Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/TJBNmpOs8INt5hscYvO24ZrUkg4.roa
File:                     TJBNmpOs8INt5hscYvO24ZrUkg4.roa (raw, json)
Hash identifier:          ccL8Nmo2+hfQcGN76XZ7Htt8PEnEJD9VPV3ept5h6/g=
Subject key identifier:   4C:90:4D:9A:93:AC:F0:83:6D:E6:1B:1C:62:F3:B6:E1:9A:D4:92:0E
Certificate issuer:       /CN=3bd9436d2135c084897b74c6ad36da1700a7a98d
Certificate serial:       019B797EAD30442EED78EE3ADD8E93DBFED0
Authority key identifier: 3B:D9:43:6D:21:35:C0:84:89:7B:74:C6:AD:36:DA:17:00:A7:A9:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O9lDbSE1wISJe3TGrTbaFwCnqY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/TJBNmpOs8INt5hscYvO24ZrUkg4.roa
Signing time:             Thu 01 Jan 2026 12:18:23 +0000
ROA not before:           Thu 01 Jan 2026 12:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42202
IP address blocks:        185.206.188.0/22 maxlen: 22
                          2a0b:1740::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/O9lDbSE1wISJe3TGrTbaFwCnqY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/O9lDbSE1wISJe3TGrTbaFwCnqY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O9lDbSE1wISJe3TGrTbaFwCnqY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 12:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:ad:30:44:2e:ed:78:ee:3a:dd:8e:93:db:fe:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bd9436d2135c084897b74c6ad36da1700a7a98d
        Validity
            Not Before: Jan  1 12:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c904d9a93acf0836de61b1c62f3b6e19ad4920e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:81:5a:9b:0a:49:29:09:3c:ea:54:0c:ae:23:
                    ff:f3:eb:06:1a:5b:e7:28:d4:8e:88:00:1d:6a:4b:
                    7c:6f:94:98:4e:b6:c0:83:73:39:10:e3:2a:af:8c:
                    39:d6:e1:d6:6c:ee:c8:a5:16:93:82:a2:c4:8c:f3:
                    9d:df:a8:ba:80:85:58:cc:1f:6e:14:2b:60:cf:ac:
                    73:ac:48:28:60:a0:ab:f4:1d:d4:5e:2f:64:6c:20:
                    db:f7:4e:dc:3b:68:49:fa:63:51:81:fb:e4:5d:aa:
                    ca:56:ec:cf:f2:19:a1:37:a1:4d:b5:68:73:3c:48:
                    22:01:e2:f8:f9:0d:e9:83:18:94:68:33:42:8e:3e:
                    d0:7d:01:10:43:3f:aa:02:e2:aa:6e:77:0b:32:e7:
                    47:ee:a9:58:d3:3a:d1:27:d8:b6:b2:b6:66:70:df:
                    a8:c0:bd:6b:48:aa:97:f0:27:2b:ed:2b:85:ac:f2:
                    bf:fa:24:1a:6e:6e:4c:fe:d6:f7:dd:d7:55:80:c2:
                    d6:4c:44:39:45:3f:50:25:c0:17:94:14:20:19:3d:
                    66:68:4f:49:9a:fe:82:6c:cb:b3:fc:b3:f7:73:4a:
                    b5:d2:75:f7:ac:b2:96:35:26:9b:94:f9:15:a6:1c:
                    3e:1c:62:6e:df:24:2c:db:c4:30:e6:6d:44:bf:69:
                    ac:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:90:4D:9A:93:AC:F0:83:6D:E6:1B:1C:62:F3:B6:E1:9A:D4:92:0E
            X509v3 Authority Key Identifier:
                keyid:3B:D9:43:6D:21:35:C0:84:89:7B:74:C6:AD:36:DA:17:00:A7:A9:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O9lDbSE1wISJe3TGrTbaFwCnqY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/TJBNmpOs8INt5hscYvO24ZrUkg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/O9lDbSE1wISJe3TGrTbaFwCnqY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.188.0/22
                IPv6:
                  2a0b:1740::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:37:8a:f2:e7:6a:5b:51:da:d3:d3:b8:f2:59:2d:b5:e9:c7:
         5a:b0:94:4b:e4:c4:35:48:07:c7:49:ec:5e:93:07:67:98:5d:
         71:96:f7:59:bf:66:0c:7a:61:8e:18:87:ef:0a:82:06:af:0d:
         83:7f:41:23:bd:77:77:6e:41:66:f7:0d:9d:bf:d8:1c:bf:b2:
         1b:a7:9d:43:54:98:15:f2:0b:5b:ec:82:3e:89:35:bc:84:3d:
         32:cc:28:59:c9:48:8d:52:11:c6:ca:da:61:cd:2a:1b:87:14:
         7d:e1:4c:3a:6d:62:3f:d8:53:63:fc:38:cd:12:87:77:28:5d:
         07:5b:2f:32:30:13:74:54:b8:92:5e:36:7e:17:83:f9:cf:c3:
         1c:05:b3:b4:c9:68:02:7a:d4:f0:28:2e:5f:a5:a4:18:99:fc:
         ff:63:9c:5e:9a:a1:b3:b1:2a:53:39:be:90:42:94:a5:9b:78:
         7f:ce:45:73:d1:b4:bd:ab:d1:2c:25:55:c6:13:f5:3b:61:d8:
         de:f0:10:8c:b4:d2:0b:c0:5f:2d:9f:83:ca:b4:30:15:85:23:
         21:0a:4d:80:17:b1:ab:b1:73:b2:1d:18:3c:39:0b:d3:82:11:
         49:a5:ec:ef:c1:24:6f:7a:da:65:85:ae:e5:94:e3:2a:37:50:
         db:2d:ea:b7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt5fq0wRC7teO463Y6T2/7QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZDk0MzZkMjEzNWMwODQ4OTdiNzRjNmFkMzZkYTE3MDBh
N2E5OGQwHhcNMjYwMTAxMTIxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzkwNGQ5YTkzYWNmMDgzNmRlNjFiMWM2MmYzYjZlMTlhZDQ5MjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIFamwpJKQk86lQMriP/8+sGGlvn
KNSOiAAdakt8b5SYTrbAg3M5EOMqr4w51uHWbO7IpRaTgqLEjPOd36i6gIVYzB9u
FCtgz6xzrEgoYKCr9B3UXi9kbCDb907cO2hJ+mNRgfvkXarKVuzP8hmhN6FNtWhz
PEgiAeL4+Q3pgxiUaDNCjj7QfQEQQz+qAuKqbncLMudH7qlY0zrRJ9i2srZmcN+o
wL1rSKqX8Ccr7SuFrPK/+iQabm5M/tb33ddVgMLWTEQ5RT9QJcAXlBQgGT1maE9J
mv6CbMuz/LP3c0q10nX3rLKWNSablPkVphw+HGJu3yQs28Qw5m1Ev2msfwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEyQTZqTrPCDbeYbHGLztuGa1JIOMB8GA1UdIwQY
MBaAFDvZQ20hNcCEiXt0xq022hcAp6mNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzlsRGJTRTF3SVNKZTNUR3JUYmFGd0NucVkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9jNTNjM2UtYWEyZC00MWFiLWEzMTIt
MjYzN2QxMzMzOGYxLzEvVEpCTm1wT3M4SU50NWhzY1l2TzI0WnJVa2c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9jNTNjM2UtYWEyZC00MWFiLWEzMTItMjYzN2QxMzMzOGYx
LzEvTzlsRGJTRTF3SVNKZTNUR3JUYmFGd0NucVkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuc68MA0E
AgACMAcDBQMqCxdAMA0GCSqGSIb3DQEBCwUAA4IBAQAVN4ry52pbUdrT07jyWS21
6cdasJRL5MQ1SAfHSexekwdnmF1xlvdZv2YMemGOGIfvCoIGrw2Df0EjvXd3bkFm
9w2dv9gcv7Ibp51DVJgV8gtb7II+iTW8hD0yzChZyUiNUhHGytphzSobhxR94Uw6
bWI/2FNj/DjNEod3KF0HWy8yMBN0VLiSXjZ+F4P5z8McBbO0yWgCetTwKC5fpaQY
mfz/Y5xemqGzsSpTOb6QQpSlm3h/zkVz0bS9q9EsJVXGE/U7Ydje8BCMtNILwF8t
n4PKtDAVhSMhCk2AF7GrsXOyHRg8OQvTghFJpezvwSRvetplha7llOMqN1DbLeq3
-----END CERTIFICATE-----