Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/TwYOtjEY80-NyJT06WWCDeGwrw8.roa
File:                     TwYOtjEY80-NyJT06WWCDeGwrw8.roa (raw, json)
Hash identifier:          M4rPYHdO0mCLV7ilrWZer486mWRQIfCyWuhMJAcNPsI=
Subject key identifier:   4F:06:0E:B6:31:18:F3:4F:8D:C8:94:F4:E9:65:82:0D:E1:B0:AF:0F
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019C8DDBF1D5EF42DA05480DECB831F00C42
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/TwYOtjEY80-NyJT06WWCDeGwrw8.roa
Signing time:             Tue 24 Feb 2026 04:15:27 +0000
ROA not before:           Tue 24 Feb 2026 04:15:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214783
IP address blocks:        5.83.148.0/24 maxlen: 24
                          89.106.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8d:db:f1:d5:ef:42:da:05:48:0d:ec:b8:31:f0:0c:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Feb 24 04:15:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4f060eb63118f34f8dc894f4e965820de1b0af0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:5f:5e:51:6f:fb:c4:ec:a9:5c:47:d8:1b:dc:
                    6c:f0:4a:4c:7f:80:f8:a3:c4:86:e6:57:d9:96:0c:
                    e6:db:15:a4:0c:88:a9:4b:d0:79:d1:f3:9c:d3:ff:
                    e7:0d:85:de:83:0d:07:3a:48:80:50:4f:86:84:ca:
                    be:7d:e5:90:77:a6:da:ce:0c:78:2e:12:a7:1e:2b:
                    63:0a:19:12:8a:b2:ec:03:e8:21:ba:93:d4:41:da:
                    14:17:bb:dc:25:6c:a7:0e:b0:82:61:75:27:10:61:
                    9d:f5:2d:79:7a:2f:2b:42:9e:eb:0f:5d:6e:42:77:
                    8b:76:ee:32:8a:65:fa:83:4c:29:13:b0:5f:18:42:
                    8d:a5:95:8f:c6:27:83:17:4a:d9:e5:5d:89:7e:c0:
                    f6:32:3f:bf:4e:3f:24:2f:b5:89:00:67:a9:c8:dc:
                    0f:da:b4:70:fc:ab:10:98:f7:05:94:e5:0c:33:51:
                    47:c3:79:a5:7f:f1:a6:31:c5:a3:b6:36:dc:7e:10:
                    80:86:0a:4c:40:93:18:f9:d6:fa:c9:6d:f0:db:4d:
                    f3:28:20:2e:37:0d:1c:eb:19:86:e1:f9:a0:35:10:
                    0b:7f:8a:f4:c0:af:54:ac:ad:a4:98:66:aa:00:27:
                    6a:d7:7f:0d:2f:5d:20:ac:6e:0c:1c:56:9b:84:e3:
                    75:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:06:0E:B6:31:18:F3:4F:8D:C8:94:F4:E9:65:82:0D:E1:B0:AF:0F
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/TwYOtjEY80-NyJT06WWCDeGwrw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.148.0/24
                  89.106.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:3b:17:d6:02:d1:0e:4c:46:f3:b2:18:5b:44:59:58:60:c1:
         9f:10:a6:06:0f:1a:72:90:03:1a:08:02:d4:99:65:4b:7b:c9:
         7b:c0:9f:0f:ca:7f:4e:13:d7:44:95:88:ba:69:c9:99:3c:8e:
         e0:fa:ed:43:d7:76:7d:bf:a1:77:06:b5:24:8d:b7:d9:b6:be:
         42:a2:0b:ac:cb:d4:5d:06:b4:d3:66:40:f2:01:38:8c:81:6b:
         21:80:a7:a5:07:0e:9f:51:eb:01:00:31:c4:e9:d0:4b:aa:ff:
         ce:a1:e0:28:8c:8c:16:7e:85:a9:68:92:93:28:92:e0:9b:4a:
         72:73:92:d3:a8:33:4c:9b:57:a1:9b:62:69:91:f7:23:5f:42:
         b4:25:3c:c5:fc:5f:03:2a:69:a7:66:d9:33:8e:03:d4:ec:d7:
         77:a1:70:90:a5:4b:96:fe:72:ae:f7:a0:7f:cf:1a:36:ba:3f:
         b7:0a:ff:c2:91:51:fe:f8:d1:12:db:57:e1:16:e0:d5:30:ab:
         e2:41:2c:04:25:76:b8:a8:03:b0:4c:59:40:c9:13:cb:fd:ea:
         a3:17:2b:74:a4:c3:82:4a:e7:d9:8e:28:ba:b2:21:6c:d6:9c:
         64:61:bb:79:dd:fc:39:94:5d:4d:bb:44:1d:b4:ed:34:0b:09:
         96:03:d1:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyN2/HV70LaBUgN7Lgx8AxCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMjI0MDQxNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjA2MGViNjMxMThmMzRmOGRjODk0ZjRlOTY1ODIwZGUxYjBhZjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1F9eUW/7xOypXEfYG9xs8EpMf4D4
o8SG5lfZlgzm2xWkDIipS9B50fOc0//nDYXegw0HOkiAUE+GhMq+feWQd6bazgx4
LhKnHitjChkSirLsA+ghupPUQdoUF7vcJWynDrCCYXUnEGGd9S15ei8rQp7rD11u
QneLdu4yimX6g0wpE7BfGEKNpZWPxieDF0rZ5V2JfsD2Mj+/Tj8kL7WJAGepyNwP
2rRw/KsQmPcFlOUMM1FHw3mlf/GmMcWjtjbcfhCAhgpMQJMY+db6yW3w203zKCAu
Nw0c6xmG4fmgNRALf4r0wK9UrK2kmGaqACdq138NL10grG4MHFabhON12wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE8GDrYxGPNPjciU9Ollgg3hsK8PMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvVHdZT3RqRVk4MC1OeUpUMDZXV0NEZUd3cnc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABVOUAwQA
WWpPMA0GCSqGSIb3DQEBCwUAA4IBAQBVOxfWAtEOTEbzshhbRFlYYMGfEKYGDxpy
kAMaCALUmWVLe8l7wJ8Pyn9OE9dElYi6acmZPI7g+u1D13Z9v6F3BrUkjbfZtr5C
ogusy9RdBrTTZkDyATiMgWshgKelBw6fUesBADHE6dBLqv/OoeAojIwWfoWpaJKT
KJLgm0pyc5LTqDNMm1ehm2JpkfcjX0K0JTzF/F8DKmmnZtkzjgPU7Nd3oXCQpUuW
/nKu96B/zxo2uj+3Cv/CkVH++NES21fhFuDVMKviQSwEJXa4qAOwTFlAyRPL/eqj
Fyt0pMOCSufZjii6siFs1pxkYbt53fw5lF1Nu0QdtO00CwmWA9H6
-----END CERTIFICATE-----