Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/_kulSsBERP0ELPDSt-NygJ9L6l8.roa
File:                     _kulSsBERP0ELPDSt-NygJ9L6l8.roa (raw, json)
Hash identifier:          7Np67KHVIlBAT+vNEmxnNQ5GQAobtENDrMv2xG777mU=
Subject key identifier:   FE:4B:A5:4A:C0:44:44:FD:04:2C:F0:D2:B7:E3:72:80:9F:4B:EA:5F
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019C8929DA971200F53BED9CD0FC55E8058C
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/_kulSsBERP0ELPDSt-NygJ9L6l8.roa
Signing time:             Mon 23 Feb 2026 06:22:27 +0000
ROA not before:           Mon 23 Feb 2026 06:22:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51558
IP address blocks:        89.35.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:89:29:da:97:12:00:f5:3b:ed:9c:d0:fc:55:e8:05:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Feb 23 06:22:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fe4ba54ac04444fd042cf0d2b7e372809f4bea5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:7b:97:5f:a4:b1:72:88:df:50:64:eb:f5:dc:
                    1d:83:8e:da:a6:b5:f0:84:6b:60:57:0d:07:66:d1:
                    8e:4a:48:f6:75:9a:ea:7f:6f:f8:9a:fc:da:2e:40:
                    46:3d:1c:c7:0a:47:cf:b5:76:3c:c6:1e:7b:c5:5e:
                    28:37:c0:cb:b9:89:e3:69:8e:ea:00:de:0d:27:b8:
                    e1:67:ba:63:26:61:1e:61:38:ec:cf:79:e1:c0:bd:
                    db:9f:f0:76:d8:ad:09:94:74:ff:e3:5f:c7:7b:9d:
                    0d:8e:21:9e:9c:13:82:a1:21:55:b7:98:56:b6:ee:
                    29:e6:61:57:66:e1:df:7f:a9:00:0f:d2:4f:dd:f8:
                    73:cd:d7:cb:7d:b0:69:a1:74:66:6d:80:12:e9:56:
                    51:fd:e1:26:c7:ff:8c:a8:64:c7:7b:f7:13:fb:29:
                    a4:d9:dd:6e:bd:3c:b3:21:ce:40:51:af:9f:85:d8:
                    f1:ad:33:2d:52:fd:42:f8:f0:8b:ef:6b:4a:a1:b6:
                    4b:bd:54:11:f6:f8:2b:5b:0e:c9:ea:b0:7a:26:d7:
                    80:19:50:48:e9:9b:76:d5:a1:dc:d5:97:52:51:a5:
                    cb:af:2a:9c:26:2d:33:e6:8e:6e:59:5c:e4:e8:c1:
                    33:c8:49:dd:b9:e1:f9:d4:94:cd:77:dc:32:5f:9e:
                    55:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:4B:A5:4A:C0:44:44:FD:04:2C:F0:D2:B7:E3:72:80:9F:4B:EA:5F
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/_kulSsBERP0ELPDSt-NygJ9L6l8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:d0:d6:a4:a5:8f:fc:64:8b:ef:2f:25:76:06:d7:d5:98:66:
         f3:6f:a2:03:b1:18:c9:3a:73:b1:7e:df:f5:22:21:18:c1:8e:
         ee:54:84:3f:b8:6f:2a:9a:22:4f:9b:26:83:74:12:db:46:3a:
         e2:4d:9f:f6:a5:d2:53:50:36:ae:fa:21:55:98:90:ea:b3:7f:
         8e:cd:56:a5:c5:48:8d:d3:82:39:5f:db:01:62:e7:9c:6f:fa:
         b3:a8:5b:8f:85:bb:b4:ed:9b:83:8a:a1:28:76:32:d1:c5:b7:
         7f:79:8e:61:df:74:53:41:90:63:be:df:87:3d:4d:ae:4b:fb:
         05:7c:98:a4:c3:97:13:e1:a1:51:a5:80:8b:14:48:52:8a:dc:
         d0:ba:65:73:c0:18:5b:dd:a3:e6:2a:73:06:ff:43:ea:30:69:
         9f:a2:dc:64:09:a0:7d:c0:77:3e:dd:cf:be:6d:e8:77:6a:33:
         79:9f:fc:99:ca:35:75:e6:13:cb:60:46:ca:90:5b:96:bf:65:
         0a:3d:ac:0f:f9:6f:8c:7d:b8:fa:c9:6a:4d:8b:fa:8d:0e:9a:
         bf:ec:dd:9a:44:8c:6b:fb:5b:83:9c:75:33:84:e5:c5:ea:61:
         dd:94:d8:81:91:7e:3e:58:f5:c4:90:f6:6e:c8:15:6d:9c:60:
         6b:22:90:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyJKdqXEgD1O+2c0PxV6AWMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwMjIzMDYyMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTRiYTU0YWMwNDQ0NGZkMDQyY2YwZDJiN2UzNzI4MDlmNGJlYTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXuXX6SxcojfUGTr9dwdg47aprXw
hGtgVw0HZtGOSkj2dZrqf2/4mvzaLkBGPRzHCkfPtXY8xh57xV4oN8DLuYnjaY7q
AN4NJ7jhZ7pjJmEeYTjsz3nhwL3bn/B22K0JlHT/41/He50NjiGenBOCoSFVt5hW
tu4p5mFXZuHff6kAD9JP3fhzzdfLfbBpoXRmbYAS6VZR/eEmx/+MqGTHe/cT+ymk
2d1uvTyzIc5AUa+fhdjxrTMtUv1C+PCL72tKobZLvVQR9vgrWw7J6rB6JteAGVBI
6Zt21aHc1ZdSUaXLryqcJi0z5o5uWVzk6MEzyEndueH51JTNd9wyX55VdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP5LpUrARET9BCzw0rfjcoCfS+pfMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvX2t1bFNzQkVSUDBFTFBEU3QtTnlnSjlMNmw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSOCMA0G
CSqGSIb3DQEBCwUAA4IBAQBy0NakpY/8ZIvvLyV2BtfVmGbzb6IDsRjJOnOxft/1
IiEYwY7uVIQ/uG8qmiJPmyaDdBLbRjriTZ/2pdJTUDau+iFVmJDqs3+OzValxUiN
04I5X9sBYuecb/qzqFuPhbu07ZuDiqEodjLRxbd/eY5h33RTQZBjvt+HPU2uS/sF
fJikw5cT4aFRpYCLFEhSitzQumVzwBhb3aPmKnMG/0PqMGmfotxkCaB9wHc+3c++
beh3ajN5n/yZyjV15hPLYEbKkFuWv2UKPawP+W+Mfbj6yWpNi/qNDpq/7N2aRIxr
+1uDnHUzhOXF6mHdlNiBkX4+WPXEkPZuyBVtnGBrIpBn
-----END CERTIFICATE-----