Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/iglmx-ya_CBijqxO6oqYah-MgJk.roa
File:                     iglmx-ya_CBijqxO6oqYah-MgJk.roa (raw, json)
Hash identifier:          nW9fmQ0ZJGvfNsh2tiuvFsmSbRN+a3nAUodyjJH9UYE=
Subject key identifier:   8A:09:66:C7:EC:9A:FC:20:62:8E:AC:4E:EA:8A:98:6A:1F:8C:80:99
Certificate issuer:       /CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
Certificate serial:       019E067439246ADE3952BDB5406A0A41DC28
Authority key identifier: D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/iglmx-ya_CBijqxO6oqYah-MgJk.roa
Signing time:             Fri 08 May 2026 07:19:00 +0000
ROA not before:           Fri 08 May 2026 07:19:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        109.105.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 13:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:06:74:39:24:6a:de:39:52:bd:b5:40:6a:0a:41:dc:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
        Validity
            Not Before: May  8 07:19:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a0966c7ec9afc20628eac4eea8a986a1f8c8099
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:77:57:25:e0:aa:8f:c6:d9:a9:f9:bb:7a:9c:
                    48:ca:38:bd:46:71:19:74:31:94:b5:72:58:b8:15:
                    97:aa:01:ff:82:d8:e6:af:3d:c4:8f:72:a7:fc:01:
                    ab:89:1c:83:44:6a:59:50:32:42:4c:8c:ba:6e:4d:
                    0c:ec:e0:84:c0:bb:09:92:fb:c1:32:18:a3:59:5f:
                    ab:ea:19:de:34:40:d6:14:04:b4:c1:36:d4:29:04:
                    a8:30:54:b5:48:2f:2b:99:6f:57:53:f7:35:30:fa:
                    89:15:bb:37:24:3f:fe:82:3e:d5:80:38:f0:d5:ac:
                    a0:3d:ef:03:99:2c:47:32:48:39:13:91:92:6a:00:
                    cf:f2:53:fc:8f:fc:7c:34:32:7f:f3:40:f4:0d:9f:
                    b9:68:e4:28:b6:9a:32:09:a5:84:b5:f3:c1:e7:5e:
                    d4:4d:fe:d7:ca:9e:b1:7a:b9:e4:ed:c6:66:e9:f5:
                    c7:88:b6:f1:88:ab:98:1c:db:90:95:5e:46:07:d6:
                    a9:25:a0:0f:c4:fd:c4:3c:2d:f9:db:9f:67:5e:5b:
                    f1:1f:a5:7a:4e:30:7e:bb:c4:9a:5a:2e:ba:5a:62:
                    95:36:63:7b:09:de:a0:8d:76:09:6f:9b:45:ea:aa:
                    af:0a:c1:91:74:43:d6:24:a7:f8:b0:3e:9f:d9:16:
                    d5:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:09:66:C7:EC:9A:FC:20:62:8E:AC:4E:EA:8A:98:6A:1F:8C:80:99
            X509v3 Authority Key Identifier:
                keyid:D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/iglmx-ya_CBijqxO6oqYah-MgJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.105.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:8a:06:50:08:a0:17:77:3e:e6:09:6e:b9:69:be:6d:00:d5:
         c6:bf:d4:ba:08:ba:71:68:e8:15:24:c6:98:c0:5a:49:7b:10:
         8f:03:12:9e:ad:1c:14:7d:6c:12:94:c1:b2:50:82:e8:f5:7c:
         c1:51:dd:71:4d:aa:5b:db:b0:da:15:41:65:3b:4d:d3:63:28:
         b1:b6:3b:8c:06:44:31:24:8d:37:df:a2:c1:6e:a9:03:bf:a5:
         b2:65:0f:4f:f2:0f:43:74:e8:07:69:72:bb:24:38:cc:06:18:
         2b:7d:d5:36:d9:29:01:54:ae:c6:f5:41:21:74:92:b5:fe:ea:
         d1:db:da:de:f1:f5:5e:11:2d:9d:16:8c:30:79:b2:1e:4b:79:
         a1:e2:43:ca:9f:52:eb:f1:0b:76:e1:ea:89:b9:01:d6:37:fe:
         e5:90:1a:8c:89:a9:63:dc:21:12:1f:e0:1b:97:c9:87:0b:8d:
         d0:c2:b0:94:20:04:1c:f9:60:fe:85:db:ac:fb:7a:c7:99:87:
         83:43:a0:7b:03:af:42:5a:47:07:c0:69:2c:5f:b6:b8:f2:7f:
         91:95:4a:34:7f:3e:4a:13:48:98:32:76:19:8e:c2:08:14:14:
         0c:93:73:b0:0f:27:1b:86:50:a2:d6:73:66:b0:6c:fc:7e:c6:
         af:1a:f3:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4GdDkkat45Ur21QGoKQdwoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4YzYwYTBkMmQ3MGE5MzM3ZDBiZGE1NmQxYWQ1OTZhYzFm
NjljZGEwHhcNMjYwNTA4MDcxOTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTA5NjZjN2VjOWFmYzIwNjI4ZWFjNGVlYThhOTg2YTFmOGM4MDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHdXJeCqj8bZqfm7epxIyji9RnEZ
dDGUtXJYuBWXqgH/gtjmrz3Ej3Kn/AGriRyDRGpZUDJCTIy6bk0M7OCEwLsJkvvB
MhijWV+r6hneNEDWFAS0wTbUKQSoMFS1SC8rmW9XU/c1MPqJFbs3JD/+gj7VgDjw
1aygPe8DmSxHMkg5E5GSagDP8lP8j/x8NDJ/80D0DZ+5aOQotpoyCaWEtfPB517U
Tf7Xyp6xernk7cZm6fXHiLbxiKuYHNuQlV5GB9apJaAPxP3EPC35259nXlvxH6V6
TjB+u8SaWi66WmKVNmN7Cd6gjXYJb5tF6qqvCsGRdEPWJKf4sD6f2RbVcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIoJZsfsmvwgYo6sTuqKmGofjICZMB8GA1UdIwQY
MBaAFNjGCg0tcKkzfQvaVtGtWWrB9pzaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUt
ZGQyOTRjMzc4ZjZjLzEvaWdsbXgteWFfQ0JpanF4TzZvcVlhaC1NZ0prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUtZGQyOTRjMzc4ZjZj
LzEvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWnHMA0G
CSqGSIb3DQEBCwUAA4IBAQAuigZQCKAXdz7mCW65ab5tANXGv9S6CLpxaOgVJMaY
wFpJexCPAxKerRwUfWwSlMGyUILo9XzBUd1xTapb27DaFUFlO03TYyixtjuMBkQx
JI0336LBbqkDv6WyZQ9P8g9DdOgHaXK7JDjMBhgrfdU22SkBVK7G9UEhdJK1/urR
29re8fVeES2dFowwebIeS3mh4kPKn1Lr8Qt24eqJuQHWN/7lkBqMialj3CESH+Ab
l8mHC43QwrCUIAQc+WD+hdus+3rHmYeDQ6B7A69CWkcHwGksX7a48n+RlUo0fz5K
E0iYMnYZjsIIFBQMk3OwDycbhlCi1nNmsGz8fsavGvPm
-----END CERTIFICATE-----