Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/K5v9kwSY1kS8u1LNdz08EqjWLbc.roa
File:                     K5v9kwSY1kS8u1LNdz08EqjWLbc.roa (raw, json)
Hash identifier:          PBUnZf1NpsJHiOoWaRLph0Qn0UooBpZqyp87KtOJRyQ=
Subject key identifier:   2B:9B:FD:93:04:98:D6:44:BC:BB:52:CD:77:3D:3C:12:A8:D6:2D:B7
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0198797604FAA3DFAAA65A39E2D70FECFDB3
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/K5v9kwSY1kS8u1LNdz08EqjWLbc.roa
Signing time:             Tue 05 Aug 2025 09:00:34 +0000
ROA not before:           Tue 05 Aug 2025 09:00:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211484
IP address blocks:        104.238.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 07:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:79:76:04:fa:a3:df:aa:a6:5a:39:e2:d7:0f:ec:fd:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Aug  5 09:00:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b9bfd930498d644bcbb52cd773d3c12a8d62db7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:36:70:0e:2a:4a:d1:c8:43:e5:3c:53:40:53:
                    06:5f:26:d9:a0:73:c6:50:38:c7:fb:7f:a8:95:1a:
                    40:4f:d4:76:38:e7:50:d9:0a:4a:9a:82:84:35:34:
                    34:9d:18:22:f2:49:ef:0d:bf:34:00:66:1b:18:b5:
                    5e:8b:0a:98:ec:a9:d8:e5:fb:f0:42:37:8b:f6:4b:
                    ec:f6:8e:76:bf:ea:8d:05:12:7d:4f:76:57:84:2a:
                    63:d3:18:8e:43:8c:e8:47:a2:8b:55:49:3e:c4:ec:
                    e4:2f:90:bf:84:ea:7f:7a:d7:56:1f:66:f2:5e:bd:
                    9c:ae:d1:27:c5:f6:07:2b:55:eb:bb:8f:ed:77:72:
                    ea:5c:2c:15:f3:ea:45:57:ff:6b:a9:52:7b:0b:48:
                    47:60:68:47:8b:a0:0a:9e:07:e7:fe:62:2d:d1:1f:
                    bd:f3:8c:34:cc:92:7e:a0:4b:4d:96:85:69:1a:b7:
                    bb:8a:f9:7b:ea:c5:73:3f:79:50:95:5a:34:1a:66:
                    ff:09:05:07:4c:9f:29:e7:5c:8a:73:9c:52:d4:45:
                    35:4d:6d:30:a8:4b:d6:1a:b6:83:6e:86:2a:bd:da:
                    18:0b:3b:6c:e3:70:c6:ee:9a:24:75:9b:6b:79:41:
                    32:12:b4:10:45:36:98:2e:4f:ff:e6:02:e1:6a:30:
                    76:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:9B:FD:93:04:98:D6:44:BC:BB:52:CD:77:3D:3C:12:A8:D6:2D:B7
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/K5v9kwSY1kS8u1LNdz08EqjWLbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.238.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:02:18:81:e1:20:17:84:94:bd:e8:3e:a6:bb:36:d1:cb:de:
         71:b7:59:41:c2:5a:7a:ce:f8:78:78:d4:d3:03:9c:5a:3c:af:
         d1:25:ef:c5:0c:6f:fc:cf:fd:6a:37:f3:80:33:93:12:7c:27:
         1c:30:3a:97:66:79:b1:d9:79:b3:bd:bb:81:55:bd:32:4f:22:
         96:37:fb:69:1c:df:91:64:56:ae:31:72:09:19:e5:cf:db:06:
         5b:ce:1e:fe:ed:f7:b8:ca:56:24:87:7c:12:43:3e:0b:d0:d5:
         fd:17:b9:da:85:61:9e:98:9f:53:b7:1d:d2:ca:e7:6d:8a:e7:
         df:45:18:7b:49:6c:dd:c5:ec:96:49:29:28:ba:44:47:2b:0f:
         42:cb:97:fb:21:42:21:4b:2f:82:3d:27:86:2c:9d:0d:00:53:
         3f:32:7f:1b:17:86:a3:98:a6:9f:97:2a:a8:04:09:ff:ff:a7:
         b9:de:66:0a:09:38:59:bc:ff:52:b2:8e:ec:ab:b1:14:c3:c8:
         d3:2e:bb:26:36:c4:04:83:c9:33:d5:03:c7:71:d6:94:a8:72:
         20:6d:c5:f2:ad:f4:b8:7e:ea:a1:83:8e:76:40:1f:2d:d1:68:
         a5:7c:f6:e2:29:62:61:73:cc:2d:68:e3:e4:3d:20:4f:e4:95:
         af:db:5b:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh5dgT6o9+qplo54tcP7P2zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwODA1MDkwMDM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjliZmQ5MzA0OThkNjQ0YmNiYjUyY2Q3NzNkM2MxMmE4ZDYyZGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1TZwDipK0chD5TxTQFMGXybZoHPG
UDjH+3+olRpAT9R2OOdQ2QpKmoKENTQ0nRgi8knvDb80AGYbGLVeiwqY7KnY5fvw
QjeL9kvs9o52v+qNBRJ9T3ZXhCpj0xiOQ4zoR6KLVUk+xOzkL5C/hOp/etdWH2by
Xr2crtEnxfYHK1Xru4/td3LqXCwV8+pFV/9rqVJ7C0hHYGhHi6AKngfn/mIt0R+9
84w0zJJ+oEtNloVpGre7ivl76sVzP3lQlVo0Gmb/CQUHTJ8p51yKc5xS1EU1TW0w
qEvWGraDboYqvdoYCzts43DG7pokdZtreUEyErQQRTaYLk//5gLhajB2EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCub/ZMEmNZEvLtSzXc9PBKo1i23MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvSzV2OWt3U1kxa1M4dTFMTmR6MDhFcWpXTGJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaO4fMA0G
CSqGSIb3DQEBCwUAA4IBAQAaAhiB4SAXhJS96D6muzbRy95xt1lBwlp6zvh4eNTT
A5xaPK/RJe/FDG/8z/1qN/OAM5MSfCccMDqXZnmx2XmzvbuBVb0yTyKWN/tpHN+R
ZFauMXIJGeXP2wZbzh7+7fe4ylYkh3wSQz4L0NX9F7nahWGemJ9Ttx3Syudtiuff
RRh7SWzdxeyWSSkoukRHKw9Cy5f7IUIhSy+CPSeGLJ0NAFM/Mn8bF4ajmKaflyqo
BAn//6e53mYKCThZvP9Sso7sq7EUw8jTLrsmNsQEg8kz1QPHcdaUqHIgbcXyrfS4
fuqhg452QB8t0WilfPbiKWJhc8wtaOPkPSBP5JWv21t/
-----END CERTIFICATE-----
Generated at Sun Aug 10 13:56:00 2025 by rpki-client