Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/8-_TWMNK9smVCIZHx2gSgefBTvk.roa
File:                     8-_TWMNK9smVCIZHx2gSgefBTvk.roa (raw, json)
Hash identifier:          GoPHoDZXQ4RK7VcYW0JWFdEHGQJJF9f+5F3ghTg1XDg=
Subject key identifier:   F3:EF:D3:58:C3:4A:F6:C9:95:08:86:47:C7:68:12:81:E7:C1:4E:F9
Certificate issuer:       /CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
Certificate serial:       019DCF9C19DAEED70F3A8AD9EE0BDDF93381
Authority key identifier: 8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/8-_TWMNK9smVCIZHx2gSgefBTvk.roa
Signing time:             Mon 27 Apr 2026 15:43:27 +0000
ROA not before:           Mon 27 Apr 2026 15:43:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7029
IP address blocks:        212.66.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cf:9c:19:da:ee:d7:0f:3a:8a:d9:ee:0b:dd:f9:33:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
        Validity
            Not Before: Apr 27 15:43:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f3efd358c34af6c995088647c7681281e7c14ef9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:5b:9a:a3:74:ff:9c:45:11:15:b1:dd:88:4a:
                    07:0f:e7:95:81:77:e9:d7:7c:fb:6b:ae:1c:36:37:
                    27:ee:e3:e6:b3:2f:21:eb:c4:60:a6:58:17:5e:61:
                    58:fe:d2:a9:ce:47:b2:7b:db:7a:86:19:07:de:44:
                    5b:99:fc:ab:bf:48:5e:23:a6:aa:51:eb:f4:ca:f8:
                    aa:12:c6:87:c2:01:6a:d8:a9:d8:61:ce:bb:68:9d:
                    a8:f3:bf:20:c5:e8:e9:8e:4b:1e:e7:c2:f0:49:e6:
                    0c:a4:47:48:f1:97:d1:5f:1c:59:f7:60:3e:9f:6d:
                    96:d9:82:fe:4b:54:62:0b:4a:88:ea:4f:31:71:23:
                    69:b6:40:39:ed:d2:3e:9c:76:89:e8:10:81:74:14:
                    3e:87:70:48:bf:9c:68:b3:7a:fe:3e:88:f0:b4:45:
                    22:52:ac:91:21:82:83:39:95:e5:73:c1:4e:4f:03:
                    20:a5:37:12:0d:32:ec:e6:c4:55:b6:e0:9a:7d:95:
                    a5:cc:e7:fc:d5:3b:04:a2:d4:8d:a8:c3:a4:25:99:
                    ec:d7:23:2a:37:65:69:a1:4d:16:ca:5b:5e:d8:6e:
                    db:79:df:02:15:4a:45:cc:de:15:53:b2:be:2b:94:
                    e5:fc:3b:90:c6:74:28:6e:fc:7e:5f:5b:d3:43:66:
                    ae:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:EF:D3:58:C3:4A:F6:C9:95:08:86:47:C7:68:12:81:E7:C1:4E:F9
            X509v3 Authority Key Identifier:
                keyid:8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/8-_TWMNK9smVCIZHx2gSgefBTvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.66.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:fc:d2:93:1d:7b:87:b8:1b:f0:3b:30:2c:1a:09:d3:7c:bb:
         ad:a2:2a:a9:7f:cf:4d:fa:9f:13:1f:e5:53:89:c7:e1:c7:25:
         88:43:db:89:1a:a3:77:60:b1:77:8e:ed:8d:47:37:a3:87:f1:
         b9:2b:31:4b:18:82:14:0f:66:ec:63:4e:ff:22:2e:39:92:a9:
         13:1a:45:07:a9:67:ed:b4:99:38:80:49:a0:0c:ea:e4:fe:81:
         16:69:cd:83:1e:6d:20:6d:02:68:bf:2b:b5:48:5b:bf:c5:65:
         43:d6:3a:23:2e:5d:f0:24:8e:17:2f:b2:92:11:aa:6a:24:ab:
         41:93:2b:a6:25:01:fe:bc:90:75:c3:79:1f:bb:9b:36:a7:78:
         75:1c:03:84:27:f5:3f:f7:5a:85:fb:50:c6:eb:7b:cf:f6:8b:
         80:24:42:4b:2c:83:df:e9:2c:60:5c:16:25:13:38:43:12:0c:
         2b:a9:dd:f9:01:dd:3f:66:7c:94:1d:52:8d:ce:b4:78:f0:e0:
         dd:2d:c6:e1:a6:a6:38:9b:08:2d:53:6a:d1:7c:47:bd:e1:06:
         33:1d:a1:46:e2:0e:50:83:d7:26:cf:f1:2c:59:bb:2a:a0:27:
         b9:98:46:b9:9c:2f:8c:ed:6a:45:ef:2f:f7:f3:09:95:ed:c6:
         db:ce:3b:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3PnBna7tcPOorZ7gvd+TOBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMDFhYjZjZDQ0YTdhM2VhNDAwMmMxMDZhOTZjNDI3YjUy
YzgxZDUwHhcNMjYwNDI3MTU0MzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2VmZDM1OGMzNGFmNmM5OTUwODg2NDdjNzY4MTI4MWU3YzE0ZWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Vuao3T/nEURFbHdiEoHD+eVgXfp
13z7a64cNjcn7uPmsy8h68RgplgXXmFY/tKpzkeye9t6hhkH3kRbmfyrv0heI6aq
Uev0yviqEsaHwgFq2KnYYc67aJ2o878gxejpjkse58LwSeYMpEdI8ZfRXxxZ92A+
n22W2YL+S1RiC0qI6k8xcSNptkA57dI+nHaJ6BCBdBQ+h3BIv5xos3r+PojwtEUi
UqyRIYKDOZXlc8FOTwMgpTcSDTLs5sRVtuCafZWlzOf81TsEotSNqMOkJZns1yMq
N2VpoU0Wylte2G7bed8CFUpFzN4VU7K+K5Tl/DuQxnQobvx+X1vTQ2auPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPv01jDSvbJlQiGR8doEoHnwU75MB8GA1UdIwQY
MBaAFIoBq2zUSno+pAAsEGqWxCe1LIHVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEt
OWZlYmY4YzNlMzNmLzEvOC1fVFdNTks5c21WQ0laSHgyZ1NnZWZCVHZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEtOWZlYmY4YzNlMzNm
LzEvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EIzMA0G
CSqGSIb3DQEBCwUAA4IBAQCP/NKTHXuHuBvwOzAsGgnTfLutoiqpf89N+p8TH+VT
icfhxyWIQ9uJGqN3YLF3ju2NRzejh/G5KzFLGIIUD2bsY07/Ii45kqkTGkUHqWft
tJk4gEmgDOrk/oEWac2DHm0gbQJovyu1SFu/xWVD1jojLl3wJI4XL7KSEapqJKtB
kyumJQH+vJB1w3kfu5s2p3h1HAOEJ/U/91qF+1DG63vP9ouAJEJLLIPf6SxgXBYl
EzhDEgwrqd35Ad0/ZnyUHVKNzrR48ODdLcbhpqY4mwgtU2rRfEe94QYzHaFG4g5Q
g9cmz/EsWbsqoCe5mEa5nC+M7WpF7y/38wmV7cbbzjvZ
-----END CERTIFICATE-----