Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/RgbTxSuQRNXFVhZjHsG1yRfbDcY.roa
File:                     RgbTxSuQRNXFVhZjHsG1yRfbDcY.roa (raw, json)
Hash identifier:          QEQTGxs8uKOEp8JVm8z26NyHbZ3CIT8Ts2wlZUqrfqw=
Subject key identifier:   46:06:D3:C5:2B:90:44:D5:C5:56:16:63:1E:C1:B5:C9:17:DB:0D:C6
Certificate issuer:       /CN=a4cb50e78a3a31e3375cf2aab865e845ff2e99c1
Certificate serial:       019C1E1099C6AF75B348895934D501B56697
Authority key identifier: A4:CB:50:E7:8A:3A:31:E3:37:5C:F2:AA:B8:65:E8:45:FF:2E:99:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pMtQ54o6MeM3XPKquGXoRf8umcE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/RgbTxSuQRNXFVhZjHsG1yRfbDcY.roa
Signing time:             Mon 02 Feb 2026 11:15:30 +0000
ROA not before:           Mon 02 Feb 2026 11:15:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30848
IP address blocks:        82.145.96.0/23 maxlen: 24
                          82.145.102.0/23 maxlen: 24
                          82.192.112.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/pMtQ54o6MeM3XPKquGXoRf8umcE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/pMtQ54o6MeM3XPKquGXoRf8umcE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pMtQ54o6MeM3XPKquGXoRf8umcE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:1e:10:99:c6:af:75:b3:48:89:59:34:d5:01:b5:66:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4cb50e78a3a31e3375cf2aab865e845ff2e99c1
        Validity
            Not Before: Feb  2 11:15:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4606d3c52b9044d5c55616631ec1b5c917db0dc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:87:aa:21:86:2d:01:15:5f:36:11:af:bb:b7:
                    38:b2:14:4d:b1:55:f3:66:8d:84:10:fa:f3:61:56:
                    4c:d4:de:81:e4:31:cf:62:5b:c9:7e:fe:84:d2:79:
                    34:02:31:2d:4f:1b:c3:10:33:8c:0e:43:ec:60:bd:
                    7f:af:25:02:f2:7e:57:d3:18:f0:39:a5:f2:6b:35:
                    71:88:f2:1b:78:d2:61:a3:92:54:4c:a7:04:03:a9:
                    5f:88:11:a4:83:99:72:9e:e3:74:31:b4:6d:04:33:
                    15:1f:6b:05:1b:af:58:8c:e9:30:b1:b0:90:0a:14:
                    e9:89:9e:ed:16:5c:53:08:57:be:bf:36:05:07:b6:
                    2d:27:12:84:48:21:79:78:16:31:92:d8:a9:55:a1:
                    70:de:2d:5d:0a:23:44:b5:31:71:a0:af:0d:2d:9a:
                    7e:55:31:69:39:99:e0:9d:24:28:03:6f:89:9a:3b:
                    40:fe:d5:92:80:31:99:b5:e7:c6:5a:ab:ea:1b:ae:
                    13:39:16:b2:a9:fb:0d:5a:76:d8:a5:88:eb:7d:54:
                    ce:80:4d:b6:6c:e6:e8:7e:24:d0:f8:4c:3c:7c:c0:
                    5b:aa:21:76:ac:a2:bf:c3:56:76:36:39:86:1e:4a:
                    7d:27:84:a2:0c:1e:71:0b:a2:d0:ee:23:36:c2:8c:
                    b9:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:06:D3:C5:2B:90:44:D5:C5:56:16:63:1E:C1:B5:C9:17:DB:0D:C6
            X509v3 Authority Key Identifier:
                keyid:A4:CB:50:E7:8A:3A:31:E3:37:5C:F2:AA:B8:65:E8:45:FF:2E:99:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pMtQ54o6MeM3XPKquGXoRf8umcE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/RgbTxSuQRNXFVhZjHsG1yRfbDcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/pMtQ54o6MeM3XPKquGXoRf8umcE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.145.96.0/23
                  82.145.102.0/23
                  82.192.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         72:1c:60:04:9d:5e:3f:2f:1c:3e:0b:3f:3d:15:6b:e6:8d:a7:
         a2:03:69:7f:9b:1c:d5:8c:31:87:c7:f1:e6:1b:89:ca:8f:29:
         ff:2f:23:37:81:42:0e:2b:9c:40:ad:e6:d2:c9:81:95:a9:39:
         d5:ff:ed:40:9b:cb:20:fa:fd:06:d3:ee:60:ff:f9:67:0a:5c:
         9e:ba:58:25:b1:60:17:29:9e:f1:38:f3:ff:48:84:38:dd:ba:
         83:1c:d9:5d:f9:9a:d5:c0:6e:47:3f:03:c1:2c:0a:c2:c5:5e:
         1f:1b:ee:72:82:6b:e9:a9:09:b0:55:8e:8d:db:e7:f5:15:b7:
         05:7c:bf:25:36:90:a6:8f:62:26:75:54:a3:36:2d:f7:86:81:
         a4:a5:72:d3:e9:88:66:2d:9c:b3:4f:77:0a:d8:a8:ca:44:f7:
         5b:75:46:c6:70:2a:98:72:74:97:6e:98:fd:9d:2d:1f:bf:59:
         16:02:11:40:f9:f9:a4:98:3b:78:d3:44:a0:4c:77:2c:be:03:
         e6:1e:b6:07:de:b7:3c:68:9e:a8:84:39:71:91:86:4e:39:af:
         2d:3d:18:de:c0:5d:e0:42:e3:c8:13:7c:d2:52:fb:ac:c6:5d:
         c3:08:d6:c4:51:bb:80:3d:52:9c:65:1b:48:d4:9d:db:11:3a:
         91:ad:f8:9c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZweEJnGr3WzSIlZNNUBtWaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Y2I1MGU3OGEzYTMxZTMzNzVjZjJhYWI4NjVlODQ1ZmYy
ZTk5YzEwHhcNMjYwMjAyMTExNTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjA2ZDNjNTJiOTA0NGQ1YzU1NjE2NjMxZWMxYjVjOTE3ZGIwZGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzoeqIYYtARVfNhGvu7c4shRNsVXz
Zo2EEPrzYVZM1N6B5DHPYlvJfv6E0nk0AjEtTxvDEDOMDkPsYL1/ryUC8n5X0xjw
OaXyazVxiPIbeNJho5JUTKcEA6lfiBGkg5lynuN0MbRtBDMVH2sFG69YjOkwsbCQ
ChTpiZ7tFlxTCFe+vzYFB7YtJxKESCF5eBYxktipVaFw3i1dCiNEtTFxoK8NLZp+
VTFpOZngnSQoA2+JmjtA/tWSgDGZtefGWqvqG64TORayqfsNWnbYpYjrfVTOgE22
bObofiTQ+Ew8fMBbqiF2rKK/w1Z2NjmGHkp9J4SiDB5xC6LQ7iM2woy5kwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEYG08UrkETVxVYWYx7BtckX2w3GMB8GA1UdIwQY
MBaAFKTLUOeKOjHjN1zyqrhl6EX/LpnBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE10UTU0bzZNZU0zWFBLcXVHWG9SZjh1bWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9iMWYyZTAtOGE2MC00YzhhLTkwZGMt
NGJlNzk0ZDY0MDZkLzEvUmdiVHhTdVFSTlhGVmhaakhzRzF5UmZiRGNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9iMWYyZTAtOGE2MC00YzhhLTkwZGMtNGJlNzk0ZDY0MDZk
LzEvcE10UTU0bzZNZU0zWFBLcXVHWG9SZjh1bWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBUpFgAwQB
UpFmAwQDUsBwMA0GCSqGSIb3DQEBCwUAA4IBAQByHGAEnV4/Lxw+Cz89FWvmjaei
A2l/mxzVjDGHx/HmG4nKjyn/LyM3gUIOK5xArebSyYGVqTnV/+1Am8sg+v0G0+5g
//lnClyeulglsWAXKZ7xOPP/SIQ43bqDHNld+ZrVwG5HPwPBLArCxV4fG+5ygmvp
qQmwVY6N2+f1FbcFfL8lNpCmj2ImdVSjNi33hoGkpXLT6YhmLZyzT3cK2KjKRPdb
dUbGcCqYcnSXbpj9nS0fv1kWAhFA+fmkmDt400SgTHcsvgPmHrYH3rc8aJ6ohDlx
kYZOOa8tPRjewF3gQuPIE3zSUvusxl3DCNbEUbuAPVKcZRtI1J3bETqRrfic
-----END CERTIFICATE-----