Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/TYCz0AVdkObbbTpUKzE4RnghVc0.roa
File:                     TYCz0AVdkObbbTpUKzE4RnghVc0.roa (raw, json)
Hash identifier:          O/za7gdgFTJpyHPVW8MLZzI7hn9hsUcxWDequn7ZmdM=
Subject key identifier:   4D:80:B3:D0:05:5D:90:E6:DB:6D:3A:54:2B:31:38:46:78:21:55:CD
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019D722DD90FC93FA7A5BD78869CD91F2ACD
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/TYCz0AVdkObbbTpUKzE4RnghVc0.roa
Signing time:             Thu 09 Apr 2026 12:18:20 +0000
ROA not before:           Thu 09 Apr 2026 12:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40676
IP address blocks:        62.169.130.0/24 maxlen: 24
                          147.90.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:72:2d:d9:0f:c9:3f:a7:a5:bd:78:86:9c:d9:1f:2a:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Apr  9 12:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4d80b3d0055d90e6db6d3a542b313846782155cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:71:9d:a9:4c:82:b5:05:09:4d:97:02:99:33:
                    4c:27:92:31:14:51:f8:22:bf:27:bd:61:54:78:5d:
                    31:6f:7d:5a:73:7e:ca:36:73:33:12:9f:64:40:ee:
                    5a:f3:4a:d3:e8:52:6e:c1:56:6e:3f:eb:9b:98:59:
                    47:d9:7b:68:66:37:31:19:a8:46:85:cc:e5:3e:b1:
                    61:9c:fb:d0:e2:84:45:21:87:d2:62:33:96:b7:27:
                    24:ea:86:3d:2f:00:d1:f6:83:eb:f3:2a:09:54:cc:
                    1f:14:35:cc:32:da:e9:f7:01:25:20:45:18:32:27:
                    be:58:09:37:74:ac:51:54:a9:7d:1a:6a:79:91:dc:
                    58:70:b7:66:ad:ac:0f:4f:ad:a9:94:6e:2b:43:2b:
                    60:12:10:26:fe:86:3c:dd:d7:2e:da:70:33:de:a1:
                    99:83:e6:01:b9:05:81:4c:55:ae:a6:cf:61:95:76:
                    91:2b:2c:8b:b9:25:e1:b3:fd:89:4b:8f:28:83:10:
                    96:5f:b9:e8:db:79:ad:dc:8a:d2:f6:1f:34:d4:a3:
                    03:6f:01:50:c8:79:3e:08:8d:36:60:f7:45:4c:81:
                    c7:b3:1d:7f:bf:10:fc:02:6a:c9:46:77:74:65:f9:
                    3d:e3:52:b3:6b:ba:64:a4:a6:f9:7b:34:89:9b:a5:
                    7b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:80:B3:D0:05:5D:90:E6:DB:6D:3A:54:2B:31:38:46:78:21:55:CD
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/TYCz0AVdkObbbTpUKzE4RnghVc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.169.130.0/24
                  147.90.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:3c:a2:06:fc:ac:9c:05:00:3d:79:11:3c:69:05:04:b6:fd:
         0c:ab:ab:a4:b4:e2:92:17:43:d5:86:5f:c2:e7:58:53:8b:e9:
         cb:bb:bb:1e:c1:3a:9e:29:9f:1d:67:db:7d:0e:fc:aa:6c:78:
         54:90:00:39:86:30:00:30:de:3a:53:9a:b9:b9:a0:bf:61:76:
         82:e2:14:cc:fc:43:7d:82:13:72:e8:01:f7:23:ba:a2:e8:90:
         c6:46:88:fb:7c:39:67:72:81:f0:13:6e:f8:1f:62:ce:ce:fc:
         12:c4:bf:c5:46:8a:aa:95:98:7a:3e:06:da:8f:af:4b:6d:e4:
         b0:78:13:d7:ea:77:4f:89:db:04:b9:29:58:be:2f:a8:ac:c3:
         3c:96:18:43:ca:61:46:c1:6d:43:06:04:96:15:0b:5f:87:df:
         d6:96:e6:5e:61:f3:a3:17:44:e3:b0:a4:a0:af:3d:82:7e:52:
         66:a6:54:a6:ec:23:0b:84:57:9c:02:93:1e:60:e1:7c:6d:15:
         e0:16:b6:9d:e7:78:2e:b0:5c:5d:61:12:15:51:98:c7:a4:d1:
         c0:91:6a:cc:ba:24:75:9b:f4:ef:ed:17:0c:29:02:75:d4:9d:
         46:c9:06:2d:7b:82:7f:e4:5c:3c:59:b7:04:4e:ae:90:c4:43:
         ea:58:2b:a5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1yLdkPyT+npb14hpzZHyrNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwNDA5MTIxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDgwYjNkMDA1NWQ5MGU2ZGI2ZDNhNTQyYjMxMzg0Njc4MjE1NWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3XGdqUyCtQUJTZcCmTNMJ5IxFFH4
Ir8nvWFUeF0xb31ac37KNnMzEp9kQO5a80rT6FJuwVZuP+ubmFlH2XtoZjcxGahG
hczlPrFhnPvQ4oRFIYfSYjOWtyck6oY9LwDR9oPr8yoJVMwfFDXMMtrp9wElIEUY
Mie+WAk3dKxRVKl9Gmp5kdxYcLdmrawPT62plG4rQytgEhAm/oY83dcu2nAz3qGZ
g+YBuQWBTFWups9hlXaRKyyLuSXhs/2JS48ogxCWX7no23mt3IrS9h801KMDbwFQ
yHk+CI02YPdFTIHHsx1/vxD8AmrJRnd0Zfk941Kza7pkpKb5ezSJm6V7lQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE2As9AFXZDm2206VCsxOEZ4IVXNMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvVFlDejBBVmRrT2JiYlRwVUt6RTRSbmdoVmMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPqmCAwQA
k1rcMA0GCSqGSIb3DQEBCwUAA4IBAQC8PKIG/KycBQA9eRE8aQUEtv0Mq6uktOKS
F0PVhl/C51hTi+nLu7sewTqeKZ8dZ9t9DvyqbHhUkAA5hjAAMN46U5q5uaC/YXaC
4hTM/EN9ghNy6AH3I7qi6JDGRoj7fDlncoHwE274H2LOzvwSxL/FRoqqlZh6Pgba
j69LbeSweBPX6ndPidsEuSlYvi+orMM8lhhDymFGwW1DBgSWFQtfh9/WluZeYfOj
F0TjsKSgrz2CflJmplSm7CMLhFecApMeYOF8bRXgFrad53gusFxdYRIVUZjHpNHA
kWrMuiR1m/Tv7RcMKQJ11J1GyQYte4J/5Fw8WbcETq6QxEPqWCul
-----END CERTIFICATE-----