Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/gZMt62YXB3fOXlkUgEoT0ISZk38.roa
File:                     gZMt62YXB3fOXlkUgEoT0ISZk38.roa (raw, json)
Hash identifier:          7CvKQ04ac0nYoFEHRru1nH3qJSkBG+4xElv372aI5mM=
Subject key identifier:   81:93:2D:EB:66:17:07:77:CE:5E:59:14:80:4A:13:D0:84:99:93:7F
Certificate issuer:       /CN=505127723ea0cfd0724713b291734caa353e20ea
Certificate serial:       019EC9B2B73D8618D13BA0B4B5ECC8843D70
Authority key identifier: 50:51:27:72:3E:A0:CF:D0:72:47:13:B2:91:73:4C:AA:35:3E:20:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UFEncj6gz9ByRxOykXNMqjU-IOo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/gZMt62YXB3fOXlkUgEoT0ISZk38.roa
Signing time:             Mon 15 Jun 2026 05:13:13 +0000
ROA not before:           Mon 15 Jun 2026 05:13:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152900
IP address blocks:        185.190.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/UFEncj6gz9ByRxOykXNMqjU-IOo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/UFEncj6gz9ByRxOykXNMqjU-IOo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UFEncj6gz9ByRxOykXNMqjU-IOo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Jun 2026 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c9:b2:b7:3d:86:18:d1:3b:a0:b4:b5:ec:c8:84:3d:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=505127723ea0cfd0724713b291734caa353e20ea
        Validity
            Not Before: Jun 15 05:13:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=81932deb66170777ce5e5914804a13d08499937f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:54:fa:40:06:d7:85:7e:4d:ee:1d:fa:83:a8:
                    1a:21:d6:29:5d:62:e1:b2:93:fa:fc:d3:ca:ff:7d:
                    5d:fd:23:c6:c9:ed:20:ba:13:c9:be:8a:70:d2:55:
                    ab:0c:99:9a:81:5b:fb:30:36:af:ab:10:9f:14:b1:
                    43:2b:e2:40:3d:05:70:f3:7c:53:cb:9f:e1:8f:2e:
                    4c:cc:13:19:4d:ff:f0:7c:5c:ce:0c:c8:10:46:da:
                    b9:36:6e:1f:10:ae:3c:4a:f2:94:85:e6:ca:00:ca:
                    ad:fd:b8:d3:67:df:21:c7:d7:c8:14:16:e1:c9:6d:
                    fe:0a:56:c9:19:72:6c:df:a6:d8:2a:5c:60:ad:4c:
                    9d:92:82:fb:31:97:15:eb:e7:78:ea:5a:84:31:d4:
                    dd:2b:88:10:e5:09:74:a3:26:08:06:b2:a5:da:a1:
                    d8:c6:d0:bf:95:30:01:38:5b:75:36:4a:b5:a6:0d:
                    2c:6d:76:9a:25:fd:9f:be:87:0b:1a:1b:48:a1:17:
                    e1:1d:74:0c:a5:98:b6:89:80:f8:85:88:b4:3d:66:
                    18:13:d5:33:5e:3a:9f:9d:7a:5e:d3:e5:d1:74:b3:
                    78:a5:fa:35:71:65:83:29:f7:de:4d:3d:c9:9c:ab:
                    01:25:0d:29:8d:c8:df:a9:d1:ee:2b:13:94:55:7e:
                    74:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:93:2D:EB:66:17:07:77:CE:5E:59:14:80:4A:13:D0:84:99:93:7F
            X509v3 Authority Key Identifier:
                keyid:50:51:27:72:3E:A0:CF:D0:72:47:13:B2:91:73:4C:AA:35:3E:20:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFEncj6gz9ByRxOykXNMqjU-IOo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/gZMt62YXB3fOXlkUgEoT0ISZk38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/UFEncj6gz9ByRxOykXNMqjU-IOo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:63:03:d0:41:49:da:80:d7:56:d5:e7:65:b5:e3:6a:ae:08:
         2f:92:4d:58:39:17:fa:3c:4e:5a:3f:86:cf:2b:8b:b9:91:6f:
         35:fb:aa:9b:3b:da:19:1f:9b:52:82:58:ec:61:4f:ef:0f:e1:
         a8:11:1b:da:87:c4:33:a0:dc:28:bb:2f:6d:08:63:1a:69:b6:
         a0:23:a0:04:85:e3:3c:3e:6e:db:48:ec:65:72:c4:3a:3f:04:
         ed:5b:e7:40:20:cf:ca:44:da:bd:4f:6c:ae:5a:76:7b:81:aa:
         9e:86:21:af:ad:66:ea:4b:f8:14:04:2d:d4:e2:f5:4e:f7:89:
         6f:c4:81:42:bf:4f:d4:27:3f:08:11:77:e1:42:f7:26:22:71:
         e7:74:22:4f:7c:52:76:f8:33:cb:e7:d7:89:a2:a7:9e:77:02:
         45:dd:fb:4e:c5:2c:fb:47:b5:38:48:42:41:fe:0c:94:7f:1b:
         4d:0c:fd:8d:01:f0:63:a1:fb:fa:1b:51:f6:da:6d:38:33:0d:
         cc:4b:31:f7:35:93:a0:2e:8e:e2:46:a7:fe:8e:ca:20:1b:ab:
         55:fa:f8:49:0f:ab:0b:e6:74:90:93:0c:5a:fe:f2:8e:2e:bc:
         4d:ac:99:e4:03:cb:8a:c8:ba:41:ea:82:65:43:d7:82:f0:dd:
         dd:58:f0:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7Jsrc9hhjRO6C0tezIhD1wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNTEyNzcyM2VhMGNmZDA3MjQ3MTNiMjkxNzM0Y2FhMzUz
ZTIwZWEwHhcNMjYwNjE1MDUxMzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTkzMmRlYjY2MTcwNzc3Y2U1ZTU5MTQ4MDRhMTNkMDg0OTk5MzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1T6QAbXhX5N7h36g6gaIdYpXWLh
spP6/NPK/31d/SPGye0guhPJvopw0lWrDJmagVv7MDavqxCfFLFDK+JAPQVw83xT
y5/hjy5MzBMZTf/wfFzODMgQRtq5Nm4fEK48SvKUhebKAMqt/bjTZ98hx9fIFBbh
yW3+ClbJGXJs36bYKlxgrUydkoL7MZcV6+d46lqEMdTdK4gQ5Ql0oyYIBrKl2qHY
xtC/lTABOFt1Nkq1pg0sbXaaJf2fvocLGhtIoRfhHXQMpZi2iYD4hYi0PWYYE9Uz
XjqfnXpe0+XRdLN4pfo1cWWDKffeTT3JnKsBJQ0pjcjfqdHuKxOUVX504wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIGTLetmFwd3zl5ZFIBKE9CEmZN/MB8GA1UdIwQY
MBaAFFBRJ3I+oM/QckcTspFzTKo1PiDqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZFbmNqNmd6OUJ5UnhPeWtYTk1xalUtSU9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9hOTA0MjMtMGI0Yi00OTlmLWJlNjYt
NTU2MDhiNjk0NDU2LzEvZ1pNdDYyWVhCM2ZPWGxrVWdFb1QwSVNaazM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9hOTA0MjMtMGI0Yi00OTlmLWJlNjYtNTU2MDhiNjk0NDU2
LzEvVUZFbmNqNmd6OUJ5UnhPeWtYTk1xalUtSU9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub46MA0G
CSqGSIb3DQEBCwUAA4IBAQAqYwPQQUnagNdW1edlteNqrggvkk1YORf6PE5aP4bP
K4u5kW81+6qbO9oZH5tSgljsYU/vD+GoERvah8QzoNwouy9tCGMaabagI6AEheM8
Pm7bSOxlcsQ6PwTtW+dAIM/KRNq9T2yuWnZ7gaqehiGvrWbqS/gUBC3U4vVO94lv
xIFCv0/UJz8IEXfhQvcmInHndCJPfFJ2+DPL59eJoqeedwJF3ftOxSz7R7U4SEJB
/gyUfxtNDP2NAfBjofv6G1H22m04Mw3MSzH3NZOgLo7iRqf+jsogG6tV+vhJD6sL
5nSQkwxa/vKOLrxNrJnkA8uKyLpB6oJlQ9eC8N3dWPDN
-----END CERTIFICATE-----