Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/e4e696-9d78-414c-af40-cf56c66a0ac0/1/1SMtyrFP6eFZxMb7PZMbKYGMJi8.roa
File:                     1SMtyrFP6eFZxMb7PZMbKYGMJi8.roa (raw, json)
Hash identifier:          XxgHh0JzLHhNi3/TyAFFwO5EFUtAwR/nBi3ICijq0Hg=
Subject key identifier:   D5:23:2D:CA:B1:4F:E9:E1:59:C4:C6:FB:3D:93:1B:29:81:8C:26:2F
Certificate issuer:       /CN=4c93213d88fa874eb4460e2c5cf1bb1a91da9078
Certificate serial:       019B7758DE2BF675A73EF339ED5CB6AA5FFE
Authority key identifier: 4C:93:21:3D:88:FA:87:4E:B4:46:0E:2C:5C:F1:BB:1A:91:DA:90:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TJMhPYj6h060Rg4sXPG7GpHakHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/e4e696-9d78-414c-af40-cf56c66a0ac0/1/1SMtyrFP6eFZxMb7PZMbKYGMJi8.roa
Signing time:             Thu 01 Jan 2026 02:17:51 +0000
ROA not before:           Thu 01 Jan 2026 02:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41073
IP address blocks:        89.207.56.0/21 maxlen: 24
                          185.54.104.0/22 maxlen: 24
                          2a00:1ed8::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/e4e696-9d78-414c-af40-cf56c66a0ac0/1/TJMhPYj6h060Rg4sXPG7GpHakHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/e4e696-9d78-414c-af40-cf56c66a0ac0/1/TJMhPYj6h060Rg4sXPG7GpHakHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TJMhPYj6h060Rg4sXPG7GpHakHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:de:2b:f6:75:a7:3e:f3:39:ed:5c:b6:aa:5f:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c93213d88fa874eb4460e2c5cf1bb1a91da9078
        Validity
            Not Before: Jan  1 02:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5232dcab14fe9e159c4c6fb3d931b29818c262f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:f0:32:19:58:81:6f:a5:b7:62:f0:4a:ef:a9:
                    79:39:f5:8b:98:a6:49:44:bd:a4:62:c3:7e:c0:cc:
                    c4:e0:fc:59:36:a8:09:a2:4a:23:2d:6e:95:0f:c5:
                    f3:99:4e:e5:9f:c3:0d:28:6b:1a:c4:06:6e:41:b6:
                    c6:9e:9d:9e:18:3d:a5:42:14:47:9d:bc:f9:fb:12:
                    56:38:6d:8f:14:da:ce:44:cc:53:78:57:42:68:1d:
                    57:f9:b9:de:7a:73:e2:03:a4:df:1a:e7:e0:8f:a0:
                    c5:fa:54:06:86:4e:5a:0f:ee:52:eb:df:d8:d9:1c:
                    3a:72:e2:23:8e:d2:62:54:d1:46:fe:35:67:2d:53:
                    d8:be:b2:e3:12:03:3e:6f:aa:fc:e8:23:02:e2:1e:
                    c3:bf:f2:cc:44:e8:02:69:1a:ed:45:80:68:11:55:
                    53:bc:39:a0:93:c2:96:f2:a3:7e:4a:a3:0d:f0:31:
                    55:12:8b:4f:98:bb:1f:0b:46:8a:0a:17:e3:d8:6b:
                    e2:9a:11:17:9b:94:79:6c:4b:2f:23:34:27:e0:19:
                    1c:78:2b:75:53:54:51:1a:31:41:d8:a9:f3:7b:b5:
                    51:8e:fe:a5:ec:0e:89:76:ea:3d:b2:c2:89:9b:1a:
                    fd:1a:64:53:5c:12:c3:32:05:df:aa:14:ff:b9:fb:
                    4c:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:23:2D:CA:B1:4F:E9:E1:59:C4:C6:FB:3D:93:1B:29:81:8C:26:2F
            X509v3 Authority Key Identifier:
                keyid:4C:93:21:3D:88:FA:87:4E:B4:46:0E:2C:5C:F1:BB:1A:91:DA:90:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TJMhPYj6h060Rg4sXPG7GpHakHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/e4e696-9d78-414c-af40-cf56c66a0ac0/1/1SMtyrFP6eFZxMb7PZMbKYGMJi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/e4e696-9d78-414c-af40-cf56c66a0ac0/1/TJMhPYj6h060Rg4sXPG7GpHakHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.207.56.0/21
                  185.54.104.0/22
                IPv6:
                  2a00:1ed8::/29

    Signature Algorithm: sha256WithRSAEncryption
         b3:ab:0f:0a:00:61:90:e6:c6:85:f3:16:ed:66:a1:dc:59:13:
         17:5f:41:85:90:f5:57:74:6b:29:b4:d7:17:19:2b:e4:8c:c0:
         fe:d9:bc:96:67:2a:11:cf:05:c6:d3:66:91:db:57:f1:71:50:
         dc:8c:c4:1b:6a:f9:94:13:11:5e:26:91:ab:db:a0:de:e6:4b:
         94:13:43:39:20:89:d2:8a:6f:27:98:8d:ab:36:c6:01:5e:3c:
         7b:1f:54:34:06:df:ca:bd:81:1e:2f:23:72:68:06:5d:2c:dc:
         c0:73:bf:a9:74:ee:fa:5f:c7:34:a7:9c:db:c5:76:9d:d5:e0:
         16:a0:e9:bc:49:01:2f:00:a2:7f:3a:33:a6:c3:32:20:0d:37:
         07:ef:c6:67:e3:05:34:02:b2:bb:a7:ba:59:90:8d:e7:f5:6a:
         fb:09:e9:01:12:86:11:28:34:3c:ce:8c:24:07:66:58:c1:c1:
         09:a9:32:04:c3:a8:1c:6d:ae:2d:42:3c:cc:cd:c9:30:6c:d4:
         06:a6:2c:09:3c:db:5d:32:ce:fb:be:af:95:2e:fa:cb:da:57:
         39:af:71:22:96:08:18:7e:39:a6:9e:79:ba:a4:ed:0b:6e:9c:
         ef:c8:c3:12:1b:71:c1:39:22:72:61:91:e5:f2:72:29:23:0f:
         e3:72:ef:bd
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt3WN4r9nWnPvM57Vy2ql/+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjOTMyMTNkODhmYTg3NGViNDQ2MGUyYzVjZjFiYjFhOTFk
YTkwNzgwHhcNMjYwMTAxMDIxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTIzMmRjYWIxNGZlOWUxNTljNGM2ZmIzZDkzMWIyOTgxOGMyNjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3/AyGViBb6W3YvBK76l5OfWLmKZJ
RL2kYsN+wMzE4PxZNqgJokojLW6VD8XzmU7ln8MNKGsaxAZuQbbGnp2eGD2lQhRH
nbz5+xJWOG2PFNrORMxTeFdCaB1X+bneenPiA6TfGufgj6DF+lQGhk5aD+5S69/Y
2Rw6cuIjjtJiVNFG/jVnLVPYvrLjEgM+b6r86CMC4h7Dv/LMROgCaRrtRYBoEVVT
vDmgk8KW8qN+SqMN8DFVEotPmLsfC0aKChfj2GvimhEXm5R5bEsvIzQn4BkceCt1
U1RRGjFB2Knze7VRjv6l7A6Jduo9ssKJmxr9GmRTXBLDMgXfqhT/uftMZQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNUjLcqxT+nhWcTG+z2TGymBjCYvMB8GA1UdIwQY
MBaAFEyTIT2I+odOtEYOLFzxuxqR2pB4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEpNaFBZajZoMDYwUmc0c1hQRzdHcEhha0hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9lNGU2OTYtOWQ3OC00MTRjLWFmNDAt
Y2Y1NmM2NmEwYWMwLzEvMVNNdHlyRlA2ZUZaeE1iN1BaTWJLWUdNSmk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9lNGU2OTYtOWQ3OC00MTRjLWFmNDAtY2Y1NmM2NmEwYWMw
LzEvVEpNaFBZajZoMDYwUmc0c1hQRzdHcEhha0hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDWc84AwQC
uTZoMA0EAgACMAcDBQMqAB7YMA0GCSqGSIb3DQEBCwUAA4IBAQCzqw8KAGGQ5saF
8xbtZqHcWRMXX0GFkPVXdGsptNcXGSvkjMD+2byWZyoRzwXG02aR21fxcVDcjMQb
avmUExFeJpGr26De5kuUE0M5IInSim8nmI2rNsYBXjx7H1Q0Bt/KvYEeLyNyaAZd
LNzAc7+pdO76X8c0p5zbxXad1eAWoOm8SQEvAKJ/OjOmwzIgDTcH78Zn4wU0ArK7
p7pZkI3n9Wr7CekBEoYRKDQ8zowkB2ZYwcEJqTIEw6gcba4tQjzMzckwbNQGpiwJ
PNtdMs77vq+VLvrL2lc5r3EilggYfjmmnnm6pO0LbpzvyMMSG3HBOSJyYZHl8nIp
Iw/jcu+9
-----END CERTIFICATE-----