:9f:8e:db:a0:e6:5e:f4:17:71:31:ae:a2:63:38:17:14:3b:
         cb:e4:9d:2c:49:b5:ef:3a:8e:43:20:7b:d2:b7:19:f7:47:06:
         64:5e:dd:5c:a6:18:1e:00:fa:e8:de:af:8c:7b:6b:48:03:3e:
         ea:29:ba:85:ed:be:c3:2e:d8:55:dc:1c:a1:57:04:8f:9a:40:
         cf:d1:a0:ad:55:f8:28:91:fa:2a:f9:08:d0:90:06:d7:a2:e7:
         58:18:89:c0:60:ac:9c:ee:33:77:a4:86:41:90:5a:41:84:06:
         8f:45:c0:17:9f:2f:d9:ef:1e:24:ea:88:f7:3a:17:6e:4e:d4:
         ba:a0:26:7f:b6:81:5e:42:e3:8c:c6:36:9f:1c:a5:fe:7e:cd:
         8e:b7:93:9a:d8:da:91:b7:cb:cb:0a:e1:cc:37:c5:bd:fe:d8:
         0b:af:59:d4:7f:9f:3d:0b:99:3b:2a:be:eb:7a:2c:1f:87:80:
         bb:c0:c3:5c:2d:31:98:18:7b:de:64:38:26:85:5e:f3:62:ed:
         35:b6:3b:79:d1:97:9f:c1:31:93:84:77:00:bb:98:ca:1e:d5:
         5c:c0:bb:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ohsSdzh7587zX9idlnDUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2OTQyMjQ3NmUxYWU1ZWEwZDU4ZTRmOGZkZjkxZjA1ZjEw
MmZlZmIwHhcNMjYwMTAxMDgxNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTI3YzZkOWM3YjI1YWU1OTg3OTE4MTFiOGFiODdlOTU1ZTY3OTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3j2EDHGe++yT49el6I9n5ONeSYl
6jjfMXN7L3xhinSMsWLgjmM7TcOs89SnLwLBY0uGLnkDdT1zpJ8LOSQMVUIiKwlI
ozxsk+BwAdYWg+lUOEZ2prvG/0h6RvokCs7FhWNZXnSoCjCXT5TLe9eaHlgmoXJ/
VLKc8UG6mKJXqaFkoxyH63/vnTKieAlk+wuoycncEe3IJ5No1/nf+zlO35AcQVOG
HtLwPW1IJgfJQwgKjbTpqmjN6QZa7al1RVBigYp8hZgZ4JIpAr+t02bDvPKfaMAn
cuoDJDVucv4JM4sNLeV36uVe3wcBsaPne1CpSWyGubM7kijkWbfhEIgM7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCEnxtnHslrlmHkYEbirh+lV5nlxMB8GA1UdIwQY
MBaAFLaUIkduGuXqDVjk+P35HwXxAv77MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHBRaVIyNGE1ZW9OV09UNF9ma2ZCZkVDX3ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9lNDlhZmUtMTVhZS00ODVhLWFmNzYt
NjY1MTZmZmNlNzUwLzEvSVNmRzJjZXlXdVdZZVJnUnVLdUg2VlhtZVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9lNDlhZmUtMTVhZS00ODVhLWFmNzYtNjY1MTZmZmNlNzUw
LzEvdHBRaVIyNGE1ZW9OV09UNF9ma2ZCZkVDX3ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkgA4MA0G
CSqGSIb3DQEBCwUAA4IBAQAn59UGXP0onK/RHsc9JKT7iz9XAhGVXkzId99lG4Bo
OnBHwz42n47boOZe9BdxMa6iYzgXFDvL5J0sSbXvOo5DIHvStxn3RwZkXt1cphge
APro3q+Me2tIAz7qKbqF7b7DLthV3ByhVwSPmkDP0aCtVfgokfoq+QjQkAbXoudY
GInAYKyc7jN3pIZBkFpBhAaPRcAXny/Z7x4k6oj3OhduTtS6oCZ/toFeQuOMxjaf
HKX+fs2Ot5Oa2NqRt8vLCuHMN8W9/tgLr1nUf589C5k7Kr7reiwfh4C7wMNcLTGY
GHveZDgmhV7zYu01tjt50ZefwTGThHcAu5jKHtVcwLud
-----END CERTIFICATE-----