Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/fa14e8-f716-4075-8614-3f495bf99431/1/dhauksh82lvk3CvHqOPhX3IXawE.roa
File:                     dhauksh82lvk3CvHqOPhX3IXawE.roa (raw, json)
Hash identifier:          iiGzP9WBRt8OJXBEpBrbVxMcUTXU1wN9PYOKHSedXBI=
Subject key identifier:   76:16:AE:92:C8:7C:DA:5B:E4:DC:2B:C7:A8:E3:E1:5F:72:17:6B:01
Certificate issuer:       /CN=db4ea2aa8d34d43b4b641a3af30642849bf4a8fe
Certificate serial:       019ECF37AFAD5AA318DB9858EA996F4F4139
Authority key identifier: DB:4E:A2:AA:8D:34:D4:3B:4B:64:1A:3A:F3:06:42:84:9B:F4:A8:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/206iqo001DtLZBo68wZChJv0qP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/fa14e8-f716-4075-8614-3f495bf99431/1/dhauksh82lvk3CvHqOPhX3IXawE.roa
Signing time:             Tue 16 Jun 2026 06:56:33 +0000
ROA not before:           Tue 16 Jun 2026 06:56:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9466
IP address blocks:        185.31.58.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/fa14e8-f716-4075-8614-3f495bf99431/1/206iqo001DtLZBo68wZChJv0qP4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/fa14e8-f716-4075-8614-3f495bf99431/1/206iqo001DtLZBo68wZChJv0qP4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/206iqo001DtLZBo68wZChJv0qP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 22 Jun 2026 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cf:37:af:ad:5a:a3:18:db:98:58:ea:99:6f:4f:41:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db4ea2aa8d34d43b4b641a3af30642849bf4a8fe
        Validity
            Not Before: Jun 16 06:56:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7616ae92c87cda5be4dc2bc7a8e3e15f72176b01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:7e:cc:06:e5:50:ce:01:47:50:5d:d4:ef:0a:
                    99:ea:c6:a6:bd:36:57:77:fe:3a:75:ba:ae:b4:15:
                    ca:89:9f:8f:26:95:31:c0:18:e8:e8:d6:7e:39:3a:
                    8d:cf:a0:7b:7d:8d:f9:8e:26:db:b3:fd:41:29:d4:
                    f8:ae:b3:c8:de:9d:10:8f:d9:a9:ba:21:f7:08:e0:
                    78:63:ae:c1:7f:fd:99:fa:74:db:4e:ee:40:4a:b3:
                    25:25:42:8b:77:1b:63:34:69:2a:11:a7:35:dc:ae:
                    73:f6:50:94:a7:3c:dc:fb:83:a2:f8:85:58:29:22:
                    e7:fb:70:95:90:29:e8:56:5f:78:fb:3f:c5:1c:a5:
                    9b:ff:5c:db:19:46:cd:3a:6b:58:37:d1:f8:a0:e6:
                    c8:50:42:c1:7f:fb:3c:c6:b1:7f:3c:68:a1:47:a5:
                    85:3c:d8:d2:1d:16:76:3c:a4:68:c5:65:9f:dc:ae:
                    f9:0e:d7:90:3f:41:1f:c1:41:c4:bf:70:1e:85:51:
                    38:2f:0e:ab:7d:cc:20:34:93:bc:0a:67:d9:5d:34:
                    93:69:a8:4a:25:16:d6:89:0e:e3:fe:4e:a8:3f:48:
                    f6:7d:20:86:9c:2f:67:62:cb:28:88:72:b7:f2:a8:
                    ab:bd:45:53:9f:81:2f:e1:22:78:62:48:a4:4c:a3:
                    98:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:16:AE:92:C8:7C:DA:5B:E4:DC:2B:C7:A8:E3:E1:5F:72:17:6B:01
            X509v3 Authority Key Identifier:
                keyid:DB:4E:A2:AA:8D:34:D4:3B:4B:64:1A:3A:F3:06:42:84:9B:F4:A8:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/206iqo001DtLZBo68wZChJv0qP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/fa14e8-f716-4075-8614-3f495bf99431/1/dhauksh82lvk3CvHqOPhX3IXawE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/fa14e8-f716-4075-8614-3f495bf99431/1/206iqo001DtLZBo68wZChJv0qP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:51:bf:69:97:67:41:4a:a0:fd:d9:ac:67:55:6e:11:e8:97:
         3f:f5:b6:70:f1:91:75:05:e0:4e:d9:b0:5e:ad:9c:fb:d0:79:
         f4:ed:6a:1e:85:4e:82:e0:40:60:5c:49:2b:49:18:cd:14:cd:
         22:4d:63:5a:69:ef:42:1e:0c:94:09:2f:2a:dd:0d:30:22:92:
         0d:fa:d0:f3:16:db:23:09:dd:2d:11:2e:f4:ba:b4:23:c2:d6:
         85:02:05:f6:ae:d2:bd:36:d4:02:a3:53:fd:6e:a5:57:d3:4a:
         6d:7e:ef:fb:c9:c1:20:bd:b3:9c:3b:56:b8:a5:99:81:72:55:
         02:3b:0e:ab:23:55:fb:f5:23:4f:ce:cb:b2:14:f6:6d:ac:67:
         bf:3a:9c:a2:2e:52:81:83:58:a8:44:50:8a:e5:61:77:a6:32:
         5a:19:36:9d:56:e5:0c:63:74:a1:b8:dc:90:9f:e8:b6:60:1a:
         0d:77:86:ee:9f:c2:83:e9:6b:8a:5d:a6:b8:89:d2:46:53:f4:
         15:25:88:b2:c2:a7:47:cd:7b:38:a5:74:a4:48:eb:33:cf:90:
         74:24:1a:68:cf:1c:ff:ec:0f:c9:2c:9f:3b:9f:14:20:87:3a:
         48:4e:07:e9:31:aa:37:f8:bf:3f:fb:c2:a0:e0:30:70:98:31:
         b9:7e:5e:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7PN6+tWqMY25hY6plvT0E5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiNGVhMmFhOGQzNGQ0M2I0YjY0MWEzYWYzMDY0Mjg0OWJm
NGE4ZmUwHhcNMjYwNjE2MDY1NjMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjE2YWU5MmM4N2NkYTViZTRkYzJiYzdhOGUzZTE1ZjcyMTc2YjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3H7MBuVQzgFHUF3U7wqZ6samvTZX
d/46dbqutBXKiZ+PJpUxwBjo6NZ+OTqNz6B7fY35jibbs/1BKdT4rrPI3p0Qj9mp
uiH3COB4Y67Bf/2Z+nTbTu5ASrMlJUKLdxtjNGkqEac13K5z9lCUpzzc+4Oi+IVY
KSLn+3CVkCnoVl94+z/FHKWb/1zbGUbNOmtYN9H4oObIUELBf/s8xrF/PGihR6WF
PNjSHRZ2PKRoxWWf3K75DteQP0EfwUHEv3AehVE4Lw6rfcwgNJO8CmfZXTSTaahK
JRbWiQ7j/k6oP0j2fSCGnC9nYssoiHK38qirvUVTn4Ev4SJ4YkikTKOY1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHYWrpLIfNpb5Nwrx6jj4V9yF2sBMB8GA1UdIwQY
MBaAFNtOoqqNNNQ7S2QaOvMGQoSb9Kj+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjA2aXFvMDAxRHRMWkJvNjh3WkNoSnYwcVA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9mYTE0ZTgtZjcxNi00MDc1LTg2MTQt
M2Y0OTViZjk5NDMxLzEvZGhhdWtzaDgybHZrM0N2SHFPUGhYM0lYYXdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9mYTE0ZTgtZjcxNi00MDc1LTg2MTQtM2Y0OTViZjk5NDMx
LzEvMjA2aXFvMDAxRHRMWkJvNjh3WkNoSnYwcVA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR86MA0G
CSqGSIb3DQEBCwUAA4IBAQASUb9pl2dBSqD92axnVW4R6Jc/9bZw8ZF1BeBO2bBe
rZz70Hn07WoehU6C4EBgXEkrSRjNFM0iTWNaae9CHgyUCS8q3Q0wIpIN+tDzFtsj
Cd0tES70urQjwtaFAgX2rtK9NtQCo1P9bqVX00ptfu/7ycEgvbOcO1a4pZmBclUC
Ow6rI1X79SNPzsuyFPZtrGe/OpyiLlKBg1ioRFCK5WF3pjJaGTadVuUMY3ShuNyQ
n+i2YBoNd4bun8KD6WuKXaa4idJGU/QVJYiywqdHzXs4pXSkSOszz5B0JBpozxz/
7A/JLJ87nxQghzpITgfpMao3+L8/+8Kg4DBwmDG5fl76
-----END CERTIFICATE-----