Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/tx4-oblk9OfOPYM5OOfAz0w5BEM.roa
File:                     tx4-oblk9OfOPYM5OOfAz0w5BEM.roa (raw, json)
Hash identifier:          3wUK6e41k+cf2xjL5VFZfuWN1Idr4Tn6IDiRvhzS1Kc=
Subject key identifier:   B7:1E:3E:A1:B9:64:F4:E7:CE:3D:83:39:38:E7:C0:CF:4C:39:04:43
Certificate issuer:       /CN=331706b915bab8dac2b5547fbc87adeb61e6aede
Certificate serial:       019C96E0E4A705038958E2323443F4C22D86
Authority key identifier: 33:17:06:B9:15:BA:B8:DA:C2:B5:54:7F:BC:87:AD:EB:61:E6:AE:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MxcGuRW6uNrCtVR_vIet62Hmrt4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/tx4-oblk9OfOPYM5OOfAz0w5BEM.roa
Signing time:             Wed 25 Feb 2026 22:17:26 +0000
ROA not before:           Wed 25 Feb 2026 22:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15830
IP address blocks:        89.110.128.0/18 maxlen: 32
                          185.7.71.0/24 maxlen: 32
                          2a05:c700::/32 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/MxcGuRW6uNrCtVR_vIet62Hmrt4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/MxcGuRW6uNrCtVR_vIet62Hmrt4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MxcGuRW6uNrCtVR_vIet62Hmrt4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:96:e0:e4:a7:05:03:89:58:e2:32:34:43:f4:c2:2d:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=331706b915bab8dac2b5547fbc87adeb61e6aede
        Validity
            Not Before: Feb 25 22:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b71e3ea1b964f4e7ce3d833938e7c0cf4c390443
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ec:21:6f:79:29:ef:8f:06:39:dd:7b:0b:e9:
                    7e:e5:ac:90:37:03:aa:2c:02:8e:19:17:5e:2e:8e:
                    b1:ab:b4:7a:8d:b5:3d:a8:d3:14:dc:ee:af:e0:ff:
                    cb:a1:5c:f4:5b:a9:ab:70:82:b7:0c:ec:28:8a:48:
                    d3:59:08:bf:f9:ca:76:a4:e3:26:bc:00:2c:49:ef:
                    1c:71:15:0b:e6:a2:04:65:c7:61:b8:31:44:c6:dc:
                    9a:8c:7b:03:c4:7b:82:57:1c:d9:ce:c1:91:28:1d:
                    4d:bd:45:49:41:2e:d8:fd:5e:2e:1f:46:43:4a:f5:
                    c1:9c:61:65:27:88:e4:7e:9b:1b:70:fa:07:dc:24:
                    9c:78:a1:0a:94:a3:e2:03:3b:a5:a4:7c:a4:96:9e:
                    1c:ad:fe:ce:b1:0f:df:57:64:99:3b:81:51:e1:ec:
                    33:59:d4:0d:79:4f:bb:61:d6:2c:79:2b:3e:98:16:
                    e9:b9:8e:f6:f7:61:e1:d7:59:f5:2d:fa:47:5e:ee:
                    b4:58:1f:b2:4f:61:37:fc:c7:27:9b:5c:d5:f8:9f:
                    e0:2d:db:5a:64:22:ec:44:c8:23:71:33:5b:0e:5b:
                    ab:ee:fa:d9:64:ef:34:53:eb:c9:88:33:af:e3:6a:
                    7d:1e:56:ce:c5:a7:7f:9d:bf:f5:ee:37:e9:5a:6a:
                    31:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:1E:3E:A1:B9:64:F4:E7:CE:3D:83:39:38:E7:C0:CF:4C:39:04:43
            X509v3 Authority Key Identifier:
                keyid:33:17:06:B9:15:BA:B8:DA:C2:B5:54:7F:BC:87:AD:EB:61:E6:AE:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MxcGuRW6uNrCtVR_vIet62Hmrt4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/tx4-oblk9OfOPYM5OOfAz0w5BEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/112ce7-7415-4c5d-a890-ec95148fd236/1/MxcGuRW6uNrCtVR_vIet62Hmrt4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.110.128.0/18
                  185.7.71.0/24
                IPv6:
                  2a05:c700::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:a7:5c:db:e2:3c:0c:11:71:6e:88:df:9b:b7:44:13:8f:45:
         19:42:68:bf:99:26:a7:6e:4b:48:73:00:70:92:c0:1b:58:fe:
         80:9c:d5:95:2f:95:06:cd:f9:69:62:6c:58:ef:9c:87:63:63:
         55:d7:9e:37:de:f9:ff:6e:4e:81:50:d5:b4:84:c0:df:52:64:
         44:d3:95:ca:a0:87:89:78:f4:55:00:90:5e:36:d5:4f:c0:2c:
         43:71:51:75:06:eb:7b:e3:09:a1:ee:ec:b5:c6:97:f8:6b:64:
         0a:12:5d:d2:02:09:c6:2c:f4:5c:bb:2b:e3:f5:5c:a8:b3:90:
         8c:5b:b3:b3:ec:b2:59:64:fa:d7:f7:9b:50:69:0e:a4:3e:fe:
         51:5c:0f:7f:a4:a1:70:36:b7:60:ab:f0:58:d6:d8:a0:4a:c2:
         2d:f0:c5:ef:de:37:41:bf:e1:cc:06:51:36:c5:42:ab:5a:5c:
         dd:96:37:3b:81:c1:26:03:6c:07:de:c5:90:2d:d8:b4:84:52:
         24:45:c1:78:a2:41:78:5a:15:e4:e5:52:25:4e:e2:af:3f:c5:
         38:53:5f:98:7b:11:c0:96:e8:93:89:9e:09:4c:dc:e9:26:e1:
         b2:3d:69:fb:60:fd:1d:d0:a7:59:23:98:4b:1c:ab:b0:d7:34:
         53:87:58:0f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZyW4OSnBQOJWOIyNEP0wi2GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMTcwNmI5MTViYWI4ZGFjMmI1NTQ3ZmJjODdhZGViNjFl
NmFlZGUwHhcNMjYwMjI1MjIxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzFlM2VhMWI5NjRmNGU3Y2UzZDgzMzkzOGU3YzBjZjRjMzkwNDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+whb3kp748GOd17C+l+5ayQNwOq
LAKOGRdeLo6xq7R6jbU9qNMU3O6v4P/LoVz0W6mrcIK3DOwoikjTWQi/+cp2pOMm
vAAsSe8ccRUL5qIEZcdhuDFExtyajHsDxHuCVxzZzsGRKB1NvUVJQS7Y/V4uH0ZD
SvXBnGFlJ4jkfpsbcPoH3CSceKEKlKPiAzulpHyklp4crf7OsQ/fV2SZO4FR4ewz
WdQNeU+7YdYseSs+mBbpuY7292Hh11n1LfpHXu60WB+yT2E3/Mcnm1zV+J/gLdta
ZCLsRMgjcTNbDlur7vrZZO80U+vJiDOv42p9HlbOxad/nb/17jfpWmoxBwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLcePqG5ZPTnzj2DOTjnwM9MOQRDMB8GA1UdIwQY
MBaAFDMXBrkVurjawrVUf7yHreth5q7eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXhjR3VSVzZ1TnJDdFZSX3ZJZXQ2MkhtcnQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8xMTJjZTctNzQxNS00YzVkLWE4OTAt
ZWM5NTE0OGZkMjM2LzEvdHg0LW9ibGs5T2ZPUFlNNU9PZkF6MHc1QkVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8xMTJjZTctNzQxNS00YzVkLWE4OTAtZWM5NTE0OGZkMjM2
LzEvTXhjR3VSVzZ1TnJDdFZSX3ZJZXQ2MkhtcnQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQGWW6AAwQA
uQdHMA0EAgACMAcDBQAqBccAMA0GCSqGSIb3DQEBCwUAA4IBAQCdp1zb4jwMEXFu
iN+bt0QTj0UZQmi/mSanbktIcwBwksAbWP6AnNWVL5UGzflpYmxY75yHY2NV1543
3vn/bk6BUNW0hMDfUmRE05XKoIeJePRVAJBeNtVPwCxDcVF1But74wmh7uy1xpf4
a2QKEl3SAgnGLPRcuyvj9Vyos5CMW7Oz7LJZZPrX95tQaQ6kPv5RXA9/pKFwNrdg
q/BY1tigSsIt8MXv3jdBv+HMBlE2xUKrWlzdljc7gcEmA2wH3sWQLdi0hFIkRcF4
okF4WhXk5VIlTuKvP8U4U1+YexHAluiTiZ4JTNzpJuGyPWn7YP0d0KdZI5hLHKuw
1zRTh1gP
-----END CERTIFICATE-----