Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/Sz8lUlwp2Rw_e_O5bIinLYBtbDY.roa
File:                     Sz8lUlwp2Rw_e_O5bIinLYBtbDY.roa (raw, json)
Hash identifier:          F3yScYj/FLGcvxBW6+hv9GizuArl2qKPP/OXb60RNhc=
Subject key identifier:   4B:3F:25:52:5C:29:D9:1C:3F:7B:F3:B9:6C:88:A7:2D:80:6D:6C:36
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       019D8B11001F4319933C93E8949B9732F911
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/Sz8lUlwp2Rw_e_O5bIinLYBtbDY.roa
Signing time:             Tue 14 Apr 2026 08:17:20 +0000
ROA not before:           Tue 14 Apr 2026 08:17:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61102
IP address blocks:        89.46.239.0/24 maxlen: 24
                          2a03:f80:972::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8b:11:00:1f:43:19:93:3c:93:e8:94:9b:97:32:f9:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Apr 14 08:17:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4b3f25525c29d91c3f7bf3b96c88a72d806d6c36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e2:a7:a6:71:7d:8a:78:65:91:f5:85:d0:e0:
                    75:1a:b5:98:a8:a3:d6:63:d2:4a:cd:37:54:99:b6:
                    1b:86:cb:0e:42:69:d7:97:2a:be:72:9e:57:69:1b:
                    32:48:ed:f8:1e:4d:91:42:e9:c9:bb:d6:48:de:2b:
                    98:ff:2f:be:34:72:6a:33:f0:76:41:bb:9b:f0:58:
                    ac:f0:38:d9:94:60:e3:2d:d5:b1:0f:94:6d:ef:27:
                    6e:33:ce:25:8b:1a:56:c3:73:47:96:77:7b:46:eb:
                    ae:00:d0:bc:9c:a5:ee:47:64:b9:6b:06:db:e2:5c:
                    14:40:8e:a2:a7:3c:3c:00:52:e7:fb:32:6f:2d:9a:
                    60:97:c2:2d:22:c3:4d:8a:08:0c:88:d4:e5:ae:b6:
                    ea:50:67:c0:6a:95:2a:63:8c:d9:c4:37:6c:87:c8:
                    2c:a2:d9:bd:58:fd:5a:35:98:e0:36:63:ee:bf:7d:
                    ce:8e:c4:b6:8b:25:16:2f:b6:58:ad:1c:93:2c:16:
                    6a:9e:13:fa:21:be:2b:fe:81:3f:8e:72:de:37:17:
                    ff:4b:d6:6f:12:6d:65:1a:7c:3d:fc:7b:59:9b:d6:
                    65:a7:e2:58:51:a2:9c:cb:56:05:4b:2b:1f:17:9a:
                    73:2f:cc:02:08:5e:9e:73:bb:81:bf:a0:c8:db:5e:
                    b1:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:3F:25:52:5C:29:D9:1C:3F:7B:F3:B9:6C:88:A7:2D:80:6D:6C:36
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/Sz8lUlwp2Rw_e_O5bIinLYBtbDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.239.0/24
                IPv6:
                  2a03:f80:972::/48

    Signature Algorithm: sha256WithRSAEncryption
         bc:65:c9:73:ae:cb:58:e9:91:6b:f6:d3:f1:4e:65:e2:a6:2f:
         cc:b5:dd:ee:c5:46:e2:62:8b:56:84:e0:1e:21:a6:8b:08:14:
         a0:ff:61:45:14:24:a9:61:99:13:c6:69:67:fb:5c:94:a5:58:
         83:7a:8b:cd:8f:40:a1:5e:5c:32:a0:0f:f1:e6:8a:45:6a:05:
         b4:af:4d:c4:d8:21:fe:29:70:31:b8:3b:2a:b1:91:78:97:f7:
         94:d7:44:2d:20:21:f6:b3:92:1b:37:70:0a:7a:1c:65:57:86:
         03:76:6c:85:e9:7a:dd:a0:72:e0:02:0d:4c:8c:9b:d3:b4:c3:
         01:b7:b5:aa:28:6d:1b:6b:e7:4c:f9:36:1c:13:7e:22:c7:50:
         f4:75:27:6c:00:3a:0f:4a:cf:9e:31:3b:64:7c:b0:dc:69:ad:
         f1:10:fa:0e:60:2b:6a:03:ac:80:61:81:24:eb:a2:d3:3a:f9:
         13:ed:51:ff:d2:45:62:1a:c1:5a:4c:e3:92:79:3c:3d:45:3d:
         3e:69:72:a4:12:83:43:07:e6:90:7a:a8:5f:74:c2:83:4e:e6:
         8d:4b:fd:50:cf:3d:6a:78:a0:06:01:4d:99:b2:0f:a6:25:89:
         ec:ec:df:30:1b:67:27:69:92:fe:25:46:6f:b0:6b:6c:87:83:
         76:c2:ab:11
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ2LEQAfQxmTPJPolJuXMvkRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjYwNDE0MDgxNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjNmMjU1MjVjMjlkOTFjM2Y3YmYzYjk2Yzg4YTcyZDgwNmQ2YzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuKnpnF9inhlkfWF0OB1GrWYqKPW
Y9JKzTdUmbYbhssOQmnXlyq+cp5XaRsySO34Hk2RQunJu9ZI3iuY/y++NHJqM/B2
Qbub8Fis8DjZlGDjLdWxD5Rt7yduM84lixpWw3NHlnd7RuuuANC8nKXuR2S5awbb
4lwUQI6ipzw8AFLn+zJvLZpgl8ItIsNNiggMiNTlrrbqUGfAapUqY4zZxDdsh8gs
otm9WP1aNZjgNmPuv33OjsS2iyUWL7ZYrRyTLBZqnhP6Ib4r/oE/jnLeNxf/S9Zv
Em1lGnw9/HtZm9Zlp+JYUaKcy1YFSysfF5pzL8wCCF6ec7uBv6DI216xSwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEs/JVJcKdkcP3vzuWyIpy2AbWw2MB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvU3o4bFVsd3AyUndfZV9PNWJJaW5MWUJ0YkRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAWS7vMA8E
AgACMAkDBwAqAw+ACXIwDQYJKoZIhvcNAQELBQADggEBALxlyXOuy1jpkWv20/FO
ZeKmL8y13e7FRuJii1aE4B4hposIFKD/YUUUJKlhmRPGaWf7XJSlWIN6i82PQKFe
XDKgD/HmikVqBbSvTcTYIf4pcDG4OyqxkXiX95TXRC0gIfazkhs3cAp6HGVXhgN2
bIXpet2gcuACDUyMm9O0wwG3taoobRtr50z5NhwTfiLHUPR1J2wAOg9Kz54xO2R8
sNxprfEQ+g5gK2oDrIBhgSTrotM6+RPtUf/SRWIawVpM45J5PD1FPT5pcqQSg0MH
5pB6qF90woNO5o1L/VDPPWp4oAYBTZmyD6Yliezs3zAbZydpkv4lRm+wa2yHg3bC
qxE=
-----END CERTIFICATE-----