Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/asCV5C3wS6jRw9uPDtl04eJUUp8.roa
File:                     asCV5C3wS6jRw9uPDtl04eJUUp8.roa (raw, json)
Hash identifier:          CBEij9Jgx15KSeFc5BV2g9DYOB3f7QlI0XI57kzo0c0=
Subject key identifier:   6A:C0:95:E4:2D:F0:4B:A8:D1:C3:DB:8F:0E:D9:74:E1:E2:54:52:9F
Certificate issuer:       /CN=95d108f0e85868c2bbe7db6d7377034c131eb224
Certificate serial:       019EF018D0020384EF66AF28747C8F6F43AE
Authority key identifier: 95:D1:08:F0:E8:58:68:C2:BB:E7:DB:6D:73:77:03:4C:13:1E:B2:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/asCV5C3wS6jRw9uPDtl04eJUUp8.roa
Signing time:             Mon 22 Jun 2026 16:10:18 +0000
ROA not before:           Mon 22 Jun 2026 16:10:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        189.74.120.0/24 maxlen: 24
                          189.74.121.0/24 maxlen: 24
                          191.44.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f0:18:d0:02:03:84:ef:66:af:28:74:7c:8f:6f:43:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95d108f0e85868c2bbe7db6d7377034c131eb224
        Validity
            Not Before: Jun 22 16:10:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ac095e42df04ba8d1c3db8f0ed974e1e254529f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4f:11:2e:84:e6:f8:ca:b9:2c:e0:fa:f6:22:
                    82:f3:b5:dd:98:9c:ba:20:ed:68:21:6c:3b:ff:96:
                    b5:a1:35:ed:39:b5:c3:16:9c:55:2a:8e:57:9a:f9:
                    6f:76:67:d8:81:bd:79:49:68:17:37:a7:e6:b3:44:
                    af:84:f2:9b:83:7d:65:ad:bc:b5:4d:83:a2:93:b2:
                    69:d2:c6:26:2d:08:ac:93:71:02:8b:6f:09:5d:a6:
                    e7:64:86:91:d2:a0:62:03:a9:2f:56:d3:ff:97:95:
                    77:f0:bf:27:18:8b:08:d6:73:eb:4a:87:0e:3e:93:
                    68:73:4d:c3:61:cd:e0:48:88:d7:1a:71:d8:4c:ea:
                    eb:57:e3:e4:ce:3c:ff:9d:7d:cb:8c:9e:ee:eb:22:
                    f9:3a:75:f5:aa:7d:4a:ff:f1:65:2a:bc:1e:27:a6:
                    d2:0a:c2:99:b7:29:f1:e5:08:27:43:0d:a7:14:52:
                    72:52:a4:a6:9f:d9:8e:51:a9:70:01:15:c8:2e:d5:
                    18:6d:00:4a:8c:54:4b:ab:82:91:08:94:3f:f7:7f:
                    5b:64:ee:a0:57:66:91:71:7d:20:a4:b5:dd:0b:21:
                    b5:81:5b:8b:36:24:6d:ad:39:f6:bb:72:b1:7f:91:
                    1a:f7:0d:d3:86:a3:ba:f7:0a:36:02:01:33:5e:b3:
                    94:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:C0:95:E4:2D:F0:4B:A8:D1:C3:DB:8F:0E:D9:74:E1:E2:54:52:9F
            X509v3 Authority Key Identifier:
                keyid:95:D1:08:F0:E8:58:68:C2:BB:E7:DB:6D:73:77:03:4C:13:1E:B2:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/asCV5C3wS6jRw9uPDtl04eJUUp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.74.120.0/23
                  191.44.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:1f:03:9f:16:a5:cb:37:c6:7d:f4:bb:1b:7e:2a:08:4f:f7:
         78:0b:bd:ac:87:19:f4:ba:19:10:12:e0:67:0f:82:68:c5:79:
         0e:b3:0c:df:6b:25:ad:e7:02:65:64:86:8a:0f:e6:e9:28:35:
         db:97:7c:a0:cc:02:93:c6:f2:13:45:0d:09:5f:80:ab:1f:d9:
         4b:56:c8:da:7c:fb:c6:53:85:4a:69:1d:7e:25:ac:01:d7:bc:
         b4:46:84:24:d0:00:1a:eb:aa:14:12:2d:01:0c:2d:50:50:67:
         58:57:ed:8d:ff:7f:f5:e8:f0:cb:b3:72:9f:62:74:29:0b:f3:
         8d:9c:c7:14:32:b3:49:4f:2a:82:19:57:c1:21:dd:1f:f0:fb:
         9c:ef:91:2c:38:7b:b0:e8:7b:83:20:2c:6b:f4:26:20:30:4f:
         64:27:45:8c:00:04:e6:a2:3d:cc:02:d4:b6:2f:7e:c9:55:e7:
         cf:8e:d1:cb:24:b4:78:e2:1a:43:11:14:59:de:0d:b9:6e:00:
         fa:1c:c0:d1:90:00:5d:4f:75:3d:b2:cf:19:3a:fa:44:c2:d8:
         87:dd:f1:e8:d5:0c:9d:18:93:8e:4e:81:f5:4e:45:29:0f:49:
         ea:38:23:85:31:42:83:ad:bb:bf:f9:34:30:9c:4a:0f:6f:85:
         3e:fb:fb:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7wGNACA4TvZq8odHyPb0OuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ZDEwOGYwZTg1ODY4YzJiYmU3ZGI2ZDczNzcwMzRjMTMx
ZWIyMjQwHhcNMjYwNjIyMTYxMDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWMwOTVlNDJkZjA0YmE4ZDFjM2RiOGYwZWQ5NzRlMWUyNTQ1MjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsE8RLoTm+Mq5LOD69iKC87XdmJy6
IO1oIWw7/5a1oTXtObXDFpxVKo5XmvlvdmfYgb15SWgXN6fms0SvhPKbg31lrby1
TYOik7Jp0sYmLQisk3ECi28JXabnZIaR0qBiA6kvVtP/l5V38L8nGIsI1nPrSocO
PpNoc03DYc3gSIjXGnHYTOrrV+Pkzjz/nX3LjJ7u6yL5OnX1qn1K//FlKrweJ6bS
CsKZtynx5QgnQw2nFFJyUqSmn9mOUalwARXILtUYbQBKjFRLq4KRCJQ/939bZO6g
V2aRcX0gpLXdCyG1gVuLNiRtrTn2u3Kxf5Ea9w3ThqO69wo2AgEzXrOUHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGrAleQt8Euo0cPbjw7ZdOHiVFKfMB8GA1UdIwQY
MBaAFJXRCPDoWGjCu+fbbXN3A0wTHrIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGRFSThPaFlhTUs3NTl0dGMzY0RUQk1lc2lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9kZGI0MjQtN2ViMi00OTVlLThiYjYt
NzJmYjk3ZDU5Y2U0LzEvYXNDVjVDM3dTNmpSdzl1UER0bDA0ZUpVVXA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9kZGI0MjQtN2ViMi00OTVlLThiYjYtNzJmYjk3ZDU5Y2U0
LzEvbGRFSThPaFlhTUs3NTl0dGMzY0RUQk1lc2lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBvUp4AwQC
vywoMA0GCSqGSIb3DQEBCwUAA4IBAQB5HwOfFqXLN8Z99LsbfioIT/d4C72shxn0
uhkQEuBnD4JoxXkOswzfayWt5wJlZIaKD+bpKDXbl3ygzAKTxvITRQ0JX4CrH9lL
VsjafPvGU4VKaR1+JawB17y0RoQk0AAa66oUEi0BDC1QUGdYV+2N/3/16PDLs3Kf
YnQpC/ONnMcUMrNJTyqCGVfBId0f8Puc75EsOHuw6HuDICxr9CYgME9kJ0WMAATm
oj3MAtS2L37JVefPjtHLJLR44hpDERRZ3g25bgD6HMDRkABdT3U9ss8ZOvpEwtiH
3fHo1QydGJOOToH1TkUpD0nqOCOFMUKDrbu/+TQwnEoPb4U++/vL
-----END CERTIFICATE-----