Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/1-CTT0_CxhciLaRkCJ4DgzsS2sQI.roa
File:                     1-CTT0_CxhciLaRkCJ4DgzsS2sQI.roa (raw, json)
Hash identifier:          Mn9NJhG5uVMvcY80UVOWe2L3SwusTTL/IyfqCD6b0DM=
Subject key identifier:   F8:24:D3:D3:F0:B1:85:C8:8B:69:19:02:27:80:E0:CE:C4:B6:B1:02
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019DA4736B7CF7AFDEFCED22C8D0EE03164F
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/1-CTT0_CxhciLaRkCJ4DgzsS2sQI.roa
Signing time:             Sun 19 Apr 2026 06:35:20 +0000
ROA not before:           Sun 19 Apr 2026 06:35:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        176.57.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Apr 2026 12:22:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a4:73:6b:7c:f7:af:de:fc:ed:22:c8:d0:ee:03:16:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Apr 19 06:35:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f824d3d3f0b185c88b6919022780e0cec4b6b102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:81:63:23:de:cd:fe:5e:77:a6:ea:78:87:e7:
                    b1:18:62:05:13:7a:6e:54:83:70:ad:bf:cd:57:70:
                    03:83:94:d6:de:56:12:ca:ab:39:7e:88:8d:c6:1f:
                    6c:29:53:e4:5b:e2:39:31:80:fb:d4:6c:e0:4f:ae:
                    f5:fe:7c:66:33:ca:4f:a8:0b:02:05:c6:87:90:85:
                    43:f7:91:7a:79:43:a9:8f:f5:bb:45:bd:e9:16:b3:
                    d9:dc:44:80:da:17:47:cf:79:21:5a:26:fc:16:16:
                    f4:47:8a:ad:9e:78:15:b9:58:09:e7:c1:89:b4:e1:
                    29:1d:68:0e:8c:3b:33:5d:b8:1c:da:40:4d:26:a2:
                    eb:76:9f:42:5e:0b:5b:c9:9b:e5:ca:6a:72:6e:a1:
                    4d:20:f0:a9:b4:db:6b:db:a9:1e:19:8b:50:5e:8a:
                    3e:34:0c:15:89:89:ee:fe:c7:70:cb:8a:0d:b1:b3:
                    33:d9:df:17:67:e0:3b:00:16:53:51:bd:d7:8b:a1:
                    22:04:9f:30:30:b7:2f:ed:2b:aa:7b:06:e4:e9:72:
                    33:21:78:b5:d0:4c:2e:f6:60:38:ec:61:11:60:2f:
                    f0:00:8d:32:2d:42:20:1c:09:31:2e:b5:f9:3b:99:
                    7a:bb:55:d9:20:48:39:5c:50:03:d0:58:59:22:b5:
                    cf:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:24:D3:D3:F0:B1:85:C8:8B:69:19:02:27:80:E0:CE:C4:B6:B1:02
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/1-CTT0_CxhciLaRkCJ4DgzsS2sQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:98:e7:ad:7b:64:46:be:ce:aa:74:bb:0a:12:b0:6c:a7:af:
         06:07:f3:a1:d8:6f:28:ea:4e:b3:22:11:78:07:14:4e:e7:16:
         41:63:cd:6d:94:c2:b5:7e:6b:c9:5d:25:22:c7:21:56:c8:6f:
         75:d3:5d:5a:e1:35:56:d0:14:99:82:09:ff:70:5f:fd:18:4c:
         f3:87:2a:3b:2a:54:fa:30:9f:c8:29:b6:ee:26:ab:cd:6c:ce:
         70:20:f0:ac:6d:0e:48:d3:fb:3c:e2:d5:21:69:8e:08:5e:94:
         59:2b:fe:4e:c2:62:21:22:0b:e7:e4:4a:f1:38:44:61:40:28:
         d6:12:0a:a5:1a:aa:47:b0:cb:fc:1e:29:73:0d:d9:71:25:26:
         3c:4b:47:4f:0a:8a:e1:02:84:60:65:61:a9:8c:1c:e1:fb:5f:
         e8:e0:41:ae:11:26:10:08:ee:93:6a:fc:36:74:69:c0:98:c7:
         95:d1:7f:83:f0:be:0c:cb:e9:d1:3b:86:9a:1c:2f:b4:fe:57:
         6b:33:96:5c:2d:d7:db:99:6b:6b:ad:b6:f6:5e:27:b2:59:8a:
         ee:d1:8e:9f:3a:f3:40:88:60:ec:14:19:85:7c:5b:36:45:86:
         0a:7e:7c:1b:93:03:45:9c:00:c6:d3:1e:49:89:1b:e5:d7:51:
         b7:24:52:ce
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2kc2t896/e/O0iyNDuAxZPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjYwNDE5MDYzNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODI0ZDNkM2YwYjE4NWM4OGI2OTE5MDIyNzgwZTBjZWM0YjZiMTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4FjI97N/l53pup4h+exGGIFE3pu
VINwrb/NV3ADg5TW3lYSyqs5foiNxh9sKVPkW+I5MYD71GzgT671/nxmM8pPqAsC
BcaHkIVD95F6eUOpj/W7Rb3pFrPZ3ESA2hdHz3khWib8Fhb0R4qtnngVuVgJ58GJ
tOEpHWgOjDszXbgc2kBNJqLrdp9CXgtbyZvlympybqFNIPCptNtr26keGYtQXoo+
NAwViYnu/sdwy4oNsbMz2d8XZ+A7ABZTUb3Xi6EiBJ8wMLcv7Suqewbk6XIzIXi1
0Ewu9mA47GERYC/wAI0yLUIgHAkxLrX5O5l6u1XZIEg5XFAD0FhZIrXP8wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPgk09PwsYXIi2kZAieA4M7EtrECMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvMS1DVFQwX0N4aGNpTGFSa0NKNERnenNTMnNRSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjUvMDA2MjQxLTgwOGQtNGE0OS1iMGNkLTU2MjQ0ZjQzMGRj
Yy8xL0ZmR1FkRlNOS2lsT1E0WFpYTloxSkpEdVJ0Yy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALA5PDAN
BgkqhkiG9w0BAQsFAAOCAQEALZjnrXtkRr7OqnS7ChKwbKevBgfzodhvKOpOsyIR
eAcUTucWQWPNbZTCtX5ryV0lIschVshvddNdWuE1VtAUmYIJ/3Bf/RhM84cqOypU
+jCfyCm27iarzWzOcCDwrG0OSNP7POLVIWmOCF6UWSv+TsJiISIL5+RK8ThEYUAo
1hIKpRqqR7DL/B4pcw3ZcSUmPEtHTwqK4QKEYGVhqYwc4ftf6OBBrhEmEAjuk2r8
NnRpwJjHldF/g/C+DMvp0TuGmhwvtP5XazOWXC3X25lra6229l4nslmK7tGOnzrz
QIhg7BQZhXxbNkWGCn58G5MDRZwAxtMeSYkb5ddRtyRSzg==
-----END CERTIFICATE-----