Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/xM-ZylXWAX95SI4Vt1dbmQcRdU4.roa
File:                     xM-ZylXWAX95SI4Vt1dbmQcRdU4.roa (raw, json)
Hash identifier:          ApZHFOTr41LEP76eRj2KRkL1o/giH7xqqRgGkWUb/qE=
Subject key identifier:   C4:CF:99:CA:55:D6:01:7F:79:48:8E:15:B7:57:5B:99:07:11:75:4E
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019E4A1DA5EFC72367247CECC1F1686AC7AD
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/xM-ZylXWAX95SI4Vt1dbmQcRdU4.roa
Signing time:             Thu 21 May 2026 10:38:37 +0000
ROA not before:           Thu 21 May 2026 10:38:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208769
IP address blocks:        92.60.32.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 18:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4a:1d:a5:ef:c7:23:67:24:7c:ec:c1:f1:68:6a:c7:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: May 21 10:38:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c4cf99ca55d6017f79488e15b7575b990711754e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:3c:27:46:30:3c:99:6d:36:21:99:73:e8:99:
                    6c:79:58:ad:53:2d:1e:70:c6:5d:bf:f5:f3:f3:d8:
                    5e:9e:79:07:83:24:0c:5c:f3:c1:c1:95:9b:d7:69:
                    0b:0e:19:3c:7d:e3:35:97:e5:20:02:d8:f3:91:a9:
                    b6:63:6d:e9:41:17:11:a5:ee:7e:c5:45:53:a6:05:
                    c4:5b:0e:38:cc:57:78:d4:cb:04:c4:7f:8e:ec:76:
                    99:34:76:96:0f:a1:53:10:20:c0:8d:4c:5d:cf:d1:
                    e1:72:37:f1:85:52:49:0c:30:24:66:a4:d7:7e:fb:
                    90:1b:65:b9:2b:3e:79:88:af:95:3e:27:31:80:c8:
                    92:d0:7f:04:88:9b:c4:47:d9:4c:5d:dd:69:72:57:
                    a1:f2:f2:f3:5d:28:0c:15:9f:8a:da:84:e0:40:4d:
                    e9:25:e1:3e:d4:4c:26:24:67:e3:1a:6a:0c:9a:59:
                    45:46:36:26:17:57:c2:91:d4:9b:35:b8:ae:b1:60:
                    8b:37:3b:0f:b3:61:9f:f1:db:5a:f9:df:3a:16:d2:
                    a5:5d:b7:8e:6a:29:f9:0c:17:28:9e:31:3c:e3:00:
                    4f:dc:64:97:cb:7f:aa:31:f9:b8:41:67:45:68:7d:
                    b4:81:75:b3:fd:9e:2a:cd:ab:70:8d:fe:fb:71:84:
                    2b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:CF:99:CA:55:D6:01:7F:79:48:8E:15:B7:57:5B:99:07:11:75:4E
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/xM-ZylXWAX95SI4Vt1dbmQcRdU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:22:a6:62:01:a8:d4:05:8b:b9:f5:a7:0b:af:54:53:28:ce:
         bb:e8:fb:15:1c:3a:8b:10:46:c8:9d:ca:50:ec:a3:bf:41:1d:
         ed:30:09:8a:91:79:ea:08:be:69:f3:89:f2:c5:f6:12:28:ac:
         c0:61:a0:6a:22:ed:54:02:c2:ca:d7:9c:40:83:18:5a:0c:9e:
         7a:58:8a:54:fc:69:e5:3a:e6:37:6e:56:2a:05:0a:c3:d5:1e:
         4c:7f:1e:a7:73:b9:43:d7:3a:d3:e1:85:41:bf:d6:b2:f0:ab:
         dd:67:6e:1d:ed:5f:bd:9c:8a:30:62:17:6f:0e:35:4a:62:c3:
         09:cf:84:77:47:42:47:26:43:2e:5b:b1:b7:b3:c2:28:39:93:
         df:22:33:5d:68:e5:da:18:8f:89:ef:0b:b8:9c:c1:a9:5a:92:
         67:b8:3f:b3:68:75:91:d2:7a:eb:31:95:e9:a7:12:e9:60:f4:
         48:cf:3c:67:4e:82:bc:32:81:0c:8d:07:37:4c:b9:8b:85:9d:
         67:ed:be:06:32:8d:36:42:f8:b0:c0:2e:64:8d:17:04:d8:15:
         55:7e:84:ee:15:90:8c:03:13:73:75:31:7f:04:26:a9:78:8c:
         29:27:dc:67:9f:37:14:da:7b:76:98:24:77:d2:e9:32:95:cf:
         79:b2:15:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5KHaXvxyNnJHzswfFoasetMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwNTIxMTAzODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGNmOTljYTU1ZDYwMTdmNzk0ODhlMTViNzU3NWI5OTA3MTE3NTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDwnRjA8mW02IZlz6JlseVitUy0e
cMZdv/Xz89hennkHgyQMXPPBwZWb12kLDhk8feM1l+UgAtjzkam2Y23pQRcRpe5+
xUVTpgXEWw44zFd41MsExH+O7HaZNHaWD6FTECDAjUxdz9HhcjfxhVJJDDAkZqTX
fvuQG2W5Kz55iK+VPicxgMiS0H8EiJvER9lMXd1pcleh8vLzXSgMFZ+K2oTgQE3p
JeE+1EwmJGfjGmoMmllFRjYmF1fCkdSbNbiusWCLNzsPs2Gf8dta+d86FtKlXbeO
ain5DBconjE84wBP3GSXy3+qMfm4QWdFaH20gXWz/Z4qzatwjf77cYQrDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTPmcpV1gF/eUiOFbdXW5kHEXVOMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEveE0tWnlsWFdBWDk1U0k0VnQxZGJtUWNSZFU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXDwgMA0G
CSqGSIb3DQEBCwUAA4IBAQCAIqZiAajUBYu59acLr1RTKM676PsVHDqLEEbIncpQ
7KO/QR3tMAmKkXnqCL5p84nyxfYSKKzAYaBqIu1UAsLK15xAgxhaDJ56WIpU/Gnl
OuY3blYqBQrD1R5Mfx6nc7lD1zrT4YVBv9ay8KvdZ24d7V+9nIowYhdvDjVKYsMJ
z4R3R0JHJkMuW7G3s8IoOZPfIjNdaOXaGI+J7wu4nMGpWpJnuD+zaHWR0nrrMZXp
pxLpYPRIzzxnToK8MoEMjQc3TLmLhZ1n7b4GMo02QviwwC5kjRcE2BVVfoTuFZCM
AxNzdTF/BCapeIwpJ9xnnzcU2nt2mCR30ukylc95shVq
-----END CERTIFICATE-----