Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/0dd57c-ae73-4a1f-aa10-185884e0b548/1/cUpkjaDP4LJticYxAdxvejamI7s.roa
File:                     cUpkjaDP4LJticYxAdxvejamI7s.roa (raw, json)
Hash identifier:          NYs65YNfWkOoclb0FiT35oPaVvQTLiTbCeZBVy6gqu8=
Subject key identifier:   71:4A:64:8D:A0:CF:E0:B2:6D:89:C6:31:01:DC:6F:7A:36:A6:23:BB
Certificate issuer:       /CN=60e3d9721533bb5f7685c78ec98df814fad5d67c
Certificate serial:       019DBA8AB87D324D86E5E182D10A6195664F
Authority key identifier: 60:E3:D9:72:15:33:BB:5F:76:85:C7:8E:C9:8D:F8:14:FA:D5:D6:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YOPZchUzu192hceOyY34FPrV1nw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/0dd57c-ae73-4a1f-aa10-185884e0b548/1/cUpkjaDP4LJticYxAdxvejamI7s.roa
Signing time:             Thu 23 Apr 2026 13:32:26 +0000
ROA not before:           Thu 23 Apr 2026 13:32:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20253
IP address blocks:        185.135.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/0dd57c-ae73-4a1f-aa10-185884e0b548/1/YOPZchUzu192hceOyY34FPrV1nw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/0dd57c-ae73-4a1f-aa10-185884e0b548/1/YOPZchUzu192hceOyY34FPrV1nw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YOPZchUzu192hceOyY34FPrV1nw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 16:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ba:8a:b8:7d:32:4d:86:e5:e1:82:d1:0a:61:95:66:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60e3d9721533bb5f7685c78ec98df814fad5d67c
        Validity
            Not Before: Apr 23 13:32:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=714a648da0cfe0b26d89c63101dc6f7a36a623bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:56:e2:0c:cd:6f:f9:23:5b:70:09:53:f2:6d:
                    cb:c7:bf:3b:d6:b5:95:5f:bc:0c:9c:11:45:6c:c6:
                    dd:36:db:26:b8:a8:11:19:08:4b:b5:62:25:69:96:
                    e5:13:5c:18:e0:29:b7:9c:87:56:29:5d:83:14:e3:
                    e5:47:04:84:6a:fb:fb:9c:d0:f0:2f:7c:89:e1:64:
                    f2:2a:1c:94:d4:27:7f:18:26:15:d0:23:4f:7c:13:
                    92:fc:7c:00:4f:e1:93:ca:07:05:5e:bb:9a:5c:ad:
                    14:5b:92:44:99:5c:01:0e:62:9f:ee:83:c3:09:41:
                    76:b3:99:9e:24:4a:85:6c:47:9f:ef:d2:59:f0:68:
                    03:60:69:85:ca:42:9a:28:c8:f9:2e:f2:23:c6:3f:
                    e9:7e:7e:d5:c0:9f:5f:14:10:09:47:92:1e:aa:4a:
                    1b:89:c8:ae:d3:23:df:29:22:d5:58:5f:9b:99:b4:
                    52:17:8e:fe:0b:05:2f:91:0d:81:8d:a5:68:ba:b3:
                    91:7c:c4:f5:d5:a6:50:d5:37:ff:e5:cd:87:0b:5d:
                    e0:cf:13:9c:0f:81:b8:56:ca:1d:d7:3b:c9:48:f3:
                    82:a2:a3:09:6f:5a:89:98:da:23:18:a5:3c:a7:c6:
                    55:73:9f:2c:43:d2:90:5d:4c:0a:e9:09:dc:04:be:
                    2e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:4A:64:8D:A0:CF:E0:B2:6D:89:C6:31:01:DC:6F:7A:36:A6:23:BB
            X509v3 Authority Key Identifier:
                keyid:60:E3:D9:72:15:33:BB:5F:76:85:C7:8E:C9:8D:F8:14:FA:D5:D6:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YOPZchUzu192hceOyY34FPrV1nw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/0dd57c-ae73-4a1f-aa10-185884e0b548/1/cUpkjaDP4LJticYxAdxvejamI7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/0dd57c-ae73-4a1f-aa10-185884e0b548/1/YOPZchUzu192hceOyY34FPrV1nw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:41:da:a1:39:77:86:2f:56:19:a5:44:88:c6:b2:0b:94:ad:
         e4:6d:cd:c7:99:b2:ce:c0:2b:2c:bf:ae:79:0c:cb:cf:43:80:
         08:e6:19:6e:55:fe:85:bd:18:4a:93:a0:39:f2:98:16:8e:33:
         9d:09:18:75:57:08:0c:bb:c8:5d:39:1b:a5:e4:9a:d0:b8:6c:
         10:6c:90:0b:a4:90:a1:66:c2:51:9b:06:02:1c:7a:00:34:6d:
         f1:91:7b:53:d8:f8:30:83:36:49:e7:c4:9f:bb:54:fc:b7:e5:
         f3:63:6e:54:66:7e:de:c1:a1:cc:70:f8:73:7f:75:c8:9c:2d:
         e7:65:a5:81:c1:8e:3c:9a:e6:17:11:18:65:d2:9e:23:a7:cb:
         55:89:a7:56:f5:b6:0e:9a:de:56:c0:4a:3d:c6:49:2a:4e:12:
         3e:05:4a:3c:22:df:24:b4:06:56:4c:d0:f2:13:b8:b9:9f:7b:
         20:61:ef:c9:d0:b7:93:af:9a:50:5c:da:bb:66:cc:9b:c8:ae:
         3c:27:0f:41:f9:02:2a:fb:db:d9:84:f0:f5:0c:02:5c:1b:36:
         af:a4:50:33:71:24:9c:2d:0b:7e:7b:1c:01:6d:30:99:25:1b:
         d0:a4:4c:9e:b4:a0:df:f2:01:2c:c4:d0:e7:e9:62:aa:3e:38:
         cf:ef:f9:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ26irh9Mk2G5eGC0QphlWZPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZTNkOTcyMTUzM2JiNWY3Njg1Yzc4ZWM5OGRmODE0ZmFk
NWQ2N2MwHhcNMjYwNDIzMTMzMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTRhNjQ4ZGEwY2ZlMGIyNmQ4OWM2MzEwMWRjNmY3YTM2YTYyM2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FbiDM1v+SNbcAlT8m3Lx7871rWV
X7wMnBFFbMbdNtsmuKgRGQhLtWIlaZblE1wY4Cm3nIdWKV2DFOPlRwSEavv7nNDw
L3yJ4WTyKhyU1Cd/GCYV0CNPfBOS/HwAT+GTygcFXruaXK0UW5JEmVwBDmKf7oPD
CUF2s5meJEqFbEef79JZ8GgDYGmFykKaKMj5LvIjxj/pfn7VwJ9fFBAJR5Ieqkob
iciu0yPfKSLVWF+bmbRSF47+CwUvkQ2BjaVourORfMT11aZQ1Tf/5c2HC13gzxOc
D4G4Vsod1zvJSPOCoqMJb1qJmNojGKU8p8ZVc58sQ9KQXUwK6QncBL4ukQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFKZI2gz+CybYnGMQHcb3o2piO7MB8GA1UdIwQY
MBaAFGDj2XIVM7tfdoXHjsmN+BT61dZ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU9QWmNoVXp1MTkyaGNlT3lZMzRGUHJWMW53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wZGQ1N2MtYWU3My00YTFmLWFhMTAt
MTg1ODg0ZTBiNTQ4LzEvY1Vwa2phRFA0TEp0aWNZeEFkeHZlamFtSTdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wZGQ1N2MtYWU3My00YTFmLWFhMTAtMTg1ODg0ZTBiNTQ4
LzEvWU9QWmNoVXp1MTkyaGNlT3lZMzRGUHJWMW53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYfKMA0G
CSqGSIb3DQEBCwUAA4IBAQBKQdqhOXeGL1YZpUSIxrILlK3kbc3HmbLOwCssv655
DMvPQ4AI5hluVf6FvRhKk6A58pgWjjOdCRh1VwgMu8hdORul5JrQuGwQbJALpJCh
ZsJRmwYCHHoANG3xkXtT2PgwgzZJ58Sfu1T8t+XzY25UZn7ewaHMcPhzf3XInC3n
ZaWBwY48muYXERhl0p4jp8tViadW9bYOmt5WwEo9xkkqThI+BUo8It8ktAZWTNDy
E7i5n3sgYe/J0LeTr5pQXNq7ZsybyK48Jw9B+QIq+9vZhPD1DAJcGzavpFAzcSSc
LQt+exwBbTCZJRvQpEyetKDf8gEsxNDn6WKqPjjP7/lI
-----END CERTIFICATE-----