Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/qVb5PhcWzp2jSjoiwq3ZVNNlrxY.roa
File:                     qVb5PhcWzp2jSjoiwq3ZVNNlrxY.roa (raw, json)
Hash identifier:          uqKfbYVlW5hlUaluGy9iii/BrL+kIfu3455zS2T6GtM=
Subject key identifier:   A9:56:F9:3E:17:16:CE:9D:A3:4A:3A:22:C2:AD:D9:54:D3:65:AF:16
Certificate issuer:       /CN=ba60a4d874d9601c8142c352f80c56a43276cd47
Certificate serial:       019B7AC93AFC51D9DDA9F1BDFFB027E90EAC
Authority key identifier: BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/qVb5PhcWzp2jSjoiwq3ZVNNlrxY.roa
Signing time:             Thu 01 Jan 2026 18:19:26 +0000
ROA not before:           Thu 01 Jan 2026 18:19:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209185
IP address blocks:        2.58.112.0/24 maxlen: 24
                          2a09:e440::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:3a:fc:51:d9:dd:a9:f1:bd:ff:b0:27:e9:0e:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba60a4d874d9601c8142c352f80c56a43276cd47
        Validity
            Not Before: Jan  1 18:19:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a956f93e1716ce9da34a3a22c2add954d365af16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:25:db:d0:17:8e:f0:fd:b8:1b:72:c8:16:1f:
                    30:d2:61:b1:b8:ed:57:84:87:50:88:91:4c:ef:db:
                    c4:e6:80:37:cb:d4:b2:8f:46:27:97:01:63:87:68:
                    99:bb:6c:94:18:8f:5b:e7:e1:75:3c:66:68:20:8d:
                    d6:8a:0c:d5:ea:d8:7a:92:e4:17:ee:21:a2:a9:bf:
                    3a:42:90:7a:9e:36:71:52:2b:33:2f:90:fa:00:18:
                    6a:6c:e0:13:0e:35:3b:c8:6d:bc:d4:88:32:16:e4:
                    4a:48:ae:65:cd:a9:77:8a:12:91:89:ae:f3:b1:e2:
                    d0:22:4c:10:82:13:bb:e0:bf:66:68:b4:7c:1f:5a:
                    20:df:24:c1:3d:77:a2:9f:9c:14:0a:14:5b:83:33:
                    9a:2f:ab:bf:b9:d9:e8:fe:d2:04:36:94:51:ed:b3:
                    07:2c:93:e0:5e:0b:ca:18:e6:ff:cc:c1:91:fc:14:
                    ae:c1:66:12:24:4f:82:48:ab:d1:a0:b9:0e:ab:8f:
                    36:5e:76:43:2d:0a:4a:ab:22:51:bb:f4:f1:0b:38:
                    5d:c5:8f:c6:66:28:23:95:6a:f2:fd:24:59:33:0c:
                    2d:f8:20:0c:e5:13:1f:b2:29:75:b2:09:ec:79:31:
                    b4:e6:4c:09:f0:84:02:e1:1d:f6:b5:56:75:e6:0c:
                    cf:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:56:F9:3E:17:16:CE:9D:A3:4A:3A:22:C2:AD:D9:54:D3:65:AF:16
            X509v3 Authority Key Identifier:
                keyid:BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/qVb5PhcWzp2jSjoiwq3ZVNNlrxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.112.0/24
                IPv6:
                  2a09:e440::/40

    Signature Algorithm: sha256WithRSAEncryption
         15:14:c2:da:c0:e1:21:d4:38:1b:55:65:b7:1e:76:b5:4d:3c:
         1f:ba:80:d8:3d:80:d8:38:e8:f0:49:44:45:05:2f:17:bc:f7:
         aa:e3:2e:5c:e7:03:3b:02:5d:1a:c4:ed:1d:b7:51:f9:87:da:
         8c:ff:f6:d6:7b:00:f1:7c:78:98:75:c1:d2:d9:cc:a7:97:40:
         0a:53:15:e6:85:81:10:d4:34:b0:5b:ef:1f:11:f2:ab:b1:9c:
         e8:b3:96:8e:23:fc:df:1c:44:48:8b:0d:34:b1:06:b4:c4:06:
         2e:93:60:57:40:04:97:a1:b5:31:be:3c:db:6c:e9:ec:bd:e1:
         81:81:e0:df:82:33:d6:39:b1:3c:35:43:63:b8:aa:14:65:30:
         19:66:72:12:10:5c:7c:84:fa:07:55:99:47:07:50:bc:2d:de:
         39:46:a7:73:7f:13:5b:db:5b:b2:6a:e1:e2:50:6f:0e:32:4d:
         c8:0a:47:05:e5:18:ff:c6:84:68:2e:f2:c9:df:05:03:26:ca:
         29:a3:40:84:ad:5a:f4:e1:d3:e6:b7:d5:62:fe:e1:97:6b:e9:
         0b:b1:b5:d3:c4:ed:6a:ff:83:6a:12:ce:c3:78:ec:44:5c:52:
         f9:6d:d7:08:d6:8e:cc:4b:83:c7:ee:82:ed:78:ac:87:ab:81:
         98:63:f9:d6
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZt6yTr8UdndqfG9/7An6Q6sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjBhNGQ4NzRkOTYwMWM4MTQyYzM1MmY4MGM1NmE0MzI3
NmNkNDcwHhcNMjYwMTAxMTgxOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTU2ZjkzZTE3MTZjZTlkYTM0YTNhMjJjMmFkZDk1NGQzNjVhZjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCXb0BeO8P24G3LIFh8w0mGxuO1X
hIdQiJFM79vE5oA3y9Syj0YnlwFjh2iZu2yUGI9b5+F1PGZoII3WigzV6th6kuQX
7iGiqb86QpB6njZxUiszL5D6ABhqbOATDjU7yG281IgyFuRKSK5lzal3ihKRia7z
seLQIkwQghO74L9maLR8H1og3yTBPXein5wUChRbgzOaL6u/udno/tIENpRR7bMH
LJPgXgvKGOb/zMGR/BSuwWYSJE+CSKvRoLkOq482XnZDLQpKqyJRu/TxCzhdxY/G
ZigjlWry/SRZMwwt+CAM5RMfsil1sgnseTG05kwJ8IQC4R32tVZ15gzPRwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFKlW+T4XFs6do0o6IsKt2VTTZa8WMB8GA1UdIwQY
MBaAFLpgpNh02WAcgULDUvgMVqQyds1HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1DazJIVFpZQnlCUXNOUy1BeFdwREoyelVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yOGNiNWMtMjk4Zi00ZDhiLTgxNWIt
ZTVhMzc3OGJlM2FkLzEvcVZiNVBoY1d6cDJqU2pvaXdxM1pWTk5scnhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yOGNiNWMtMjk4Zi00ZDhiLTgxNWItZTVhMzc3OGJlM2Fk
LzEvdW1DazJIVFpZQnlCUXNOUy1BeFdwREoyelVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAAjpwMA4E
AgACMAgDBgAqCeRAADANBgkqhkiG9w0BAQsFAAOCAQEAFRTC2sDhIdQ4G1Vltx52
tU08H7qA2D2A2Djo8ElERQUvF7z3quMuXOcDOwJdGsTtHbdR+YfajP/21nsA8Xx4
mHXB0tnMp5dAClMV5oWBENQ0sFvvHxHyq7Gc6LOWjiP83xxESIsNNLEGtMQGLpNg
V0AEl6G1Mb4822zp7L3hgYHg34Iz1jmxPDVDY7iqFGUwGWZyEhBcfIT6B1WZRwdQ
vC3eOUanc38TW9tbsmrh4lBvDjJNyApHBeUY/8aEaC7yyd8FAybKKaNAhK1a9OHT
5rfVYv7hl2vpC7G108Ttav+DahLOw3jsRFxS+W3XCNaOzEuDx+6C7Xish6uBmGP5
1g==
-----END CERTIFICATE-----