Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/dTBGT4Dz5-wcMADCAN8Dzj6ZXv8.roa
File:                     dTBGT4Dz5-wcMADCAN8Dzj6ZXv8.roa (raw, json)
Hash identifier:          rcN80U9U7QHYeIDWjMRA3gFyjUfMjCbe/cw0PAtszSs=
Subject key identifier:   75:30:46:4F:80:F3:E7:EC:1C:30:00:C2:00:DF:03:CE:3E:99:5E:FF
Certificate issuer:       /CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
Certificate serial:       019D67316DE346BF17A1654F07F3F043650A
Authority key identifier: D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/dTBGT4Dz5-wcMADCAN8Dzj6ZXv8.roa
Signing time:             Tue 07 Apr 2026 09:06:25 +0000
ROA not before:           Tue 07 Apr 2026 09:06:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40352
IP address blocks:        109.105.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 17:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:67:31:6d:e3:46:bf:17:a1:65:4f:07:f3:f0:43:65:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
        Validity
            Not Before: Apr  7 09:06:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7530464f80f3e7ec1c3000c200df03ce3e995eff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f1:4a:6e:00:fa:ef:a9:3c:06:55:5d:6b:97:
                    59:90:ca:f2:42:56:db:79:76:a8:5c:fd:f9:8a:c4:
                    0e:65:30:c3:7a:df:be:f2:64:11:cc:bd:be:bb:d9:
                    ec:83:70:13:d5:fe:37:75:d6:41:12:3d:78:cf:1c:
                    d6:b4:d7:68:2b:bd:91:7a:0c:56:eb:48:07:22:bf:
                    5b:fd:8e:31:74:5a:1b:3f:a5:e7:ed:86:e9:f8:25:
                    88:0a:d4:09:2f:0c:89:17:3e:50:e0:3f:7b:d4:75:
                    43:32:b1:a5:70:f2:4e:0b:5a:a1:e3:73:b7:73:6c:
                    72:88:04:4c:88:8f:26:59:88:e9:18:c7:ac:f7:9e:
                    03:31:cc:bf:31:27:86:7e:da:e3:de:2c:cc:c1:0b:
                    1a:66:81:cb:27:03:16:1f:95:e9:67:05:d2:07:8d:
                    eb:4d:05:bf:97:d5:b2:bd:b2:1a:a8:76:51:5b:67:
                    35:83:0f:32:17:27:98:67:65:7e:64:ed:a0:5e:14:
                    57:7d:d2:49:e2:d4:20:66:f3:95:77:3f:86:6e:b9:
                    bb:b0:29:3a:96:73:a2:46:31:d9:0e:c0:1a:da:75:
                    10:75:f9:6d:ae:5b:6a:01:4f:90:d1:cb:19:dd:6d:
                    e8:8c:e4:d9:72:07:47:0f:ba:0f:cb:6c:ef:98:45:
                    79:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:30:46:4F:80:F3:E7:EC:1C:30:00:C2:00:DF:03:CE:3E:99:5E:FF
            X509v3 Authority Key Identifier:
                keyid:D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/dTBGT4Dz5-wcMADCAN8Dzj6ZXv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.105.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:69:b7:36:7d:49:79:35:d6:3a:f5:cf:e9:e4:df:2c:81:55:
         6e:dc:3d:b8:78:64:fc:60:0b:50:a1:49:83:2e:1d:90:5e:1f:
         0e:b5:28:84:8f:84:53:5c:1b:cd:de:b8:3f:ad:13:de:6c:98:
         1d:9a:b4:67:19:ab:68:62:5f:e0:95:fc:1f:a0:d0:6c:17:0a:
         98:e6:2c:8e:3c:fe:be:df:f7:00:b2:99:a7:73:ac:61:44:c3:
         49:12:d4:86:15:85:d8:21:9c:0a:30:6a:88:fc:a0:ec:82:1b:
         5f:8e:da:42:81:81:ec:b2:0f:d2:46:ab:77:6d:ef:1c:10:10:
         c5:0b:f0:31:77:6f:cd:9c:4c:d1:3a:99:00:0a:e8:78:9d:84:
         6b:c7:33:5b:11:99:da:e5:6a:75:5b:5e:90:53:27:f1:4f:3d:
         c1:52:ce:da:e8:b7:6d:c1:eb:bb:bd:ed:66:a0:39:8b:bc:3f:
         1b:5b:e2:c5:a2:bf:b4:11:09:4b:a0:f3:7b:09:0e:46:3a:55:
         8c:4a:16:ec:27:10:2b:2b:34:44:a9:4d:64:f4:cd:a4:a9:5b:
         9a:87:97:fa:48:33:76:07:a5:33:c0:ce:73:7c:e7:5c:2f:ba:
         d8:10:5e:bc:13:90:ab:18:15:25:80:eb:df:5a:b8:57:db:6d:
         49:c9:fe:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1nMW3jRr8XoWVPB/PwQ2UKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4YzYwYTBkMmQ3MGE5MzM3ZDBiZGE1NmQxYWQ1OTZhYzFm
NjljZGEwHhcNMjYwNDA3MDkwNjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTMwNDY0ZjgwZjNlN2VjMWMzMDAwYzIwMGRmMDNjZTNlOTk1ZWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfFKbgD676k8BlVda5dZkMryQlbb
eXaoXP35isQOZTDDet++8mQRzL2+u9nsg3AT1f43ddZBEj14zxzWtNdoK72RegxW
60gHIr9b/Y4xdFobP6Xn7Ybp+CWICtQJLwyJFz5Q4D971HVDMrGlcPJOC1qh43O3
c2xyiARMiI8mWYjpGMes954DMcy/MSeGftrj3izMwQsaZoHLJwMWH5XpZwXSB43r
TQW/l9WyvbIaqHZRW2c1gw8yFyeYZ2V+ZO2gXhRXfdJJ4tQgZvOVdz+Gbrm7sCk6
lnOiRjHZDsAa2nUQdfltrltqAU+Q0csZ3W3ojOTZcgdHD7oPy2zvmEV5twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUwRk+A8+fsHDAAwgDfA84+mV7/MB8GA1UdIwQY
MBaAFNjGCg0tcKkzfQvaVtGtWWrB9pzaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUt
ZGQyOTRjMzc4ZjZjLzEvZFRCR1Q0RHo1LXdjTUFEQ0FOOER6ajZaWHY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUtZGQyOTRjMzc4ZjZj
LzEvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWnHMA0G
CSqGSIb3DQEBCwUAA4IBAQA1abc2fUl5NdY69c/p5N8sgVVu3D24eGT8YAtQoUmD
Lh2QXh8OtSiEj4RTXBvN3rg/rRPebJgdmrRnGatoYl/glfwfoNBsFwqY5iyOPP6+
3/cAspmnc6xhRMNJEtSGFYXYIZwKMGqI/KDsghtfjtpCgYHssg/SRqt3be8cEBDF
C/Axd2/NnEzROpkACuh4nYRrxzNbEZna5Wp1W16QUyfxTz3BUs7a6Ldtweu7ve1m
oDmLvD8bW+LFor+0EQlLoPN7CQ5GOlWMShbsJxArKzREqU1k9M2kqVuah5f6SDN2
B6UzwM5zfOdcL7rYEF68E5CrGBUlgOvfWrhX221Jyf4H
-----END CERTIFICATE-----