Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/TAo6MRVzuphUUTe8SHz1rDt5UPc.roa
File:                     TAo6MRVzuphUUTe8SHz1rDt5UPc.roa (raw, json)
Hash identifier:          X+geN/q+wLgHXcEwxlpTtkILXYu5s/QvdelXRU1Bq8w=
Subject key identifier:   4C:0A:3A:31:15:73:BA:98:54:51:37:BC:48:7C:F5:AC:3B:79:50:F7
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019D6348C33EDBBD9FCCABAD1762AF1A8FF8
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/TAo6MRVzuphUUTe8SHz1rDt5UPc.roa
Signing time:             Mon 06 Apr 2026 14:53:26 +0000
ROA not before:           Mon 06 Apr 2026 14:53:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13213
IP address blocks:        89.125.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 19:46:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:63:48:c3:3e:db:bd:9f:cc:ab:ad:17:62:af:1a:8f:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr  6 14:53:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c0a3a311573ba98545137bc487cf5ac3b7950f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e5:7d:4a:65:bf:e3:f8:7b:14:dd:89:9c:fd:
                    3b:da:55:a2:a1:2d:99:2b:bd:f7:05:33:4d:48:f8:
                    31:d9:1b:b5:8b:ab:d3:e5:26:71:4e:8e:e0:10:b6:
                    b5:b5:98:21:0e:28:a2:85:ab:60:97:63:ec:c9:fb:
                    d5:49:24:d9:88:14:63:a5:0e:da:5d:91:34:ce:59:
                    a5:a9:b3:63:32:0b:1f:71:e4:1f:c5:63:4c:d0:88:
                    78:8d:88:e6:d7:6d:67:75:1a:80:c4:51:00:4c:7e:
                    59:f1:9f:8b:80:82:c5:25:01:63:d8:f2:c7:20:6c:
                    0b:60:b6:91:37:a4:32:02:33:a5:e3:34:94:be:75:
                    73:24:79:00:48:84:2d:e6:14:f8:3c:20:6e:69:ed:
                    59:05:df:28:7b:df:7d:f6:9e:a7:6a:cb:c4:f4:a6:
                    5d:62:43:ef:cf:db:9e:95:07:18:33:49:f1:24:75:
                    25:13:81:c2:6d:30:f9:89:ab:7c:2b:7c:95:36:fc:
                    60:3f:41:06:e8:de:ee:4b:d4:53:76:cf:c6:9a:2e:
                    1b:b3:c2:64:b9:53:f3:b0:bb:d8:e4:ec:cb:24:5b:
                    8b:b6:9e:16:50:4e:cd:ee:7a:79:69:03:e4:2e:96:
                    52:f4:8b:82:5e:71:bc:ce:86:90:83:1c:7b:21:6d:
                    54:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:0A:3A:31:15:73:BA:98:54:51:37:BC:48:7C:F5:AC:3B:79:50:F7
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/TAo6MRVzuphUUTe8SHz1rDt5UPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:9f:89:e5:76:e4:d3:38:49:61:14:3f:f2:d3:e4:58:02:e5:
         4b:27:52:34:bc:b3:8c:c0:95:41:2e:70:2f:ff:4d:cf:f1:7d:
         81:2e:ab:f7:1b:e0:a5:a7:45:f3:39:7d:3a:d0:2d:2b:e1:86:
         b3:af:ae:f3:1d:9d:12:db:c6:12:f9:40:7d:2c:c0:09:2d:c3:
         dd:69:51:e8:50:e4:a7:40:c8:ed:37:70:f0:a3:a4:eb:11:60:
         a6:bc:b1:71:08:a4:6a:8b:51:79:75:ab:94:29:c3:a9:aa:27:
         db:66:73:38:2a:f9:75:ec:9d:67:02:88:a7:a8:a1:ff:4a:5c:
         e3:5a:a9:f0:83:3f:77:0c:9d:1d:51:13:be:e4:56:11:41:a9:
         20:e2:eb:9f:e0:fc:27:84:59:94:a6:c4:42:10:e9:e9:a0:72:
         40:db:d4:ac:e5:d5:72:30:77:13:f2:42:c5:1d:c6:eb:7b:55:
         52:61:b9:18:f3:bf:75:85:12:c5:c9:66:71:eb:04:9e:fe:60:
         55:b5:5a:bb:f0:c0:8b:da:f2:55:f4:74:74:02:62:28:bb:79:
         23:75:cd:8c:56:2f:ba:28:3c:ba:fd:b6:46:09:7a:cb:e7:d8:
         87:f9:6d:98:8b:d5:bc:6d:ee:81:64:81:ff:d0:3e:8a:83:9b:
         51:b3:76:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1jSMM+272fzKutF2KvGo/4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDA2MTQ1MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzBhM2EzMTE1NzNiYTk4NTQ1MTM3YmM0ODdjZjVhYzNiNzk1MGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkeV9SmW/4/h7FN2JnP072lWioS2Z
K733BTNNSPgx2Ru1i6vT5SZxTo7gELa1tZghDiiihatgl2PsyfvVSSTZiBRjpQ7a
XZE0zlmlqbNjMgsfceQfxWNM0Ih4jYjm121ndRqAxFEATH5Z8Z+LgILFJQFj2PLH
IGwLYLaRN6QyAjOl4zSUvnVzJHkASIQt5hT4PCBuae1ZBd8oe9999p6nasvE9KZd
YkPvz9uelQcYM0nxJHUlE4HCbTD5iat8K3yVNvxgP0EG6N7uS9RTds/Gmi4bs8Jk
uVPzsLvY5OzLJFuLtp4WUE7N7np5aQPkLpZS9IuCXnG8zoaQgxx7IW1UlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwKOjEVc7qYVFE3vEh89aw7eVD3MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvVEFvNk1SVnp1cGhVVVRlOFNIejFyRHQ1VVBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWX0IMA0G
CSqGSIb3DQEBCwUAA4IBAQBOn4nlduTTOElhFD/y0+RYAuVLJ1I0vLOMwJVBLnAv
/03P8X2BLqv3G+Clp0XzOX060C0r4Yazr67zHZ0S28YS+UB9LMAJLcPdaVHoUOSn
QMjtN3Dwo6TrEWCmvLFxCKRqi1F5dauUKcOpqifbZnM4Kvl17J1nAoinqKH/Slzj
Wqnwgz93DJ0dURO+5FYRQakg4uuf4PwnhFmUpsRCEOnpoHJA29Ss5dVyMHcT8kLF
Hcbre1VSYbkY8791hRLFyWZx6wSe/mBVtVq78MCL2vJV9HR0AmIou3kjdc2MVi+6
KDy6/bZGCXrL59iH+W2Yi9W8be6BZIH/0D6Kg5tRs3a1
-----END CERTIFICATE-----