Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/VzM1aG3yNVkeQkrZee6u4OpvzC0.roa
File:                     VzM1aG3yNVkeQkrZee6u4OpvzC0.roa (raw, json)
Hash identifier:          z7C5HZSPq/ZYXJLA4/UFUVo7PstPgze0oL1hcp4+WsY=
Subject key identifier:   57:33:35:68:6D:F2:35:59:1E:42:4A:D9:79:EE:AE:E0:EA:6F:CC:2D
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019D05E69210DF6D9E4DDE2EDDDD3C3280E7
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/VzM1aG3yNVkeQkrZee6u4OpvzC0.roa
Signing time:             Thu 19 Mar 2026 11:41:29 +0000
ROA not before:           Thu 19 Mar 2026 11:41:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58678
IP address blocks:        185.24.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:05:e6:92:10:df:6d:9e:4d:de:2e:dd:dd:3c:32:80:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Mar 19 11:41:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=573335686df235591e424ad979eeaee0ea6fcc2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:3a:7e:0a:ab:99:59:c9:c9:b8:ad:49:01:8f:
                    17:e4:3a:32:a9:23:27:b5:e2:7a:06:e6:7a:f4:cd:
                    79:93:f4:c0:08:de:a9:21:3f:c5:02:9f:7b:17:da:
                    56:6c:74:92:66:41:ae:5f:8e:18:0c:38:b8:8e:f8:
                    0c:a7:0a:67:f4:2a:f4:bf:ed:a5:ae:f0:86:8e:98:
                    1d:dd:71:16:81:bf:a9:53:59:68:50:58:8b:bf:dc:
                    5c:c7:2a:e6:e7:45:0b:9d:84:f3:41:f8:16:18:2a:
                    0b:b5:97:7c:8a:47:14:26:9b:e4:cf:28:4d:5b:c2:
                    6c:c9:73:0f:1b:d3:2a:70:24:bb:4f:e9:b0:cf:0b:
                    b5:02:46:cf:83:60:2d:89:69:51:e9:3f:dd:64:95:
                    c3:21:4c:30:aa:aa:4f:f6:28:5d:ae:b4:64:a6:22:
                    aa:e5:fa:08:f9:34:56:90:45:33:1f:fc:e8:f3:05:
                    85:8e:3b:49:69:59:9b:ed:fb:dd:aa:6b:ac:d3:f7:
                    da:68:13:81:89:c5:10:ab:0b:d8:d4:f6:74:20:d8:
                    6c:21:4c:06:10:15:f7:56:ad:bb:20:a8:0d:58:53:
                    d7:d6:33:32:df:06:f1:b3:aa:02:51:40:35:d1:86:
                    31:63:2b:89:25:ce:51:e4:83:23:0b:83:bc:3a:be:
                    88:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:33:35:68:6D:F2:35:59:1E:42:4A:D9:79:EE:AE:E0:EA:6F:CC:2D
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/VzM1aG3yNVkeQkrZee6u4OpvzC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:f3:df:aa:d3:4e:95:72:75:d4:6c:c6:bb:56:a4:16:67:16:
         e8:61:72:72:da:91:2f:d0:1f:c7:9a:33:a3:65:33:54:22:2e:
         0b:80:d0:04:5d:e9:9e:fe:b5:e1:0d:e3:0f:d8:27:7e:64:26:
         29:64:18:24:c5:5d:f6:5a:8c:22:ca:cc:06:38:00:1b:0b:aa:
         63:f0:08:0d:e2:70:5d:47:85:b5:7f:08:6c:f6:9a:4d:bc:f6:
         07:c2:36:ec:e4:cb:f9:7d:29:7f:f9:2a:8f:56:c5:e0:26:b9:
         a7:d7:02:2e:0e:be:cd:89:6a:e5:b3:40:99:0c:0b:4c:b1:fe:
         d8:d1:a4:fc:55:59:35:9e:c8:b6:d1:f5:3c:8d:7f:41:45:81:
         b8:45:5a:cd:21:44:2f:b9:b1:e6:96:23:04:a9:8d:c9:c8:ca:
         3d:1d:87:e5:8e:f9:01:e1:30:9e:53:85:10:bb:64:77:35:5c:
         a0:97:bf:62:70:8f:88:80:8f:33:4e:92:ef:53:fc:ad:5b:3a:
         e6:ad:f4:57:1e:d2:20:fd:11:7b:2c:23:49:f3:56:cf:f3:15:
         b6:b1:37:04:06:1a:26:b7:14:81:78:dc:4e:8d:b6:2f:02:5e:
         89:f6:de:0b:d0:9a:01:56:a6:6f:1d:30:2f:5e:74:59:24:38:
         a3:f4:99:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0F5pIQ322eTd4u3d08MoDnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjYwMzE5MTE0MTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzMzMzU2ODZkZjIzNTU5MWU0MjRhZDk3OWVlYWVlMGVhNmZjYzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzp+CquZWcnJuK1JAY8X5DoyqSMn
teJ6BuZ69M15k/TACN6pIT/FAp97F9pWbHSSZkGuX44YDDi4jvgMpwpn9Cr0v+2l
rvCGjpgd3XEWgb+pU1loUFiLv9xcxyrm50ULnYTzQfgWGCoLtZd8ikcUJpvkzyhN
W8JsyXMPG9MqcCS7T+mwzwu1AkbPg2AtiWlR6T/dZJXDIUwwqqpP9ihdrrRkpiKq
5foI+TRWkEUzH/zo8wWFjjtJaVmb7fvdqmus0/faaBOBicUQqwvY1PZ0INhsIUwG
EBX3Vq27IKgNWFPX1jMy3wbxs6oCUUA10YYxYyuJJc5R5IMjC4O8Or6IbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFczNWht8jVZHkJK2XnuruDqb8wtMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvVnpNMWFHM3lOVmtlUWtyWmVlNnU0T3B2ekMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRiVMA0G
CSqGSIb3DQEBCwUAA4IBAQCm89+q006VcnXUbMa7VqQWZxboYXJy2pEv0B/HmjOj
ZTNUIi4LgNAEXeme/rXhDeMP2Cd+ZCYpZBgkxV32WowiyswGOAAbC6pj8AgN4nBd
R4W1fwhs9ppNvPYHwjbs5Mv5fSl/+SqPVsXgJrmn1wIuDr7NiWrls0CZDAtMsf7Y
0aT8VVk1nsi20fU8jX9BRYG4RVrNIUQvubHmliMEqY3JyMo9HYfljvkB4TCeU4UQ
u2R3NVygl79icI+IgI8zTpLvU/ytWzrmrfRXHtIg/RF7LCNJ81bP8xW2sTcEBhom
txSBeNxOjbYvAl6J9t4L0JoBVqZvHTAvXnRZJDij9Jmc
-----END CERTIFICATE-----