Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/L1z4gAbmtBr6IFjxlRf2f6QkURo.roa
File:                     L1z4gAbmtBr6IFjxlRf2f6QkURo.roa (raw, json)
Hash identifier:          wfR+HjJDOFvJipZLYW4jdBeVJSrQq986lvQU2WiKhq8=
Subject key identifier:   2F:5C:F8:80:06:E6:B4:1A:FA:20:58:F1:95:17:F6:7F:A4:24:51:1A
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019D7BE1ABCD31B08213680F1DEEAF557DFB
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/L1z4gAbmtBr6IFjxlRf2f6QkURo.roa
Signing time:             Sat 11 Apr 2026 09:31:20 +0000
ROA not before:           Sat 11 Apr 2026 09:31:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39391
IP address blocks:        89.33.176.0/22 maxlen: 24
                          139.28.8.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 02:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:7b:e1:ab:cd:31:b0:82:13:68:0f:1d:ee:af:55:7d:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Apr 11 09:31:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f5cf88006e6b41afa2058f19517f67fa424511a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3e:3a:f8:5b:91:5b:8c:70:1a:28:3c:57:48:
                    de:61:c5:1f:9d:5a:09:90:eb:72:66:69:f7:07:2e:
                    83:51:ed:db:32:e2:ae:63:8d:27:53:ad:20:68:27:
                    ff:63:3c:44:61:df:fc:b2:6d:91:06:76:b0:83:e7:
                    e9:12:9d:9e:12:7d:72:f8:27:51:06:63:8d:85:4f:
                    2c:6e:f1:2f:a6:87:d0:7e:23:a5:9e:ee:ab:84:89:
                    a6:79:b7:0a:03:89:17:50:8c:08:9e:15:ce:41:17:
                    d9:33:17:97:8e:bd:b3:7e:35:3d:11:15:5e:2c:c8:
                    5f:ed:56:af:5e:4d:e4:03:72:1e:e7:fe:f5:14:a4:
                    e8:05:5c:70:1c:1d:9f:ec:28:d7:47:9d:b9:7b:af:
                    f9:5d:50:87:c2:55:34:32:2f:18:6d:41:c9:2a:dd:
                    09:35:ca:7a:53:13:2a:ec:c6:20:25:a9:9e:1d:ee:
                    b7:87:54:64:70:bc:0c:f4:be:32:d0:c3:a1:4e:e2:
                    89:7b:70:df:a6:52:09:c4:7e:99:43:3d:b3:98:34:
                    12:0d:06:bd:18:b3:b3:20:91:67:93:36:b8:0b:61:
                    3b:25:7b:40:c8:96:ad:5e:69:1d:72:af:3b:31:bd:
                    9a:59:8f:3e:68:ea:61:29:5a:78:d7:4d:66:45:93:
                    43:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:5C:F8:80:06:E6:B4:1A:FA:20:58:F1:95:17:F6:7F:A4:24:51:1A
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/L1z4gAbmtBr6IFjxlRf2f6QkURo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.176.0/22
                  139.28.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:4f:17:8e:18:7e:e1:85:dc:69:47:15:05:1f:68:06:f8:ed:
         d5:7b:06:2f:07:48:4d:22:cc:04:a0:2d:04:25:33:8a:34:14:
         3a:15:64:1d:f7:3c:59:e5:14:9a:1a:31:92:da:d4:7e:f3:80:
         fc:03:6e:8a:e5:c5:c3:98:3d:44:43:8b:8e:48:d5:96:62:42:
         f5:1f:e8:67:37:b2:cb:34:de:96:17:70:e2:76:ec:e9:48:d8:
         e1:1b:86:7c:b9:10:ad:74:dd:34:38:96:51:1e:32:0b:22:00:
         11:b0:1f:40:b4:a3:0a:13:75:12:b4:57:41:9b:78:ba:10:d3:
         33:e7:69:97:2b:ed:57:b1:f4:09:b1:99:12:ef:10:e2:0f:18:
         7b:9e:8c:da:20:f8:c8:0a:99:e4:f2:7c:6e:ee:29:69:89:c9:
         96:09:5d:08:8b:ec:24:a5:72:2a:76:fe:c8:5d:55:04:7a:40:
         7a:ac:f5:ef:f3:9f:d3:56:00:46:ed:29:8f:9b:50:72:af:6d:
         0d:5f:3c:2d:ee:35:94:fa:1b:1d:21:48:1a:79:23:65:b7:aa:
         c1:c0:8d:fc:97:59:ff:9e:67:42:e9:b1:a4:22:dd:a8:a9:80:
         b2:21:60:53:a5:0b:2b:3a:c9:31:17:8a:2a:a4:27:1a:00:2c:
         9d:9c:88:3a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ174avNMbCCE2gPHe6vVX37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjYwNDExMDkzMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjVjZjg4MDA2ZTZiNDFhZmEyMDU4ZjE5NTE3ZjY3ZmE0MjQ1MTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsT46+FuRW4xwGig8V0jeYcUfnVoJ
kOtyZmn3By6DUe3bMuKuY40nU60gaCf/YzxEYd/8sm2RBnawg+fpEp2eEn1y+CdR
BmONhU8sbvEvpofQfiOlnu6rhImmebcKA4kXUIwInhXOQRfZMxeXjr2zfjU9ERVe
LMhf7VavXk3kA3Ie5/71FKToBVxwHB2f7CjXR525e6/5XVCHwlU0Mi8YbUHJKt0J
Ncp6UxMq7MYgJameHe63h1RkcLwM9L4y0MOhTuKJe3DfplIJxH6ZQz2zmDQSDQa9
GLOzIJFnkza4C2E7JXtAyJatXmkdcq87Mb2aWY8+aOphKVp4101mRZNDzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC9c+IAG5rQa+iBY8ZUX9n+kJFEaMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvTDF6NGdBYm10QnI2SUZqeGxSZjJmNlFrVVJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWSGwAwQC
ixwIMA0GCSqGSIb3DQEBCwUAA4IBAQA8TxeOGH7hhdxpRxUFH2gG+O3VewYvB0hN
IswEoC0EJTOKNBQ6FWQd9zxZ5RSaGjGS2tR+84D8A26K5cXDmD1EQ4uOSNWWYkL1
H+hnN7LLNN6WF3DiduzpSNjhG4Z8uRCtdN00OJZRHjILIgARsB9AtKMKE3UStFdB
m3i6ENMz52mXK+1XsfQJsZkS7xDiDxh7nozaIPjICpnk8nxu7ilpicmWCV0Ii+wk
pXIqdv7IXVUEekB6rPXv85/TVgBG7SmPm1Byr20NXzwt7jWU+hsdIUgaeSNlt6rB
wI38l1n/nmdC6bGkIt2oqYCyIWBTpQsrOskxF4oqpCcaACydnIg6
-----END CERTIFICATE-----