Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/9e8b4b-0920-4fc7-8972-ea841e67c5d6/1/T7Q4ZInr7nmTwTSXGOP2lYQS6SE.roa
File:                     T7Q4ZInr7nmTwTSXGOP2lYQS6SE.roa (raw, json)
Hash identifier:          Y1/e/IgPvhokjR0rrttCkxlf/wWiyXtQnZX5Qj+ssXs=
Subject key identifier:   4F:B4:38:64:89:EB:EE:79:93:C1:34:97:18:E3:F6:95:84:12:E9:21
Certificate issuer:       /CN=f5132ad81a84a21121c50447b2089dce5e4b238a
Certificate serial:       019D8FDBCE66D16D31600B359B02B1EA35C9
Authority key identifier: F5:13:2A:D8:1A:84:A2:11:21:C5:04:47:B2:08:9D:CE:5E:4B:23:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9RMq2BqEohEhxQRHsgidzl5LI4o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/9e8b4b-0920-4fc7-8972-ea841e67c5d6/1/T7Q4ZInr7nmTwTSXGOP2lYQS6SE.roa
Signing time:             Wed 15 Apr 2026 06:37:20 +0000
ROA not before:           Wed 15 Apr 2026 06:37:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212447
IP address blocks:        195.72.120.0/23 maxlen: 24
                          2001:678:56c::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/9e8b4b-0920-4fc7-8972-ea841e67c5d6/1/9RMq2BqEohEhxQRHsgidzl5LI4o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/9e8b4b-0920-4fc7-8972-ea841e67c5d6/1/9RMq2BqEohEhxQRHsgidzl5LI4o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9RMq2BqEohEhxQRHsgidzl5LI4o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 09:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8f:db:ce:66:d1:6d:31:60:0b:35:9b:02:b1:ea:35:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5132ad81a84a21121c50447b2089dce5e4b238a
        Validity
            Not Before: Apr 15 06:37:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4fb4386489ebee7993c1349718e3f6958412e921
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0d:eb:0c:2a:89:8e:7c:2e:89:8d:42:cd:75:
                    44:07:1e:64:23:30:a2:69:81:61:cf:72:ee:03:f2:
                    c7:b6:41:67:14:32:1e:62:8b:2d:ac:cf:da:9f:f6:
                    6b:15:1c:85:2e:0c:75:62:69:06:8d:7e:65:e2:43:
                    45:08:ab:86:ba:e8:1c:b4:0f:f0:2d:3e:1c:6e:16:
                    9f:e1:5d:7e:c9:a8:7e:c5:77:f8:89:b4:00:e8:f5:
                    69:ad:77:91:71:24:44:d8:31:1b:3d:a5:ab:62:67:
                    92:5d:06:ff:89:71:59:5c:52:37:5e:05:23:03:6f:
                    7f:16:ec:e3:30:28:33:3d:01:aa:5e:34:0d:53:29:
                    0a:dd:6f:b7:83:fb:b2:ce:bf:36:a3:f4:65:f2:b7:
                    2f:7d:96:f1:6b:a5:2d:2a:5d:66:98:25:40:88:e1:
                    0c:74:05:e0:0b:d2:74:76:e9:f9:bf:8b:83:70:86:
                    fb:4a:26:1f:20:06:ec:54:72:33:29:a8:55:1a:3b:
                    9b:6e:8b:07:fc:dc:c7:1c:b9:3e:a2:9f:20:d8:a6:
                    5c:5c:89:e1:5b:7b:53:eb:37:99:0f:d2:c3:95:ce:
                    ba:9e:8e:3f:7e:73:79:06:0b:da:ce:59:e2:be:7f:
                    5e:bc:18:21:bd:3a:86:bb:73:c9:79:ec:0a:1c:b1:
                    b6:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:B4:38:64:89:EB:EE:79:93:C1:34:97:18:E3:F6:95:84:12:E9:21
            X509v3 Authority Key Identifier:
                keyid:F5:13:2A:D8:1A:84:A2:11:21:C5:04:47:B2:08:9D:CE:5E:4B:23:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9RMq2BqEohEhxQRHsgidzl5LI4o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9e8b4b-0920-4fc7-8972-ea841e67c5d6/1/T7Q4ZInr7nmTwTSXGOP2lYQS6SE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9e8b4b-0920-4fc7-8972-ea841e67c5d6/1/9RMq2BqEohEhxQRHsgidzl5LI4o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.72.120.0/23
                IPv6:
                  2001:678:56c::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:18:1e:a8:44:8b:c4:bc:7f:c6:29:fb:2f:f6:1e:8d:cb:c3:
         6e:96:6f:be:4a:66:f7:22:58:ac:40:78:6a:8c:45:5a:4f:13:
         34:9c:f4:76:6d:96:4b:cf:0c:50:73:4e:6a:76:44:57:81:5a:
         11:79:57:e4:f0:e5:18:94:90:e4:e7:fb:0c:b7:7c:89:22:6f:
         41:83:dc:5e:27:2c:db:97:d3:58:82:a0:1e:02:8b:9c:a9:63:
         43:af:84:96:54:08:83:23:5f:a5:93:54:0f:25:0a:57:24:76:
         74:2d:0f:9c:5b:81:c5:32:f5:ff:5c:ce:14:6c:f7:49:9e:08:
         15:91:83:1b:42:c9:1a:24:e4:3c:4c:e4:d4:67:dc:57:a3:25:
         92:43:65:29:52:11:a6:83:8d:16:2a:64:f0:ab:4c:9c:2e:8c:
         66:9c:4a:d4:9e:f9:02:e5:65:f9:f1:4c:41:04:b4:cd:3e:85:
         94:ad:f5:cd:6e:d9:01:19:45:c9:c7:5f:50:02:48:71:ee:ef:
         49:5c:2e:8d:6c:4b:78:1a:39:3e:71:44:7f:42:6c:fd:76:74:
         29:15:3f:28:f0:6c:1a:d1:c0:e9:8f:42:6c:e6:4d:86:35:91:
         12:cf:d8:bb:a0:97:ff:1a:28:55:09:c4:3f:32:e4:d1:7f:9c:
         8d:16:4d:aa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ2P285m0W0xYAs1mwKx6jXJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MTMyYWQ4MWE4NGEyMTEyMWM1MDQ0N2IyMDg5ZGNlNWU0
YjIzOGEwHhcNMjYwNDE1MDYzNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmI0Mzg2NDg5ZWJlZTc5OTNjMTM0OTcxOGUzZjY5NTg0MTJlOTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqA3rDCqJjnwuiY1CzXVEBx5kIzCi
aYFhz3LuA/LHtkFnFDIeYostrM/an/ZrFRyFLgx1YmkGjX5l4kNFCKuGuugctA/w
LT4cbhaf4V1+yah+xXf4ibQA6PVprXeRcSRE2DEbPaWrYmeSXQb/iXFZXFI3XgUj
A29/FuzjMCgzPQGqXjQNUykK3W+3g/uyzr82o/Rl8rcvfZbxa6UtKl1mmCVAiOEM
dAXgC9J0dun5v4uDcIb7SiYfIAbsVHIzKahVGjubbosH/NzHHLk+op8g2KZcXInh
W3tT6zeZD9LDlc66no4/fnN5Bgvazlnivn9evBghvTqGu3PJeewKHLG2vQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE+0OGSJ6+55k8E0lxjj9pWEEukhMB8GA1UdIwQY
MBaAFPUTKtgahKIRIcUER7IInc5eSyOKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVJNcTJCcUVvaEVoeFFSSHNnaWR6bDVMSTRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS85ZThiNGItMDkyMC00ZmM3LTg5NzIt
ZWE4NDFlNjdjNWQ2LzEvVDdRNFpJbnI3bm1Ud1RTWEdPUDJsWVFTNlNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS85ZThiNGItMDkyMC00ZmM3LTg5NzItZWE4NDFlNjdjNWQ2
LzEvOVJNcTJCcUVvaEVoeFFSSHNnaWR6bDVMSTRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw0h4MA8E
AgACMAkDBwAgAQZ4BWwwDQYJKoZIhvcNAQELBQADggEBAIAYHqhEi8S8f8Yp+y/2
Ho3Lw26Wb75KZvciWKxAeGqMRVpPEzSc9HZtlkvPDFBzTmp2RFeBWhF5V+Tw5RiU
kOTn+wy3fIkib0GD3F4nLNuX01iCoB4Ci5ypY0OvhJZUCIMjX6WTVA8lClckdnQt
D5xbgcUy9f9czhRs90meCBWRgxtCyRok5DxM5NRn3FejJZJDZSlSEaaDjRYqZPCr
TJwujGacStSe+QLlZfnxTEEEtM0+hZSt9c1u2QEZRcnHX1ACSHHu70lcLo1sS3ga
OT5xRH9CbP12dCkVPyjwbBrRwOmPQmzmTYY1kRLP2Lugl/8aKFUJxD8y5NF/nI0W
Tao=
-----END CERTIFICATE-----