Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/Itg1prYwWRPhF5zNIUnOGVNFGeM.roa
File:                     Itg1prYwWRPhF5zNIUnOGVNFGeM.roa (raw, json)
Hash identifier:          nAsp415Ngb0XOA9HboUId94jZhl5oTnXqu3QjJfj8KU=
Subject key identifier:   22:D8:35:A6:B6:30:59:13:E1:17:9C:CD:21:49:CE:19:53:45:19:E3
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       019E8E8BD8F33599DFBCB74406686FD16325
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/Itg1prYwWRPhF5zNIUnOGVNFGeM.roa
Signing time:             Wed 03 Jun 2026 17:33:10 +0000
ROA not before:           Wed 03 Jun 2026 17:33:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197151
IP address blocks:        2a05:4140:2000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8e:8b:d8:f3:35:99:df:bc:b7:44:06:68:6f:d1:63:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jun  3 17:33:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=22d835a6b6305913e1179ccd2149ce19534519e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:93:f4:16:a3:92:ac:8f:80:a7:a6:8c:64:74:
                    2a:4b:3f:da:4c:51:fc:b6:43:6f:eb:e6:ca:e7:9c:
                    2f:fa:a7:e5:44:da:a0:41:67:36:d5:44:19:8d:67:
                    39:3b:95:92:8d:12:1c:ac:8c:d8:51:96:8a:62:8a:
                    bf:82:f9:26:f3:af:a9:c0:47:8f:f0:be:f8:78:1b:
                    75:d9:6a:d2:93:61:81:08:0b:49:50:30:9e:42:19:
                    d9:5a:cd:f9:22:0d:b7:f2:c5:7a:ab:82:f6:32:94:
                    a3:14:1a:40:45:97:6f:d6:2a:2b:e7:51:60:05:40:
                    b8:e8:66:3d:e7:ee:41:c6:14:28:5e:e0:d3:af:72:
                    ed:2b:71:d3:3d:9d:45:e7:76:b6:71:83:e9:3b:3c:
                    94:b6:dc:39:ff:f0:44:74:44:a8:f6:3e:a1:d2:30:
                    2e:4d:1b:6d:77:0a:1e:b2:e3:f3:49:a1:87:08:30:
                    cc:d8:3d:9e:b7:3f:6a:29:8a:e9:f1:7c:e1:aa:c1:
                    34:d8:ca:c8:42:ce:0d:63:93:8e:fb:c0:12:62:64:
                    13:fb:37:6a:58:06:6f:e5:0b:71:bd:ef:99:3c:6a:
                    cb:a4:66:f6:7f:45:ee:25:ad:5b:b7:fc:44:45:03:
                    f1:ab:30:72:52:5c:d9:b4:2b:5b:f1:e6:cc:08:c2:
                    ee:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:D8:35:A6:B6:30:59:13:E1:17:9C:CD:21:49:CE:19:53:45:19:E3
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/Itg1prYwWRPhF5zNIUnOGVNFGeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         89:1b:51:2d:22:1a:ca:60:b2:92:1d:42:dd:96:e2:00:42:8b:
         7d:14:ac:4d:79:ba:d2:5b:b8:2f:52:f3:18:0f:da:7b:d6:16:
         a3:04:c3:63:ba:ce:8b:09:a7:89:2c:a7:f1:39:1b:21:4c:7d:
         a0:55:d3:25:ad:b6:68:bf:93:9e:33:7c:b6:d4:4c:32:a3:7b:
         7a:0b:0c:01:53:56:0f:85:65:af:c4:3b:04:e8:35:a0:8d:51:
         17:02:0b:b2:96:9f:d1:62:ba:80:d3:9d:6e:81:ac:c9:25:9c:
         1c:49:c7:0b:30:4e:b2:f2:a1:5d:49:1c:b9:f5:6d:50:5f:39:
         75:fc:a4:b5:e6:c2:1a:06:f7:3e:6a:8b:d5:74:2e:6f:2a:ea:
         fb:2e:70:1e:34:9c:32:9d:18:44:14:36:6c:e5:ec:38:cc:c7:
         1c:d2:09:06:79:65:e0:7a:d8:c7:41:b1:28:d3:ae:04:5e:cf:
         87:62:e5:5f:11:95:a2:a6:e9:9d:28:29:f6:95:04:a8:a1:9c:
         fe:c9:df:a8:79:96:c7:10:b9:de:7c:10:21:22:c9:45:33:37:
         f7:70:72:38:0b:4d:80:71:ca:50:67:b6:22:ff:fd:20:3f:e9:
         c7:c1:6e:72:61:f5:22:f8:a2:d4:1c:63:f5:a7:05:be:30:99:
         a4:2b:9c:e3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ6Oi9jzNZnfvLdEBmhv0WMlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjYwNjAzMTczMzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmQ4MzVhNmI2MzA1OTEzZTExNzljY2QyMTQ5Y2UxOTUzNDUxOWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5P0FqOSrI+Ap6aMZHQqSz/aTFH8
tkNv6+bK55wv+qflRNqgQWc21UQZjWc5O5WSjRIcrIzYUZaKYoq/gvkm86+pwEeP
8L74eBt12WrSk2GBCAtJUDCeQhnZWs35Ig238sV6q4L2MpSjFBpARZdv1ior51Fg
BUC46GY95+5BxhQoXuDTr3LtK3HTPZ1F53a2cYPpOzyUttw5//BEdESo9j6h0jAu
TRttdwoesuPzSaGHCDDM2D2etz9qKYrp8XzhqsE02MrIQs4NY5OO+8ASYmQT+zdq
WAZv5Qtxve+ZPGrLpGb2f0XuJa1bt/xERQPxqzByUlzZtCtb8ebMCMLuAwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCLYNaa2MFkT4ReczSFJzhlTRRnjMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvSXRnMXByWXdXUlBoRjV6TklVbk9HVk5GR2VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgVBQCAw
DQYJKoZIhvcNAQELBQADggEBAIkbUS0iGspgspIdQt2W4gBCi30UrE15utJbuC9S
8xgP2nvWFqMEw2O6zosJp4ksp/E5GyFMfaBV0yWttmi/k54zfLbUTDKje3oLDAFT
Vg+FZa/EOwToNaCNURcCC7KWn9FiuoDTnW6BrMklnBxJxwswTrLyoV1JHLn1bVBf
OXX8pLXmwhoG9z5qi9V0Lm8q6vsucB40nDKdGEQUNmzl7DjMxxzSCQZ5ZeB62MdB
sSjTrgRez4di5V8RlaKm6Z0oKfaVBKihnP7J36h5lscQud58ECEiyUUzN/dwcjgL
TYBxylBntiL//SA/6cfBbnJh9SL4otQcY/WnBb4wmaQrnOM=
-----END CERTIFICATE-----