Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/pGejIvm833VZQN36WDP0zbNRqJA.roa
File:                     pGejIvm833VZQN36WDP0zbNRqJA.roa (raw, json)
Hash identifier:          zXHVlGocaxKU28cbfFG2ZLsHK0/nMsDyAdZCFpNzpzo=
Subject key identifier:   A4:67:A3:22:F9:BC:DF:75:59:40:DD:FA:58:33:F4:CD:B3:51:A8:90
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019EB5DA6EF405C1B48AFC9143AECEC4C777
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/pGejIvm833VZQN36WDP0zbNRqJA.roa
Signing time:             Thu 11 Jun 2026 08:44:11 +0000
ROA not before:           Thu 11 Jun 2026 08:44:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203087
IP address blocks:        109.248.170.0/24 maxlen: 24
                          109.248.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b5:da:6e:f4:05:c1:b4:8a:fc:91:43:ae:ce:c4:c7:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jun 11 08:44:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a467a322f9bcdf755940ddfa5833f4cdb351a890
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:5f:0c:49:ac:bb:6e:45:de:61:11:e9:12:2a:
                    43:81:ba:1b:27:4e:e0:bc:f8:26:b0:36:f6:a4:ca:
                    11:6b:8d:2e:e4:40:e5:e6:23:e9:7b:69:ec:1c:56:
                    4a:59:82:72:fe:bb:e1:96:05:73:e9:b1:7c:9a:60:
                    03:63:47:29:ce:73:03:d8:31:8a:76:19:aa:81:a4:
                    84:7e:0d:18:bc:27:a5:92:22:97:5f:55:3c:e8:f6:
                    65:b6:5c:b2:8f:be:70:de:f3:59:78:56:56:54:7e:
                    7d:0a:e2:fa:d7:fe:ae:db:6a:ac:2a:54:25:71:61:
                    59:ff:a3:5a:aa:70:fa:e4:25:77:50:15:6d:b6:71:
                    a6:0e:02:3a:1d:9b:6c:f6:4c:09:55:5b:b7:78:7a:
                    18:1e:dc:18:0b:ec:6d:22:ce:bd:01:04:e7:f8:a4:
                    b1:8b:8f:00:a3:26:08:e8:8d:22:a1:d3:19:4d:c4:
                    32:d3:3f:c5:46:a8:7b:40:17:a5:65:f5:8e:c8:6a:
                    10:80:09:e6:3a:e2:14:21:16:29:84:a9:07:86:35:
                    83:27:5c:ae:f7:ed:1b:ee:ac:3e:af:36:59:a8:00:
                    e7:42:4e:fc:41:b1:82:cd:66:64:63:3b:fb:ac:3a:
                    4f:4a:3a:9e:27:f6:85:b3:0f:53:2f:4b:9b:6a:3f:
                    f8:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:67:A3:22:F9:BC:DF:75:59:40:DD:FA:58:33:F4:CD:B3:51:A8:90
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/pGejIvm833VZQN36WDP0zbNRqJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.170.0/24
                  109.248.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:fb:ca:24:68:9e:4c:9f:e5:c4:4f:a9:d6:20:80:6b:10:72:
         1a:02:8f:c6:20:43:2e:a4:0a:ee:c3:ac:33:5f:8f:90:72:0c:
         84:95:d4:86:2b:2c:3b:54:47:23:5e:cc:a9:e3:08:c1:59:3c:
         1a:d7:a4:11:64:09:3c:d5:d5:df:e1:13:98:95:75:41:a9:40:
         60:53:a6:fd:ca:55:77:5c:2e:0c:8d:d7:5b:30:1a:a6:c5:02:
         50:c8:18:b1:4b:a5:9c:5c:ed:4b:c7:00:8b:00:88:63:ea:bb:
         b3:8e:89:4c:5b:16:4f:d4:96:c4:65:4b:bf:60:34:0e:dc:6d:
         31:35:46:f1:3e:1e:cf:d8:b3:fc:53:62:cc:2e:bc:91:db:6a:
         24:d4:03:8c:73:09:c5:c0:d2:d7:fc:2b:9f:e3:53:b6:1d:0e:
         7d:90:28:8c:96:b7:ab:62:57:59:7f:81:a4:57:a0:75:dd:86:
         23:81:c2:d1:e9:b6:81:b0:6c:07:1f:30:2c:18:a4:a7:fe:19:
         12:15:6d:a3:c4:73:aa:4c:31:56:29:96:b0:57:5a:ac:b2:59:
         de:2a:6b:e4:56:06:2c:d8:2f:3f:76:46:da:1d:00:9c:a5:9b:
         81:83:ec:b0:52:c1:fc:21:2c:8a:1f:e2:14:dd:7c:7e:b2:73:
         46:40:67:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ612m70BcG0ivyRQ67OxMd3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwNjExMDg0NDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDY3YTMyMmY5YmNkZjc1NTk0MGRkZmE1ODMzZjRjZGIzNTFhODkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8V8MSay7bkXeYRHpEipDgbobJ07g
vPgmsDb2pMoRa40u5EDl5iPpe2nsHFZKWYJy/rvhlgVz6bF8mmADY0cpznMD2DGK
dhmqgaSEfg0YvCelkiKXX1U86PZltlyyj75w3vNZeFZWVH59CuL61/6u22qsKlQl
cWFZ/6NaqnD65CV3UBVttnGmDgI6HZts9kwJVVu3eHoYHtwYC+xtIs69AQTn+KSx
i48AoyYI6I0iodMZTcQy0z/FRqh7QBelZfWOyGoQgAnmOuIUIRYphKkHhjWDJ1yu
9+0b7qw+rzZZqADnQk78QbGCzWZkYzv7rDpPSjqeJ/aFsw9TL0ubaj/4sQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKRnoyL5vN91WUDd+lgz9M2zUaiQMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvcEdlakl2bTgzM1ZaUU4zNldEUDB6Yk5ScUpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbfiqAwQA
bfjGMA0GCSqGSIb3DQEBCwUAA4IBAQC0+8okaJ5Mn+XET6nWIIBrEHIaAo/GIEMu
pAruw6wzX4+QcgyEldSGKyw7VEcjXsyp4wjBWTwa16QRZAk81dXf4ROYlXVBqUBg
U6b9ylV3XC4MjddbMBqmxQJQyBixS6WcXO1LxwCLAIhj6ruzjolMWxZP1JbEZUu/
YDQO3G0xNUbxPh7P2LP8U2LMLryR22ok1AOMcwnFwNLX/Cuf41O2HQ59kCiMlrer
YldZf4GkV6B13YYjgcLR6baBsGwHHzAsGKSn/hkSFW2jxHOqTDFWKZawV1qsslne
KmvkVgYs2C8/dkbaHQCcpZuBg+ywUsH8ISyKH+IU3Xx+snNGQGep
-----END CERTIFICATE-----