Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/c0uvTOI67xh0FKWxSwRg-nYNzwQ.roa
File:                     c0uvTOI67xh0FKWxSwRg-nYNzwQ.roa (raw, json)
Hash identifier:          plCIyBBA7fJ/ab66sTs1uwcmLK+UCs7jG1hMDH2MrbE=
Subject key identifier:   73:4B:AF:4C:E2:3A:EF:18:74:14:A5:B1:4B:04:60:FA:76:0D:CF:04
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019C1978264000CD7078EA497B13E441F667
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/c0uvTOI67xh0FKWxSwRg-nYNzwQ.roa
Signing time:             Sun 01 Feb 2026 13:50:30 +0000
ROA not before:           Sun 01 Feb 2026 13:50:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214515
IP address blocks:        109.122.244.0/24 maxlen: 24
                          109.122.248.0/24 maxlen: 24
                          109.122.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:19:78:26:40:00:cd:70:78:ea:49:7b:13:e4:41:f6:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Feb  1 13:50:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=734baf4ce23aef187414a5b14b0460fa760dcf04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0f:ec:fd:0b:5e:36:c1:7d:fb:89:5f:23:d0:
                    ad:2c:6d:ba:ba:b4:60:60:31:00:87:95:94:a0:01:
                    5d:37:a6:5d:ef:90:0d:bf:b2:92:03:30:db:7a:51:
                    9a:72:4c:57:81:d5:6a:e7:45:01:1b:e7:b9:61:d1:
                    3c:11:92:ce:d5:42:bf:86:ab:aa:a8:fa:80:44:85:
                    ae:aa:ce:bb:a5:e1:6b:9b:7a:cc:21:ba:5b:68:4e:
                    92:eb:0b:d1:6c:bf:45:24:da:42:32:d6:4f:81:ef:
                    2a:27:c4:c7:6d:b9:2d:e9:5e:4c:58:b4:5f:ce:ce:
                    ac:b7:2d:11:bf:76:5e:5a:1b:a8:1a:99:fb:dd:f6:
                    19:20:9e:66:13:c8:a4:05:17:e4:08:29:85:e4:e3:
                    cb:67:5b:13:28:b3:cb:36:b6:2b:60:08:b9:73:bc:
                    1a:fb:c2:4b:ec:d9:90:50:10:8e:9b:c6:da:e6:c0:
                    e2:59:fc:ee:41:ea:bd:b7:0a:55:ef:72:8b:bc:4e:
                    dd:cd:bf:a6:b2:e2:5d:11:29:77:5c:9e:36:dc:4a:
                    fc:55:88:83:6f:22:44:73:68:4d:bf:47:ce:8a:2f:
                    3f:3d:fb:a5:de:9d:86:84:49:36:6f:35:70:19:d3:
                    a9:d5:2f:be:a9:ff:a6:f0:57:70:10:b6:d2:49:9a:
                    75:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:4B:AF:4C:E2:3A:EF:18:74:14:A5:B1:4B:04:60:FA:76:0D:CF:04
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/c0uvTOI67xh0FKWxSwRg-nYNzwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.244.0/24
                  109.122.248.0/24
                  109.122.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:3a:01:b8:c2:55:ec:1b:6b:f3:1b:6f:dd:2b:dd:f1:14:5b:
         e4:c0:d1:1d:43:2d:e5:9a:87:5e:44:27:28:e3:9b:a0:ef:97:
         e2:31:bf:7e:38:42:5b:4e:ee:31:ad:df:fa:fe:e5:c9:f9:13:
         8f:a1:49:42:44:02:57:f7:31:8a:c7:6b:4b:1e:2e:81:6b:0a:
         b4:01:c4:6f:e6:1e:83:eb:55:d8:e1:6a:d7:23:a6:81:e2:a2:
         6d:b5:86:dd:99:40:43:8b:98:fe:d4:25:eb:a8:d2:c9:fc:28:
         d4:6c:d9:80:5f:28:f1:10:1d:1f:b5:5f:dc:cc:2b:5f:ce:6c:
         d4:ab:7b:38:1e:b9:7c:4f:dc:3e:95:ff:06:4a:69:36:d0:b2:
         50:61:12:06:d8:5b:17:64:49:0e:45:54:de:0a:6c:e6:2c:66:
         55:82:d9:85:2b:73:6d:2f:89:73:68:d9:f3:19:02:01:e4:80:
         07:f5:c4:0b:73:af:f8:b9:bc:3c:da:55:63:74:e3:af:1d:d1:
         52:cf:db:69:0d:cc:95:75:54:35:d7:92:ba:1e:71:bf:b1:7f:
         71:cc:f1:9f:85:0a:c7:dc:c4:68:54:09:4e:58:28:5e:73:1e:
         e1:ca:46:12:84:2e:d8:8c:ea:59:84:9d:50:e0:6f:88:4e:6e:
         88:8a:d0:f7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZwZeCZAAM1weOpJexPkQfZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwMjAxMTM1MDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzRiYWY0Y2UyM2FlZjE4NzQxNGE1YjE0YjA0NjBmYTc2MGRjZjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuA/s/QteNsF9+4lfI9CtLG26urRg
YDEAh5WUoAFdN6Zd75ANv7KSAzDbelGackxXgdVq50UBG+e5YdE8EZLO1UK/hquq
qPqARIWuqs67peFrm3rMIbpbaE6S6wvRbL9FJNpCMtZPge8qJ8THbbkt6V5MWLRf
zs6sty0Rv3ZeWhuoGpn73fYZIJ5mE8ikBRfkCCmF5OPLZ1sTKLPLNrYrYAi5c7wa
+8JL7NmQUBCOm8ba5sDiWfzuQeq9twpV73KLvE7dzb+msuJdESl3XJ423Er8VYiD
byJEc2hNv0fOii8/Pful3p2GhEk2bzVwGdOp1S++qf+m8FdwELbSSZp1jwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHNLr0ziOu8YdBSlsUsEYPp2Dc8EMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvYzB1dlRPSTY3eGgwRktXeFN3UmctbllOendRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbXr0AwQA
bXr4AwQAbXr9MA0GCSqGSIb3DQEBCwUAA4IBAQCFOgG4wlXsG2vzG2/dK93xFFvk
wNEdQy3lmodeRCco45ug75fiMb9+OEJbTu4xrd/6/uXJ+ROPoUlCRAJX9zGKx2tL
Hi6Bawq0AcRv5h6D61XY4WrXI6aB4qJttYbdmUBDi5j+1CXrqNLJ/CjUbNmAXyjx
EB0ftV/czCtfzmzUq3s4Hrl8T9w+lf8GSmk20LJQYRIG2FsXZEkORVTeCmzmLGZV
gtmFK3NtL4lzaNnzGQIB5IAH9cQLc6/4ubw82lVjdOOvHdFSz9tpDcyVdVQ115K6
HnG/sX9xzPGfhQrH3MRoVAlOWChecx7hykYShC7YjOpZhJ1Q4G+ITm6IitD3
-----END CERTIFICATE-----