Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/8efa86-c35f-41b6-ad01-4906103dbd16/1/RgWD6Cul8V-cKt9LYAk_Q1ocGfE.roa
File:                     RgWD6Cul8V-cKt9LYAk_Q1ocGfE.roa (raw, json)
Hash identifier:          Iv9j2nkfTILhlOSx9nkPprOTDgdWmEYo93HdfeAlzlU=
Subject key identifier:   46:05:83:E8:2B:A5:F1:5F:9C:2A:DF:4B:60:09:3F:43:5A:1C:19:F1
Certificate issuer:       /CN=34531c54b1e7956c2cc371b23e0a75567aa27518
Certificate serial:       019B7DCA892093E6CA3718587692CBD101C2
Authority key identifier: 34:53:1C:54:B1:E7:95:6C:2C:C3:71:B2:3E:0A:75:56:7A:A2:75:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NFMcVLHnlWwsw3GyPgp1VnqidRg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/8efa86-c35f-41b6-ad01-4906103dbd16/1/RgWD6Cul8V-cKt9LYAk_Q1ocGfE.roa
Signing time:             Fri 02 Jan 2026 08:19:43 +0000
ROA not before:           Fri 02 Jan 2026 08:19:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60786
IP address blocks:        185.107.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/8efa86-c35f-41b6-ad01-4906103dbd16/1/NFMcVLHnlWwsw3GyPgp1VnqidRg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/8efa86-c35f-41b6-ad01-4906103dbd16/1/NFMcVLHnlWwsw3GyPgp1VnqidRg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NFMcVLHnlWwsw3GyPgp1VnqidRg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:89:20:93:e6:ca:37:18:58:76:92:cb:d1:01:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34531c54b1e7956c2cc371b23e0a75567aa27518
        Validity
            Not Before: Jan  2 08:19:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=460583e82ba5f15f9c2adf4b60093f435a1c19f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:96:30:f2:e9:d5:0a:88:7f:65:54:c8:71:06:
                    fc:bf:cb:ca:72:b8:13:fc:0b:01:40:12:6d:4b:b1:
                    39:64:45:d6:a1:10:cf:f9:6c:4f:75:97:eb:21:a9:
                    30:fa:56:87:1a:b0:33:ed:00:18:22:f4:d2:92:c6:
                    da:aa:e3:78:78:32:53:8e:e5:9b:b7:67:4c:a7:b1:
                    33:75:30:47:d2:50:83:c4:b7:80:2c:7c:ab:54:aa:
                    e5:bf:76:de:0f:fb:5a:54:af:9b:5e:e7:64:28:b5:
                    ed:2b:27:b4:24:77:35:b3:7f:f5:fc:17:13:73:71:
                    4e:95:de:63:da:0b:a3:34:e5:30:6c:7b:0c:d9:ef:
                    a8:19:5f:f1:9c:82:a7:55:eb:db:4b:63:ba:07:ba:
                    cf:ed:b2:b5:bb:36:06:47:84:ce:fe:84:c5:a4:4d:
                    87:0b:f8:dc:b9:69:40:5f:f9:ad:86:b0:58:19:ac:
                    32:b6:4b:c6:92:25:67:77:45:7b:14:8a:ea:99:dc:
                    df:c2:05:98:5d:18:b4:26:31:fc:38:5b:e4:9b:48:
                    15:6b:bb:b8:18:44:c8:6b:da:ab:03:00:d1:04:4a:
                    8b:0e:fd:26:a2:db:ff:e2:f5:4d:68:5e:f7:db:4a:
                    45:98:e6:68:8a:43:9b:59:31:43:7e:bf:8c:70:c9:
                    e0:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:05:83:E8:2B:A5:F1:5F:9C:2A:DF:4B:60:09:3F:43:5A:1C:19:F1
            X509v3 Authority Key Identifier:
                keyid:34:53:1C:54:B1:E7:95:6C:2C:C3:71:B2:3E:0A:75:56:7A:A2:75:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NFMcVLHnlWwsw3GyPgp1VnqidRg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/8efa86-c35f-41b6-ad01-4906103dbd16/1/RgWD6Cul8V-cKt9LYAk_Q1ocGfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/8efa86-c35f-41b6-ad01-4906103dbd16/1/NFMcVLHnlWwsw3GyPgp1VnqidRg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:20:54:8a:7f:41:3d:7f:e1:20:44:bd:85:e0:08:e1:a3:eb:
         c3:8d:bb:cd:6b:62:f9:01:be:0f:45:8d:79:63:c8:2e:b8:be:
         b0:0a:6d:c7:6d:7b:d9:64:d4:fc:a4:34:00:a7:f9:81:6c:56:
         5d:a5:cc:be:f3:a3:91:97:2e:e7:19:88:5b:27:05:d1:b9:e1:
         6a:22:66:af:b4:cc:e2:1f:12:ea:b2:aa:81:93:15:6a:73:65:
         bd:0d:76:58:8b:a5:db:75:ea:57:0d:5d:b7:2b:63:47:6e:03:
         6d:a5:e7:ba:9f:40:84:fe:d1:58:19:fe:df:78:9d:fd:cd:71:
         37:7f:d3:97:b0:b6:9d:09:0d:47:f9:75:88:11:9f:97:c8:df:
         62:ba:7e:33:25:75:5c:3b:ca:12:c0:fd:88:99:4a:8b:b5:32:
         31:92:ac:c9:8f:44:1f:01:91:89:c8:06:6d:d2:77:a1:52:ca:
         24:48:3f:3f:8f:5e:82:4b:ff:e2:cc:71:1c:ae:5d:0c:8c:73:
         1f:3c:a6:b5:e6:3f:fc:c5:f0:4e:2a:9c:e2:8c:4c:c4:30:2f:
         73:68:67:f5:fa:a4:59:47:9d:99:06:a5:33:1a:93:a1:b3:3c:
         c4:44:98:ff:66:0c:3b:d0:81:8a:b0:3e:82:90:04:e7:4f:33:
         97:e9:c8:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yokgk+bKNxhYdpLL0QHCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NTMxYzU0YjFlNzk1NmMyY2MzNzFiMjNlMGE3NTU2N2Fh
Mjc1MTgwHhcNMjYwMTAyMDgxOTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjA1ODNlODJiYTVmMTVmOWMyYWRmNGI2MDA5M2Y0MzVhMWMxOWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZYw8unVCoh/ZVTIcQb8v8vKcrgT
/AsBQBJtS7E5ZEXWoRDP+WxPdZfrIakw+laHGrAz7QAYIvTSksbaquN4eDJTjuWb
t2dMp7EzdTBH0lCDxLeALHyrVKrlv3beD/taVK+bXudkKLXtKye0JHc1s3/1/BcT
c3FOld5j2gujNOUwbHsM2e+oGV/xnIKnVevbS2O6B7rP7bK1uzYGR4TO/oTFpE2H
C/jcuWlAX/mthrBYGawytkvGkiVnd0V7FIrqmdzfwgWYXRi0JjH8OFvkm0gVa7u4
GETIa9qrAwDRBEqLDv0motv/4vVNaF7320pFmOZoikObWTFDfr+McMngGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYFg+grpfFfnCrfS2AJP0NaHBnxMB8GA1UdIwQY
MBaAFDRTHFSx55VsLMNxsj4KdVZ6onUYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkZNY1ZMSG5sV3dzdzNHeVBncDFWbnFpZFJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS84ZWZhODYtYzM1Zi00MWI2LWFkMDEt
NDkwNjEwM2RiZDE2LzEvUmdXRDZDdWw4Vi1jS3Q5TFlBa19RMW9jR2ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS84ZWZhODYtYzM1Zi00MWI2LWFkMDEtNDkwNjEwM2RiZDE2
LzEvTkZNY1ZMSG5sV3dzdzNHeVBncDFWbnFpZFJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWv1MA0G
CSqGSIb3DQEBCwUAA4IBAQDKIFSKf0E9f+EgRL2F4Ajho+vDjbvNa2L5Ab4PRY15
Y8guuL6wCm3HbXvZZNT8pDQAp/mBbFZdpcy+86ORly7nGYhbJwXRueFqImavtMzi
HxLqsqqBkxVqc2W9DXZYi6XbdepXDV23K2NHbgNtpee6n0CE/tFYGf7feJ39zXE3
f9OXsLadCQ1H+XWIEZ+XyN9iun4zJXVcO8oSwP2ImUqLtTIxkqzJj0QfAZGJyAZt
0nehUsokSD8/j16CS//izHEcrl0MjHMfPKa15j/8xfBOKpzijEzEMC9zaGf1+qRZ
R52ZBqUzGpOhszzERJj/Zgw70IGKsD6CkATnTzOX6ch0
-----END CERTIFICATE-----