Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/G_vLaWL_4n0xx6AmTZKeOZFeQ1M.roa
File:                     G_vLaWL_4n0xx6AmTZKeOZFeQ1M.roa (raw, json)
Hash identifier:          2JUl1gxV4a+1huqyyhuozz6EfwwCu7xROBFLG6lBkXQ=
Subject key identifier:   1B:FB:CB:69:62:FF:E2:7D:31:C7:A0:26:4D:92:9E:39:91:5E:43:53
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       019C1EC237832C945193C3B441F76063FF5B
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/G_vLaWL_4n0xx6AmTZKeOZFeQ1M.roa
Signing time:             Mon 02 Feb 2026 14:29:30 +0000
ROA not before:           Mon 02 Feb 2026 14:29:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29066
IP address blocks:        92.204.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:1e:c2:37:83:2c:94:51:93:c3:b4:41:f7:60:63:ff:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Feb  2 14:29:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1bfbcb6962ffe27d31c7a0264d929e39915e4353
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:df:1e:69:4f:66:9f:7e:5c:98:78:1e:f0:dd:
                    c0:1b:7b:0c:c5:9b:d4:d4:cd:b6:7b:c3:f9:fc:6f:
                    5d:c8:90:85:5a:fe:7e:58:af:7c:09:32:fc:45:de:
                    7c:15:59:b5:a5:88:77:53:98:c9:88:3a:d8:66:2a:
                    d0:de:bf:74:44:86:49:af:b8:6a:90:e0:0a:04:c0:
                    59:90:09:d7:e4:c8:41:bc:b0:7d:91:7f:4a:68:e2:
                    f7:00:95:9d:dd:4e:fe:17:47:e8:8f:f6:dd:e2:3d:
                    15:0d:c0:25:82:99:93:3c:e5:e4:30:a6:88:22:54:
                    bc:b2:9e:70:e7:16:ac:3e:99:51:fc:69:8c:1b:1b:
                    41:93:4b:b1:30:fd:7e:f5:bd:e2:b5:62:40:34:a2:
                    ab:6e:89:ba:9c:05:dd:ad:63:b5:ea:35:8c:4c:fe:
                    6e:f6:56:df:37:0a:da:ca:fc:ca:80:2a:f2:58:bb:
                    43:e1:d7:51:8c:45:20:df:68:fa:72:4a:d3:61:82:
                    ec:37:4c:06:29:cb:c2:69:bf:05:69:43:a5:74:e4:
                    22:63:ed:39:68:c5:8c:51:18:60:90:f7:67:77:08:
                    e5:2f:bc:01:0c:a7:f7:0b:f9:0f:e4:59:e4:d9:00:
                    58:86:54:ce:a4:52:08:c3:9b:53:74:2e:cf:85:56:
                    ac:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:FB:CB:69:62:FF:E2:7D:31:C7:A0:26:4D:92:9E:39:91:5E:43:53
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/G_vLaWL_4n0xx6AmTZKeOZFeQ1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.204.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:8f:4e:f9:8d:8e:d7:58:27:3e:65:0c:b6:9e:41:68:f1:15:
         68:dd:9f:f5:56:8b:df:c6:91:e8:92:52:38:b9:d1:d1:e2:39:
         61:5d:29:9e:fb:f3:23:d8:c7:14:86:a2:70:a3:ad:7b:b7:ef:
         9c:30:9d:15:95:f2:30:ca:02:52:9c:3c:41:37:bf:24:c0:31:
         e5:ba:71:f0:9e:99:9b:25:df:b0:c2:d2:d5:37:cb:d0:b6:ec:
         bf:21:41:50:75:df:8a:e8:0d:e6:19:5e:45:20:51:fb:5e:13:
         4c:6a:97:60:3c:fd:50:f9:ef:a2:54:ea:2c:4b:e1:cb:53:59:
         2c:37:99:14:31:35:67:90:08:f4:76:b2:66:1b:c7:91:ba:fe:
         bd:ab:11:70:24:74:e5:ed:13:ed:ed:e2:b1:67:f6:60:cb:a5:
         84:44:e9:e2:fa:49:96:30:2d:9c:99:76:05:ad:3b:23:c7:fd:
         74:27:ff:94:a3:1d:42:6d:b2:bb:bd:5a:81:c5:68:fb:c5:01:
         f3:bb:71:4b:36:db:b2:92:e2:7c:bd:b5:7c:fd:d8:cc:9d:28:
         1a:43:d6:30:31:28:65:f4:87:72:f7:b9:2c:e8:d5:0c:95:14:
         4f:fc:e6:77:fb:af:5d:bf:a3:d2:01:e7:da:4f:20:08:09:17:
         0c:ba:46:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwewjeDLJRRk8O0QfdgY/9bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjYwMjAyMTQyOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmZiY2I2OTYyZmZlMjdkMzFjN2EwMjY0ZDkyOWUzOTkxNWU0MzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArN8eaU9mn35cmHge8N3AG3sMxZvU
1M22e8P5/G9dyJCFWv5+WK98CTL8Rd58FVm1pYh3U5jJiDrYZirQ3r90RIZJr7hq
kOAKBMBZkAnX5MhBvLB9kX9KaOL3AJWd3U7+F0foj/bd4j0VDcAlgpmTPOXkMKaI
IlS8sp5w5xasPplR/GmMGxtBk0uxMP1+9b3itWJANKKrbom6nAXdrWO16jWMTP5u
9lbfNwrayvzKgCryWLtD4ddRjEUg32j6ckrTYYLsN0wGKcvCab8FaUOldOQiY+05
aMWMURhgkPdndwjlL7wBDKf3C/kP5Fnk2QBYhlTOpFIIw5tTdC7PhVasLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBv7y2li/+J9McegJk2SnjmRXkNTMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvR192TGFXTF80bjB4eDZBbVRaS2VPWkZlUTFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXMxwMA0G
CSqGSIb3DQEBCwUAA4IBAQCTj075jY7XWCc+ZQy2nkFo8RVo3Z/1VovfxpHoklI4
udHR4jlhXSme+/Mj2McUhqJwo617t++cMJ0VlfIwygJSnDxBN78kwDHlunHwnpmb
Jd+wwtLVN8vQtuy/IUFQdd+K6A3mGV5FIFH7XhNMapdgPP1Q+e+iVOosS+HLU1ks
N5kUMTVnkAj0drJmG8eRuv69qxFwJHTl7RPt7eKxZ/Zgy6WEROni+kmWMC2cmXYF
rTsjx/10J/+Uox1CbbK7vVqBxWj7xQHzu3FLNtuykuJ8vbV8/djMnSgaQ9YwMShl
9Idy97ks6NUMlRRP/OZ3+69dv6PSAefaTyAICRcMukZu
-----END CERTIFICATE-----