Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/_goO1UZkCDYCMmKa6bXG3Nr9VCQ.roa
File:                     _goO1UZkCDYCMmKa6bXG3Nr9VCQ.roa (raw, json)
Hash identifier:          iGtVcUEaBrAh4oCda4kKuDY57E+NefWm89wRueiyLqc=
Subject key identifier:   FE:0A:0E:D5:46:64:08:36:02:32:62:9A:E9:B5:C6:DC:DA:FD:54:24
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019D52FADEECBFB102F4DF7D972733EFD475
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/_goO1UZkCDYCMmKa6bXG3Nr9VCQ.roa
Signing time:             Fri 03 Apr 2026 10:54:25 +0000
ROA not before:           Fri 03 Apr 2026 10:54:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        104.233.58.0/24 maxlen: 24
                          104.239.29.0/24 maxlen: 24
                          104.239.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 Apr 2026 19:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:fa:de:ec:bf:b1:02:f4:df:7d:97:27:33:ef:d4:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Apr  3 10:54:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fe0a0ed5466408360232629ae9b5c6dcdafd5424
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:8e:89:c6:95:20:fe:31:94:47:78:aa:bf:5f:
                    e8:88:24:d0:7a:90:0d:7c:7b:37:c0:d5:dc:ff:22:
                    35:fe:15:85:9f:c0:48:e0:33:75:e0:6d:69:e9:27:
                    3e:58:f7:8a:a4:f3:b6:93:b0:86:69:8e:67:8b:30:
                    07:ec:bb:01:83:e9:aa:4c:61:13:96:51:c1:f8:f1:
                    e7:e7:83:28:97:77:20:49:8d:d8:93:39:b2:ef:b5:
                    64:b6:80:33:5e:2f:59:ad:8c:e8:89:af:90:99:c5:
                    e4:ce:df:80:88:6b:56:10:5e:1a:88:9b:1f:b4:16:
                    95:54:9c:17:e3:95:e8:95:34:5f:04:73:3d:13:8e:
                    ba:d7:c1:4e:bb:35:ca:d2:5e:1e:bb:0a:66:56:f2:
                    3e:c4:e6:fa:b0:1b:49:54:4f:67:c8:16:62:90:c9:
                    87:ab:76:ea:ee:05:41:7c:2e:92:f9:14:a3:9f:12:
                    ac:ce:40:e2:60:19:5b:5d:6f:db:78:22:da:a6:0e:
                    f9:5b:db:86:a5:55:31:2e:11:96:a3:63:77:25:71:
                    fb:46:2b:d7:30:b2:aa:31:cc:a2:44:f4:bc:d9:5e:
                    8b:dd:7c:28:fd:01:dc:8f:54:b9:1f:f0:b0:cb:fd:
                    c6:ef:81:af:be:31:8a:3f:05:b6:62:32:94:97:39:
                    57:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:0A:0E:D5:46:64:08:36:02:32:62:9A:E9:B5:C6:DC:DA:FD:54:24
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/_goO1UZkCDYCMmKa6bXG3Nr9VCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.233.58.0/24
                  104.239.29.0/24
                  104.239.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:02:4d:6e:e9:1d:da:7c:d8:0f:e5:7e:91:c6:fd:e1:17:de:
         16:e5:71:60:c8:84:b8:9e:7c:0b:41:30:b7:b5:6a:28:a1:c4:
         bc:00:47:db:8b:ee:ef:80:da:d1:cb:1c:2c:a1:a5:c6:13:6f:
         7d:73:20:ac:e2:66:a6:bf:20:55:a5:ff:10:f3:76:cd:06:65:
         24:5e:fb:0a:d5:86:f2:23:25:cd:99:d2:7c:0c:5d:74:2f:5a:
         b1:5d:2c:06:03:90:2a:27:d7:7f:bf:5f:c1:6f:92:ef:b4:43:
         e2:da:65:0b:6e:52:fa:ba:4d:e2:34:90:7e:b2:0e:50:59:fe:
         9d:e5:00:b8:41:af:49:50:9d:a1:65:85:38:be:97:ef:62:cb:
         34:4f:7b:f2:47:09:fa:b1:8c:c6:18:25:2a:11:04:88:7b:36:
         f6:fb:6f:7d:dc:1d:3d:28:6b:14:5a:a1:7d:18:71:25:f6:de:
         50:2c:53:9e:9e:da:6b:d0:e6:10:58:82:8f:27:22:43:68:92:
         60:34:ed:ca:f6:fb:9f:16:d0:94:be:02:29:b5:c3:56:6a:34:
         a7:0a:2f:76:e7:7c:ff:9e:b4:40:a1:9a:13:a7:4b:54:98:8d:
         05:7e:47:ab:49:f7:74:28:7d:d9:2b:26:14:f0:9a:3f:ad:8d:
         5a:5f:26:ef
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ1S+t7sv7EC9N99lycz79R1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwNDAzMTA1NDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTBhMGVkNTQ2NjQwODM2MDIzMjYyOWFlOWI1YzZkY2RhZmQ1NDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7I6JxpUg/jGUR3iqv1/oiCTQepAN
fHs3wNXc/yI1/hWFn8BI4DN14G1p6Sc+WPeKpPO2k7CGaY5nizAH7LsBg+mqTGET
llHB+PHn54Mol3cgSY3Ykzmy77VktoAzXi9ZrYzoia+QmcXkzt+AiGtWEF4aiJsf
tBaVVJwX45XolTRfBHM9E46618FOuzXK0l4euwpmVvI+xOb6sBtJVE9nyBZikMmH
q3bq7gVBfC6S+RSjnxKszkDiYBlbXW/beCLapg75W9uGpVUxLhGWo2N3JXH7RivX
MLKqMcyiRPS82V6L3Xwo/QHcj1S5H/Cwy/3G74GvvjGKPwW2YjKUlzlXHwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP4KDtVGZAg2AjJimum1xtza/VQkMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvX2dvTzFVWmtDRFlDTW1LYTZiWEczTnI5VkNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAaOk6AwQA
aO8dAwQAaO9ZMA0GCSqGSIb3DQEBCwUAA4IBAQCUAk1u6R3afNgP5X6Rxv3hF94W
5XFgyIS4nnwLQTC3tWooocS8AEfbi+7vgNrRyxwsoaXGE299cyCs4mamvyBVpf8Q
83bNBmUkXvsK1YbyIyXNmdJ8DF10L1qxXSwGA5AqJ9d/v1/Bb5LvtEPi2mULblL6
uk3iNJB+sg5QWf6d5QC4Qa9JUJ2hZYU4vpfvYss0T3vyRwn6sYzGGCUqEQSIezb2
+2993B09KGsUWqF9GHEl9t5QLFOentpr0OYQWIKPJyJDaJJgNO3K9vufFtCUvgIp
tcNWajSnCi9253z/nrRAoZoTp0tUmI0FfkerSfd0KH3ZKyYU8Jo/rY1aXybv
-----END CERTIFICATE-----