Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/xJZbzQfr9Oxhm2_FMaPpOD_JF6o.roa
File:                     xJZbzQfr9Oxhm2_FMaPpOD_JF6o.roa (raw, json)
Hash identifier:          ipqQ2yYK11hQH4GRmmAyAseGYznlNeYFRLVlXv3h3aw=
Subject key identifier:   C4:96:5B:CD:07:EB:F4:EC:61:9B:6F:C5:31:A3:E9:38:3F:C9:17:AA
Certificate issuer:       /CN=f58e0c3b9333cb6fd4139e455a5abbafd569532a
Certificate serial:       019E5310490015C871D574795675C630CF30
Authority key identifier: F5:8E:0C:3B:93:33:CB:6F:D4:13:9E:45:5A:5A:BB:AF:D5:69:53:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/xJZbzQfr9Oxhm2_FMaPpOD_JF6o.roa
Signing time:             Sat 23 May 2026 04:20:36 +0000
ROA not before:           Sat 23 May 2026 04:20:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61081
IP address blocks:        185.24.72.0/22 maxlen: 24
                          185.65.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:53:10:49:00:15:c8:71:d5:74:79:56:75:c6:30:cf:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f58e0c3b9333cb6fd4139e455a5abbafd569532a
        Validity
            Not Before: May 23 04:20:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c4965bcd07ebf4ec619b6fc531a3e9383fc917aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1f:19:c8:81:73:1b:40:d6:01:75:59:31:3b:
                    9c:df:1c:05:9c:9d:aa:34:49:81:d1:ab:5d:44:e6:
                    47:8e:26:37:ad:8d:32:30:d0:dd:d8:68:4a:f6:1a:
                    1b:20:62:ef:e8:3d:c2:46:ab:2f:99:fa:85:a5:9c:
                    9b:b2:38:47:2c:18:94:40:8e:fc:6c:77:4a:4a:f2:
                    c1:7d:3d:8b:f3:60:71:22:5c:7e:03:fc:a2:6e:0d:
                    7f:f7:d6:62:cb:bf:01:74:5a:00:94:f0:ea:55:71:
                    0a:93:12:fd:35:cf:2e:1b:8e:b5:c8:c7:18:b7:03:
                    99:5a:ca:12:a8:ff:a6:a4:2e:ee:81:26:d3:07:b9:
                    83:f5:a4:9e:90:0f:10:8c:a5:bc:67:8c:7d:4e:65:
                    b7:09:4e:4d:80:5b:80:45:53:8a:62:4b:2a:32:40:
                    3e:29:30:a5:e9:d4:75:0a:33:2c:37:c9:c7:39:67:
                    a1:08:d2:49:97:f7:09:88:d2:7f:38:c7:15:fd:cb:
                    16:4e:fe:db:10:11:e8:00:62:62:9c:77:b3:a1:4e:
                    ad:fe:0d:07:41:32:6d:52:e9:81:db:51:96:e2:26:
                    0c:0f:c1:99:4b:5f:50:88:cd:31:7b:b9:9d:e4:a6:
                    90:80:7a:c1:84:a4:6d:9f:84:2d:74:a9:53:2d:6d:
                    c0:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:96:5B:CD:07:EB:F4:EC:61:9B:6F:C5:31:A3:E9:38:3F:C9:17:AA
            X509v3 Authority Key Identifier:
                keyid:F5:8E:0C:3B:93:33:CB:6F:D4:13:9E:45:5A:5A:BB:AF:D5:69:53:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/xJZbzQfr9Oxhm2_FMaPpOD_JF6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b1ca51-75dd-41c9-9484-2bc1ae3dbdbe/1/9Y4MO5Mzy2_UE55FWlq7r9VpUyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.72.0/22
                  185.65.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:f7:50:99:dc:6c:b3:2c:a7:93:01:47:7c:66:0c:d1:de:68:
         ec:75:37:13:67:b2:8d:cd:4b:ee:99:86:10:7d:13:35:a9:0b:
         c5:e9:88:c0:7b:78:25:47:14:86:30:ca:2d:83:58:a1:ff:1b:
         5b:45:1d:01:df:d8:b0:e6:91:31:06:4e:39:0d:03:f0:d2:af:
         49:11:8f:c8:4a:b3:9c:40:45:e7:25:36:02:e9:d9:c6:0e:59:
         11:2f:50:1c:21:5b:0c:a2:1e:98:41:a0:28:4f:2e:80:6f:4b:
         13:76:6f:6d:f8:41:e2:88:3a:ac:66:29:b9:b9:72:0c:7e:62:
         9c:54:30:c1:14:59:8e:f4:d4:67:36:8e:2e:fd:30:63:eb:54:
         be:14:2d:d6:0b:e9:44:4c:a8:f3:66:90:ff:03:61:ab:bd:2b:
         82:8a:e4:9b:e0:66:64:d4:7e:d2:89:f0:13:40:f8:cb:f6:aa:
         83:0c:e6:98:78:f1:c8:85:5c:d5:dc:14:21:a5:6b:a1:fe:52:
         34:9b:5e:bf:c4:7d:a3:ea:09:a7:d8:24:ff:88:7f:db:71:9f:
         c0:0a:c2:7e:f8:ce:16:79:c5:02:e8:02:b7:9d:6e:a7:48:bf:
         b9:4e:f2:82:15:ef:77:04:10:8a:8e:6f:50:be:ae:5c:91:08:
         73:6a:f3:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5TEEkAFchx1XR5VnXGMM8wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1OGUwYzNiOTMzM2NiNmZkNDEzOWU0NTVhNWFiYmFmZDU2
OTUzMmEwHhcNMjYwNTIzMDQyMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDk2NWJjZDA3ZWJmNGVjNjE5YjZmYzUzMWEzZTkzODNmYzkxN2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqR8ZyIFzG0DWAXVZMTuc3xwFnJ2q
NEmB0atdROZHjiY3rY0yMNDd2GhK9hobIGLv6D3CRqsvmfqFpZybsjhHLBiUQI78
bHdKSvLBfT2L82BxIlx+A/yibg1/99Ziy78BdFoAlPDqVXEKkxL9Nc8uG461yMcY
twOZWsoSqP+mpC7ugSbTB7mD9aSekA8QjKW8Z4x9TmW3CU5NgFuARVOKYksqMkA+
KTCl6dR1CjMsN8nHOWehCNJJl/cJiNJ/OMcV/csWTv7bEBHoAGJinHezoU6t/g0H
QTJtUumB21GW4iYMD8GZS19QiM0xe7md5KaQgHrBhKRtn4QtdKlTLW3ADwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMSWW80H6/TsYZtvxTGj6Tg/yReqMB8GA1UdIwQY
MBaAFPWODDuTM8tv1BOeRVpau6/VaVMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVk0TU81TXp5Ml9VRTU1RldscTdyOVZwVXlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iMWNhNTEtNzVkZC00MWM5LTk0ODQt
MmJjMWFlM2RiZGJlLzEveEpaYnpRZnI5T3hobTJfRk1hUHBPRF9KRjZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iMWNhNTEtNzVkZC00MWM5LTk0ODQtMmJjMWFlM2RiZGJl
LzEvOVk0TU81TXp5Ml9VRTU1RldscTdyOVZwVXlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuRhIAwQA
uUF0MA0GCSqGSIb3DQEBCwUAA4IBAQA491CZ3GyzLKeTAUd8ZgzR3mjsdTcTZ7KN
zUvumYYQfRM1qQvF6YjAe3glRxSGMMotg1ih/xtbRR0B39iw5pExBk45DQPw0q9J
EY/ISrOcQEXnJTYC6dnGDlkRL1AcIVsMoh6YQaAoTy6Ab0sTdm9t+EHiiDqsZim5
uXIMfmKcVDDBFFmO9NRnNo4u/TBj61S+FC3WC+lETKjzZpD/A2GrvSuCiuSb4GZk
1H7SifATQPjL9qqDDOaYePHIhVzV3BQhpWuh/lI0m16/xH2j6gmn2CT/iH/bcZ/A
CsJ++M4WecUC6AK3nW6nSL+5TvKCFe93BBCKjm9Qvq5ckQhzavN9
-----END CERTIFICATE-----