Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/TXYHKm8O-S9EX25pKrItB70jGPM.roa
File:                     TXYHKm8O-S9EX25pKrItB70jGPM.roa (raw, json)
Hash identifier:          wszfxIWeAk0k/AMxVspVOAqxcV7RMFs58Er+pZUgVWE=
Subject key identifier:   4D:76:07:2A:6F:0E:F9:2F:44:5F:6E:69:2A:B2:2D:07:BD:23:18:F3
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019EBCF93F4B263BD2BF5A1FB1B980BC09B4
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/TXYHKm8O-S9EX25pKrItB70jGPM.roa
Signing time:             Fri 12 Jun 2026 17:55:11 +0000
ROA not before:           Fri 12 Jun 2026 17:55:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209847
IP address blocks:        194.156.98.0/24 maxlen: 24
                          194.156.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 11:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bc:f9:3f:4b:26:3b:d2:bf:5a:1f:b1:b9:80:bc:09:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jun 12 17:55:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4d76072a6f0ef92f445f6e692ab22d07bd2318f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:87:a1:f8:ac:fa:30:6d:3a:3f:3b:38:c3:d8:
                    59:74:02:8c:ee:89:19:16:98:56:1f:70:f4:94:e5:
                    02:03:8a:11:b8:42:d2:68:08:19:5c:18:68:42:21:
                    53:c3:54:70:ce:16:4c:96:76:1e:15:5d:19:bb:42:
                    d8:33:b3:00:f4:e1:6f:35:6e:3d:5f:65:aa:fe:3d:
                    76:2c:91:d9:be:ab:10:b3:44:68:49:b2:0d:c3:bb:
                    a4:95:ba:60:43:ef:83:87:00:ba:73:df:d0:ab:d1:
                    bb:0b:0b:be:0f:84:16:2f:50:60:e8:df:73:dc:1b:
                    ec:0c:f5:40:ea:a6:22:00:3c:aa:b6:35:f1:98:ae:
                    87:24:18:08:ef:1f:4a:97:ae:31:fd:19:b4:9e:5f:
                    dd:8d:03:ca:4d:6c:86:7c:69:18:e6:1e:27:4a:a2:
                    06:db:24:4d:5c:58:c7:9d:ab:29:e4:39:0c:23:85:
                    b0:df:33:a5:03:74:aa:8e:cf:8d:58:c0:33:69:8a:
                    6f:69:d1:ce:ac:bb:c2:69:2f:f7:66:3c:31:f7:60:
                    99:d7:7a:75:c9:5e:03:61:9a:e8:f3:9c:c6:49:00:
                    bf:4f:10:15:44:d6:96:26:ae:ba:d9:4f:cb:12:e3:
                    b2:63:c8:ba:7f:fa:a8:ff:98:4b:a2:02:3e:d4:4c:
                    c9:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:76:07:2A:6F:0E:F9:2F:44:5F:6E:69:2A:B2:2D:07:BD:23:18:F3
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/TXYHKm8O-S9EX25pKrItB70jGPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:67:ee:d3:0d:ac:ab:2b:c7:48:4b:a1:1b:9c:b0:73:45:c4:
         c5:85:62:7b:f8:7b:3e:2a:cd:c3:c9:9a:a4:40:cb:6f:5a:64:
         9a:d2:24:16:13:41:f6:6e:a4:a6:88:57:db:38:a2:46:39:dd:
         ba:2e:89:36:06:84:6a:79:dc:e3:7b:ce:0b:9d:0b:6c:2f:14:
         0f:43:16:ab:f9:aa:f8:01:46:84:5d:83:63:c1:e6:81:6b:73:
         4a:b9:54:6e:0e:66:ec:b9:be:af:05:7b:e5:55:2c:84:33:cb:
         d4:e8:87:0b:f4:b1:fd:89:38:d9:2a:64:22:02:a7:8b:98:12:
         71:f7:0c:39:d4:48:99:3b:4e:27:59:78:6c:d4:bf:02:ec:04:
         fb:12:b3:04:1a:19:d1:c5:1d:8f:fc:7d:2f:97:f2:0f:ab:84:
         c9:4d:ea:3e:28:3b:ad:02:69:9e:c5:88:bc:52:1b:12:5a:ca:
         54:23:f2:2c:5a:69:b9:62:de:65:07:bd:2c:2d:aa:d7:10:72:
         27:74:d5:83:4f:7f:d9:d0:a9:fd:98:77:c8:c7:0b:3e:ad:51:
         93:ac:f3:c7:af:d3:8b:78:b8:55:fe:6b:87:65:20:5a:62:b9:
         e5:7a:a0:d8:87:4e:51:b4:47:36:0e:ee:df:9b:10:53:41:94:
         5f:92:1e:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ68+T9LJjvSv1ofsbmAvAm0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwNjEyMTc1NTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDc2MDcyYTZmMGVmOTJmNDQ1ZjZlNjkyYWIyMmQwN2JkMjMxOGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoeh+Kz6MG06Pzs4w9hZdAKM7okZ
FphWH3D0lOUCA4oRuELSaAgZXBhoQiFTw1RwzhZMlnYeFV0Zu0LYM7MA9OFvNW49
X2Wq/j12LJHZvqsQs0RoSbINw7uklbpgQ++DhwC6c9/Qq9G7Cwu+D4QWL1Bg6N9z
3BvsDPVA6qYiADyqtjXxmK6HJBgI7x9Kl64x/Rm0nl/djQPKTWyGfGkY5h4nSqIG
2yRNXFjHnasp5DkMI4Ww3zOlA3Sqjs+NWMAzaYpvadHOrLvCaS/3Zjwx92CZ13p1
yV4DYZro85zGSQC/TxAVRNaWJq662U/LEuOyY8i6f/qo/5hLogI+1EzJUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE12BypvDvkvRF9uaSqyLQe9IxjzMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvVFhZSEttOE8tUzlFWDI1cEtySXRCNzBqR1BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwpxiMA0G
CSqGSIb3DQEBCwUAA4IBAQA7Z+7TDayrK8dIS6EbnLBzRcTFhWJ7+Hs+Ks3DyZqk
QMtvWmSa0iQWE0H2bqSmiFfbOKJGOd26Lok2BoRqedzje84LnQtsLxQPQxar+ar4
AUaEXYNjweaBa3NKuVRuDmbsub6vBXvlVSyEM8vU6IcL9LH9iTjZKmQiAqeLmBJx
9ww51EiZO04nWXhs1L8C7AT7ErMEGhnRxR2P/H0vl/IPq4TJTeo+KDutAmmexYi8
UhsSWspUI/IsWmm5Yt5lB70sLarXEHIndNWDT3/Z0Kn9mHfIxws+rVGTrPPHr9OL
eLhV/muHZSBaYrnleqDYh05RtEc2Du7fmxBTQZRfkh7Q
-----END CERTIFICATE-----