Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/85a03d-87c3-4401-9a0d-ab2bafa1ae4d/1/TCXCSy8OTt2z48kEbdsf0Ii50x4.roa
File:                     TCXCSy8OTt2z48kEbdsf0Ii50x4.roa (raw, json)
Hash identifier:          ABalj2aODIZMqx3xajCEDvRzB5V6E/YYH2xej8zDQ0M=
Subject key identifier:   4C:25:C2:4B:2F:0E:4E:DD:B3:E3:C9:04:6D:DB:1F:D0:88:B9:D3:1E
Certificate issuer:       /CN=37f4b91a3ffce9f97505a73cfd5e4ad4e35e042d
Certificate serial:       019B7910F97A7096367AB058060BACC39186
Authority key identifier: 37:F4:B9:1A:3F:FC:E9:F9:75:05:A7:3C:FD:5E:4A:D4:E3:5E:04:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N_S5Gj_86fl1Bac8_V5K1ONeBC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/85a03d-87c3-4401-9a0d-ab2bafa1ae4d/1/TCXCSy8OTt2z48kEbdsf0Ii50x4.roa
Signing time:             Thu 01 Jan 2026 10:18:34 +0000
ROA not before:           Thu 01 Jan 2026 10:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212059
IP address blocks:        91.235.182.0/24 maxlen: 24
                          2a10:c280::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/85a03d-87c3-4401-9a0d-ab2bafa1ae4d/1/N_S5Gj_86fl1Bac8_V5K1ONeBC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/85a03d-87c3-4401-9a0d-ab2bafa1ae4d/1/N_S5Gj_86fl1Bac8_V5K1ONeBC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N_S5Gj_86fl1Bac8_V5K1ONeBC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 10:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:f9:7a:70:96:36:7a:b0:58:06:0b:ac:c3:91:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37f4b91a3ffce9f97505a73cfd5e4ad4e35e042d
        Validity
            Not Before: Jan  1 10:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c25c24b2f0e4eddb3e3c9046ddb1fd088b9d31e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:44:02:eb:cc:f8:13:7f:b4:52:ae:67:1d:06:
                    4f:a8:7d:ab:0e:c6:24:7e:93:0a:ff:9d:1c:10:a2:
                    37:75:6c:66:d8:ef:aa:07:5b:d9:11:c7:69:e3:1e:
                    42:da:12:64:c9:b6:e9:12:31:fc:dc:91:62:bc:fe:
                    d1:8e:88:e3:73:ab:8a:06:f4:75:7f:1e:86:cf:4e:
                    a3:05:10:f3:d1:5b:59:63:59:02:3f:1f:c6:42:76:
                    cb:06:3a:49:5b:6b:fb:5c:6e:3c:bc:e5:f4:db:01:
                    f4:0d:b1:1b:f0:51:36:d3:c3:92:85:78:71:d2:92:
                    81:68:1b:77:ae:7a:1e:0f:ab:1c:2c:ff:76:46:82:
                    ac:74:c2:32:f9:76:b6:4d:ce:d1:ce:5e:a7:35:fd:
                    9b:fe:84:83:d2:62:d6:5b:9b:78:ff:28:72:11:b9:
                    c6:a3:58:36:06:01:70:00:f0:49:88:d0:78:e6:c5:
                    7b:00:c2:02:43:ec:4a:6d:f5:bd:ac:aa:c8:a4:e9:
                    66:6c:a8:35:17:05:d8:b4:f1:46:96:13:ad:ec:94:
                    11:21:f5:1c:8b:ef:5b:60:c4:d6:04:c3:c4:07:ed:
                    8b:2c:b7:b7:2b:df:7d:7c:85:1b:cc:e3:85:90:38:
                    f9:e6:fd:0e:69:f9:8a:7d:c7:71:ac:c5:3c:15:03:
                    dd:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:25:C2:4B:2F:0E:4E:DD:B3:E3:C9:04:6D:DB:1F:D0:88:B9:D3:1E
            X509v3 Authority Key Identifier:
                keyid:37:F4:B9:1A:3F:FC:E9:F9:75:05:A7:3C:FD:5E:4A:D4:E3:5E:04:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N_S5Gj_86fl1Bac8_V5K1ONeBC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/85a03d-87c3-4401-9a0d-ab2bafa1ae4d/1/TCXCSy8OTt2z48kEbdsf0Ii50x4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/85a03d-87c3-4401-9a0d-ab2bafa1ae4d/1/N_S5Gj_86fl1Bac8_V5K1ONeBC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.182.0/24
                IPv6:
                  2a10:c280::/32

    Signature Algorithm: sha256WithRSAEncryption
         9f:98:bc:b7:08:90:4b:1a:b1:6e:5e:75:6c:8d:1a:34:4f:11:
         28:5c:89:e5:49:bf:d5:32:2a:35:50:92:9c:01:89:b4:86:f1:
         29:bf:80:f1:a5:3e:e5:2e:ce:61:83:3c:ec:9d:08:bd:ad:16:
         b4:3c:d2:80:18:5f:18:b9:74:77:f8:07:de:71:e8:68:5b:d7:
         7b:4a:24:2a:68:92:a0:fb:0a:f8:9c:b9:4b:de:8e:c7:fd:e3:
         08:75:c0:db:ae:d6:ec:9c:5a:f7:c5:e6:8c:0e:01:2c:c1:3b:
         c6:ac:8c:7d:bb:86:bf:3e:8d:a5:c3:16:e9:da:87:93:96:9a:
         dd:32:33:b7:cd:79:76:0b:5b:e4:b8:46:ea:49:5b:7c:32:27:
         1a:b8:f2:30:a4:f7:52:38:b2:33:6f:67:eb:57:f7:1a:fc:16:
         70:d6:d2:aa:91:fc:d9:ed:98:94:ab:a1:4f:b1:22:66:b6:79:
         fb:57:26:6a:f9:08:fe:06:dd:7e:d7:b0:c9:d1:02:ba:c7:64:
         1d:c9:5d:87:53:6b:21:7f:80:96:75:85:92:94:80:d3:77:d7:
         2c:09:79:6c:9f:14:ff:e0:2f:b0:a2:cd:a1:c0:af:e5:62:07:
         43:fe:9f:18:a7:cb:53:c7:b0:5d:e4:28:6c:e7:d4:79:14:15:
         34:cc:fe:15
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt5EPl6cJY2erBYBgusw5GGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZjRiOTFhM2ZmY2U5Zjk3NTA1YTczY2ZkNWU0YWQ0ZTM1
ZTA0MmQwHhcNMjYwMTAxMTAxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzI1YzI0YjJmMGU0ZWRkYjNlM2M5MDQ2ZGRiMWZkMDg4YjlkMzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUQC68z4E3+0Uq5nHQZPqH2rDsYk
fpMK/50cEKI3dWxm2O+qB1vZEcdp4x5C2hJkybbpEjH83JFivP7Rjojjc6uKBvR1
fx6Gz06jBRDz0VtZY1kCPx/GQnbLBjpJW2v7XG48vOX02wH0DbEb8FE208OShXhx
0pKBaBt3rnoeD6scLP92RoKsdMIy+Xa2Tc7Rzl6nNf2b/oSD0mLWW5t4/yhyEbnG
o1g2BgFwAPBJiNB45sV7AMICQ+xKbfW9rKrIpOlmbKg1FwXYtPFGlhOt7JQRIfUc
i+9bYMTWBMPEB+2LLLe3K999fIUbzOOFkDj55v0OafmKfcdxrMU8FQPdowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEwlwksvDk7ds+PJBG3bH9CIudMeMB8GA1UdIwQY
MBaAFDf0uRo//On5dQWnPP1eStTjXgQtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTl9TNUdqXzg2ZmwxQmFjOF9WNUsxT05lQkMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS84NWEwM2QtODdjMy00NDAxLTlhMGQt
YWIyYmFmYTFhZTRkLzEvVENYQ1N5OE9UdDJ6NDhrRWJkc2YwSWk1MHg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS84NWEwM2QtODdjMy00NDAxLTlhMGQtYWIyYmFmYTFhZTRk
LzEvTl9TNUdqXzg2ZmwxQmFjOF9WNUsxT05lQkMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW+u2MA0E
AgACMAcDBQAqEMKAMA0GCSqGSIb3DQEBCwUAA4IBAQCfmLy3CJBLGrFuXnVsjRo0
TxEoXInlSb/VMio1UJKcAYm0hvEpv4DxpT7lLs5hgzzsnQi9rRa0PNKAGF8YuXR3
+AfecehoW9d7SiQqaJKg+wr4nLlL3o7H/eMIdcDbrtbsnFr3xeaMDgEswTvGrIx9
u4a/Po2lwxbp2oeTlprdMjO3zXl2C1vkuEbqSVt8MicauPIwpPdSOLIzb2frV/ca
/BZw1tKqkfzZ7ZiUq6FPsSJmtnn7VyZq+Qj+Bt1+17DJ0QK6x2QdyV2HU2shf4CW
dYWSlIDTd9csCXlsnxT/4C+wos2hwK/lYgdD/p8Yp8tTx7Bd5Chs59R5FBU0zP4V
-----END CERTIFICATE-----