Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/33154b-2941-4f70-8133-d48450521dd9/1/tgTwpFfHXIJ-4zvGVktRl18g6vA.roa
File:                     tgTwpFfHXIJ-4zvGVktRl18g6vA.roa (raw, json)
Hash identifier:          kjXIbzNvSA/lR/bgH5uNTLZdXALacffRt33zev7P/mI=
Subject key identifier:   B6:04:F0:A4:57:C7:5C:82:7E:E3:3B:C6:56:4B:51:97:5F:20:EA:F0
Certificate issuer:       /CN=b2cd035fab18a4b7826144563f60e7898a4ef0f1
Certificate serial:       019B7F151BD0021A93A56663ED2BEA635DF4
Authority key identifier: B2:CD:03:5F:AB:18:A4:B7:82:61:44:56:3F:60:E7:89:8A:4E:F0:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ss0DX6sYpLeCYURWP2DniYpO8PE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/33154b-2941-4f70-8133-d48450521dd9/1/tgTwpFfHXIJ-4zvGVktRl18g6vA.roa
Signing time:             Fri 02 Jan 2026 14:20:48 +0000
ROA not before:           Fri 02 Jan 2026 14:20:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212731
IP address blocks:        185.49.230.0/24 maxlen: 24
                          2a10:56c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/33154b-2941-4f70-8133-d48450521dd9/1/ss0DX6sYpLeCYURWP2DniYpO8PE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/33154b-2941-4f70-8133-d48450521dd9/1/ss0DX6sYpLeCYURWP2DniYpO8PE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ss0DX6sYpLeCYURWP2DniYpO8PE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 11:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:1b:d0:02:1a:93:a5:66:63:ed:2b:ea:63:5d:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2cd035fab18a4b7826144563f60e7898a4ef0f1
        Validity
            Not Before: Jan  2 14:20:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b604f0a457c75c827ee33bc6564b51975f20eaf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:71:13:82:92:1c:f8:ce:4d:5f:f4:8f:63:1a:
                    46:cb:63:fe:51:48:6a:06:b4:dc:ab:80:52:bc:cb:
                    54:0f:7e:91:d8:85:2f:40:65:2d:5d:2f:7e:3c:db:
                    d0:54:f5:fb:24:70:58:a5:38:32:8b:57:49:09:b1:
                    b9:f3:b6:26:bd:66:2b:39:ed:f9:4b:27:13:c4:4b:
                    59:a1:de:41:3c:b5:a6:6a:b7:55:d6:a4:de:cb:81:
                    fb:82:34:76:04:14:f6:23:d5:04:32:eb:bb:bb:4c:
                    49:16:fc:9e:51:da:d5:22:04:b7:22:29:f3:ab:04:
                    bb:4d:7a:8d:9e:33:32:6d:58:e8:5f:38:2f:05:81:
                    77:7b:c0:31:3f:02:cc:04:ce:53:61:82:68:52:b0:
                    87:76:50:d7:e0:68:30:8c:36:60:4c:4c:31:35:e6:
                    c3:e5:89:11:67:75:81:39:2b:b9:4c:d1:f0:ec:cc:
                    39:72:0c:6b:4a:4e:dd:c7:19:7d:46:9f:70:5d:dc:
                    cc:e4:d4:10:3d:c6:de:69:e0:dd:9d:a2:72:2c:e1:
                    6e:35:70:26:70:e7:3c:23:55:8f:ed:59:e6:f5:85:
                    74:1e:c6:73:73:7c:dc:c7:08:cf:01:4c:36:88:28:
                    5a:47:54:39:9e:ef:51:64:59:f4:b8:21:6e:d4:f0:
                    c3:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:04:F0:A4:57:C7:5C:82:7E:E3:3B:C6:56:4B:51:97:5F:20:EA:F0
            X509v3 Authority Key Identifier:
                keyid:B2:CD:03:5F:AB:18:A4:B7:82:61:44:56:3F:60:E7:89:8A:4E:F0:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ss0DX6sYpLeCYURWP2DniYpO8PE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/33154b-2941-4f70-8133-d48450521dd9/1/tgTwpFfHXIJ-4zvGVktRl18g6vA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/33154b-2941-4f70-8133-d48450521dd9/1/ss0DX6sYpLeCYURWP2DniYpO8PE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.230.0/24
                IPv6:
                  2a10:56c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b4:a0:37:8e:c8:8a:86:98:4c:b0:d2:e9:67:8f:26:ef:16:df:
         58:23:5a:3b:a2:5d:12:aa:50:36:2c:bd:05:20:ac:14:3b:69:
         32:11:f5:f4:5f:ce:d6:06:1a:a8:ca:99:1b:cb:af:13:0c:44:
         19:40:c8:03:0d:63:78:84:9c:2d:24:fc:2a:39:00:f1:6d:61:
         23:8f:34:5e:6c:22:1a:78:51:3f:9e:42:89:84:8e:96:77:42:
         17:4d:7d:fa:c7:28:42:03:c9:3f:c4:68:7a:a6:bf:d6:3c:3a:
         dc:8a:15:ff:66:02:ba:3f:d3:fa:ba:37:27:bb:30:1f:01:4e:
         6e:9e:9b:73:6c:95:fb:32:08:a8:24:9b:27:0d:41:63:50:0f:
         2e:0c:82:6a:8d:82:7b:ca:9b:99:d8:c9:eb:a6:8d:f4:01:50:
         5a:32:d7:a5:c9:d9:11:46:2b:98:66:28:ff:81:14:20:4e:24:
         f4:75:4e:53:ee:5a:21:89:ff:7f:bc:98:a3:b9:0c:62:68:4d:
         ee:77:63:f8:20:03:54:c0:86:f2:0b:c0:ff:6d:41:ef:d9:bc:
         d7:cb:b3:34:32:6c:79:94:23:0e:a8:3b:a5:d9:e1:6e:5b:cf:
         a4:1f:04:d8:01:0d:be:4d:ce:1d:81:df:28:49:17:05:32:a4:
         40:bc:19:4c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt/FRvQAhqTpWZj7SvqY130MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyY2QwMzVmYWIxOGE0Yjc4MjYxNDQ1NjNmNjBlNzg5OGE0
ZWYwZjEwHhcNMjYwMTAyMTQyMDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjA0ZjBhNDU3Yzc1YzgyN2VlMzNiYzY1NjRiNTE5NzVmMjBlYWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4nETgpIc+M5NX/SPYxpGy2P+UUhq
BrTcq4BSvMtUD36R2IUvQGUtXS9+PNvQVPX7JHBYpTgyi1dJCbG587YmvWYrOe35
SycTxEtZod5BPLWmardV1qTey4H7gjR2BBT2I9UEMuu7u0xJFvyeUdrVIgS3Iinz
qwS7TXqNnjMybVjoXzgvBYF3e8AxPwLMBM5TYYJoUrCHdlDX4GgwjDZgTEwxNebD
5YkRZ3WBOSu5TNHw7Mw5cgxrSk7dxxl9Rp9wXdzM5NQQPcbeaeDdnaJyLOFuNXAm
cOc8I1WP7Vnm9YV0HsZzc3zcxwjPAUw2iChaR1Q5nu9RZFn0uCFu1PDDNQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLYE8KRXx1yCfuM7xlZLUZdfIOrwMB8GA1UdIwQY
MBaAFLLNA1+rGKS3gmFEVj9g54mKTvDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3MwRFg2c1lwTGVDWVVSV1AyRG5pWXBPOFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zMzE1NGItMjk0MS00ZjcwLTgxMzMt
ZDQ4NDUwNTIxZGQ5LzEvdGdUd3BGZkhYSUotNHp2R1ZrdFJsMThnNnZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zMzE1NGItMjk0MS00ZjcwLTgxMzMtZDQ4NDUwNTIxZGQ5
LzEvc3MwRFg2c1lwTGVDWVVSV1AyRG5pWXBPOFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuTHmMA0E
AgACMAcDBQMqEFbAMA0GCSqGSIb3DQEBCwUAA4IBAQC0oDeOyIqGmEyw0ulnjybv
Ft9YI1o7ol0SqlA2LL0FIKwUO2kyEfX0X87WBhqoypkby68TDEQZQMgDDWN4hJwt
JPwqOQDxbWEjjzRebCIaeFE/nkKJhI6Wd0IXTX36xyhCA8k/xGh6pr/WPDrcihX/
ZgK6P9P6ujcnuzAfAU5unptzbJX7MgioJJsnDUFjUA8uDIJqjYJ7ypuZ2Mnrpo30
AVBaMtelydkRRiuYZij/gRQgTiT0dU5T7lohif9/vJijuQxiaE3ud2P4IANUwIby
C8D/bUHv2bzXy7M0Mmx5lCMOqDul2eFuW8+kHwTYAQ2+Tc4dgd8oSRcFMqRAvBlM
-----END CERTIFICATE-----