Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/ce46a3-02fa-493d-a73d-bbf5d21e6812/1/rti39HegAndK66UvqIyeaOAdrOM.roa
File:                     rti39HegAndK66UvqIyeaOAdrOM.roa (raw, json)
Hash identifier:          sfbW54zeTSYrkE+acsbYHXNBviynJ8WZO6Ngx2nG5fI=
Subject key identifier:   AE:D8:B7:F4:77:A0:02:77:4A:EB:A5:2F:A8:8C:9E:68:E0:1D:AC:E3
Certificate issuer:       /CN=60b20e41689168d75c602cc0f6e958d66653faee
Certificate serial:       019CB0408EF3F34285228F980F0B647DA50E
Authority key identifier: 60:B2:0E:41:68:91:68:D7:5C:60:2C:C0:F6:E9:58:D6:66:53:FA:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YLIOQWiRaNdcYCzA9ulY1mZT-u4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/ce46a3-02fa-493d-a73d-bbf5d21e6812/1/rti39HegAndK66UvqIyeaOAdrOM.roa
Signing time:             Mon 02 Mar 2026 20:32:26 +0000
ROA not before:           Mon 02 Mar 2026 20:32:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58220
IP address blocks:        185.154.60.0/22 maxlen: 22
                          2a02:fac0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/ce46a3-02fa-493d-a73d-bbf5d21e6812/1/YLIOQWiRaNdcYCzA9ulY1mZT-u4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/ce46a3-02fa-493d-a73d-bbf5d21e6812/1/YLIOQWiRaNdcYCzA9ulY1mZT-u4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YLIOQWiRaNdcYCzA9ulY1mZT-u4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 08:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b0:40:8e:f3:f3:42:85:22:8f:98:0f:0b:64:7d:a5:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60b20e41689168d75c602cc0f6e958d66653faee
        Validity
            Not Before: Mar  2 20:32:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aed8b7f477a002774aeba52fa88c9e68e01dace3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:0f:1c:dd:b5:45:b9:e7:71:5e:73:c1:c9:4a:
                    b9:fd:8f:09:a2:b5:9b:7b:5b:35:ef:12:0a:be:72:
                    da:4e:81:ce:ed:16:73:6f:15:c0:02:ea:29:eb:f5:
                    9c:0b:f1:17:11:3a:79:99:10:82:81:46:e2:15:26:
                    bf:53:8a:ca:f4:44:00:13:e9:b4:26:a3:1a:cd:19:
                    38:8f:ca:96:a0:87:7a:5a:4f:91:39:eb:b3:43:6c:
                    3b:ba:b7:ee:a4:f1:0a:41:df:c8:2a:01:b6:49:80:
                    0e:ce:3a:96:76:01:0a:c5:f7:fb:f9:ac:41:c2:bd:
                    cf:7a:39:06:d5:ab:97:c5:a4:19:b3:0a:22:4e:f7:
                    b1:9e:80:46:51:fe:63:47:54:40:52:12:01:30:73:
                    c1:09:e3:0c:b8:23:a4:d4:1f:a2:31:9d:13:30:30:
                    0e:ff:ca:46:39:ea:38:48:d0:36:2a:a7:cd:a3:61:
                    b9:11:89:3c:9f:9a:47:0e:0b:a2:c5:66:b4:f1:a7:
                    b7:a9:1d:7a:23:eb:a5:31:a7:c6:56:03:13:da:96:
                    95:8a:b8:88:4d:1b:53:ad:8e:9c:fb:05:39:6c:c9:
                    52:f3:57:be:ce:91:3f:93:7e:70:68:44:ef:bf:a4:
                    81:30:82:1a:b2:23:bc:f6:e6:20:4f:94:58:ae:d3:
                    3e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:D8:B7:F4:77:A0:02:77:4A:EB:A5:2F:A8:8C:9E:68:E0:1D:AC:E3
            X509v3 Authority Key Identifier:
                keyid:60:B2:0E:41:68:91:68:D7:5C:60:2C:C0:F6:E9:58:D6:66:53:FA:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YLIOQWiRaNdcYCzA9ulY1mZT-u4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/ce46a3-02fa-493d-a73d-bbf5d21e6812/1/rti39HegAndK66UvqIyeaOAdrOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/ce46a3-02fa-493d-a73d-bbf5d21e6812/1/YLIOQWiRaNdcYCzA9ulY1mZT-u4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.60.0/22
                IPv6:
                  2a02:fac0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:41:17:4c:b9:a8:97:17:f0:63:eb:8e:6b:5d:d5:9d:3b:d0:
         58:95:f8:85:8b:a4:12:b7:ca:49:12:a9:e2:88:43:7d:c6:0e:
         1d:af:d2:18:75:9e:37:88:03:97:60:51:1a:04:72:e6:44:84:
         cb:ef:36:e0:e2:2a:72:9f:d4:4c:9c:75:c4:36:45:51:39:7b:
         52:bb:d2:8f:23:b4:3b:b7:d8:60:26:bc:e9:69:a5:bc:2e:a2:
         0c:d7:3b:42:8a:9c:8e:bb:81:47:2f:e2:75:8e:d4:e2:f9:4a:
         5f:6e:86:c7:ea:35:09:10:7e:e2:23:e6:db:2d:f5:6b:43:75:
         e6:e0:7b:f6:3b:7f:05:14:a1:b2:bf:2a:cf:63:ef:7e:c9:8f:
         97:9c:ac:b4:6a:86:bf:87:e5:c7:9d:de:61:0b:6d:f4:2d:5c:
         f7:b0:de:37:24:27:66:67:7b:ef:7f:44:53:a1:35:82:f6:88:
         6e:4b:91:01:de:b0:fe:5f:5b:ca:a1:2c:2c:8d:54:ab:28:17:
         21:07:9d:16:80:b0:44:e1:17:12:6b:68:c6:d5:a6:81:66:21:
         bc:fa:f0:5e:8d:42:67:41:88:ad:0f:41:31:4f:4b:45:fd:28:
         e0:96:12:b2:01:09:6f:4b:e3:75:d3:fc:7b:7b:7b:df:3a:fe:
         a0:53:48:45
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZywQI7z80KFIo+YDwtkfaUOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYjIwZTQxNjg5MTY4ZDc1YzYwMmNjMGY2ZTk1OGQ2NjY1
M2ZhZWUwHhcNMjYwMzAyMjAzMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWQ4YjdmNDc3YTAwMjc3NGFlYmE1MmZhODhjOWU2OGUwMWRhY2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzA8c3bVFuedxXnPByUq5/Y8JorWb
e1s17xIKvnLaToHO7RZzbxXAAuop6/WcC/EXETp5mRCCgUbiFSa/U4rK9EQAE+m0
JqMazRk4j8qWoId6Wk+ROeuzQ2w7urfupPEKQd/IKgG2SYAOzjqWdgEKxff7+axB
wr3PejkG1auXxaQZswoiTvexnoBGUf5jR1RAUhIBMHPBCeMMuCOk1B+iMZ0TMDAO
/8pGOeo4SNA2KqfNo2G5EYk8n5pHDguixWa08ae3qR16I+ulMafGVgMT2paViriI
TRtTrY6c+wU5bMlS81e+zpE/k35waETvv6SBMIIasiO89uYgT5RYrtM+2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK7Yt/R3oAJ3SuulL6iMnmjgHazjMB8GA1UdIwQY
MBaAFGCyDkFokWjXXGAswPbpWNZmU/ruMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUxJT1FXaVJhTmRjWUN6QTl1bFkxbVpULXU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9jZTQ2YTMtMDJmYS00OTNkLWE3M2Qt
YmJmNWQyMWU2ODEyLzEvcnRpMzlIZWdBbmRLNjZVdnFJeWVhT0Fkck9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9jZTQ2YTMtMDJmYS00OTNkLWE3M2QtYmJmNWQyMWU2ODEy
LzEvWUxJT1FXaVJhTmRjWUN6QTl1bFkxbVpULXU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZo8MA0E
AgACMAcDBQAqAvrAMA0GCSqGSIb3DQEBCwUAA4IBAQAPQRdMuaiXF/Bj645rXdWd
O9BYlfiFi6QSt8pJEqniiEN9xg4dr9IYdZ43iAOXYFEaBHLmRITL7zbg4ipyn9RM
nHXENkVROXtSu9KPI7Q7t9hgJrzpaaW8LqIM1ztCipyOu4FHL+J1jtTi+UpfbobH
6jUJEH7iI+bbLfVrQ3Xm4Hv2O38FFKGyvyrPY+9+yY+XnKy0aoa/h+XHnd5hC230
LVz3sN43JCdmZ3vvf0RToTWC9ohuS5EB3rD+X1vKoSwsjVSrKBchB50WgLBE4RcS
a2jG1aaBZiG8+vBejUJnQYitD0ExT0tF/SjglhKyAQlvS+N10/x7e3vfOv6gU0hF
-----END CERTIFICATE-----