Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/lJScOG5LOulfUq35GHqhV0UStYY.roa
File:                     lJScOG5LOulfUq35GHqhV0UStYY.roa (raw, json)
Hash identifier:          geVsDK4WXRy7upYOtJbbRUUAo79rfmFTVRYjfiVzY3Q=
Subject key identifier:   94:94:9C:38:6E:4B:3A:E9:5F:52:AD:F9:18:7A:A1:57:45:12:B5:86
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019DD301D90D45199BFEDC87F1122D3FE5CB
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/lJScOG5LOulfUq35GHqhV0UStYY.roa
Signing time:             Tue 28 Apr 2026 07:33:26 +0000
ROA not before:           Tue 28 Apr 2026 07:33:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198753
IP address blocks:        104.222.176.0/24 maxlen: 24
                          104.249.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:01:d9:0d:45:19:9b:fe:dc:87:f1:12:2d:3f:e5:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Apr 28 07:33:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=94949c386e4b3ae95f52adf9187aa1574512b586
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:61:36:7c:c5:9b:02:f6:de:50:e1:5b:c5:6d:
                    de:84:56:ba:71:17:42:89:dd:a4:28:88:fe:67:80:
                    48:33:51:85:c1:c6:c5:ef:7a:8f:68:4d:ed:c4:6f:
                    be:59:f2:42:92:7f:1f:3b:14:54:1a:ab:83:fb:e5:
                    25:6c:eb:2b:27:0e:6e:d7:61:7b:ce:a2:ea:65:46:
                    f9:7a:52:dc:02:17:bb:dd:d1:06:fd:3b:be:8a:b3:
                    84:bb:4b:37:6f:3d:1a:fa:a8:77:0e:87:1e:e0:b1:
                    8f:3b:c1:4d:18:d1:20:09:c6:0d:84:07:7f:c9:1b:
                    2a:12:31:ef:5b:b3:9c:ab:d1:8e:76:58:7b:79:96:
                    12:1b:e4:44:2c:52:02:f1:fd:76:35:ea:2a:5c:af:
                    18:a0:62:b9:b1:48:a7:f0:9e:36:3f:a0:6b:7a:db:
                    e1:3d:3a:47:cc:30:21:b7:bb:25:b4:db:5a:21:18:
                    b5:0f:27:95:27:01:44:04:99:de:9c:51:fd:98:87:
                    60:50:4e:bb:93:31:96:5d:98:78:6f:88:8f:83:30:
                    fa:83:27:12:e3:5d:43:14:c2:7e:c4:a0:b8:05:ca:
                    75:4c:d5:7d:5d:86:45:4b:1f:1f:c3:34:00:6b:2e:
                    0d:85:37:dc:b7:d4:0d:ba:51:34:d9:b7:69:c8:c5:
                    6c:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:94:9C:38:6E:4B:3A:E9:5F:52:AD:F9:18:7A:A1:57:45:12:B5:86
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/lJScOG5LOulfUq35GHqhV0UStYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.222.176.0/24
                  104.249.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:c9:6f:4f:3c:ee:c8:b3:86:2c:94:bb:fe:e9:64:6e:4e:31:
         2f:2c:cf:ff:5c:cc:83:dc:be:37:12:6e:1b:af:e5:89:9e:a3:
         f7:41:2b:96:d6:32:f6:12:b3:00:ac:ea:41:f8:02:b7:1c:a6:
         59:09:40:16:62:79:02:e1:59:c6:dc:06:92:72:2e:6a:e6:1c:
         ad:d3:6c:34:c4:d1:80:8c:1c:20:d2:7a:c5:da:e0:cb:1f:c2:
         33:cf:f4:65:32:ea:d9:82:64:eb:f8:3f:b3:41:9e:e2:ae:a0:
         bc:6a:89:ff:b7:a2:40:01:a4:f9:48:88:04:c8:7e:db:bf:97:
         d5:5f:b2:43:18:43:85:18:64:50:8c:17:e7:dd:0f:80:dd:61:
         70:07:76:da:ef:1d:b9:15:c4:e1:b6:53:76:cd:9a:38:c6:71:
         5c:a5:c2:6a:31:e8:a0:ca:0f:13:5c:dd:6e:d0:2a:3c:c6:d5:
         48:76:c8:9d:f5:3a:c3:f3:c6:d7:5e:16:22:ec:24:37:ce:4b:
         bc:7b:ad:3a:d4:dd:73:03:7a:2b:1b:83:06:0c:fb:c9:da:82:
         64:aa:b6:ed:ce:55:e4:b1:e9:e3:7b:10:03:7c:eb:ab:b8:07:
         bc:8f:6c:00:60:69:50:41:47:e1:36:a4:ed:33:bf:7e:fd:c4:
         85:d2:5a:1f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3TAdkNRRmb/tyH8RItP+XLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwNDI4MDczMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDk0OWMzODZlNGIzYWU5NWY1MmFkZjkxODdhYTE1NzQ1MTJiNTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWE2fMWbAvbeUOFbxW3ehFa6cRdC
id2kKIj+Z4BIM1GFwcbF73qPaE3txG++WfJCkn8fOxRUGquD++UlbOsrJw5u12F7
zqLqZUb5elLcAhe73dEG/Tu+irOEu0s3bz0a+qh3Doce4LGPO8FNGNEgCcYNhAd/
yRsqEjHvW7Ocq9GOdlh7eZYSG+RELFIC8f12NeoqXK8YoGK5sUin8J42P6Bretvh
PTpHzDAht7sltNtaIRi1DyeVJwFEBJnenFH9mIdgUE67kzGWXZh4b4iPgzD6gycS
411DFMJ+xKC4Bcp1TNV9XYZFSx8fwzQAay4NhTfct9QNulE02bdpyMVspQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJSUnDhuSzrpX1Kt+Rh6oVdFErWGMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvbEpTY09HNUxPdWxmVXEzNUdIcWhWMFVTdFlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAaN6wAwQA
aPkqMA0GCSqGSIb3DQEBCwUAA4IBAQBnyW9PPO7Is4YslLv+6WRuTjEvLM//XMyD
3L43Em4br+WJnqP3QSuW1jL2ErMArOpB+AK3HKZZCUAWYnkC4VnG3AaSci5q5hyt
02w0xNGAjBwg0nrF2uDLH8Izz/RlMurZgmTr+D+zQZ7irqC8aon/t6JAAaT5SIgE
yH7bv5fVX7JDGEOFGGRQjBfn3Q+A3WFwB3ba7x25FcThtlN2zZo4xnFcpcJqMeig
yg8TXN1u0Co8xtVIdsid9TrD88bXXhYi7CQ3zku8e6061N1zA3orG4MGDPvJ2oJk
qrbtzlXksenjexADfOuruAe8j2wAYGlQQUfhNqTtM79+/cSF0lof
-----END CERTIFICATE-----