Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/fa14e8-f716-4075-8614-3f495bf99431/1/900GBGddcKbHN0moklL4RI8XP74.roa
File:                     900GBGddcKbHN0moklL4RI8XP74.roa (raw, json)
Hash identifier:          QXatPAMorghI4vKMyxNqf8i6ro8kpdaQVOcNjWwnv4Y=
Subject key identifier:   F7:4D:06:04:67:5D:70:A6:C7:37:49:A8:92:52:F8:44:8F:17:3F:BE
Certificate issuer:       /CN=db4ea2aa8d34d43b4b641a3af30642849bf4a8fe
Certificate serial:       019ECF36D91515538E19EA1A76D25FB86F25
Authority key identifier: DB:4E:A2:AA:8D:34:D4:3B:4B:64:1A:3A:F3:06:42:84:9B:F4:A8:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/206iqo001DtLZBo68wZChJv0qP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/fa14e8-f716-4075-8614-3f495bf99431/1/900GBGddcKbHN0moklL4RI8XP74.roa
Signing time:             Tue 16 Jun 2026 06:55:38 +0000
ROA not before:           Tue 16 Jun 2026 06:55:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204761
IP address blocks:        185.31.57.0/24 maxlen: 32
                          194.53.60.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/fa14e8-f716-4075-8614-3f495bf99431/1/206iqo001DtLZBo68wZChJv0qP4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/fa14e8-f716-4075-8614-3f495bf99431/1/206iqo001DtLZBo68wZChJv0qP4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/206iqo001DtLZBo68wZChJv0qP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 22 Jun 2026 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cf:36:d9:15:15:53:8e:19:ea:1a:76:d2:5f:b8:6f:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db4ea2aa8d34d43b4b641a3af30642849bf4a8fe
        Validity
            Not Before: Jun 16 06:55:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f74d0604675d70a6c73749a89252f8448f173fbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:30:af:7c:00:c8:d6:ea:df:aa:6a:b6:47:d2:
                    0c:f5:19:5c:28:0f:53:e4:24:31:67:de:e5:bd:dd:
                    31:ff:a6:dc:f6:27:7b:7b:e4:97:5e:09:17:e5:6a:
                    d2:35:bb:8b:e3:07:78:38:30:47:61:3f:e7:93:d0:
                    32:8e:b5:7a:45:03:1d:a8:7f:d5:62:11:d4:0d:87:
                    02:b2:ac:88:f6:8a:61:91:53:c9:2c:ea:86:5c:82:
                    d9:d8:0e:ce:72:53:3a:f4:22:36:b0:10:be:b1:01:
                    88:a4:bf:15:3a:e8:b9:ac:10:f4:4d:e3:6e:2c:1d:
                    7e:32:9b:b2:79:0e:f4:12:3f:26:22:1a:88:3f:f8:
                    51:34:ef:de:16:39:82:e7:72:c5:d7:8a:5a:af:b9:
                    38:67:fa:87:8e:bf:3e:cd:3a:05:4d:8f:f3:59:13:
                    c8:2b:8a:2d:4a:ca:99:ea:1e:2f:9d:e5:59:4e:a0:
                    66:26:bc:bc:c1:6f:48:ae:c7:47:5c:84:54:27:18:
                    8a:98:39:b1:f1:a5:c8:c7:99:b7:a3:ad:cd:73:80:
                    65:3c:20:ff:fd:9a:19:ea:16:62:76:ca:92:c8:96:
                    78:de:ae:4e:2c:e5:49:ec:05:e1:c7:98:aa:75:3a:
                    f4:b2:20:b8:43:54:80:db:df:6d:52:4d:28:e2:eb:
                    a3:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:4D:06:04:67:5D:70:A6:C7:37:49:A8:92:52:F8:44:8F:17:3F:BE
            X509v3 Authority Key Identifier:
                keyid:DB:4E:A2:AA:8D:34:D4:3B:4B:64:1A:3A:F3:06:42:84:9B:F4:A8:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/206iqo001DtLZBo68wZChJv0qP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/fa14e8-f716-4075-8614-3f495bf99431/1/900GBGddcKbHN0moklL4RI8XP74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/fa14e8-f716-4075-8614-3f495bf99431/1/206iqo001DtLZBo68wZChJv0qP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.57.0/24
                  194.53.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:be:c2:78:06:0e:39:4b:38:e2:6a:c5:fc:c1:b7:67:5f:84:
         51:13:72:52:a1:58:97:b6:b1:f6:83:81:70:57:4e:c7:9d:b0:
         9e:bc:b3:a6:5d:22:e7:fc:53:0d:59:9a:16:c3:b7:df:9a:91:
         b6:3c:3d:18:b8:4b:cb:56:0a:c9:81:b0:e1:fa:71:c6:1f:ce:
         0c:19:a5:45:dd:43:0f:88:97:f4:33:fc:a5:a5:13:83:3a:bb:
         46:e7:d4:ef:82:32:eb:7a:fa:ab:4e:20:22:68:2c:e1:b2:8e:
         ea:e9:bc:81:75:a7:7d:a7:51:38:68:62:c7:bd:ee:3f:31:b2:
         33:89:3b:0c:d9:f6:94:69:c6:fb:eb:dc:4e:c3:0a:af:3f:15:
         2d:d9:c4:a0:97:e7:14:74:98:56:35:65:1d:a3:80:39:24:21:
         ca:0c:50:ae:25:a8:1b:cf:5b:15:6f:df:66:78:34:4e:4e:de:
         55:c8:a8:6f:b0:33:20:db:85:ec:42:03:9b:9d:7c:8a:a6:cb:
         9f:c0:01:bb:54:d5:7c:74:24:8f:f0:5e:6d:db:d2:ae:48:71:
         a7:2a:3c:fb:77:0c:fa:24:d0:51:87:26:13:52:d8:fa:8d:fd:
         ed:74:4d:07:77:e7:0c:0e:46:ac:0d:3d:23:6d:6a:a1:25:2b:
         1c:d1:b1:75
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7PNtkVFVOOGeoadtJfuG8lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiNGVhMmFhOGQzNGQ0M2I0YjY0MWEzYWYzMDY0Mjg0OWJm
NGE4ZmUwHhcNMjYwNjE2MDY1NTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzRkMDYwNDY3NWQ3MGE2YzczNzQ5YTg5MjUyZjg0NDhmMTczZmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzCvfADI1urfqmq2R9IM9RlcKA9T
5CQxZ97lvd0x/6bc9id7e+SXXgkX5WrSNbuL4wd4ODBHYT/nk9AyjrV6RQMdqH/V
YhHUDYcCsqyI9ophkVPJLOqGXILZ2A7OclM69CI2sBC+sQGIpL8VOui5rBD0TeNu
LB1+MpuyeQ70Ej8mIhqIP/hRNO/eFjmC53LF14par7k4Z/qHjr8+zToFTY/zWRPI
K4otSsqZ6h4vneVZTqBmJry8wW9IrsdHXIRUJxiKmDmx8aXIx5m3o63Nc4BlPCD/
/ZoZ6hZidsqSyJZ43q5OLOVJ7AXhx5iqdTr0siC4Q1SA299tUk0o4uujGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPdNBgRnXXCmxzdJqJJS+ESPFz++MB8GA1UdIwQY
MBaAFNtOoqqNNNQ7S2QaOvMGQoSb9Kj+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjA2aXFvMDAxRHRMWkJvNjh3WkNoSnYwcVA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9mYTE0ZTgtZjcxNi00MDc1LTg2MTQt
M2Y0OTViZjk5NDMxLzEvOTAwR0JHZGRjS2JITjBtb2tsTDRSSThYUDc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9mYTE0ZTgtZjcxNi00MDc1LTg2MTQtM2Y0OTViZjk5NDMx
LzEvMjA2aXFvMDAxRHRMWkJvNjh3WkNoSnYwcVA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuR85AwQA
wjU8MA0GCSqGSIb3DQEBCwUAA4IBAQCCvsJ4Bg45SzjiasX8wbdnX4RRE3JSoViX
trH2g4FwV07HnbCevLOmXSLn/FMNWZoWw7ffmpG2PD0YuEvLVgrJgbDh+nHGH84M
GaVF3UMPiJf0M/ylpRODOrtG59TvgjLrevqrTiAiaCzhso7q6byBdad9p1E4aGLH
ve4/MbIziTsM2faUacb769xOwwqvPxUt2cSgl+cUdJhWNWUdo4A5JCHKDFCuJagb
z1sVb99meDROTt5VyKhvsDMg24XsQgObnXyKpsufwAG7VNV8dCSP8F5t29KuSHGn
Kjz7dwz6JNBRhyYTUtj6jf3tdE0Hd+cMDkasDT0jbWqhJSsc0bF1
-----END CERTIFICATE-----