Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/b58bbe-b50f-4857-871c-1c0e31de31c7/1/SVRG13qKLtkzZ7xaiN4uxzkXNhs.roa
File:                     SVRG13qKLtkzZ7xaiN4uxzkXNhs.roa (raw, json)
Hash identifier:          VPDmIAQy3HDkJPWlWJozVLwRBhg5jx5dxfsVwJCTd0I=
Subject key identifier:   49:54:46:D7:7A:8A:2E:D9:33:67:BC:5A:88:DE:2E:C7:39:17:36:1B
Certificate issuer:       /CN=78375fb6168b354841b91d305f9d0cdc0cb1501d
Certificate serial:       019B7EA5706F4D7CCF85A1E2B54295594B9F
Authority key identifier: 78:37:5F:B6:16:8B:35:48:41:B9:1D:30:5F:9D:0C:DC:0C:B1:50:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eDdfthaLNUhBuR0wX50M3AyxUB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/b58bbe-b50f-4857-871c-1c0e31de31c7/1/SVRG13qKLtkzZ7xaiN4uxzkXNhs.roa
Signing time:             Fri 02 Jan 2026 12:18:49 +0000
ROA not before:           Fri 02 Jan 2026 12:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62086
IP address blocks:        185.48.104.0/22 maxlen: 24
                          2a01:9820::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/b58bbe-b50f-4857-871c-1c0e31de31c7/1/eDdfthaLNUhBuR0wX50M3AyxUB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/b58bbe-b50f-4857-871c-1c0e31de31c7/1/eDdfthaLNUhBuR0wX50M3AyxUB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eDdfthaLNUhBuR0wX50M3AyxUB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:70:6f:4d:7c:cf:85:a1:e2:b5:42:95:59:4b:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78375fb6168b354841b91d305f9d0cdc0cb1501d
        Validity
            Not Before: Jan  2 12:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=495446d77a8a2ed93367bc5a88de2ec73917361b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:a1:e4:fc:08:29:9b:69:43:17:2e:63:62:cb:
                    05:5c:be:13:7f:95:19:de:52:91:c3:85:1e:72:96:
                    59:53:ca:32:09:a7:55:e5:cb:96:c7:5d:56:a0:6b:
                    d5:10:42:47:d2:2b:ca:b8:ea:a0:11:08:15:9c:84:
                    f3:43:3e:ae:d5:bd:04:b9:aa:4f:52:d4:a1:cd:d3:
                    68:4b:14:a6:7b:70:72:86:47:ce:74:4a:34:c0:ee:
                    1e:80:17:68:77:4d:37:16:6c:7e:b3:47:e1:30:e5:
                    95:00:02:08:be:37:f2:8d:b5:cc:60:e0:9e:9e:0e:
                    0e:81:4f:ab:5f:3a:fb:d3:54:23:d6:0f:58:21:47:
                    8f:9a:7c:b0:04:56:af:a0:3b:fd:4c:e1:a3:1f:60:
                    2f:b3:62:8b:a6:c3:12:22:8f:76:cc:25:34:d5:21:
                    56:f3:5e:a6:4d:5d:3e:d0:43:cd:ec:20:f6:ab:07:
                    77:5c:b6:50:21:db:2d:21:93:2f:42:e4:22:9f:5d:
                    20:85:90:be:1d:1b:a3:9a:2c:9d:2c:df:1a:9f:f1:
                    f5:f1:62:f1:2d:b2:14:65:b6:a7:eb:de:2a:04:ad:
                    96:a2:3b:e1:74:63:9d:b2:44:53:48:88:bf:95:73:
                    47:b3:5f:3a:c2:52:1d:03:6c:5e:80:a6:25:33:b5:
                    e4:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:54:46:D7:7A:8A:2E:D9:33:67:BC:5A:88:DE:2E:C7:39:17:36:1B
            X509v3 Authority Key Identifier:
                keyid:78:37:5F:B6:16:8B:35:48:41:B9:1D:30:5F:9D:0C:DC:0C:B1:50:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eDdfthaLNUhBuR0wX50M3AyxUB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b58bbe-b50f-4857-871c-1c0e31de31c7/1/SVRG13qKLtkzZ7xaiN4uxzkXNhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b58bbe-b50f-4857-871c-1c0e31de31c7/1/eDdfthaLNUhBuR0wX50M3AyxUB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.104.0/22
                IPv6:
                  2a01:9820::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:46:49:96:62:3e:e8:9b:d7:86:57:53:6d:cb:e8:6a:eb:da:
         87:7a:56:7c:52:24:61:66:bf:75:0c:44:2c:61:5c:ff:32:93:
         08:f4:db:3c:41:dc:60:99:d2:0e:7f:57:29:b6:d8:0e:c4:5c:
         05:17:0c:50:15:f2:5d:55:19:9b:16:0d:c0:0b:b8:24:6d:16:
         0f:d9:e2:7c:b9:5b:e0:d9:ae:9a:bc:a7:99:ca:51:b3:08:d4:
         ce:80:7c:a1:57:93:59:45:f1:be:a6:81:ef:44:7e:b5:b0:e3:
         0e:b5:a8:22:8f:70:e6:73:83:4e:c9:c4:dc:26:e6:79:12:c5:
         de:e9:79:c1:aa:d3:9d:b3:a3:d5:8a:fa:bf:f5:1d:77:a2:c4:
         f9:21:9b:34:8f:81:a2:8d:c2:61:39:f5:e7:d5:79:18:89:7c:
         85:19:db:bc:41:9e:5f:5c:0b:ee:12:fd:0c:4e:1b:76:14:73:
         af:07:42:0e:c8:ed:91:f9:9a:e1:64:0e:c6:c2:0e:e8:40:ca:
         01:5e:7e:dd:28:f9:63:9e:7f:e1:49:84:14:72:21:c7:b0:d6:
         fb:7a:55:6f:f8:4f:5e:e9:df:e4:d7:24:43:08:71:65:cf:54:
         1b:2b:5f:18:fe:20:b9:3e:70:06:8e:35:4b:40:a2:db:b5:12:
         bb:b8:8a:1b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt+pXBvTXzPhaHitUKVWUufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4Mzc1ZmI2MTY4YjM1NDg0MWI5MWQzMDVmOWQwY2RjMGNi
MTUwMWQwHhcNMjYwMTAyMTIxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTU0NDZkNzdhOGEyZWQ5MzM2N2JjNWE4OGRlMmVjNzM5MTczNjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36Hk/Agpm2lDFy5jYssFXL4Tf5UZ
3lKRw4UecpZZU8oyCadV5cuWx11WoGvVEEJH0ivKuOqgEQgVnITzQz6u1b0EuapP
UtShzdNoSxSme3ByhkfOdEo0wO4egBdod003Fmx+s0fhMOWVAAIIvjfyjbXMYOCe
ng4OgU+rXzr701Qj1g9YIUePmnywBFavoDv9TOGjH2Avs2KLpsMSIo92zCU01SFW
816mTV0+0EPN7CD2qwd3XLZQIdstIZMvQuQin10ghZC+HRujmiydLN8an/H18WLx
LbIUZban694qBK2WojvhdGOdskRTSIi/lXNHs186wlIdA2xegKYlM7XkywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFElURtd6ii7ZM2e8WojeLsc5FzYbMB8GA1UdIwQY
MBaAFHg3X7YWizVIQbkdMF+dDNwMsVAdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZURkZnRoYUxOVWhCdVIwd1g1ME0zQXl4VUIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9iNThiYmUtYjUwZi00ODU3LTg3MWMt
MWMwZTMxZGUzMWM3LzEvU1ZSRzEzcUtMdGt6Wjd4YWlONHV4emtYTmhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9iNThiYmUtYjUwZi00ODU3LTg3MWMtMWMwZTMxZGUzMWM3
LzEvZURkZnRoYUxOVWhCdVIwd1g1ME0zQXl4VUIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTBoMA0E
AgACMAcDBQAqAZggMA0GCSqGSIb3DQEBCwUAA4IBAQAORkmWYj7om9eGV1Nty+hq
69qHelZ8UiRhZr91DEQsYVz/MpMI9Ns8QdxgmdIOf1cpttgOxFwFFwxQFfJdVRmb
Fg3AC7gkbRYP2eJ8uVvg2a6avKeZylGzCNTOgHyhV5NZRfG+poHvRH61sOMOtagi
j3Dmc4NOycTcJuZ5EsXe6XnBqtOds6PVivq/9R13osT5IZs0j4GijcJhOfXn1XkY
iXyFGdu8QZ5fXAvuEv0MTht2FHOvB0IOyO2R+ZrhZA7Gwg7oQMoBXn7dKPljnn/h
SYQUciHHsNb7elVv+E9e6d/k1yRDCHFlz1QbK18Y/iC5PnAGjjVLQKLbtRK7uIob
-----END CERTIFICATE-----