Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/f760d0-2f67-4307-9f0c-3993b50b2064/1/8TyLnCMDPzgZ8FZyvfSKQcjoWSQ.roa
File:                     8TyLnCMDPzgZ8FZyvfSKQcjoWSQ.roa (raw, json)
Hash identifier:          8UCd4ALkr3MSQe6tVhV16Z6R2CoDRh6brDobVRt1DEI=
Subject key identifier:   F1:3C:8B:9C:23:03:3F:38:19:F0:56:72:BD:F4:8A:41:C8:E8:59:24
Certificate issuer:       /CN=988296c50d94bbed225f2867231fa5093debea91
Certificate serial:       019E2D89A80E412B031D0929012FE351C08C
Authority key identifier: 98:82:96:C5:0D:94:BB:ED:22:5F:28:67:23:1F:A5:09:3D:EB:EA:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mIKWxQ2Uu-0iXyhnIx-lCT3r6pE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/f760d0-2f67-4307-9f0c-3993b50b2064/1/8TyLnCMDPzgZ8FZyvfSKQcjoWSQ.roa
Signing time:             Fri 15 May 2026 21:27:36 +0000
ROA not before:           Fri 15 May 2026 21:27:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     10753
IP address blocks:        45.95.72.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/f760d0-2f67-4307-9f0c-3993b50b2064/1/mIKWxQ2Uu-0iXyhnIx-lCT3r6pE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/f760d0-2f67-4307-9f0c-3993b50b2064/1/mIKWxQ2Uu-0iXyhnIx-lCT3r6pE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mIKWxQ2Uu-0iXyhnIx-lCT3r6pE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2d:89:a8:0e:41:2b:03:1d:09:29:01:2f:e3:51:c0:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=988296c50d94bbed225f2867231fa5093debea91
        Validity
            Not Before: May 15 21:27:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f13c8b9c23033f3819f05672bdf48a41c8e85924
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d3:8c:80:93:8e:8e:97:1f:9e:e7:35:5c:d0:
                    a4:8b:0c:63:c5:e7:e6:68:5f:40:59:81:ca:59:af:
                    2e:93:3d:af:51:4b:c0:6a:b0:c5:6a:0f:8e:cd:2f:
                    79:47:39:0f:2f:46:5a:be:10:0c:96:25:15:9a:11:
                    fc:42:a2:09:01:16:8d:93:00:00:b3:e7:57:71:e7:
                    aa:c5:8a:fb:37:bf:74:0a:27:90:36:e1:2a:9f:6b:
                    79:90:96:22:aa:98:e2:78:29:a3:c5:7f:1d:a5:98:
                    49:d7:8d:47:bc:88:e2:a6:c4:58:b9:99:ea:19:da:
                    5e:f4:6a:13:5c:ec:92:84:06:67:95:ab:a0:79:63:
                    4c:f8:0c:fe:5e:40:04:62:72:ff:b1:13:9c:20:8c:
                    cb:db:49:bf:a5:c9:fd:9b:85:6e:b0:fa:9d:3b:44:
                    c9:d8:9e:b4:62:d0:d6:65:fa:26:64:ad:98:1c:70:
                    da:89:37:50:25:74:81:80:20:11:d2:7f:f7:61:c9:
                    5b:f5:b1:c3:80:78:a8:45:6a:aa:67:5f:48:c7:51:
                    2c:c0:0e:55:2e:d9:e7:72:1e:67:37:8f:98:06:52:
                    2c:08:15:03:27:14:b2:6e:ec:5c:38:04:eb:d2:15:
                    40:97:51:72:e0:02:2d:1d:83:68:ee:90:fd:a7:33:
                    b8:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:3C:8B:9C:23:03:3F:38:19:F0:56:72:BD:F4:8A:41:C8:E8:59:24
            X509v3 Authority Key Identifier:
                keyid:98:82:96:C5:0D:94:BB:ED:22:5F:28:67:23:1F:A5:09:3D:EB:EA:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mIKWxQ2Uu-0iXyhnIx-lCT3r6pE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/f760d0-2f67-4307-9f0c-3993b50b2064/1/8TyLnCMDPzgZ8FZyvfSKQcjoWSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/f760d0-2f67-4307-9f0c-3993b50b2064/1/mIKWxQ2Uu-0iXyhnIx-lCT3r6pE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:f9:50:43:f0:0e:4a:b1:6c:11:a6:e1:02:36:60:ec:91:be:
         e5:3e:6f:be:e0:8c:60:3b:f5:27:b4:8f:b3:ac:4b:e1:c8:04:
         b7:57:06:ae:4b:a1:6e:8e:15:c4:03:71:bd:48:66:50:48:46:
         1b:4d:57:24:d8:7a:ef:89:b1:2e:5a:3f:36:ad:44:a2:b4:98:
         11:bf:ca:16:e0:8a:e5:31:38:05:bd:3f:5b:ce:8f:7e:d9:83:
         c9:3e:51:8e:f7:7c:e2:37:55:d8:55:4c:33:b2:9f:42:50:57:
         56:f5:59:2b:d2:02:6e:2e:41:f4:b5:c9:f6:cb:ca:eb:e1:1a:
         f2:39:68:fd:8e:98:30:b3:26:cb:9b:bb:56:78:7d:25:5c:13:
         e6:4a:19:0e:45:2d:a7:0c:8f:6c:e9:c8:62:ce:cb:d4:ec:e2:
         e2:b6:ae:cc:d7:e0:ff:77:d0:13:7d:33:47:ca:ac:a7:5c:96:
         fd:9f:76:5f:69:29:17:bd:8f:8e:65:8c:8f:6c:22:53:79:de:
         24:5e:68:1a:18:c3:6b:d5:c4:1c:64:85:a2:46:14:23:7c:26:
         21:0c:c9:fe:34:d5:9f:8a:a1:1e:ad:2e:56:a1:2b:87:73:0e:
         aa:cd:81:2e:7f:ed:23:9e:aa:26:ad:6b:db:ad:fe:df:66:70:
         6d:e3:d5:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4tiagOQSsDHQkpAS/jUcCMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ODI5NmM1MGQ5NGJiZWQyMjVmMjg2NzIzMWZhNTA5M2Rl
YmVhOTEwHhcNMjYwNTE1MjEyNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTNjOGI5YzIzMDMzZjM4MTlmMDU2NzJiZGY0OGE0MWM4ZTg1OTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29OMgJOOjpcfnuc1XNCkiwxjxefm
aF9AWYHKWa8ukz2vUUvAarDFag+OzS95RzkPL0ZavhAMliUVmhH8QqIJARaNkwAA
s+dXceeqxYr7N790CieQNuEqn2t5kJYiqpjieCmjxX8dpZhJ141HvIjipsRYuZnq
Gdpe9GoTXOyShAZnlaugeWNM+Az+XkAEYnL/sROcIIzL20m/pcn9m4VusPqdO0TJ
2J60YtDWZfomZK2YHHDaiTdQJXSBgCAR0n/3Yclb9bHDgHioRWqqZ19Ix1EswA5V
Ltnnch5nN4+YBlIsCBUDJxSybuxcOATr0hVAl1Fy4AItHYNo7pD9pzO4TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPE8i5wjAz84GfBWcr30ikHI6FkkMB8GA1UdIwQY
MBaAFJiClsUNlLvtIl8oZyMfpQk96+qRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUlLV3hRMlV1LTBpWHlobkl4LWxDVDNyNnBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9mNzYwZDAtMmY2Ny00MzA3LTlmMGMt
Mzk5M2I1MGIyMDY0LzEvOFR5TG5DTURQemdaOEZaeXZmU0tRY2pvV1NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9mNzYwZDAtMmY2Ny00MzA3LTlmMGMtMzk5M2I1MGIyMDY0
LzEvbUlLV3hRMlV1LTBpWHlobkl4LWxDVDNyNnBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLV9IMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ+VBD8A5KsWwRpuECNmDskb7lPm++4IxgO/UntI+z
rEvhyAS3VwauS6FujhXEA3G9SGZQSEYbTVck2HrvibEuWj82rUSitJgRv8oW4Irl
MTgFvT9bzo9+2YPJPlGO93ziN1XYVUwzsp9CUFdW9Vkr0gJuLkH0tcn2y8rr4Rry
OWj9jpgwsybLm7tWeH0lXBPmShkORS2nDI9s6chizsvU7OLitq7M1+D/d9ATfTNH
yqynXJb9n3ZfaSkXvY+OZYyPbCJTed4kXmgaGMNr1cQcZIWiRhQjfCYhDMn+NNWf
iqEerS5WoSuHcw6qzYEuf+0jnqomrWvbrf7fZnBt49V/
-----END CERTIFICATE-----