Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/1ac3a0-4716-4be0-8ba2-fa84f3974990/1/dSgf7Rj9MRB36B06KCH4XtB0J-E.roa
File:                     dSgf7Rj9MRB36B06KCH4XtB0J-E.roa (raw, json)
Hash identifier:          50BV1O3krfrNrPmzDGVH6bT0c5/ZuT9nFLY2UgtP04I=
Subject key identifier:   75:28:1F:ED:18:FD:31:10:77:E8:1D:3A:28:21:F8:5E:D0:74:27:E1
Certificate issuer:       /CN=43b8b13f7e2e497ed1c7b0a3417bddf19bcc611a
Certificate serial:       019B7CEDA91FA24D75384C6289F214A9B159
Authority key identifier: 43:B8:B1:3F:7E:2E:49:7E:D1:C7:B0:A3:41:7B:DD:F1:9B:CC:61:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q7ixP34uSX7Rx7CjQXvd8ZvMYRo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/1ac3a0-4716-4be0-8ba2-fa84f3974990/1/dSgf7Rj9MRB36B06KCH4XtB0J-E.roa
Signing time:             Fri 02 Jan 2026 04:18:28 +0000
ROA not before:           Fri 02 Jan 2026 04:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42691
IP address blocks:        192.109.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/1ac3a0-4716-4be0-8ba2-fa84f3974990/1/Q7ixP34uSX7Rx7CjQXvd8ZvMYRo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/1ac3a0-4716-4be0-8ba2-fa84f3974990/1/Q7ixP34uSX7Rx7CjQXvd8ZvMYRo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q7ixP34uSX7Rx7CjQXvd8ZvMYRo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 21:16:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:a9:1f:a2:4d:75:38:4c:62:89:f2:14:a9:b1:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43b8b13f7e2e497ed1c7b0a3417bddf19bcc611a
        Validity
            Not Before: Jan  2 04:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=75281fed18fd311077e81d3a2821f85ed07427e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4b:fe:b0:2b:a8:67:60:83:24:e4:2d:6e:7e:
                    ca:e9:4f:3f:f7:6d:08:c7:bd:fa:3e:ba:18:f9:5b:
                    80:99:98:72:73:dc:46:76:91:97:b3:48:10:7f:ea:
                    3d:61:24:a7:ae:e9:88:d3:01:45:74:c4:d8:6b:80:
                    e7:57:b4:a4:68:34:8f:06:8c:ed:40:03:c0:8a:44:
                    0e:85:09:75:36:ff:07:17:c5:f2:c9:d6:ea:f5:f0:
                    3b:67:22:a5:cb:56:e7:4c:86:1c:53:85:ec:d3:c5:
                    c5:9e:6e:71:39:3d:b4:d8:e3:cf:73:c4:8c:e9:fd:
                    92:31:d5:bf:1e:d8:ff:90:7b:9e:67:cd:eb:80:0d:
                    71:e4:0d:84:0a:8c:05:9c:00:4f:47:2d:e8:b7:73:
                    e0:5c:df:7e:ad:18:f8:13:95:76:ab:22:ee:4a:a3:
                    35:ef:35:6f:b6:91:cc:e4:2f:b3:79:13:b1:6b:71:
                    c3:9f:4a:ca:ec:f7:ef:d6:97:80:08:4b:8a:5e:f9:
                    60:98:0d:47:22:ea:e0:a5:9a:4a:ea:1c:3f:cb:9a:
                    18:6c:3c:6b:58:11:50:bc:1e:84:8c:97:8f:3e:d4:
                    6c:53:c8:d9:ac:e5:fa:f4:d9:f9:32:ec:28:27:f1:
                    9f:be:7d:f3:24:07:88:d4:74:bd:13:ed:bc:96:e6:
                    84:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:28:1F:ED:18:FD:31:10:77:E8:1D:3A:28:21:F8:5E:D0:74:27:E1
            X509v3 Authority Key Identifier:
                keyid:43:B8:B1:3F:7E:2E:49:7E:D1:C7:B0:A3:41:7B:DD:F1:9B:CC:61:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q7ixP34uSX7Rx7CjQXvd8ZvMYRo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/1ac3a0-4716-4be0-8ba2-fa84f3974990/1/dSgf7Rj9MRB36B06KCH4XtB0J-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/1ac3a0-4716-4be0-8ba2-fa84f3974990/1/Q7ixP34uSX7Rx7CjQXvd8ZvMYRo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:28:33:13:f4:49:b6:e9:56:37:5c:d6:53:9c:76:ff:29:96:
         d7:d1:10:c1:e8:c7:10:73:ec:d6:ba:67:8a:7b:5f:a5:33:2d:
         c2:d2:e1:55:c0:6a:f7:e6:f8:c0:cc:14:fb:0e:98:40:1f:86:
         94:97:8b:38:aa:22:76:00:43:ec:65:f5:bb:3a:55:6f:da:94:
         89:ca:a2:25:08:37:ad:0c:fd:09:7a:66:74:15:8d:50:07:a3:
         52:3e:4c:fb:7f:8a:03:95:fb:b4:c9:98:81:2c:d9:b7:e7:1d:
         16:20:86:e5:99:69:31:ba:08:1b:cf:6d:67:9d:a9:81:c7:5c:
         bb:2e:39:5e:c9:6b:f9:6d:92:39:1e:a9:e1:b6:94:62:70:6d:
         b5:54:05:9d:67:68:e3:a7:25:db:ea:8b:cf:54:7b:9b:ed:dc:
         88:aa:58:fc:71:cd:a8:99:19:5e:a3:e2:f4:78:ac:26:94:d6:
         12:8d:03:4c:29:82:0f:f6:49:87:35:16:90:00:0e:3c:95:c0:
         9a:77:5d:81:e1:3b:0e:a1:f6:0c:0a:43:cc:c2:81:63:90:74:
         bf:b3:64:95:a3:51:f4:44:e4:0f:2b:10:44:a3:9c:95:d4:61:
         86:36:95:93:e9:14:d1:f4:7c:b4:8a:85:58:7d:37:b5:88:38:
         01:46:b8:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87akfok11OExiifIUqbFZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYjhiMTNmN2UyZTQ5N2VkMWM3YjBhMzQxN2JkZGYxOWJj
YzYxMWEwHhcNMjYwMTAyMDQxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTI4MWZlZDE4ZmQzMTEwNzdlODFkM2EyODIxZjg1ZWQwNzQyN2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskv+sCuoZ2CDJOQtbn7K6U8/920I
x736ProY+VuAmZhyc9xGdpGXs0gQf+o9YSSnrumI0wFFdMTYa4DnV7SkaDSPBozt
QAPAikQOhQl1Nv8HF8Xyydbq9fA7ZyKly1bnTIYcU4Xs08XFnm5xOT202OPPc8SM
6f2SMdW/Htj/kHueZ83rgA1x5A2ECowFnABPRy3ot3PgXN9+rRj4E5V2qyLuSqM1
7zVvtpHM5C+zeROxa3HDn0rK7Pfv1peACEuKXvlgmA1HIurgpZpK6hw/y5oYbDxr
WBFQvB6EjJePPtRsU8jZrOX69Nn5MuwoJ/Gfvn3zJAeI1HS9E+28luaEEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUoH+0Y/TEQd+gdOigh+F7QdCfhMB8GA1UdIwQY
MBaAFEO4sT9+Lkl+0cewo0F73fGbzGEaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTdpeFAzNHVTWDdSeDdDalFYdmQ4WnZNWVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8xYWMzYTAtNDcxNi00YmUwLThiYTIt
ZmE4NGYzOTc0OTkwLzEvZFNnZjdSajlNUkIzNkIwNktDSDRYdEIwSi1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8xYWMzYTAtNDcxNi00YmUwLThiYTItZmE4NGYzOTc0OTkw
LzEvUTdpeFAzNHVTWDdSeDdDalFYdmQ4WnZNWVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG32MA0G
CSqGSIb3DQEBCwUAA4IBAQAoKDMT9Em26VY3XNZTnHb/KZbX0RDB6McQc+zWumeK
e1+lMy3C0uFVwGr35vjAzBT7DphAH4aUl4s4qiJ2AEPsZfW7OlVv2pSJyqIlCDet
DP0JemZ0FY1QB6NSPkz7f4oDlfu0yZiBLNm35x0WIIblmWkxuggbz21nnamBx1y7
LjleyWv5bZI5HqnhtpRicG21VAWdZ2jjpyXb6ovPVHub7dyIqlj8cc2omRleo+L0
eKwmlNYSjQNMKYIP9kmHNRaQAA48lcCad12B4TsOofYMCkPMwoFjkHS/s2SVo1H0
ROQPKxBEo5yV1GGGNpWT6RTR9Hy0ioVYfTe1iDgBRrgo
-----END CERTIFICATE-----