Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/4e0580-8b2f-49a7-abd8-5c38c7475aa9/1/uJ_NCn-Lq8NE4MvREAlX3QhyYCI.roa
File:                     uJ_NCn-Lq8NE4MvREAlX3QhyYCI.roa (raw, json)
Hash identifier:          oO/Qq5pXhp2RVnxIT3B+rFWzEWSNId4e/659/WEeXK8=
Subject key identifier:   B8:9F:CD:0A:7F:8B:AB:C3:44:E0:CB:D1:10:09:57:DD:08:72:60:22
Certificate issuer:       /CN=9246785f469be8aa7151e3333e47465d478fd0e7
Certificate serial:       019B77592D9F6C4F221C949886BBF3B5B534
Authority key identifier: 92:46:78:5F:46:9B:E8:AA:71:51:E3:33:3E:47:46:5D:47:8F:D0:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kkZ4X0ab6KpxUeMzPkdGXUeP0Oc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/4e0580-8b2f-49a7-abd8-5c38c7475aa9/1/uJ_NCn-Lq8NE4MvREAlX3QhyYCI.roa
Signing time:             Thu 01 Jan 2026 02:18:11 +0000
ROA not before:           Thu 01 Jan 2026 02:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60902
IP address blocks:        185.24.16.0/22 maxlen: 22
                          185.24.16.0/24 maxlen: 24
                          185.24.17.0/24 maxlen: 24
                          185.24.18.0/24 maxlen: 24
                          185.24.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/4e0580-8b2f-49a7-abd8-5c38c7475aa9/1/kkZ4X0ab6KpxUeMzPkdGXUeP0Oc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/4e0580-8b2f-49a7-abd8-5c38c7475aa9/1/kkZ4X0ab6KpxUeMzPkdGXUeP0Oc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kkZ4X0ab6KpxUeMzPkdGXUeP0Oc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:2d:9f:6c:4f:22:1c:94:98:86:bb:f3:b5:b5:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9246785f469be8aa7151e3333e47465d478fd0e7
        Validity
            Not Before: Jan  1 02:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b89fcd0a7f8babc344e0cbd1100957dd08726022
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:11:f0:99:94:fb:42:0c:77:05:bf:05:ae:dc:
                    bb:bd:e9:ba:5b:30:26:50:90:13:7e:97:65:63:12:
                    0f:4e:4a:2e:12:c6:4a:8c:a2:33:8b:c1:63:29:45:
                    01:1a:1c:c7:12:59:fb:55:ea:bc:c1:b1:bd:ea:3b:
                    54:bc:4e:a1:9b:d9:dc:da:ee:1f:c2:e3:83:7d:05:
                    a9:95:80:f7:a0:8e:02:a7:62:d2:e4:84:1a:80:73:
                    39:8e:9f:ac:a9:5d:35:93:95:da:2f:40:e6:d4:c1:
                    c2:f1:de:77:95:3e:f1:8e:3a:4f:b3:d1:b8:54:f4:
                    92:d7:99:c4:2a:0e:2f:33:fb:bf:d2:57:2e:7b:8e:
                    22:7b:1b:f1:d5:fd:74:98:ab:98:4e:e6:9d:89:86:
                    fe:87:27:b2:1b:c5:22:b9:6c:82:21:7f:5f:38:0c:
                    a5:79:2d:24:73:2d:07:da:40:90:b7:9f:b6:06:7f:
                    94:d9:c4:90:1f:08:de:5e:a4:16:dc:e3:21:95:a0:
                    45:2e:13:5f:e5:68:50:d1:8e:0c:81:ef:a9:ec:48:
                    2a:4f:8d:fe:cf:e6:62:6b:19:f2:9d:eb:04:5e:28:
                    f8:00:13:02:00:de:2c:b0:f9:cc:4f:18:85:89:9a:
                    f7:89:f6:13:38:a9:29:3b:16:cd:94:07:74:69:11:
                    4b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:9F:CD:0A:7F:8B:AB:C3:44:E0:CB:D1:10:09:57:DD:08:72:60:22
            X509v3 Authority Key Identifier:
                keyid:92:46:78:5F:46:9B:E8:AA:71:51:E3:33:3E:47:46:5D:47:8F:D0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kkZ4X0ab6KpxUeMzPkdGXUeP0Oc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/4e0580-8b2f-49a7-abd8-5c38c7475aa9/1/uJ_NCn-Lq8NE4MvREAlX3QhyYCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/4e0580-8b2f-49a7-abd8-5c38c7475aa9/1/kkZ4X0ab6KpxUeMzPkdGXUeP0Oc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:d7:6f:04:98:c8:0b:b0:89:22:22:e0:78:5c:8e:b3:58:5a:
         2d:f0:96:84:a1:d3:59:d5:b7:0b:03:5d:71:4e:c3:02:19:d0:
         33:6e:d0:78:37:7d:59:d2:8f:6b:1d:fa:37:61:5f:89:8c:9e:
         b2:f1:03:2c:eb:30:83:cf:f5:b1:f2:dc:75:1f:22:9d:97:41:
         51:72:3f:a9:dc:dd:c2:05:ac:75:11:79:61:b8:c3:e4:d5:19:
         2f:8d:63:4d:76:d1:9c:17:fb:4d:f7:4c:35:b8:3e:92:c3:3a:
         15:30:72:c2:9a:54:10:eb:8b:2e:0c:81:91:b8:4b:a6:af:e2:
         2d:b8:ee:ea:ee:bc:c6:72:45:5d:4a:b0:b7:fa:a3:00:61:0b:
         2f:99:46:1e:b7:c9:ab:4c:f2:45:ce:9a:b2:38:dc:71:38:92:
         4c:e1:d4:aa:0e:4c:f0:0b:28:35:0b:50:41:03:82:1f:10:fb:
         73:c1:a4:01:31:06:6f:dd:c4:12:16:2c:76:3f:46:d3:70:fc:
         a7:47:0b:a2:4c:83:66:23:b8:8a:ab:6b:18:e5:1a:af:2c:2e:
         52:a7:20:3f:e2:df:d9:3d:b9:e7:2f:1f:b1:11:eb:6e:0b:e9:
         9e:95:0e:fb:42:4c:e7:ef:b1:02:1d:73:95:f2:48:f4:07:38:
         b7:c1:4f:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WS2fbE8iHJSYhrvztbU0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNDY3ODVmNDY5YmU4YWE3MTUxZTMzMzNlNDc0NjVkNDc4
ZmQwZTcwHhcNMjYwMTAxMDIxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODlmY2QwYTdmOGJhYmMzNDRlMGNiZDExMDA5NTdkZDA4NzI2MDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRHwmZT7Qgx3Bb8Frty7vem6WzAm
UJATfpdlYxIPTkouEsZKjKIzi8FjKUUBGhzHEln7Veq8wbG96jtUvE6hm9nc2u4f
wuODfQWplYD3oI4Cp2LS5IQagHM5jp+sqV01k5XaL0Dm1MHC8d53lT7xjjpPs9G4
VPSS15nEKg4vM/u/0lcue44iexvx1f10mKuYTuadiYb+hyeyG8UiuWyCIX9fOAyl
eS0kcy0H2kCQt5+2Bn+U2cSQHwjeXqQW3OMhlaBFLhNf5WhQ0Y4Mge+p7EgqT43+
z+ZiaxnynesEXij4ABMCAN4ssPnMTxiFiZr3ifYTOKkpOxbNlAd0aRFLgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLifzQp/i6vDRODL0RAJV90IcmAiMB8GA1UdIwQY
MBaAFJJGeF9Gm+iqcVHjMz5HRl1Hj9DnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2taNFgwYWI2S3B4VWVNelBrZEdYVWVQME9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni80ZTA1ODAtOGIyZi00OWE3LWFiZDgt
NWMzOGM3NDc1YWE5LzEvdUpfTkNuLUxxOE5FNE12UkVBbFgzUWh5WUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni80ZTA1ODAtOGIyZi00OWE3LWFiZDgtNWMzOGM3NDc1YWE5
LzEva2taNFgwYWI2S3B4VWVNelBrZEdYVWVQME9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRgQMA0G
CSqGSIb3DQEBCwUAA4IBAQB4128EmMgLsIkiIuB4XI6zWFot8JaEodNZ1bcLA11x
TsMCGdAzbtB4N31Z0o9rHfo3YV+JjJ6y8QMs6zCDz/Wx8tx1HyKdl0FRcj+p3N3C
Bax1EXlhuMPk1RkvjWNNdtGcF/tN90w1uD6SwzoVMHLCmlQQ64suDIGRuEumr+It
uO7q7rzGckVdSrC3+qMAYQsvmUYet8mrTPJFzpqyONxxOJJM4dSqDkzwCyg1C1BB
A4IfEPtzwaQBMQZv3cQSFix2P0bTcPynRwuiTINmI7iKq2sY5RqvLC5SpyA/4t/Z
PbnnLx+xEetuC+melQ77Qkzn77ECHXOV8kj0Bzi3wU+3
-----END CERTIFICATE-----