Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/4910b2-b709-408f-a9e4-ed1408e71c1f/1/tEe3a-zQmY1uh_qVtaABlyzAWds.roa
File:                     tEe3a-zQmY1uh_qVtaABlyzAWds.roa (raw, json)
Hash identifier:          HWUG6mrvt6f6sZlEJOtZpDSCgFXcJ6JwrGDgcXpGBfM=
Subject key identifier:   B4:47:B7:6B:EC:D0:99:8D:6E:87:FA:95:B5:A0:01:97:2C:C0:59:DB
Certificate issuer:       /CN=06f766f1de13aec7fb050193f8329a6609e0095d
Certificate serial:       019B7DC9D5C92D38B923A17AE9F2528157BF
Authority key identifier: 06:F7:66:F1:DE:13:AE:C7:FB:05:01:93:F8:32:9A:66:09:E0:09:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bvdm8d4Trsf7BQGT-DKaZgngCV0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/4910b2-b709-408f-a9e4-ed1408e71c1f/1/tEe3a-zQmY1uh_qVtaABlyzAWds.roa
Signing time:             Fri 02 Jan 2026 08:18:58 +0000
ROA not before:           Fri 02 Jan 2026 08:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202460
IP address blocks:        193.57.72.0/22 maxlen: 22
                          193.57.72.0/24 maxlen: 24
                          193.57.73.0/24 maxlen: 24
                          193.57.74.0/24 maxlen: 24
                          193.57.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/4910b2-b709-408f-a9e4-ed1408e71c1f/1/Bvdm8d4Trsf7BQGT-DKaZgngCV0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/4910b2-b709-408f-a9e4-ed1408e71c1f/1/Bvdm8d4Trsf7BQGT-DKaZgngCV0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Bvdm8d4Trsf7BQGT-DKaZgngCV0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:d5:c9:2d:38:b9:23:a1:7a:e9:f2:52:81:57:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06f766f1de13aec7fb050193f8329a6609e0095d
        Validity
            Not Before: Jan  2 08:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b447b76becd0998d6e87fa95b5a001972cc059db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:40:fd:04:5a:b5:39:a5:01:09:90:dd:88:04:
                    bd:3c:ff:c9:fa:f5:44:e1:8f:9f:ce:52:45:cc:d5:
                    95:5a:5c:fc:3e:37:45:87:7f:0b:43:22:83:6d:a6:
                    44:63:7e:74:57:f2:af:f5:52:36:13:bc:88:fa:8f:
                    e2:b2:39:79:57:3f:ec:e1:71:83:e0:1a:b9:48:3a:
                    cc:42:8c:2b:e5:92:45:2e:35:39:cf:02:55:2f:32:
                    68:a7:24:28:18:02:37:f5:c7:a3:cf:4f:f1:1c:d9:
                    ba:4c:ee:62:ac:ab:2d:a4:78:a4:e1:95:7e:fe:39:
                    cb:b7:89:b4:04:e5:b1:c6:98:05:df:c8:99:2f:1f:
                    f6:f2:a5:36:bd:92:0e:91:5c:b8:3d:2d:47:34:c6:
                    69:44:4b:a3:8f:92:8a:eb:cd:e8:e3:64:99:83:38:
                    61:8a:e4:20:03:7e:b7:ab:e3:b2:d6:13:b5:25:b6:
                    b0:e5:bf:6c:22:99:4b:09:4a:be:91:83:70:05:16:
                    8b:5f:56:11:6f:35:7e:30:10:23:6b:17:21:95:f7:
                    4d:c2:0d:91:e9:ea:be:c6:72:21:ef:b6:bd:2c:df:
                    18:43:37:60:32:8f:61:1a:c4:75:c8:d1:74:91:aa:
                    6d:98:73:c6:9c:50:4f:c3:9d:82:9b:fd:0d:04:b2:
                    92:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:47:B7:6B:EC:D0:99:8D:6E:87:FA:95:B5:A0:01:97:2C:C0:59:DB
            X509v3 Authority Key Identifier:
                keyid:06:F7:66:F1:DE:13:AE:C7:FB:05:01:93:F8:32:9A:66:09:E0:09:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bvdm8d4Trsf7BQGT-DKaZgngCV0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/4910b2-b709-408f-a9e4-ed1408e71c1f/1/tEe3a-zQmY1uh_qVtaABlyzAWds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/4910b2-b709-408f-a9e4-ed1408e71c1f/1/Bvdm8d4Trsf7BQGT-DKaZgngCV0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:4f:2c:fe:00:66:e7:72:84:a4:ca:82:cf:62:b9:4b:84:c4:
         06:14:a2:2a:a5:1f:94:63:52:80:7c:50:a0:07:44:14:8c:bf:
         3d:60:4d:22:6b:64:4f:51:1c:ce:da:29:ab:fb:d4:b9:12:54:
         d8:69:94:85:fc:2b:7d:d7:60:76:92:64:f6:c0:b1:61:ac:14:
         4c:f2:2c:b8:d3:34:80:fc:66:2c:fe:a8:6c:1c:04:cc:1e:1a:
         a9:ad:e8:b5:9f:d8:2c:5e:07:10:8d:e5:4b:da:27:d0:ca:bc:
         4d:d3:62:34:8a:bc:00:28:e7:35:e2:49:a1:d0:30:c4:d6:31:
         b4:69:a1:7d:7e:d3:e9:ae:6e:e7:2c:ad:4e:d0:03:f3:d3:30:
         37:0b:d9:68:2c:dc:19:d3:13:2d:4d:31:8c:b0:e4:97:c4:f3:
         99:d1:c1:84:0c:cd:62:6b:63:9b:c6:b8:67:e4:bf:ba:35:b1:
         f7:75:2e:45:92:a1:71:dd:ab:f0:c4:6a:27:12:9f:b8:25:f4:
         38:af:7e:d8:27:4d:88:a7:a4:d3:6d:a4:66:06:1b:5e:61:66:
         c4:5f:87:8b:1a:44:18:45:bb:2a:21:95:b9:87:f3:14:6c:9e:
         ff:aa:fc:fa:b3:2d:75:fe:91:c8:fc:1c:42:02:77:3e:86:0b:
         88:c7:47:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ydXJLTi5I6F66fJSgVe/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2Zjc2NmYxZGUxM2FlYzdmYjA1MDE5M2Y4MzI5YTY2MDll
MDA5NWQwHhcNMjYwMTAyMDgxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDQ3Yjc2YmVjZDA5OThkNmU4N2ZhOTViNWEwMDE5NzJjYzA1OWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUD9BFq1OaUBCZDdiAS9PP/J+vVE
4Y+fzlJFzNWVWlz8PjdFh38LQyKDbaZEY350V/Kv9VI2E7yI+o/isjl5Vz/s4XGD
4Bq5SDrMQowr5ZJFLjU5zwJVLzJopyQoGAI39cejz0/xHNm6TO5irKstpHik4ZV+
/jnLt4m0BOWxxpgF38iZLx/28qU2vZIOkVy4PS1HNMZpREujj5KK683o42SZgzhh
iuQgA363q+Oy1hO1Jbaw5b9sIplLCUq+kYNwBRaLX1YRbzV+MBAjaxchlfdNwg2R
6eq+xnIh77a9LN8YQzdgMo9hGsR1yNF0kaptmHPGnFBPw52Cm/0NBLKSJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRHt2vs0JmNbof6lbWgAZcswFnbMB8GA1UdIwQY
MBaAFAb3ZvHeE67H+wUBk/gymmYJ4AldMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnZkbThkNFRyc2Y3QlFHVC1ES2FaZ25nQ1YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC80OTEwYjItYjcwOS00MDhmLWE5ZTQt
ZWQxNDA4ZTcxYzFmLzEvdEVlM2EtelFtWTF1aF9xVnRhQUJseXpBV2RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC80OTEwYjItYjcwOS00MDhmLWE5ZTQtZWQxNDA4ZTcxYzFm
LzEvQnZkbThkNFRyc2Y3QlFHVC1ES2FaZ25nQ1YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwTlIMA0G
CSqGSIb3DQEBCwUAA4IBAQAWTyz+AGbncoSkyoLPYrlLhMQGFKIqpR+UY1KAfFCg
B0QUjL89YE0ia2RPURzO2imr+9S5ElTYaZSF/Ct912B2kmT2wLFhrBRM8iy40zSA
/GYs/qhsHATMHhqprei1n9gsXgcQjeVL2ifQyrxN02I0irwAKOc14kmh0DDE1jG0
aaF9ftPprm7nLK1O0APz0zA3C9loLNwZ0xMtTTGMsOSXxPOZ0cGEDM1ia2Obxrhn
5L+6NbH3dS5FkqFx3avwxGonEp+4JfQ4r37YJ02Ip6TTbaRmBhteYWbEX4eLGkQY
RbsqIZW5h/MUbJ7/qvz6sy11/pHI/BxCAnc+hguIx0cO
-----END CERTIFICATE-----