Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/aOdlmFANH_Jc0nDsMcPDKQgpbYs.roa
File:                     aOdlmFANH_Jc0nDsMcPDKQgpbYs.roa (raw, json)
Hash identifier:          dWeweznTfGlQV/SrjXR3l89fBPyVZCalOlDRfK7thCo=
Subject key identifier:   68:E7:65:98:50:0D:1F:F2:5C:D2:70:EC:31:C3:C3:29:08:29:6D:8B
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019D72FCC14F64C2F70135E281316767295B
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/aOdlmFANH_Jc0nDsMcPDKQgpbYs.roa
Signing time:             Thu 09 Apr 2026 16:04:20 +0000
ROA not before:           Thu 09 Apr 2026 16:04:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51765
IP address blocks:        89.125.108.0/22 maxlen: 22
                          89.125.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 19:46:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:72:fc:c1:4f:64:c2:f7:01:35:e2:81:31:67:67:29:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr  9 16:04:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68e76598500d1ff25cd270ec31c3c32908296d8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d3:df:09:28:a1:1f:20:e6:cc:d1:17:5c:da:
                    00:ad:a7:aa:84:c0:c6:89:12:82:a5:23:73:73:28:
                    51:5a:07:47:9d:6d:96:78:f2:91:ad:37:f5:9c:38:
                    e7:bd:fb:11:2c:b9:a2:87:11:d3:75:14:9e:b7:38:
                    42:5d:4d:61:7e:2e:a3:71:ac:34:65:56:b5:13:c7:
                    84:70:51:3a:60:70:5e:2e:e2:50:0e:3c:bc:e6:68:
                    23:98:6a:b5:37:9c:a9:9f:74:b0:1b:49:be:13:3e:
                    c6:24:5e:e4:5e:e9:d9:0b:6c:cb:8f:38:fc:16:09:
                    43:12:a4:57:e1:6c:1e:7b:50:8b:a5:ec:52:9a:93:
                    b8:6d:d4:66:86:89:1b:66:d8:55:39:2e:5d:cb:27:
                    7c:26:b5:4b:2c:3a:ea:cc:07:10:15:58:d9:67:ec:
                    0d:21:56:f9:24:2c:ab:da:9f:24:cd:11:21:41:3d:
                    f9:a5:a0:ee:98:3c:0b:98:dc:15:4f:96:38:27:fd:
                    cf:c2:06:a1:c5:38:fd:ea:bf:7d:96:a8:40:e7:b4:
                    4a:07:8d:5e:34:82:7d:a3:a8:0b:98:6a:31:6f:59:
                    18:0b:c2:49:24:bf:96:2e:99:97:9f:e0:63:b1:df:
                    83:cd:92:6e:52:5f:2d:dc:c9:43:e9:7b:cb:d4:87:
                    cc:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:E7:65:98:50:0D:1F:F2:5C:D2:70:EC:31:C3:C3:29:08:29:6D:8B
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/aOdlmFANH_Jc0nDsMcPDKQgpbYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.108.0/22
                  89.125.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:a7:d1:47:a0:dc:80:b5:eb:18:47:a3:dd:59:a9:df:96:64:
         19:ff:24:a2:3b:27:62:34:99:8b:ab:aa:8a:fe:38:e6:fe:3b:
         67:98:51:97:8b:f0:75:bd:bb:cb:fb:70:90:9e:b5:b4:4b:a9:
         02:e8:f0:9e:79:33:ef:ad:75:85:f6:eb:4e:0d:60:e9:9b:93:
         34:08:03:1c:68:50:68:0e:f5:59:65:a7:58:39:2f:69:3e:c0:
         70:4d:78:ad:bc:2e:0e:a2:bf:5e:eb:ae:e8:d0:6f:b0:2b:39:
         be:41:a9:52:bd:4d:ce:13:08:9c:45:8f:8c:6b:74:74:19:d4:
         03:65:a6:da:40:c2:54:c5:ad:a1:7b:46:02:71:82:00:5f:c6:
         d7:f2:97:fa:d0:5a:93:39:65:a5:c5:0a:22:5f:12:70:2d:1d:
         96:51:e3:ef:2c:94:d4:c9:05:04:63:53:52:8a:3d:bc:80:02:
         3d:d5:01:74:3e:55:bc:31:0f:8e:f8:f5:f7:f8:01:83:52:10:
         99:f9:04:cf:c2:8f:0e:37:6b:25:a6:73:df:e8:f0:0e:b9:b9:
         6e:8f:25:57:50:28:68:d6:ea:8c:13:fd:a5:ab:f0:4d:5f:4a:
         be:9e:34:06:2a:4e:bb:39:16:a1:5c:ed:f9:16:e4:d2:c6:da:
         be:f0:4b:75
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1y/MFPZML3ATXigTFnZylbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDA5MTYwNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGU3NjU5ODUwMGQxZmYyNWNkMjcwZWMzMWMzYzMyOTA4Mjk2ZDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9PfCSihHyDmzNEXXNoAraeqhMDG
iRKCpSNzcyhRWgdHnW2WePKRrTf1nDjnvfsRLLmihxHTdRSetzhCXU1hfi6jcaw0
ZVa1E8eEcFE6YHBeLuJQDjy85mgjmGq1N5ypn3SwG0m+Ez7GJF7kXunZC2zLjzj8
FglDEqRX4Wwee1CLpexSmpO4bdRmhokbZthVOS5dyyd8JrVLLDrqzAcQFVjZZ+wN
IVb5JCyr2p8kzREhQT35paDumDwLmNwVT5Y4J/3PwgahxTj96r99lqhA57RKB41e
NIJ9o6gLmGoxb1kYC8JJJL+WLpmXn+Bjsd+DzZJuUl8t3MlD6XvL1IfMiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGjnZZhQDR/yXNJw7DHDwykIKW2LMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvYU9kbG1GQU5IX0pjMG5Ec01jUERLUWdwYllzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWX1sAwQC
WX3MMA0GCSqGSIb3DQEBCwUAA4IBAQBMp9FHoNyAtesYR6PdWanflmQZ/ySiOydi
NJmLq6qK/jjm/jtnmFGXi/B1vbvL+3CQnrW0S6kC6PCeeTPvrXWF9utODWDpm5M0
CAMcaFBoDvVZZadYOS9pPsBwTXitvC4Oor9e667o0G+wKzm+QalSvU3OEwicRY+M
a3R0GdQDZabaQMJUxa2he0YCcYIAX8bX8pf60FqTOWWlxQoiXxJwLR2WUePvLJTU
yQUEY1NSij28gAI91QF0PlW8MQ+O+PX3+AGDUhCZ+QTPwo8ON2slpnPf6PAOublu
jyVXUCho1uqME/2lq/BNX0q+njQGKk67ORahXO35FuTSxtq+8Et1
-----END CERTIFICATE-----