Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/8s1xGzgTbRIv0nPFTx2Q4IU5GTk.roa
File:                     8s1xGzgTbRIv0nPFTx2Q4IU5GTk.roa (raw, json)
Hash identifier:          ZcAPW5S3Qs6GKZwwXm/MFmPa2InCwduc34zXRova+YI=
Subject key identifier:   F2:CD:71:1B:38:13:6D:12:2F:D2:73:C5:4F:1D:90:E0:85:39:19:39
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019EA5BA4CACBA9E3A7F56B7E76B4725C794
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/8s1xGzgTbRIv0nPFTx2Q4IU5GTk.roa
Signing time:             Mon 08 Jun 2026 05:35:10 +0000
ROA not before:           Mon 08 Jun 2026 05:35:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206411
IP address blocks:        89.125.16.0/24 maxlen: 24
                          89.125.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a5:ba:4c:ac:ba:9e:3a:7f:56:b7:e7:6b:47:25:c7:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jun  8 05:35:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f2cd711b38136d122fd273c54f1d90e085391939
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:1b:29:77:6f:b8:b5:7c:be:5a:d2:1f:98:65:
                    71:32:4a:b5:51:ae:c5:70:51:aa:80:48:8d:bb:15:
                    84:48:a4:78:f4:ed:eb:ae:bb:a4:34:7d:92:97:aa:
                    cb:79:86:5a:9a:23:e8:59:77:0a:e7:53:1f:af:0a:
                    28:8a:37:7c:64:3e:7e:c9:4f:0a:64:b1:0a:ce:52:
                    20:e5:bb:39:ed:c2:9e:ad:e0:77:d9:4a:7e:77:b7:
                    7f:e4:9f:29:2f:70:4e:79:e8:6c:7a:60:05:8e:15:
                    49:22:7b:28:8a:25:3e:de:44:a8:c2:89:cd:6e:f5:
                    04:0c:b1:bd:4c:af:d2:fb:27:ab:4f:28:01:73:9d:
                    6e:1c:2d:1c:4b:0a:35:2b:bf:30:5c:9b:ff:ae:26:
                    c0:8c:1f:65:e7:3d:1a:23:ca:f6:1a:a4:18:78:fc:
                    bd:0c:24:d4:f4:61:25:60:d1:59:44:62:7f:da:59:
                    05:74:67:d3:b5:b9:ca:8d:ba:fa:ce:21:73:aa:f3:
                    d8:bb:fc:01:e9:54:0f:27:35:d2:c9:c1:bc:aa:42:
                    95:8e:5b:3f:64:41:1f:a9:b3:b5:19:66:7e:b0:46:
                    87:ba:ef:7f:37:da:d3:0a:58:dc:fa:d3:36:79:6a:
                    28:d4:ba:79:88:fb:3f:d8:37:aa:8b:51:06:6c:7f:
                    55:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:CD:71:1B:38:13:6D:12:2F:D2:73:C5:4F:1D:90:E0:85:39:19:39
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/8s1xGzgTbRIv0nPFTx2Q4IU5GTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.16.0/24
                  89.125.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:3f:3a:b0:e0:b8:94:b1:ff:33:fd:26:55:08:d8:cc:49:7c:
         27:a9:66:5a:4d:37:5f:02:5f:48:fd:9a:d0:e4:97:18:32:41:
         71:a9:1c:69:ec:72:e9:38:3f:2f:1b:40:15:23:c2:1e:7e:56:
         0d:b9:f3:7b:80:0b:73:22:98:87:87:60:23:f9:ae:06:96:d4:
         1f:b6:26:ea:f1:0f:01:79:1c:ff:4e:11:ca:41:31:42:82:73:
         65:90:03:ff:00:d9:76:0c:5d:3b:b3:74:d5:4d:a8:7e:40:49:
         40:85:e7:c4:2b:cb:d7:bf:cb:a8:7c:3d:33:87:53:b0:0e:80:
         29:15:41:3b:6a:47:5d:d0:8b:e6:a3:cc:49:e5:45:e3:ae:0d:
         b8:43:83:6e:6f:bb:24:c2:e9:16:16:20:4e:ec:97:dd:02:26:
         58:2d:80:7f:09:73:84:76:48:c8:25:72:e4:bd:a3:40:ab:33:
         b2:a2:b9:fa:c2:2c:03:17:39:09:7b:72:65:6b:21:ca:f9:4d:
         51:87:b4:ee:f0:7d:58:cd:82:45:3f:40:4c:5c:d4:20:45:bb:
         a3:7e:88:67:6a:3e:da:98:36:14:75:78:2c:31:9f:be:33:de:
         b2:9b:b2:83:0a:e0:9a:03:29:4c:c4:70:fb:7e:30:0a:62:d1:
         16:44:2b:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6lukysup46f1a352tHJceUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNjA4MDUzNTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmNkNzExYjM4MTM2ZDEyMmZkMjczYzU0ZjFkOTBlMDg1MzkxOTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihspd2+4tXy+WtIfmGVxMkq1Ua7F
cFGqgEiNuxWESKR49O3rrrukNH2Sl6rLeYZamiPoWXcK51Mfrwooijd8ZD5+yU8K
ZLEKzlIg5bs57cKereB32Up+d7d/5J8pL3BOeehsemAFjhVJInsoiiU+3kSowonN
bvUEDLG9TK/S+yerTygBc51uHC0cSwo1K78wXJv/ribAjB9l5z0aI8r2GqQYePy9
DCTU9GElYNFZRGJ/2lkFdGfTtbnKjbr6ziFzqvPYu/wB6VQPJzXSycG8qkKVjls/
ZEEfqbO1GWZ+sEaHuu9/N9rTCljc+tM2eWoo1Lp5iPs/2Deqi1EGbH9VhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPLNcRs4E20SL9JzxU8dkOCFORk5MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvOHMxeEd6Z1RiUkl2MG5QRlR4MlE0SVU1R1RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWX0QAwQA
WX0eMA0GCSqGSIb3DQEBCwUAA4IBAQANPzqw4LiUsf8z/SZVCNjMSXwnqWZaTTdf
Al9I/ZrQ5JcYMkFxqRxp7HLpOD8vG0AVI8IeflYNufN7gAtzIpiHh2Aj+a4GltQf
tibq8Q8BeRz/ThHKQTFCgnNlkAP/ANl2DF07s3TVTah+QElAhefEK8vXv8uofD0z
h1OwDoApFUE7akdd0Ivmo8xJ5UXjrg24Q4Nub7skwukWFiBO7JfdAiZYLYB/CXOE
dkjIJXLkvaNAqzOyorn6wiwDFzkJe3JlayHK+U1Rh7Tu8H1YzYJFP0BMXNQgRbuj
fohnaj7amDYUdXgsMZ++M96ym7KDCuCaAylMxHD7fjAKYtEWRCtF
-----END CERTIFICATE-----