Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/hrdUdnNUOnqkrM5cYq8SvPVtGHQ.roa
File:                     hrdUdnNUOnqkrM5cYq8SvPVtGHQ.roa (raw, json)
Hash identifier:          LfQ91hbam3sxNeSlItmEIpBBTQo+1kmkc7M1nCYdJvY=
Subject key identifier:   86:B7:54:76:73:54:3A:7A:A4:AC:CE:5C:62:AF:12:BC:F5:6D:18:74
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019D70C438291332634198DEAF9C413D8120
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/hrdUdnNUOnqkrM5cYq8SvPVtGHQ.roa
Signing time:             Thu 09 Apr 2026 05:43:20 +0000
ROA not before:           Thu 09 Apr 2026 05:43:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13347
IP address blocks:        89.125.40.0/21 maxlen: 21
                          167.17.42.0/23 maxlen: 23
                          167.17.44.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 19:46:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:70:c4:38:29:13:32:63:41:98:de:af:9c:41:3d:81:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr  9 05:43:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86b7547673543a7aa4acce5c62af12bcf56d1874
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:1f:bf:f3:a7:92:02:1a:48:af:31:37:b7:a7:
                    20:4c:f3:5f:2b:3d:4b:37:75:eb:69:4f:b7:76:57:
                    bd:54:95:1b:84:fd:c7:f7:e9:4e:fe:2d:f2:6e:b2:
                    db:ab:33:b1:e8:1f:0d:ef:50:8e:e5:d4:54:2e:24:
                    34:dc:f4:6d:02:b0:21:cd:62:60:a6:90:a8:3a:91:
                    d6:f3:15:bf:19:c4:57:45:ad:2d:29:ec:7f:02:ff:
                    01:6c:c2:5f:4b:2f:9f:f7:8a:a1:6d:c5:70:2a:56:
                    aa:66:93:f0:5b:04:fa:51:f1:8f:4a:42:36:4e:62:
                    3c:f7:84:59:77:7f:0d:b3:6e:ae:ea:1b:3d:98:6e:
                    c3:26:43:b9:f8:4e:1e:ce:11:e2:3c:e5:44:af:c0:
                    60:50:a9:42:ab:54:bc:d8:3c:f2:e7:bc:2f:03:20:
                    6d:33:26:f7:c4:cf:fc:71:d8:7f:85:72:87:20:4d:
                    6a:1e:9f:62:e4:0a:24:04:af:8c:3f:30:79:39:d8:
                    ac:6e:4b:83:a8:db:5b:2e:f1:66:f9:0b:33:3e:de:
                    97:93:77:12:bb:a8:38:ed:ba:62:c6:a4:8b:ae:84:
                    1e:5f:7d:55:9d:19:a7:df:8d:2d:4b:0f:7e:bf:58:
                    1a:7a:49:a9:7e:5d:49:c8:e8:39:9e:43:f2:6f:14:
                    52:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:B7:54:76:73:54:3A:7A:A4:AC:CE:5C:62:AF:12:BC:F5:6D:18:74
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/hrdUdnNUOnqkrM5cYq8SvPVtGHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.40.0/21
                  167.17.42.0-167.17.45.255

    Signature Algorithm: sha256WithRSAEncryption
         8d:ed:52:4f:e1:c7:48:a2:fc:46:0c:7f:17:fc:61:8d:60:ab:
         ac:6d:e5:17:f4:99:74:d6:6a:19:e1:1c:02:49:f5:fb:21:a7:
         9b:f1:c6:ae:b4:df:a2:a0:51:5f:09:cd:68:82:41:be:42:22:
         48:b4:34:ce:5c:b2:a1:de:a7:33:7f:5b:1f:ec:9f:57:4c:a1:
         cc:60:b4:06:36:91:3b:4f:34:9d:8d:73:38:c2:62:34:01:60:
         d7:50:32:a0:86:e9:db:bd:63:89:96:f4:8e:a8:56:b5:f2:52:
         ce:85:a8:8f:8d:ef:36:b6:c2:ea:47:5b:2f:63:6c:3e:8e:8a:
         53:96:d0:75:49:34:95:a5:05:1b:c9:79:41:1e:13:5e:3a:4a:
         fb:be:5c:90:3e:12:3f:99:5c:81:5c:59:01:d5:4d:21:5e:45:
         f1:8e:3f:14:7a:c8:5a:16:62:83:ce:8a:f4:9a:4f:58:cd:2c:
         e9:6a:42:2e:1c:33:b3:dd:aa:e8:76:6d:40:9c:59:43:23:c8:
         c6:d4:c8:0a:8e:d1:fe:f4:80:90:04:cc:f6:48:1f:dd:02:d7:
         8c:0b:3b:1f:20:0c:f7:3f:7e:48:1a:ba:eb:87:77:70:f1:8c:
         9c:65:a0:d6:6c:a4:e4:fa:f3:da:00:6a:48:c6:78:62:b5:70:
         fa:b9:c6:13
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ1wxDgpEzJjQZjer5xBPYEgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDA5MDU0MzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmI3NTQ3NjczNTQzYTdhYTRhY2NlNWM2MmFmMTJiY2Y1NmQxODc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsB+/86eSAhpIrzE3t6cgTPNfKz1L
N3XraU+3dle9VJUbhP3H9+lO/i3ybrLbqzOx6B8N71CO5dRULiQ03PRtArAhzWJg
ppCoOpHW8xW/GcRXRa0tKex/Av8BbMJfSy+f94qhbcVwKlaqZpPwWwT6UfGPSkI2
TmI894RZd38Ns26u6hs9mG7DJkO5+E4ezhHiPOVEr8BgUKlCq1S82Dzy57wvAyBt
Myb3xM/8cdh/hXKHIE1qHp9i5AokBK+MPzB5OdisbkuDqNtbLvFm+QszPt6Xk3cS
u6g47bpixqSLroQeX31VnRmn340tSw9+v1gaekmpfl1JyOg5nkPybxRSzwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFIa3VHZzVDp6pKzOXGKvErz1bRh0MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvaHJkVWRuTlVPbnFrck01Y1lxOFN2UFZ0R0hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQDWX0oMAwD
BAGnESoDBAGnESwwDQYJKoZIhvcNAQELBQADggEBAI3tUk/hx0ii/EYMfxf8YY1g
q6xt5Rf0mXTWahnhHAJJ9fshp5vxxq6036KgUV8JzWiCQb5CIki0NM5csqHepzN/
Wx/sn1dMocxgtAY2kTtPNJ2NczjCYjQBYNdQMqCG6du9Y4mW9I6oVrXyUs6FqI+N
7za2wupHWy9jbD6OilOW0HVJNJWlBRvJeUEeE146Svu+XJA+Ej+ZXIFcWQHVTSFe
RfGOPxR6yFoWYoPOivSaT1jNLOlqQi4cM7Pdquh2bUCcWUMjyMbUyAqO0f70gJAE
zPZIH90C14wLOx8gDPc/fkgauuuHd3DxjJxloNZspOT689oAakjGeGK1cPq5xhM=
-----END CERTIFICATE-----