Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/336198-3e7b-4615-bcea-4a545b116880/1/kTdybG-Kfglf-A6Co4UkfB2W_s4.roa
File:                     kTdybG-Kfglf-A6Co4UkfB2W_s4.roa (raw, json)
Hash identifier:          CUsIkIUnZkWXcbfe+QGR3qcpsv5V6ygh7qnKWL+glCA=
Subject key identifier:   91:37:72:6C:6F:8A:7E:09:5F:F8:0E:82:A3:85:24:7C:1D:96:FE:CE
Certificate issuer:       /CN=b68b42922d387c578fa57692487f2a19068589ba
Certificate serial:       019B79ED168C8C23D3DA1E45E14FC7F190C8
Authority key identifier: B6:8B:42:92:2D:38:7C:57:8F:A5:76:92:48:7F:2A:19:06:85:89:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/totCki04fFePpXaSSH8qGQaFibo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/336198-3e7b-4615-bcea-4a545b116880/1/kTdybG-Kfglf-A6Co4UkfB2W_s4.roa
Signing time:             Thu 01 Jan 2026 14:18:59 +0000
ROA not before:           Thu 01 Jan 2026 14:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209582
IP address blocks:        188.190.108.0/22 maxlen: 22
                          2a0d:d1c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/336198-3e7b-4615-bcea-4a545b116880/1/totCki04fFePpXaSSH8qGQaFibo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/336198-3e7b-4615-bcea-4a545b116880/1/totCki04fFePpXaSSH8qGQaFibo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/totCki04fFePpXaSSH8qGQaFibo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:16:8c:8c:23:d3:da:1e:45:e1:4f:c7:f1:90:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b68b42922d387c578fa57692487f2a19068589ba
        Validity
            Not Before: Jan  1 14:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9137726c6f8a7e095ff80e82a385247c1d96fece
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:3e:18:8a:be:42:4a:d1:80:57:09:e6:4b:58:
                    ac:8e:9d:df:35:3d:fb:bd:34:3e:04:6a:1f:63:70:
                    e9:8c:7d:65:b9:18:7d:03:00:90:26:98:32:7b:9a:
                    3c:5e:fe:af:0b:aa:60:ea:8f:aa:34:24:3c:a4:77:
                    ee:a6:8b:df:fe:fe:bb:47:53:80:81:5c:50:65:00:
                    f5:f4:60:d2:06:8d:73:76:d3:4e:36:c9:b0:32:63:
                    7a:44:3c:de:55:ec:6d:65:cf:2a:ff:1d:3d:f5:a2:
                    fc:ee:a1:73:ac:7e:8b:6e:f4:8e:86:4b:af:93:b2:
                    7e:6b:67:70:4c:47:0c:1a:41:01:c2:9d:a3:ce:76:
                    ba:12:eb:25:b1:14:61:ec:af:a2:5a:e9:7b:62:c2:
                    f8:c7:ba:f1:00:25:e8:20:38:34:d2:4e:b2:b7:0e:
                    48:17:e2:5c:ae:44:e0:b4:b2:6b:dc:53:32:8b:f0:
                    dc:77:99:7c:ac:8d:85:74:20:fa:36:34:aa:63:30:
                    52:e9:2d:39:f0:eb:60:cc:9f:50:fa:5a:7d:a7:f4:
                    d4:fc:89:f0:ee:80:20:6a:75:7c:ca:c6:34:87:8b:
                    02:86:e1:4f:b3:23:63:d2:d5:a5:3c:94:24:a8:93:
                    53:ef:45:96:f9:31:a9:d3:77:b6:a9:fc:91:41:91:
                    32:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:37:72:6C:6F:8A:7E:09:5F:F8:0E:82:A3:85:24:7C:1D:96:FE:CE
            X509v3 Authority Key Identifier:
                keyid:B6:8B:42:92:2D:38:7C:57:8F:A5:76:92:48:7F:2A:19:06:85:89:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/totCki04fFePpXaSSH8qGQaFibo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/336198-3e7b-4615-bcea-4a545b116880/1/kTdybG-Kfglf-A6Co4UkfB2W_s4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/336198-3e7b-4615-bcea-4a545b116880/1/totCki04fFePpXaSSH8qGQaFibo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.190.108.0/22
                IPv6:
                  2a0d:d1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:81:9d:df:4b:f9:2a:bf:0a:c2:70:e6:76:05:7c:3a:7f:b1:
         6b:89:0c:31:5f:05:a2:73:3f:52:63:0b:a8:10:ef:15:83:0c:
         57:cc:c3:ed:6c:09:d5:57:77:f1:6d:42:03:a5:26:01:86:ff:
         be:08:11:e1:4c:97:ad:2f:c4:f2:33:e9:f4:8f:5b:af:87:5b:
         b7:6f:75:34:14:0c:53:81:a6:33:e5:73:de:04:37:d9:59:12:
         56:7f:af:96:1b:96:39:d9:0e:b5:12:d6:e3:a0:41:56:a2:d0:
         b2:74:ab:01:3b:04:e9:f1:b7:6b:83:73:69:04:91:e7:43:8f:
         e5:d1:5f:61:6c:7b:13:5a:a7:c6:3f:9c:10:c9:37:d7:78:eb:
         a0:67:3d:a3:68:19:3b:7f:3f:cf:ad:ee:06:96:18:e6:fa:6c:
         7d:91:46:2a:64:09:b3:12:ef:0b:9c:bc:cd:04:fb:b1:1f:72:
         0a:18:ab:f1:94:23:18:6c:c0:35:ce:91:e4:ac:99:ee:3a:c0:
         01:4a:48:b9:7b:dc:03:ac:e4:a7:64:fe:9d:2d:44:06:ca:93:
         99:3d:ff:2e:b5:73:22:37:50:4d:df:e6:d9:c0:36:92:e0:9b:
         7f:d8:ea:07:9c:b8:ee:1f:32:45:5f:f3:81:3b:b4:6e:b9:32:
         13:03:90:a5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt57RaMjCPT2h5F4U/H8ZDIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2OGI0MjkyMmQzODdjNTc4ZmE1NzY5MjQ4N2YyYTE5MDY4
NTg5YmEwHhcNMjYwMTAxMTQxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTM3NzI2YzZmOGE3ZTA5NWZmODBlODJhMzg1MjQ3YzFkOTZmZWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxz4Yir5CStGAVwnmS1isjp3fNT37
vTQ+BGofY3DpjH1luRh9AwCQJpgye5o8Xv6vC6pg6o+qNCQ8pHfupovf/v67R1OA
gVxQZQD19GDSBo1zdtNONsmwMmN6RDzeVextZc8q/x099aL87qFzrH6LbvSOhkuv
k7J+a2dwTEcMGkEBwp2jzna6EuslsRRh7K+iWul7YsL4x7rxACXoIDg00k6ytw5I
F+JcrkTgtLJr3FMyi/Dcd5l8rI2FdCD6NjSqYzBS6S058OtgzJ9Q+lp9p/TU/Inw
7oAganV8ysY0h4sChuFPsyNj0tWlPJQkqJNT70WW+TGp03e2qfyRQZEyxwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJE3cmxvin4JX/gOgqOFJHwdlv7OMB8GA1UdIwQY
MBaAFLaLQpItOHxXj6V2kkh/KhkGhYm6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdG90Q2tpMDRmRmVQcFhhU1NIOHFHUWFGaWJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8zMzYxOTgtM2U3Yi00NjE1LWJjZWEt
NGE1NDViMTE2ODgwLzEva1RkeWJHLUtmZ2xmLUE2Q280VWtmQjJXX3M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8zMzYxOTgtM2U3Yi00NjE1LWJjZWEtNGE1NDViMTE2ODgw
LzEvdG90Q2tpMDRmRmVQcFhhU1NIOHFHUWFGaWJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCvL5sMA0E
AgACMAcDBQAqDdHAMA0GCSqGSIb3DQEBCwUAA4IBAQAbgZ3fS/kqvwrCcOZ2BXw6
f7FriQwxXwWicz9SYwuoEO8VgwxXzMPtbAnVV3fxbUIDpSYBhv++CBHhTJetL8Ty
M+n0j1uvh1u3b3U0FAxTgaYz5XPeBDfZWRJWf6+WG5Y52Q61EtbjoEFWotCydKsB
OwTp8bdrg3NpBJHnQ4/l0V9hbHsTWqfGP5wQyTfXeOugZz2jaBk7fz/Pre4Glhjm
+mx9kUYqZAmzEu8LnLzNBPuxH3IKGKvxlCMYbMA1zpHkrJnuOsABSki5e9wDrOSn
ZP6dLUQGypOZPf8utXMiN1BN3+bZwDaS4Jt/2OoHnLjuHzJFX/OBO7RuuTITA5Cl
-----END CERTIFICATE-----