Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/Tgyba4QUN4V8tZaz-LrXuKGglcI.roa
File:                     Tgyba4QUN4V8tZaz-LrXuKGglcI.roa (raw, json)
Hash identifier:          3N1ko+R/E9uyhb+olKiqz7rmkIhC5Q0D6JIxxMh2AjI=
Subject key identifier:   4E:0C:9B:6B:84:14:37:85:7C:B5:96:B3:F8:BA:D7:B8:A1:A0:95:C2
Certificate issuer:       /CN=e7041e7e7d184d5dbad71429e365b9f0ac76ca52
Certificate serial:       019CDC8A347BDAB5E0D453176A2231AAC504
Authority key identifier: E7:04:1E:7E:7D:18:4D:5D:BA:D7:14:29:E3:65:B9:F0:AC:76:CA:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5wQefn0YTV261xQp42W58Kx2ylI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/Tgyba4QUN4V8tZaz-LrXuKGglcI.roa
Signing time:             Wed 11 Mar 2026 10:56:10 +0000
ROA not before:           Wed 11 Mar 2026 10:56:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215745
IP address blocks:        167.150.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/5wQefn0YTV261xQp42W58Kx2ylI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/5wQefn0YTV261xQp42W58Kx2ylI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5wQefn0YTV261xQp42W58Kx2ylI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dc:8a:34:7b:da:b5:e0:d4:53:17:6a:22:31:aa:c5:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7041e7e7d184d5dbad71429e365b9f0ac76ca52
        Validity
            Not Before: Mar 11 10:56:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e0c9b6b841437857cb596b3f8bad7b8a1a095c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ed:ba:c1:49:2d:11:37:9b:f6:26:3d:f8:e3:
                    9c:92:34:db:e3:f0:f9:45:b8:68:d2:4c:97:38:8b:
                    8d:ad:b3:bc:f2:25:9d:24:10:ca:12:6b:14:9f:33:
                    06:bd:0c:ee:18:62:2e:03:23:a1:70:df:02:0e:ac:
                    42:ee:d1:26:28:32:85:29:c7:7a:18:b6:0f:0f:89:
                    dd:55:80:1d:08:da:ef:ff:8a:55:4d:e2:ab:50:83:
                    57:87:e1:0e:01:34:30:bf:d1:2f:3a:4a:29:7c:3e:
                    c6:02:ff:29:32:97:56:fd:53:15:fa:64:6c:4a:4c:
                    fa:94:ca:90:d2:b4:d0:1f:71:43:ea:25:7a:cd:77:
                    7e:fb:81:c6:04:b2:13:16:bd:22:99:08:f0:07:52:
                    1d:f1:c5:9f:50:a7:87:9f:93:25:e8:dc:de:9e:0a:
                    8e:d0:1c:11:dc:4d:79:01:21:5b:08:d9:cf:0b:2a:
                    87:2d:19:7e:75:b4:27:eb:92:bc:9e:82:f9:9d:d4:
                    c5:cd:43:63:11:74:e9:bd:d5:d5:9d:5c:8b:b7:c3:
                    36:f5:e0:56:3d:9f:f1:a4:37:84:3e:0e:59:11:2c:
                    41:8c:d3:e3:43:ca:c5:67:82:28:62:57:ff:65:64:
                    2b:28:50:7b:4c:f8:a2:27:75:36:2d:9a:a7:7a:59:
                    fa:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:0C:9B:6B:84:14:37:85:7C:B5:96:B3:F8:BA:D7:B8:A1:A0:95:C2
            X509v3 Authority Key Identifier:
                keyid:E7:04:1E:7E:7D:18:4D:5D:BA:D7:14:29:E3:65:B9:F0:AC:76:CA:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5wQefn0YTV261xQp42W58Kx2ylI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/Tgyba4QUN4V8tZaz-LrXuKGglcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/532f41-2e3b-47eb-bed5-0e1c4ad03956/1/5wQefn0YTV261xQp42W58Kx2ylI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.150.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:98:2f:69:b8:5c:ab:07:cc:c0:c6:d3:0d:29:cf:35:07:04:
         be:92:e3:74:e0:92:05:08:71:64:29:ec:ca:22:0a:78:55:67:
         37:94:35:b3:76:6f:a9:8d:d3:8b:76:30:4b:8b:20:2c:57:8b:
         eb:b3:df:f6:71:93:2b:97:72:0e:4b:1b:c2:a5:cc:ca:a7:fb:
         bc:0a:f7:de:fd:ef:48:5a:ee:71:d0:54:f0:36:0a:09:a1:5a:
         a8:5a:d7:a1:33:48:67:c9:61:b5:91:df:ac:7f:c0:74:41:04:
         d1:e6:c6:f4:4f:99:42:c6:ba:ed:31:79:38:43:94:57:c8:fc:
         96:a2:39:13:51:f8:7d:dd:a2:92:73:5d:08:05:6a:af:43:d1:
         b9:1e:fd:60:4e:40:2b:d4:45:cf:f7:c7:3d:c6:e1:8d:d4:08:
         28:11:2e:2d:21:3a:40:a5:41:4a:7e:aa:8f:a3:4b:54:31:45:
         c4:f7:c5:03:64:aa:a4:cc:ba:0c:1f:d5:1d:fa:04:a3:3a:a3:
         9a:d3:3d:ca:b4:d2:90:7f:37:2d:d1:9e:62:55:93:de:21:bb:
         d5:0a:9f:f7:56:d6:95:72:5e:f4:14:fd:d7:f5:b1:08:f4:2c:
         26:97:a7:c2:97:45:f2:1a:45:6b:05:16:e9:a2:13:99:9a:80:
         c7:47:b0:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzcijR72rXg1FMXaiIxqsUEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MDQxZTdlN2QxODRkNWRiYWQ3MTQyOWUzNjViOWYwYWM3
NmNhNTIwHhcNMjYwMzExMTA1NjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTBjOWI2Yjg0MTQzNzg1N2NiNTk2YjNmOGJhZDdiOGExYTA5NWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2O26wUktETeb9iY9+OOckjTb4/D5
Rbho0kyXOIuNrbO88iWdJBDKEmsUnzMGvQzuGGIuAyOhcN8CDqxC7tEmKDKFKcd6
GLYPD4ndVYAdCNrv/4pVTeKrUINXh+EOATQwv9EvOkopfD7GAv8pMpdW/VMV+mRs
Skz6lMqQ0rTQH3FD6iV6zXd++4HGBLITFr0imQjwB1Id8cWfUKeHn5Ml6NzengqO
0BwR3E15ASFbCNnPCyqHLRl+dbQn65K8noL5ndTFzUNjEXTpvdXVnVyLt8M29eBW
PZ/xpDeEPg5ZESxBjNPjQ8rFZ4IoYlf/ZWQrKFB7TPiiJ3U2LZqneln6pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4Mm2uEFDeFfLWWs/i617ihoJXCMB8GA1UdIwQY
MBaAFOcEHn59GE1dutcUKeNlufCsdspSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXdRZWZuMFlUVjI2MXhRcDQyVzU4S3gyeWxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC81MzJmNDEtMmUzYi00N2ViLWJlZDUt
MGUxYzRhZDAzOTU2LzEvVGd5YmE0UVVONFY4dFphei1Mclh1S0dnbGNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC81MzJmNDEtMmUzYi00N2ViLWJlZDUtMGUxYzRhZDAzOTU2
LzEvNXdRZWZuMFlUVjI2MXhRcDQyVzU4S3gyeWxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp5bfMA0G
CSqGSIb3DQEBCwUAA4IBAQA4mC9puFyrB8zAxtMNKc81BwS+kuN04JIFCHFkKezK
Igp4VWc3lDWzdm+pjdOLdjBLiyAsV4vrs9/2cZMrl3IOSxvCpczKp/u8Cvfe/e9I
Wu5x0FTwNgoJoVqoWtehM0hnyWG1kd+sf8B0QQTR5sb0T5lCxrrtMXk4Q5RXyPyW
ojkTUfh93aKSc10IBWqvQ9G5Hv1gTkAr1EXP98c9xuGN1AgoES4tITpApUFKfqqP
o0tUMUXE98UDZKqkzLoMH9Ud+gSjOqOa0z3KtNKQfzct0Z5iVZPeIbvVCp/3VtaV
cl70FP3X9bEI9Cwml6fCl0XyGkVrBRbpohOZmoDHR7BC
-----END CERTIFICATE-----