Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/c10fc8-a3c6-48ac-8da9-24eee8943931/1/c0Vk60kJ7ueTPIokv7qGtH3eTTQ.roa
File:                     c0Vk60kJ7ueTPIokv7qGtH3eTTQ.roa (raw, json)
Hash identifier:          O+dHMuQMe/fBcOZ5bxLhWVDzmIw1sCX/tFC/j0yj2qI=
Subject key identifier:   73:45:64:EB:49:09:EE:E7:93:3C:8A:24:BF:BA:86:B4:7D:DE:4D:34
Certificate issuer:       /CN=39f9e681ab2727e7af03c9afc59f6bad8318faaf
Certificate serial:       019DE29D8C5D4B6298B6E4D4ACF372D381D5
Authority key identifier: 39:F9:E6:81:AB:27:27:E7:AF:03:C9:AF:C5:9F:6B:AD:83:18:FA:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfnmgasnJ-evA8mvxZ9rrYMY-q8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/c10fc8-a3c6-48ac-8da9-24eee8943931/1/c0Vk60kJ7ueTPIokv7qGtH3eTTQ.roa
Signing time:             Fri 01 May 2026 08:17:49 +0000
ROA not before:           Fri 01 May 2026 08:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198733
IP address blocks:        185.104.1.0/24 maxlen: 24
                          2001:3640::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/c10fc8-a3c6-48ac-8da9-24eee8943931/1/OfnmgasnJ-evA8mvxZ9rrYMY-q8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/c10fc8-a3c6-48ac-8da9-24eee8943931/1/OfnmgasnJ-evA8mvxZ9rrYMY-q8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfnmgasnJ-evA8mvxZ9rrYMY-q8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e2:9d:8c:5d:4b:62:98:b6:e4:d4:ac:f3:72:d3:81:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f9e681ab2727e7af03c9afc59f6bad8318faaf
        Validity
            Not Before: May  1 08:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=734564eb4909eee7933c8a24bfba86b47dde4d34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9f:e2:4c:a5:22:23:5f:d3:44:d4:8e:77:1a:
                    ee:95:9f:07:1d:cc:ff:90:9f:4a:75:ee:b7:8c:fb:
                    e7:21:db:25:c6:77:71:b5:b0:04:5c:50:38:1c:eb:
                    24:3a:dd:76:78:1a:15:95:84:3b:ab:a3:e8:57:42:
                    df:b0:1f:c3:d3:04:fd:33:0a:2d:6c:06:0d:04:da:
                    08:ab:23:cc:58:05:17:05:3c:db:14:2b:dc:01:88:
                    64:91:cc:8e:08:1c:a9:39:7c:f5:1c:dc:04:c5:29:
                    9b:8f:a4:c6:30:5d:27:aa:2c:93:a4:d7:70:07:73:
                    8a:3b:85:6d:17:bc:21:96:1e:f2:46:f7:ea:2c:6f:
                    83:e0:c4:ec:2f:ba:c8:87:d9:a2:c5:ec:f2:65:58:
                    4c:d4:3a:b3:db:d9:71:1a:c3:83:8e:68:7d:8d:a0:
                    14:c3:37:08:eb:f2:04:a7:53:66:c1:6c:c6:2a:ee:
                    d4:fb:03:96:ee:fd:0a:8e:3d:5a:ba:f6:12:69:33:
                    d2:ae:7e:03:49:61:49:29:1c:9c:c6:d8:28:14:2d:
                    a9:f0:8d:2b:22:67:1b:b6:8b:77:a3:2c:02:2b:ec:
                    1a:fd:9a:b5:d0:1f:c4:78:9e:51:20:63:15:db:02:
                    9b:1d:bd:53:f4:03:41:4a:9b:5f:8f:31:04:f5:da:
                    27:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:45:64:EB:49:09:EE:E7:93:3C:8A:24:BF:BA:86:B4:7D:DE:4D:34
            X509v3 Authority Key Identifier:
                keyid:39:F9:E6:81:AB:27:27:E7:AF:03:C9:AF:C5:9F:6B:AD:83:18:FA:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfnmgasnJ-evA8mvxZ9rrYMY-q8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/c10fc8-a3c6-48ac-8da9-24eee8943931/1/c0Vk60kJ7ueTPIokv7qGtH3eTTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/c10fc8-a3c6-48ac-8da9-24eee8943931/1/OfnmgasnJ-evA8mvxZ9rrYMY-q8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.1.0/24
                IPv6:
                  2001:3640::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:b9:49:21:f2:19:1b:58:c3:c6:34:16:ae:91:a3:d0:c6:8e:
         5b:d9:0f:df:b4:7d:4d:1e:1c:6e:bc:5d:b4:a4:d9:71:0d:40:
         56:4b:de:25:6e:5e:4f:ab:fe:60:a7:5f:84:d5:03:1c:88:e7:
         4d:88:02:5e:6b:4d:83:f1:13:a7:40:ca:2e:93:2b:6d:ba:cb:
         49:cb:de:27:d8:6e:1a:38:12:82:65:e3:38:2f:eb:7e:19:f5:
         3f:2c:bc:00:19:37:23:3b:eb:6b:4f:0e:4f:90:10:f0:87:6b:
         00:34:d2:73:8c:36:1d:8a:b1:c8:32:32:f9:12:d3:66:61:ff:
         fd:d2:b3:ad:b5:80:03:23:08:12:60:9f:51:d8:8c:17:71:14:
         7d:e7:9c:b4:a3:cf:fa:98:09:f9:9e:85:be:80:d0:ba:20:63:
         c9:40:46:5f:0c:d4:b1:ee:81:23:60:8e:45:cd:be:f0:bf:cc:
         64:a1:72:93:1d:92:d9:cd:aa:d2:06:78:1f:6d:fa:cd:31:60:
         42:d3:b2:a9:ac:93:94:c3:4f:a4:50:f1:7e:91:b0:06:6a:f8:
         01:9b:e0:ed:c8:d8:2a:13:03:e5:0c:70:e7:44:75:66:d5:7f:
         d9:d4:4b:27:79:70:20:ce:1a:ad:81:d0:44:aa:c7:42:b8:0b:
         21:4e:8e:e0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ3inYxdS2KYtuTUrPNy04HVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5ZjllNjgxYWIyNzI3ZTdhZjAzYzlhZmM1OWY2YmFkODMx
OGZhYWYwHhcNMjYwNTAxMDgxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzQ1NjRlYjQ5MDllZWU3OTMzYzhhMjRiZmJhODZiNDdkZGU0ZDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZ/iTKUiI1/TRNSOdxrulZ8HHcz/
kJ9Kde63jPvnIdslxndxtbAEXFA4HOskOt12eBoVlYQ7q6PoV0LfsB/D0wT9Mwot
bAYNBNoIqyPMWAUXBTzbFCvcAYhkkcyOCBypOXz1HNwExSmbj6TGMF0nqiyTpNdw
B3OKO4VtF7whlh7yRvfqLG+D4MTsL7rIh9mixezyZVhM1Dqz29lxGsODjmh9jaAU
wzcI6/IEp1NmwWzGKu7U+wOW7v0Kjj1auvYSaTPSrn4DSWFJKRycxtgoFC2p8I0r
Imcbtot3oywCK+wa/Zq10B/EeJ5RIGMV2wKbHb1T9ANBSptfjzEE9donhQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHNFZOtJCe7nkzyKJL+6hrR93k00MB8GA1UdIwQY
MBaAFDn55oGrJyfnrwPJr8Wfa62DGPqvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2ZubWdhc25KLWV2QThtdnhaOXJyWU1ZLXE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9jMTBmYzgtYTNjNi00OGFjLThkYTkt
MjRlZWU4OTQzOTMxLzEvYzBWazYwa0o3dWVUUElva3Y3cUd0SDNlVFRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9jMTBmYzgtYTNjNi00OGFjLThkYTktMjRlZWU4OTQzOTMx
LzEvT2ZubWdhc25KLWV2QThtdnhaOXJyWU1ZLXE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuWgBMA0E
AgACMAcDBQMgATZAMA0GCSqGSIb3DQEBCwUAA4IBAQA8uUkh8hkbWMPGNBaukaPQ
xo5b2Q/ftH1NHhxuvF20pNlxDUBWS94lbl5Pq/5gp1+E1QMciOdNiAJea02D8ROn
QMoukyttustJy94n2G4aOBKCZeM4L+t+GfU/LLwAGTcjO+trTw5PkBDwh2sANNJz
jDYdirHIMjL5EtNmYf/90rOttYADIwgSYJ9R2IwXcRR955y0o8/6mAn5noW+gNC6
IGPJQEZfDNSx7oEjYI5Fzb7wv8xkoXKTHZLZzarSBngfbfrNMWBC07KprJOUw0+k
UPF+kbAGavgBm+DtyNgqEwPlDHDnRHVm1X/Z1EsneXAgzhqtgdBEqsdCuAshTo7g
-----END CERTIFICATE-----