Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/61nxpqdan0uvkgRYS9p3WXMt0is.roa
File:                     61nxpqdan0uvkgRYS9p3WXMt0is.roa (raw, json)
Hash identifier:          +Etzf8iyPB8hG3RY9d2BBNlzK8ZhQf8I9wkNpl+P4s4=
Subject key identifier:   EB:59:F1:A6:A7:5A:9F:4B:AF:92:04:58:4B:DA:77:59:73:2D:D2:2B
Certificate issuer:       /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial:       019CCA8F2DFDD392F99CBE40BB601855C4F6
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/61nxpqdan0uvkgRYS9p3WXMt0is.roa
Signing time:             Sat 07 Mar 2026 23:08:26 +0000
ROA not before:           Sat 07 Mar 2026 23:08:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214238
IP address blocks:        138.124.5.0/24 maxlen: 24
                          138.124.79.0/24 maxlen: 24
                          138.124.80.0/24 maxlen: 24
                          138.124.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 06:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ca:8f:2d:fd:d3:92:f9:9c:be:40:bb:60:18:55:c4:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
        Validity
            Not Before: Mar  7 23:08:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eb59f1a6a75a9f4baf9204584bda7759732dd22b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:3d:c0:b7:99:32:60:b1:e3:6b:03:f6:c1:fa:
                    60:bc:79:b0:97:e9:5f:dd:53:20:b7:3d:c2:2e:f2:
                    01:f7:69:12:ee:46:0e:74:64:c9:9d:0d:b1:3f:c1:
                    90:72:96:55:68:98:e3:74:f6:66:af:d3:d7:b2:52:
                    1a:9e:75:1b:e5:df:22:e9:22:f8:e5:20:c6:67:38:
                    47:55:25:9a:84:40:7a:97:20:dc:a8:f1:1e:11:2d:
                    4b:a0:b9:02:86:6a:d6:b7:a7:d4:42:9f:99:58:15:
                    9c:93:08:9b:83:ad:34:4e:22:b3:1a:cf:bc:96:ad:
                    0e:f0:f3:da:b2:fa:e6:6a:b4:7c:b8:e0:15:74:b5:
                    30:cb:46:61:eb:57:a9:c0:c0:ab:bb:66:68:70:bc:
                    93:21:62:62:b3:9f:35:cb:1a:2b:de:da:8b:33:77:
                    5e:56:8a:aa:e6:6f:18:c9:65:d7:83:f8:10:3c:17:
                    89:46:41:0e:3e:69:fd:b7:e8:cd:c1:ad:4f:0b:e3:
                    b5:b6:41:3f:dd:60:33:99:ae:50:3e:41:75:04:6e:
                    ed:28:d6:51:b0:39:76:ba:11:f4:2e:ed:5e:b7:82:
                    fb:a7:35:7d:1f:24:a9:a0:0f:58:d1:2d:0b:4f:6a:
                    6c:53:a4:26:bf:12:35:df:95:ba:d4:e8:e5:f2:f1:
                    59:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:59:F1:A6:A7:5A:9F:4B:AF:92:04:58:4B:DA:77:59:73:2D:D2:2B
            X509v3 Authority Key Identifier:
                keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/61nxpqdan0uvkgRYS9p3WXMt0is.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.124.5.0/24
                  138.124.79.0-138.124.81.255

    Signature Algorithm: sha256WithRSAEncryption
         c0:10:86:ab:97:28:ba:c9:cf:9f:0d:3f:6a:49:91:d3:e5:bd:
         0c:b6:70:04:74:0e:4f:9b:45:c7:bc:db:89:64:d8:0a:41:ab:
         67:97:57:24:17:74:da:dd:b3:91:49:40:56:6e:1a:b8:22:a1:
         65:9f:a9:bc:49:2c:81:b1:49:46:81:02:ad:65:2c:15:93:85:
         99:c3:d8:b2:8a:d3:d6:49:98:14:e6:30:38:b0:3f:da:8b:29:
         42:21:20:3c:26:3b:f5:d9:63:79:f0:48:01:64:88:ac:05:9a:
         ef:a0:c2:8c:4b:61:86:e9:0d:90:1f:b5:7c:ce:b9:a4:0a:28:
         52:dc:d7:7b:87:4e:ec:02:99:cc:60:0e:e3:37:c6:9d:89:6c:
         43:22:10:f4:90:00:97:d6:b5:f0:71:68:11:45:e9:d9:ae:ad:
         97:01:13:a1:03:e9:e8:5b:fe:1a:66:7f:66:32:c1:72:2e:54:
         0c:70:17:f7:ba:6b:5e:33:3d:1b:c3:17:9b:08:94:b4:75:9f:
         a8:a4:0f:93:ec:da:50:ff:12:a7:88:eb:a9:40:fb:8f:5d:9e:
         c3:ec:d9:52:13:ab:e5:92:45:6a:4b:10:7d:a4:00:cb:52:4f:
         e2:b6:02:e5:ec:e5:74:30:d3:ad:08:83:65:43:d5:6a:3b:4a:
         40:25:de:1a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZzKjy3905L5nL5Au2AYVcT2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjYwMzA3MjMwODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjU5ZjFhNmE3NWE5ZjRiYWY5MjA0NTg0YmRhNzc1OTczMmRkMjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxT3At5kyYLHjawP2wfpgvHmwl+lf
3VMgtz3CLvIB92kS7kYOdGTJnQ2xP8GQcpZVaJjjdPZmr9PXslIannUb5d8i6SL4
5SDGZzhHVSWahEB6lyDcqPEeES1LoLkChmrWt6fUQp+ZWBWckwibg600TiKzGs+8
lq0O8PPasvrmarR8uOAVdLUwy0Zh61epwMCru2ZocLyTIWJis581yxor3tqLM3de
Voqq5m8YyWXXg/gQPBeJRkEOPmn9t+jNwa1PC+O1tkE/3WAzma5QPkF1BG7tKNZR
sDl2uhH0Lu1et4L7pzV9HySpoA9Y0S0LT2psU6QmvxI135W61Ojl8vFZJQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOtZ8aanWp9Lr5IEWEvad1lzLdIrMB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEvNjFueHBxZGFuMHV2a2dSWVM5cDNXWE10MGlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAinwFMAwD
BACKfE8DBAGKfFAwDQYJKoZIhvcNAQELBQADggEBAMAQhquXKLrJz58NP2pJkdPl
vQy2cAR0Dk+bRce824lk2ApBq2eXVyQXdNrds5FJQFZuGrgioWWfqbxJLIGxSUaB
Aq1lLBWThZnD2LKK09ZJmBTmMDiwP9qLKUIhIDwmO/XZY3nwSAFkiKwFmu+gwoxL
YYbpDZAftXzOuaQKKFLc13uHTuwCmcxgDuM3xp2JbEMiEPSQAJfWtfBxaBFF6dmu
rZcBE6ED6ehb/hpmf2YywXIuVAxwF/e6a14zPRvDF5sIlLR1n6ikD5Ps2lD/EqeI
66lA+49dnsPs2VITq+WSRWpLEH2kAMtST+K2AuXs5XQw060Ig2VD1Wo7SkAl3ho=
-----END CERTIFICATE-----