Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/tEF7W8QAASjmD3ZJv31PpbtJPmE.roa
File:                     tEF7W8QAASjmD3ZJv31PpbtJPmE.roa (raw, json)
Hash identifier:          +pnJPXwKfh/vR28pIs9jPAqM5aVgozefoHrHe0Y59Zs=
Subject key identifier:   B4:41:7B:5B:C4:00:01:28:E6:0F:76:49:BF:7D:4F:A5:BB:49:3E:61
Certificate issuer:       /CN=8cd52439cac2719b64e85b26ff0ea8468d57960e
Certificate serial:       019B775881BFA91EF22CA9C0361C6E70B9D4
Authority key identifier: 8C:D5:24:39:CA:C2:71:9B:64:E8:5B:26:FF:0E:A8:46:8D:57:96:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/tEF7W8QAASjmD3ZJv31PpbtJPmE.roa
Signing time:             Thu 01 Jan 2026 02:17:27 +0000
ROA not before:           Thu 01 Jan 2026 02:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206356
IP address blocks:        194.48.228.0/22 maxlen: 24
                          2a0c:efc0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:81:bf:a9:1e:f2:2c:a9:c0:36:1c:6e:70:b9:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cd52439cac2719b64e85b26ff0ea8468d57960e
        Validity
            Not Before: Jan  1 02:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4417b5bc4000128e60f7649bf7d4fa5bb493e61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:f7:f7:9b:ab:5c:4e:b4:3c:44:23:15:a1:9c:
                    52:43:a3:08:e8:9d:75:ec:79:3a:51:b8:80:3f:91:
                    80:2f:b5:9f:14:a4:57:3c:eb:88:4d:97:bf:3b:7f:
                    f3:ae:20:6c:be:a3:83:f3:38:e1:fe:0f:1e:ad:8c:
                    eb:3e:98:e0:ee:97:7a:5d:e7:c5:7a:40:2a:3e:c5:
                    06:4e:61:b0:82:95:47:91:10:81:c2:88:c2:21:d8:
                    86:a3:9f:78:f8:a0:d0:d3:1c:9f:c4:13:38:e2:9f:
                    5a:51:ab:79:25:b9:b2:7b:51:f3:d3:71:84:74:c9:
                    3b:07:72:6e:00:a9:65:7b:9b:02:71:bb:2a:2f:e2:
                    03:6a:02:a2:40:73:06:e1:8c:f1:ee:79:5c:d6:23:
                    18:2e:23:03:84:c1:00:60:e0:91:07:6d:31:4b:e5:
                    f9:6c:0e:7a:cb:ab:21:38:4e:6e:18:e8:c5:ec:10:
                    8b:fa:b0:f2:3f:8d:d5:13:5c:7b:68:a0:9d:6e:1a:
                    8f:40:0c:fb:f1:aa:d8:84:f1:6a:5f:85:fd:22:e2:
                    25:aa:ca:9a:20:58:4b:d6:d6:c7:66:08:a1:cd:d0:
                    58:51:68:f1:72:6e:24:bb:53:0e:68:b2:dd:9b:ee:
                    7c:79:2d:47:a9:d2:d7:43:4a:46:cd:b6:44:a3:b1:
                    a6:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:41:7B:5B:C4:00:01:28:E6:0F:76:49:BF:7D:4F:A5:BB:49:3E:61
            X509v3 Authority Key Identifier:
                keyid:8C:D5:24:39:CA:C2:71:9B:64:E8:5B:26:FF:0E:A8:46:8D:57:96:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/tEF7W8QAASjmD3ZJv31PpbtJPmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/cd3711-7084-4b15-bc25-3e4a026df000/1/jNUkOcrCcZtk6Fsm_w6oRo1Xlg4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.228.0/22
                IPv6:
                  2a0c:efc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:51:d7:e7:c2:1c:76:e9:b3:62:15:0f:61:08:f0:ee:fb:5d:
         3e:45:88:5e:07:c5:cd:15:f2:15:44:80:15:9f:6b:39:a5:b0:
         fd:ea:30:34:cf:b3:72:c0:19:6b:5e:69:d4:46:81:c3:3a:ae:
         fd:9c:0c:b2:25:33:03:10:4a:b3:27:c2:5e:91:06:bd:a5:49:
         9b:04:e3:fd:e4:ca:ee:de:92:6a:eb:41:cb:72:29:b9:5e:b1:
         8d:14:c8:1f:03:67:34:17:d2:59:7a:21:61:c7:e3:6a:05:f3:
         09:3d:2a:64:7d:61:f9:dc:63:69:66:7d:01:df:5b:bf:a3:4b:
         d8:49:c9:23:e5:b2:8c:83:0e:49:56:c5:53:54:e5:50:b7:0c:
         9e:ce:4d:69:8a:c8:14:25:82:ea:39:55:22:81:8a:5c:6c:ba:
         e3:28:99:c5:af:ae:7f:e6:a2:d8:0b:92:86:e3:8c:d3:83:58:
         39:20:33:ce:e5:7d:a4:5b:4b:a3:38:94:84:a8:4b:3e:85:6e:
         fa:dd:00:b3:e5:a2:cc:98:db:86:92:c2:53:d5:9b:2a:9c:ae:
         08:f4:41:d9:eb:4a:42:0c:84:ba:4e:5d:c1:9c:6a:52:1a:b9:
         f9:bf:3a:4f:f9:f5:57:23:51:9d:f4:fe:52:42:f6:c8:34:e9:
         51:04:5e:01
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt3WIG/qR7yLKnANhxucLnUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZDUyNDM5Y2FjMjcxOWI2NGU4NWIyNmZmMGVhODQ2OGQ1
Nzk2MGUwHhcNMjYwMTAxMDIxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDQxN2I1YmM0MDAwMTI4ZTYwZjc2NDliZjdkNGZhNWJiNDkzZTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzff3m6tcTrQ8RCMVoZxSQ6MI6J11
7Hk6UbiAP5GAL7WfFKRXPOuITZe/O3/zriBsvqOD8zjh/g8erYzrPpjg7pd6XefF
ekAqPsUGTmGwgpVHkRCBwojCIdiGo594+KDQ0xyfxBM44p9aUat5Jbmye1Hz03GE
dMk7B3JuAKlle5sCcbsqL+IDagKiQHMG4Yzx7nlc1iMYLiMDhMEAYOCRB20xS+X5
bA56y6shOE5uGOjF7BCL+rDyP43VE1x7aKCdbhqPQAz78arYhPFqX4X9IuIlqsqa
IFhL1tbHZgihzdBYUWjxcm4ku1MOaLLdm+58eS1HqdLXQ0pGzbZEo7GmxwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLRBe1vEAAEo5g92Sb99T6W7ST5hMB8GA1UdIwQY
MBaAFIzVJDnKwnGbZOhbJv8OqEaNV5YOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak5Va09jckNjWnRrNkZzbV93Nm9SbzFYbGc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jZDM3MTEtNzA4NC00YjE1LWJjMjUt
M2U0YTAyNmRmMDAwLzEvdEVGN1c4UUFBU2ptRDNaSnYzMVBwYnRKUG1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jZDM3MTEtNzA4NC00YjE1LWJjMjUtM2U0YTAyNmRmMDAw
LzEvak5Va09jckNjWnRrNkZzbV93Nm9SbzFYbGc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwjDkMA0E
AgACMAcDBQMqDO/AMA0GCSqGSIb3DQEBCwUAA4IBAQCfUdfnwhx26bNiFQ9hCPDu
+10+RYheB8XNFfIVRIAVn2s5pbD96jA0z7NywBlrXmnURoHDOq79nAyyJTMDEEqz
J8JekQa9pUmbBOP95Mru3pJq60HLcim5XrGNFMgfA2c0F9JZeiFhx+NqBfMJPSpk
fWH53GNpZn0B31u/o0vYSckj5bKMgw5JVsVTVOVQtwyezk1pisgUJYLqOVUigYpc
bLrjKJnFr65/5qLYC5KG44zTg1g5IDPO5X2kW0ujOJSEqEs+hW763QCz5aLMmNuG
ksJT1ZsqnK4I9EHZ60pCDIS6Tl3BnGpSGrn5vzpP+fVXI1Gd9P5SQvbINOlRBF4B
-----END CERTIFICATE-----