Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/myFCIcbDjAfUFsTW0a-pFUEt6gs.roa
File:                     myFCIcbDjAfUFsTW0a-pFUEt6gs.roa (raw, json)
Hash identifier:          TuRTyO0NRY/3a0axA5HneX8R1NypXuOC0siuMNuJ6sU=
Subject key identifier:   9B:21:42:21:C6:C3:8C:07:D4:16:C4:D6:D1:AF:A9:15:41:2D:EA:0B
Certificate issuer:       /CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
Certificate serial:       019CC219F4E4313D12ED674D6367EE0DBABF
Authority key identifier: D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/myFCIcbDjAfUFsTW0a-pFUEt6gs.roa
Signing time:             Fri 06 Mar 2026 07:43:26 +0000
ROA not before:           Fri 06 Mar 2026 07:43:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        109.105.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Mar 2026 04:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c2:19:f4:e4:31:3d:12:ed:67:4d:63:67:ee:0d:ba:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
        Validity
            Not Before: Mar  6 07:43:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b214221c6c38c07d416c4d6d1afa915412dea0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:30:77:f3:52:33:37:94:6b:1f:fa:30:76:9c:
                    05:04:7d:20:b5:d7:69:a5:48:b6:05:94:3b:9e:4c:
                    99:ad:f4:3e:26:18:41:8f:5d:c7:a4:c5:ea:cc:78:
                    53:f6:9c:5c:9d:9b:19:5b:18:fb:a4:10:1e:14:16:
                    e3:44:4e:5d:62:26:5c:1e:2d:ea:d5:82:1f:f1:eb:
                    ac:97:e3:a6:ff:f0:fb:9f:c4:8e:b0:1b:99:7e:5c:
                    0f:64:de:f4:bb:f9:b8:f1:4e:81:a1:67:fc:3d:67:
                    44:0d:46:f0:ea:23:fa:4c:04:f3:bf:3c:c6:4c:be:
                    ac:66:ce:84:7c:04:2c:ff:b3:45:6c:cb:ee:14:e4:
                    97:45:f4:3f:da:2b:3f:fa:e3:82:83:b8:10:da:b5:
                    5c:90:fa:ea:e4:6a:e3:50:b9:ca:35:6b:bf:ec:79:
                    70:08:49:f9:8c:69:73:80:21:23:8a:dd:50:ed:f3:
                    77:03:ce:b0:da:70:46:72:76:84:ff:71:d1:96:48:
                    79:07:6b:1d:7d:4f:15:86:4e:78:d3:29:d0:24:6e:
                    7c:2a:96:30:ec:bb:46:11:b3:65:33:62:1a:02:a7:
                    8a:ce:3f:93:48:ee:70:95:19:64:bc:0d:83:63:b4:
                    48:80:e5:f3:67:d7:e3:2f:1d:32:15:4f:eb:69:d7:
                    cc:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:21:42:21:C6:C3:8C:07:D4:16:C4:D6:D1:AF:A9:15:41:2D:EA:0B
            X509v3 Authority Key Identifier:
                keyid:D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/myFCIcbDjAfUFsTW0a-pFUEt6gs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.105.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:4e:8f:af:bc:2a:c6:da:b2:b7:72:7d:b4:6d:f6:a6:45:88:
         88:c6:80:27:89:75:de:16:39:a1:49:63:56:8a:32:e0:f4:78:
         4b:17:72:c0:c0:91:8c:3c:cf:34:15:32:da:26:18:2b:69:a2:
         31:09:cb:d0:1b:b2:6c:e8:dd:96:d7:50:a4:28:73:1e:be:f1:
         48:cb:79:df:ed:ee:ea:40:54:eb:c8:f6:a8:2c:10:9b:9a:12:
         28:25:13:ce:21:14:01:8c:eb:36:9c:1a:b5:3b:eb:84:39:f2:
         96:07:ba:fc:b8:26:89:0d:6a:bb:c0:01:93:69:74:c5:bf:fb:
         19:fa:7e:37:76:a8:45:c7:a3:14:59:09:16:99:16:71:8b:71:
         57:59:5b:61:b9:99:e9:e7:28:46:75:81:5a:db:01:25:6c:df:
         d4:81:17:82:35:c7:16:3c:f5:d8:32:ce:df:24:56:7e:34:66:
         8e:ad:51:4d:23:1c:52:ec:ed:a2:d0:31:34:c7:9b:5c:0a:1d:
         8b:cc:4a:0b:b9:ed:dc:4e:46:ed:61:2b:bd:96:b5:48:d4:bf:
         08:5f:0e:93:ba:3a:32:1a:33:10:39:08:3a:9d:12:1e:3a:de:
         ea:b7:6d:6a:e6:96:60:06:9e:87:60:91:30:ec:5b:9e:f5:e8:
         d6:63:df:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzCGfTkMT0S7WdNY2fuDbq/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4YzYwYTBkMmQ3MGE5MzM3ZDBiZGE1NmQxYWQ1OTZhYzFm
NjljZGEwHhcNMjYwMzA2MDc0MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjIxNDIyMWM2YzM4YzA3ZDQxNmM0ZDZkMWFmYTkxNTQxMmRlYTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zB381IzN5RrH/owdpwFBH0gtddp
pUi2BZQ7nkyZrfQ+JhhBj13HpMXqzHhT9pxcnZsZWxj7pBAeFBbjRE5dYiZcHi3q
1YIf8eusl+Om//D7n8SOsBuZflwPZN70u/m48U6BoWf8PWdEDUbw6iP6TATzvzzG
TL6sZs6EfAQs/7NFbMvuFOSXRfQ/2is/+uOCg7gQ2rVckPrq5GrjULnKNWu/7Hlw
CEn5jGlzgCEjit1Q7fN3A86w2nBGcnaE/3HRlkh5B2sdfU8Vhk540ynQJG58KpYw
7LtGEbNlM2IaAqeKzj+TSO5wlRlkvA2DY7RIgOXzZ9fjLx0yFU/radfMBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJshQiHGw4wH1BbE1tGvqRVBLeoLMB8GA1UdIwQY
MBaAFNjGCg0tcKkzfQvaVtGtWWrB9pzaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUt
ZGQyOTRjMzc4ZjZjLzEvbXlGQ0ljYkRqQWZVRnNUVzBhLXBGVUV0NmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUtZGQyOTRjMzc4ZjZj
LzEvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWnHMA0G
CSqGSIb3DQEBCwUAA4IBAQAhTo+vvCrG2rK3cn20bfamRYiIxoAniXXeFjmhSWNW
ijLg9HhLF3LAwJGMPM80FTLaJhgraaIxCcvQG7Js6N2W11CkKHMevvFIy3nf7e7q
QFTryPaoLBCbmhIoJRPOIRQBjOs2nBq1O+uEOfKWB7r8uCaJDWq7wAGTaXTFv/sZ
+n43dqhFx6MUWQkWmRZxi3FXWVthuZnp5yhGdYFa2wElbN/UgReCNccWPPXYMs7f
JFZ+NGaOrVFNIxxS7O2i0DE0x5tcCh2LzEoLue3cTkbtYSu9lrVI1L8IXw6Tujoy
GjMQOQg6nRIeOt7qt21q5pZgBp6HYJEw7Fue9ejWY9+h
-----END CERTIFICATE-----