Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/tNRE72AaYL5xye6uieaRpXKWVIU.roa
File:                     tNRE72AaYL5xye6uieaRpXKWVIU.roa (raw, json)
Hash identifier:          VKbusTa09ya+dmyG0vaUZIVIXLGpa1vvblQAP3TIcT8=
Subject key identifier:   B4:D4:44:EF:60:1A:60:BE:71:C9:EE:AE:89:E6:91:A5:72:96:54:85
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       019D964904CB618F4B978676D1236673E836
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/tNRE72AaYL5xye6uieaRpXKWVIU.roa
Signing time:             Thu 16 Apr 2026 12:34:20 +0000
ROA not before:           Thu 16 Apr 2026 12:34:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196943
IP address blocks:        109.205.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:96:49:04:cb:61:8f:4b:97:86:76:d1:23:66:73:e8:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Apr 16 12:34:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4d444ef601a60be71c9eeae89e691a572965485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:3f:66:01:9a:9e:4f:13:03:02:b6:ef:cf:d2:
                    f2:5a:65:9a:11:77:47:c3:c8:bf:a5:8b:80:70:e0:
                    b8:14:92:ea:be:64:a4:17:73:9c:00:59:0d:2b:4f:
                    bb:24:94:03:c3:ca:b2:4a:42:49:2c:7f:1b:65:46:
                    e9:65:90:fd:c7:06:89:5e:dc:8c:d3:0f:51:91:3b:
                    ff:8c:a2:5b:81:f7:71:fd:44:10:ea:d7:39:84:be:
                    d4:6d:7e:21:4d:58:5e:c0:23:29:20:91:94:66:4e:
                    d7:91:9a:3f:93:3d:c9:14:05:c2:98:86:20:1d:71:
                    e6:72:ad:3f:bc:7d:bf:c8:45:46:41:10:32:e1:57:
                    1a:b7:a6:e3:55:ca:aa:d2:a2:a8:38:7c:85:9f:9e:
                    ff:dd:14:44:05:79:5a:6e:c3:e5:a1:2e:11:3f:e8:
                    d0:e6:c6:0d:d6:b2:32:2d:6c:58:58:23:d5:ef:1c:
                    af:93:87:b2:ef:74:35:67:2a:a8:71:88:82:73:72:
                    0e:f4:99:06:8c:04:d9:18:02:9d:01:c8:b5:d5:06:
                    cc:79:01:df:42:45:8f:48:75:9a:7d:e7:aa:73:e4:
                    f5:fb:59:88:18:15:95:1d:70:64:ff:50:fb:97:95:
                    f4:1a:e5:d1:f4:e9:11:10:b8:85:32:ce:be:d8:e3:
                    59:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:D4:44:EF:60:1A:60:BE:71:C9:EE:AE:89:E6:91:A5:72:96:54:85
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/tNRE72AaYL5xye6uieaRpXKWVIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:95:12:87:29:5b:d1:02:a1:54:c6:0e:4e:c1:1b:a0:34:e5:
         16:ac:c4:b9:62:b5:fa:2a:39:29:2c:6b:fb:30:0c:c9:90:71:
         19:d1:68:53:7a:9f:89:00:d7:eb:29:87:fe:3d:97:37:81:70:
         e7:38:12:50:cc:58:92:fe:fb:8a:75:05:b4:26:cf:b4:37:fb:
         8d:ee:90:b4:20:56:b1:c3:15:11:17:b5:e8:3b:35:cb:06:8e:
         05:01:df:a3:41:52:5f:c4:d4:29:d3:01:59:a5:03:71:4f:f6:
         ae:b8:6e:0b:30:71:0a:12:b3:cc:4a:01:24:52:19:bb:28:6a:
         c9:a5:35:1e:bb:8b:8b:2b:40:64:10:4c:a1:b1:f8:ed:c0:88:
         98:d2:3e:ad:b2:4d:ba:9f:c0:2d:3e:38:f7:c4:51:56:1d:2e:
         44:b6:aa:68:50:cc:8c:45:fb:d4:a7:ee:52:42:f9:56:fa:37:
         b5:18:59:9f:90:34:ac:bd:b4:0e:25:80:fc:4d:c7:f5:23:eb:
         3b:f7:05:87:7c:ce:d5:34:82:5d:a7:37:4f:ac:e3:ad:72:93:
         b8:19:a4:80:c3:7b:f0:a1:04:7b:bd:da:dc:85:36:cf:6b:5f:
         18:e4:fd:36:d8:c3:1d:d8:c9:17:92:f3:08:58:99:ba:8e:58:
         fd:11:9b:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2WSQTLYY9Ll4Z20SNmc+g2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjYwNDE2MTIzNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGQ0NDRlZjYwMWE2MGJlNzFjOWVlYWU4OWU2OTFhNTcyOTY1NDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnT9mAZqeTxMDArbvz9LyWmWaEXdH
w8i/pYuAcOC4FJLqvmSkF3OcAFkNK0+7JJQDw8qySkJJLH8bZUbpZZD9xwaJXtyM
0w9RkTv/jKJbgfdx/UQQ6tc5hL7UbX4hTVhewCMpIJGUZk7XkZo/kz3JFAXCmIYg
HXHmcq0/vH2/yEVGQRAy4Vcat6bjVcqq0qKoOHyFn57/3RREBXlabsPloS4RP+jQ
5sYN1rIyLWxYWCPV7xyvk4ey73Q1ZyqocYiCc3IO9JkGjATZGAKdAci11QbMeQHf
QkWPSHWafeeqc+T1+1mIGBWVHXBk/1D7l5X0GuXR9OkRELiFMs6+2ONZhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTURO9gGmC+ccnuronmkaVyllSFMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvdE5SRTcyQWFZTDV4eWU2dWllYVJwWEtXVklVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc31MA0G
CSqGSIb3DQEBCwUAA4IBAQB1lRKHKVvRAqFUxg5OwRugNOUWrMS5YrX6KjkpLGv7
MAzJkHEZ0WhTep+JANfrKYf+PZc3gXDnOBJQzFiS/vuKdQW0Js+0N/uN7pC0IFax
wxURF7XoOzXLBo4FAd+jQVJfxNQp0wFZpQNxT/auuG4LMHEKErPMSgEkUhm7KGrJ
pTUeu4uLK0BkEEyhsfjtwIiY0j6tsk26n8AtPjj3xFFWHS5EtqpoUMyMRfvUp+5S
QvlW+je1GFmfkDSsvbQOJYD8Tcf1I+s79wWHfM7VNIJdpzdPrOOtcpO4GaSAw3vw
oQR7vdrchTbPa18Y5P022MMd2MkXkvMIWJm6jlj9EZtf
-----END CERTIFICATE-----