Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/aMbMcTxJqNY_J9l47sKKtyWmfY0.roa
File:                     aMbMcTxJqNY_J9l47sKKtyWmfY0.roa (raw, json)
Hash identifier:          2URg953/d4UDsCHiGXQnGS8745mKkNdX4MZQCglPrUA=
Subject key identifier:   68:C6:CC:71:3C:49:A8:D6:3F:27:D9:78:EE:C2:8A:B7:25:A6:7D:8D
Certificate issuer:       /CN=465ef7bd2eb3dcdbab04908380d48a8f2febc62c
Certificate serial:       019CA5F7808BC712775D0CA36353BFCCA6AB
Authority key identifier: 46:5E:F7:BD:2E:B3:DC:DB:AB:04:90:83:80:D4:8A:8F:2F:EB:C6:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rl73vS6z3NurBJCDgNSKjy_rxiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/aMbMcTxJqNY_J9l47sKKtyWmfY0.roa
Signing time:             Sat 28 Feb 2026 20:36:26 +0000
ROA not before:           Sat 28 Feb 2026 20:36:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42910
IP address blocks:        194.113.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/Rl73vS6z3NurBJCDgNSKjy_rxiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/Rl73vS6z3NurBJCDgNSKjy_rxiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rl73vS6z3NurBJCDgNSKjy_rxiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a5:f7:80:8b:c7:12:77:5d:0c:a3:63:53:bf:cc:a6:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=465ef7bd2eb3dcdbab04908380d48a8f2febc62c
        Validity
            Not Before: Feb 28 20:36:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68c6cc713c49a8d63f27d978eec28ab725a67d8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:89:59:47:d3:b2:a8:47:bc:e9:61:38:a1:c1:
                    15:c8:57:13:18:91:70:ec:10:01:d2:ee:71:0b:3e:
                    02:2f:1d:6c:e2:7a:5e:d1:48:8a:c1:bc:4a:7e:e5:
                    84:33:af:fb:51:a1:90:09:ff:44:23:fc:12:85:ce:
                    5e:3f:99:b0:a2:12:3e:03:59:96:9b:d3:1a:6e:60:
                    f5:12:93:30:e2:cb:cd:40:02:52:70:94:af:99:cf:
                    99:3f:d4:a3:b6:fa:29:fa:e3:fe:ef:5b:7b:21:c8:
                    8f:a0:65:6f:12:e1:73:a5:95:0f:9a:d5:60:3a:82:
                    6b:59:fc:c5:4e:92:ad:c5:d3:6f:7d:21:5a:94:9a:
                    9d:24:79:c9:64:24:20:8d:55:50:f3:0c:da:e8:bf:
                    b1:c2:eb:cf:02:16:e7:48:c3:ee:c1:6e:42:42:5f:
                    eb:c8:c2:b7:55:8d:a9:4b:f1:67:3a:78:81:4f:06:
                    84:e5:e0:63:d4:c3:7b:a5:8f:61:63:1b:02:bb:35:
                    44:47:34:9c:f5:2e:64:87:60:01:67:aa:b1:a0:a4:
                    30:34:99:03:6f:d8:83:f1:95:1e:0e:33:2a:36:90:
                    d4:a4:5c:08:b8:09:68:56:26:73:81:ae:66:21:69:
                    04:d1:d4:fd:6e:31:e0:8c:97:61:e4:11:bf:4c:9f:
                    03:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:C6:CC:71:3C:49:A8:D6:3F:27:D9:78:EE:C2:8A:B7:25:A6:7D:8D
            X509v3 Authority Key Identifier:
                keyid:46:5E:F7:BD:2E:B3:DC:DB:AB:04:90:83:80:D4:8A:8F:2F:EB:C6:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl73vS6z3NurBJCDgNSKjy_rxiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/aMbMcTxJqNY_J9l47sKKtyWmfY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/Rl73vS6z3NurBJCDgNSKjy_rxiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:46:d9:0d:c9:71:1c:91:5a:9c:8a:93:f5:c7:a8:16:70:2a:
         66:92:91:cf:c6:6a:49:11:b7:78:7d:02:42:5b:39:e1:2e:6c:
         73:9b:0c:39:a6:b7:c3:7e:1e:60:12:82:28:a1:93:f3:94:cf:
         e4:b2:d0:d2:2d:21:ea:a3:f4:52:a8:fd:08:e6:c0:b9:63:c3:
         e9:cd:73:0a:74:bc:6e:79:7a:50:ac:23:77:91:51:11:b4:b1:
         5d:4c:65:69:05:1c:cf:f7:75:f3:f0:cf:67:05:09:ae:54:f8:
         fe:eb:25:a2:a2:34:1f:1c:e7:fd:04:82:6b:50:1b:25:a8:54:
         12:db:b5:c7:87:98:14:4d:6b:f9:c7:4f:e2:01:7e:a7:f7:91:
         52:2f:a9:6c:07:bd:cb:17:60:7a:a2:e0:65:14:2c:69:0f:d9:
         5a:be:9b:47:75:b6:ca:c9:f0:dc:e5:1e:dd:ba:7a:10:2c:0d:
         1d:89:77:18:a1:2d:7a:7e:ad:a0:95:68:0a:fb:55:2b:f9:2f:
         77:0e:fb:0b:f5:ae:36:c2:f1:01:26:da:aa:8a:88:b2:f5:e2:
         4c:e2:82:6d:44:29:8d:2f:d9:34:3d:5b:a4:55:3d:75:b0:3a:
         d5:df:d2:21:8c:c8:27:80:ab:c6:5d:b3:d5:8a:af:bc:6d:5e:
         ba:bc:7b:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyl94CLxxJ3XQyjY1O/zKarMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWVmN2JkMmViM2RjZGJhYjA0OTA4MzgwZDQ4YThmMmZl
YmM2MmMwHhcNMjYwMjI4MjAzNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGM2Y2M3MTNjNDlhOGQ2M2YyN2Q5NzhlZWMyOGFiNzI1YTY3ZDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YlZR9OyqEe86WE4ocEVyFcTGJFw
7BAB0u5xCz4CLx1s4npe0UiKwbxKfuWEM6/7UaGQCf9EI/wShc5eP5mwohI+A1mW
m9MabmD1EpMw4svNQAJScJSvmc+ZP9Sjtvop+uP+71t7IciPoGVvEuFzpZUPmtVg
OoJrWfzFTpKtxdNvfSFalJqdJHnJZCQgjVVQ8wza6L+xwuvPAhbnSMPuwW5CQl/r
yMK3VY2pS/FnOniBTwaE5eBj1MN7pY9hYxsCuzVERzSc9S5kh2ABZ6qxoKQwNJkD
b9iD8ZUeDjMqNpDUpFwIuAloViZzga5mIWkE0dT9bjHgjJdh5BG/TJ8DWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjGzHE8SajWPyfZeO7Circlpn2NMB8GA1UdIwQY
MBaAFEZe970us9zbqwSQg4DUio8v68YsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw3M3ZTNnozTnVyQkpDRGdOU0tqeV9yeGl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80MDk5NDktZjIyOS00OThkLTkzMTUt
MzRiNjdkZjdjYjAzLzEvYU1iTWNUeEpxTllfSjlsNDdzS0t0eVdtZlkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80MDk5NDktZjIyOS00OThkLTkzMTUtMzRiNjdkZjdjYjAz
LzEvUmw3M3ZTNnozTnVyQkpDRGdOU0tqeV9yeGl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnE9MA0G
CSqGSIb3DQEBCwUAA4IBAQBbRtkNyXEckVqcipP1x6gWcCpmkpHPxmpJEbd4fQJC
WznhLmxzmww5prfDfh5gEoIooZPzlM/kstDSLSHqo/RSqP0I5sC5Y8PpzXMKdLxu
eXpQrCN3kVERtLFdTGVpBRzP93Xz8M9nBQmuVPj+6yWiojQfHOf9BIJrUBslqFQS
27XHh5gUTWv5x0/iAX6n95FSL6lsB73LF2B6ouBlFCxpD9lavptHdbbKyfDc5R7d
unoQLA0diXcYoS16fq2glWgK+1Ur+S93DvsL9a42wvEBJtqqioiy9eJM4oJtRCmN
L9k0PVukVT11sDrV39IhjMgngKvGXbPViq+8bV66vHv+
-----END CERTIFICATE-----