Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/q0PECJ7tHrVZX8-0ZU5AnJMBB9I.roa
File:                     q0PECJ7tHrVZX8-0ZU5AnJMBB9I.roa (raw, json)
Hash identifier:          Ca4pZpDZp3R/ovl5kIWMsagMbDBjHboeTUnqMjCS9P8=
Subject key identifier:   AB:43:C4:08:9E:ED:1E:B5:59:5F:CF:B4:65:4E:40:9C:93:01:07:D2
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019D67DF63A7753C64746D7028789685DAA3
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/q0PECJ7tHrVZX8-0ZU5AnJMBB9I.roa
Signing time:             Tue 07 Apr 2026 12:16:26 +0000
ROA not before:           Tue 07 Apr 2026 12:16:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49392
IP address blocks:        89.125.103.0/24 maxlen: 24
                          89.125.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 19:46:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:67:df:63:a7:75:3c:64:74:6d:70:28:78:96:85:da:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr  7 12:16:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab43c4089eed1eb5595fcfb4654e409c930107d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:20:c1:0e:7f:f1:bf:d2:85:be:c2:ac:e2:96:
                    03:c8:ee:ba:bc:92:32:4a:5b:16:f0:7f:64:38:3f:
                    72:59:e9:85:e7:fb:cd:69:86:88:09:67:49:09:a1:
                    0d:06:75:66:a9:c2:98:db:37:64:50:26:f3:93:1a:
                    f4:d6:9f:d3:1a:39:c5:68:3b:e8:e2:8d:4e:d3:09:
                    49:90:49:34:07:3a:c3:88:3d:69:94:24:72:87:96:
                    3f:ba:ca:16:b1:d8:83:86:0c:de:04:21:5b:5e:fa:
                    35:0e:c9:62:5c:a3:de:22:5b:e1:81:4f:e7:e3:17:
                    f6:b0:20:45:25:58:53:bd:0f:b3:fb:e6:0a:09:87:
                    8e:50:89:b5:b4:41:5c:b2:20:11:c6:8f:27:63:46:
                    54:ba:2c:2e:2b:a1:f3:c0:76:43:bd:ab:f7:6e:5d:
                    5b:dc:ee:d2:8f:ef:ec:5c:44:60:f1:0b:4e:af:9d:
                    b4:d1:33:6a:41:5d:07:98:d8:65:31:6f:39:3c:32:
                    49:70:c1:1f:c9:60:24:6e:37:d8:a5:24:d2:cb:08:
                    65:22:88:cd:4b:e7:6a:c6:c9:f2:a4:e6:95:b4:5d:
                    40:32:15:58:fe:e0:74:c6:81:d8:9a:f4:44:2f:84:
                    37:5a:d2:62:e4:4c:7c:e1:77:f2:bb:dd:53:9a:99:
                    eb:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:43:C4:08:9E:ED:1E:B5:59:5F:CF:B4:65:4E:40:9C:93:01:07:D2
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/q0PECJ7tHrVZX8-0ZU5AnJMBB9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.103.0/24
                  89.125.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:60:8e:ff:97:d4:95:a3:ae:27:59:96:23:78:19:6e:c4:5f:
         1d:4f:6d:a3:2d:07:9c:e0:95:9f:4b:bd:07:08:df:9c:e4:81:
         24:95:4d:8f:0f:ee:d4:77:41:60:56:54:05:1a:57:17:dc:24:
         78:a9:ab:a8:c4:ac:a8:38:44:6f:ef:d5:76:23:82:a6:2f:b3:
         23:7d:da:0e:c0:03:09:87:bf:a3:7f:35:7a:e6:30:a8:5e:b6:
         7d:89:db:23:77:35:a5:cd:37:8d:0b:a4:5a:5f:35:f3:78:22:
         f4:9a:82:8e:51:0f:17:ba:52:49:78:4d:1b:9d:40:58:74:3e:
         42:8c:86:e3:94:d6:df:55:04:0e:84:14:9a:b3:7b:18:09:8d:
         40:a3:a9:af:e9:f3:3c:3f:2e:98:84:92:3b:00:41:cf:01:9d:
         cb:4e:00:f0:8b:92:ee:f3:46:bd:22:df:8f:65:f0:11:12:d9:
         ff:b8:87:10:39:4d:b6:e0:d9:73:47:0b:9e:04:b9:da:1a:5d:
         e1:d9:e7:7b:50:cc:11:93:30:1d:42:2a:c1:50:18:85:20:d8:
         a0:4a:69:e7:01:d1:54:50:c3:86:b7:58:4c:68:8e:db:c2:0a:
         35:d8:f1:52:3e:d7:54:d9:2f:36:79:03:47:06:a8:9e:af:bb:
         51:9b:51:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1n32OndTxkdG1wKHiWhdqjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDA3MTIxNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjQzYzQwODllZWQxZWI1NTk1ZmNmYjQ2NTRlNDA5YzkzMDEwN2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4CDBDn/xv9KFvsKs4pYDyO66vJIy
SlsW8H9kOD9yWemF5/vNaYaICWdJCaENBnVmqcKY2zdkUCbzkxr01p/TGjnFaDvo
4o1O0wlJkEk0BzrDiD1plCRyh5Y/usoWsdiDhgzeBCFbXvo1DsliXKPeIlvhgU/n
4xf2sCBFJVhTvQ+z++YKCYeOUIm1tEFcsiARxo8nY0ZUuiwuK6HzwHZDvav3bl1b
3O7Sj+/sXERg8QtOr5200TNqQV0HmNhlMW85PDJJcMEfyWAkbjfYpSTSywhlIojN
S+dqxsnypOaVtF1AMhVY/uB0xoHYmvREL4Q3WtJi5Ex84Xfyu91TmpnrYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKtDxAie7R61WV/PtGVOQJyTAQfSMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvcTBQRUNKN3RIclZaWDgtMFpVNUFuSk1CQjlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWX1nAwQA
WX2IMA0GCSqGSIb3DQEBCwUAA4IBAQB5YI7/l9SVo64nWZYjeBluxF8dT22jLQec
4JWfS70HCN+c5IEklU2PD+7Ud0FgVlQFGlcX3CR4qauoxKyoOERv79V2I4KmL7Mj
fdoOwAMJh7+jfzV65jCoXrZ9idsjdzWlzTeNC6RaXzXzeCL0moKOUQ8XulJJeE0b
nUBYdD5CjIbjlNbfVQQOhBSas3sYCY1Ao6mv6fM8Py6YhJI7AEHPAZ3LTgDwi5Lu
80a9It+PZfAREtn/uIcQOU224NlzRwueBLnaGl3h2ed7UMwRkzAdQirBUBiFINig
SmnnAdFUUMOGt1hMaI7bwgo12PFSPtdU2S82eQNHBqier7tRm1Fj
-----END CERTIFICATE-----