Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/byGpMDdqpdNTlTLXGMzQdonS0Fo.roa
File:                     byGpMDdqpdNTlTLXGMzQdonS0Fo.roa (raw, json)
Hash identifier:          Ao9fHVlnJCjDaB01rnWiyESOG0bfmH2IT9uuAKX8Umw=
Subject key identifier:   6F:21:A9:30:37:6A:A5:D3:53:95:32:D7:18:CC:D0:76:89:D2:D0:5A
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019E921CA1E5DC53606D2E55A03B7B5A4F7C
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/byGpMDdqpdNTlTLXGMzQdonS0Fo.roa
Signing time:             Thu 04 Jun 2026 10:10:10 +0000
ROA not before:           Thu 04 Jun 2026 10:10:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199959
IP address blocks:        104.239.74.0/24 maxlen: 24
                          104.239.89.0/24 maxlen: 24
                          104.239.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 01:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:1c:a1:e5:dc:53:60:6d:2e:55:a0:3b:7b:5a:4f:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jun  4 10:10:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f21a930376aa5d3539532d718ccd07689d2d05a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b7:05:2a:af:ed:8d:f1:9b:fc:f2:c1:a3:f1:
                    de:1e:c8:d4:8c:a5:bf:96:7b:82:6e:2d:8c:22:25:
                    e1:c0:0a:d3:f0:df:96:96:88:83:43:1e:04:19:c4:
                    e6:9f:45:b5:77:62:af:26:0a:aa:74:91:b6:5e:07:
                    bc:35:a4:e0:fb:51:9b:6f:b0:d7:5f:8e:eb:b7:8d:
                    0c:cd:db:c7:ae:40:4e:8b:ac:34:18:00:8a:ef:6a:
                    74:bb:5b:79:e6:a7:e0:c2:3a:d2:01:04:11:c1:ca:
                    b8:db:07:08:6b:38:52:03:10:3c:56:2c:06:36:0a:
                    e1:79:4b:ea:92:64:07:3b:54:fc:e9:62:52:44:b1:
                    84:27:5e:e9:97:04:36:6a:3b:ca:cf:c2:08:80:11:
                    8a:b6:56:c5:1f:01:1f:d0:80:07:c8:ca:9b:38:00:
                    64:2d:d4:ec:5d:a6:2a:20:31:77:5d:29:73:ba:7b:
                    45:08:7b:a4:4c:69:d6:18:80:6a:e8:53:19:6a:e3:
                    3c:b9:dd:1d:c8:7d:a4:dc:b1:f0:ff:f6:a7:21:3f:
                    a0:6c:57:35:2a:46:a0:01:b7:bb:50:95:69:f6:92:
                    91:b5:0b:a6:5d:20:4e:89:bb:fd:b0:ec:fd:f8:fe:
                    2f:0b:d8:f7:9c:8f:f9:cb:e3:46:8b:ac:5f:1c:9c:
                    9b:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:21:A9:30:37:6A:A5:D3:53:95:32:D7:18:CC:D0:76:89:D2:D0:5A
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/byGpMDdqpdNTlTLXGMzQdonS0Fo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.239.74.0/24
                  104.239.89.0/24
                  104.239.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:76:bf:be:f0:f6:b9:39:77:1d:69:08:0c:48:bc:0f:87:fc:
         d6:4d:18:26:97:39:c3:64:f5:18:55:d2:3b:b0:1f:75:70:e3:
         91:58:11:87:f9:0e:b0:b9:39:ec:c9:a5:a9:5b:ed:bb:77:43:
         d8:42:2e:d5:99:81:5f:09:3d:7c:50:8d:2b:70:47:d8:b9:70:
         21:e8:23:23:fb:b2:36:91:ac:0a:ea:67:e3:92:e6:5b:a2:ba:
         55:96:ac:b1:06:73:b6:e9:2e:92:bf:a6:75:f9:dc:60:e6:bb:
         ea:7a:4a:27:86:f3:93:07:06:8f:e9:e2:c5:1d:43:88:31:77:
         04:e7:81:7b:7b:4d:be:8c:2e:d7:e2:45:80:58:03:f6:10:b0:
         3b:00:ec:de:96:5c:07:30:c9:33:2d:68:4d:ed:4c:45:d4:4f:
         37:0b:21:ef:a1:81:b7:a7:93:74:19:3a:aa:1a:87:08:37:a3:
         df:65:ed:2b:7e:87:41:8c:08:df:41:2a:a0:3d:3b:19:69:68:
         a2:f8:7e:95:94:fb:48:0b:5c:46:5c:be:84:04:ff:9f:47:a9:
         39:4d:06:91:ed:e3:f1:31:5c:9c:df:6c:01:86:97:e3:bf:16:
         78:c3:2f:b3:8d:fe:06:d1:4f:a9:fc:0b:2e:4e:db:73:54:46:
         4d:fe:68:c0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6SHKHl3FNgbS5VoDt7Wk98MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwNjA0MTAxMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjIxYTkzMDM3NmFhNWQzNTM5NTMyZDcxOGNjZDA3Njg5ZDJkMDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrcFKq/tjfGb/PLBo/HeHsjUjKW/
lnuCbi2MIiXhwArT8N+WloiDQx4EGcTmn0W1d2KvJgqqdJG2Xge8NaTg+1Gbb7DX
X47rt40MzdvHrkBOi6w0GACK72p0u1t55qfgwjrSAQQRwcq42wcIazhSAxA8ViwG
NgrheUvqkmQHO1T86WJSRLGEJ17plwQ2ajvKz8IIgBGKtlbFHwEf0IAHyMqbOABk
LdTsXaYqIDF3XSlzuntFCHukTGnWGIBq6FMZauM8ud0dyH2k3LHw//anIT+gbFc1
KkagAbe7UJVp9pKRtQumXSBOibv9sOz9+P4vC9j3nI/5y+NGi6xfHJybcwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG8hqTA3aqXTU5Uy1xjM0HaJ0tBaMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvYnlHcE1EZHFwZE5UbFRMWEdNelFkb25TMEZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAaO9KAwQA
aO9ZAwQAaO9mMA0GCSqGSIb3DQEBCwUAA4IBAQAXdr++8Pa5OXcdaQgMSLwPh/zW
TRgmlznDZPUYVdI7sB91cOORWBGH+Q6wuTnsyaWpW+27d0PYQi7VmYFfCT18UI0r
cEfYuXAh6CMj+7I2kawK6mfjkuZborpVlqyxBnO26S6Sv6Z1+dxg5rvqekonhvOT
BwaP6eLFHUOIMXcE54F7e02+jC7X4kWAWAP2ELA7AOzellwHMMkzLWhN7UxF1E83
CyHvoYG3p5N0GTqqGocIN6PfZe0rfodBjAjfQSqgPTsZaWii+H6VlPtIC1xGXL6E
BP+fR6k5TQaR7ePxMVyc32wBhpfjvxZ4wy+zjf4G0U+p/AsuTttzVEZN/mjA
-----END CERTIFICATE-----