Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/4sSWRq_EWybT4AKP-36FYZuveFg.roa
File:                     4sSWRq_EWybT4AKP-36FYZuveFg.roa (raw, json)
Hash identifier:          ZEaZi4UufNyPpzEOrSHn+g7WbtWm8ngKhSPi4MAO3Do=
Subject key identifier:   E2:C4:96:46:AF:C4:5B:26:D3:E0:02:8F:FB:7E:85:61:9B:AF:78:58
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019D8A3D84ACF5726907D769619FB06960A3
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/4sSWRq_EWybT4AKP-36FYZuveFg.roa
Signing time:             Tue 14 Apr 2026 04:26:20 +0000
ROA not before:           Tue 14 Apr 2026 04:26:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216039
IP address blocks:        89.125.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8a:3d:84:ac:f5:72:69:07:d7:69:61:9f:b0:69:60:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr 14 04:26:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2c49646afc45b26d3e0028ffb7e85619baf7858
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:0a:94:71:fd:f8:5a:ff:0d:1d:55:63:81:6a:
                    fe:e4:2d:b8:19:f3:a4:cc:2f:39:0c:b1:72:22:96:
                    6a:c5:48:4d:46:38:22:88:72:e3:b6:cf:27:8b:aa:
                    8c:86:a6:7e:96:a1:65:c7:74:15:3f:19:fb:25:cc:
                    2f:e9:a3:e9:a4:16:c5:b4:33:ba:25:24:2b:06:18:
                    7e:de:c9:b2:34:bf:d9:80:6a:a5:f9:04:e9:25:ef:
                    43:0c:19:86:99:6d:7a:b1:fa:04:d8:04:70:79:00:
                    4a:7c:50:19:a6:19:1f:25:51:9e:a0:89:c6:7f:d6:
                    e2:c8:cd:35:74:78:89:4e:7c:7a:c9:3b:bd:55:bb:
                    89:96:c7:6c:18:a4:03:1c:c4:3c:e9:a4:51:5d:8c:
                    ec:87:62:e4:07:dc:0f:d7:b0:09:e7:1b:85:ee:b5:
                    d5:e0:72:5d:7d:6f:04:08:0e:5f:67:98:e8:6a:d5:
                    25:eb:b3:bf:ac:06:d0:ba:31:57:f8:dd:3d:c7:72:
                    2f:bb:92:d2:45:fe:98:cf:0b:de:05:19:f5:6f:dc:
                    09:b9:65:3a:8f:78:35:26:ed:bb:c1:48:49:34:db:
                    fa:13:a1:7c:2f:f4:eb:61:19:c3:65:13:b4:11:68:
                    ea:71:0d:90:95:53:91:67:6d:6e:e1:b0:ba:ca:9a:
                    6e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:C4:96:46:AF:C4:5B:26:D3:E0:02:8F:FB:7E:85:61:9B:AF:78:58
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/4sSWRq_EWybT4AKP-36FYZuveFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:50:fe:5c:11:61:4e:e4:ca:5f:cb:fd:54:c9:1d:8c:3c:f1:
         d0:a7:67:78:20:57:b5:e3:00:32:39:6f:bf:f7:80:34:77:50:
         50:f5:ae:6c:da:56:17:3d:eb:0a:94:f1:dd:93:bf:63:46:52:
         ae:0d:14:e1:a5:c7:1d:ca:85:52:45:cd:3b:7f:76:00:3c:51:
         40:15:15:4f:42:ae:be:7f:7a:e0:08:b7:2e:5e:b7:27:e2:53:
         e8:1c:e9:16:a7:b2:ce:1b:b9:55:87:c7:80:da:2e:19:15:23:
         35:3a:74:45:82:8f:9f:75:5b:f0:52:dc:ae:b3:b0:6e:ba:43:
         4b:24:fd:3d:e2:a8:72:2b:75:4e:d4:fc:89:c0:da:1c:97:a3:
         99:04:b4:61:13:80:33:a2:06:df:1a:85:34:48:c6:2a:f2:ae:
         65:55:39:e0:89:a5:71:f8:11:ce:e0:3f:a0:81:3b:bd:e7:45:
         10:64:4d:f7:0e:b2:f8:a1:58:f2:a7:e9:92:12:5b:49:84:f8:
         b9:34:ad:88:7a:65:de:e2:67:c3:49:0f:fe:d5:71:9f:b4:5b:
         52:8e:f7:e8:f5:7b:f5:9f:e0:33:0e:c2:20:45:bd:8e:c6:36:
         76:d4:e1:fd:6f:e8:1f:0c:2b:3d:ae:7e:82:7d:b3:eb:50:61:
         76:3b:c2:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2KPYSs9XJpB9dpYZ+waWCjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDE0MDQyNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmM0OTY0NmFmYzQ1YjI2ZDNlMDAyOGZmYjdlODU2MTliYWY3ODU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwqUcf34Wv8NHVVjgWr+5C24GfOk
zC85DLFyIpZqxUhNRjgiiHLjts8ni6qMhqZ+lqFlx3QVPxn7Jcwv6aPppBbFtDO6
JSQrBhh+3smyNL/ZgGql+QTpJe9DDBmGmW16sfoE2ARweQBKfFAZphkfJVGeoInG
f9biyM01dHiJTnx6yTu9VbuJlsdsGKQDHMQ86aRRXYzsh2LkB9wP17AJ5xuF7rXV
4HJdfW8ECA5fZ5joatUl67O/rAbQujFX+N09x3Ivu5LSRf6YzwveBRn1b9wJuWU6
j3g1Ju27wUhJNNv6E6F8L/TrYRnDZRO0EWjqcQ2QlVORZ21u4bC6yppu5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOLElkavxFsm0+ACj/t+hWGbr3hYMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvNHNTV1JxX0VXeWJUNEFLUC0zNkZZWnV2ZUZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWX19MA0G
CSqGSIb3DQEBCwUAA4IBAQAVUP5cEWFO5Mpfy/1UyR2MPPHQp2d4IFe14wAyOW+/
94A0d1BQ9a5s2lYXPesKlPHdk79jRlKuDRThpccdyoVSRc07f3YAPFFAFRVPQq6+
f3rgCLcuXrcn4lPoHOkWp7LOG7lVh8eA2i4ZFSM1OnRFgo+fdVvwUtyus7BuukNL
JP094qhyK3VO1PyJwNocl6OZBLRhE4AzogbfGoU0SMYq8q5lVTngiaVx+BHO4D+g
gTu950UQZE33DrL4oVjyp+mSEltJhPi5NK2IemXe4mfDSQ/+1XGftFtSjvfo9Xv1
n+AzDsIgRb2OxjZ21OH9b+gfDCs9rn6CfbPrUGF2O8K+
-----END CERTIFICATE-----