Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/6v8dzS0v77GZof5jXJ8TmzqFIx4.roa
File:                     6v8dzS0v77GZof5jXJ8TmzqFIx4.roa (raw, json)
Hash identifier:          Rnf238O87k+PQJAkWxv+i1F2hr2Soyi/c3zvdgsdBjM=
Subject key identifier:   EA:FF:1D:CD:2D:2F:EF:B1:99:A1:FE:63:5C:9F:13:9B:3A:85:23:1E
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019DFDB83D04354392BEAA2001C3D8EE91F1
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/6v8dzS0v77GZof5jXJ8TmzqFIx4.roa
Signing time:             Wed 06 May 2026 14:36:43 +0000
ROA not before:           Wed 06 May 2026 14:36:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33185
IP address blocks:        89.125.4.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:b8:3d:04:35:43:92:be:aa:20:01:c3:d8:ee:91:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: May  6 14:36:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eaff1dcd2d2fefb199a1fe635c9f139b3a85231e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0b:52:39:32:74:d2:62:9a:a9:1d:56:3d:32:
                    fb:d8:f2:cc:be:c0:7c:c5:15:23:1a:48:82:7a:0d:
                    28:23:d0:d5:27:f9:13:78:70:b4:6e:b3:c4:e8:0a:
                    b5:2f:e1:e6:dd:ef:07:0b:44:ee:cd:5b:c7:99:38:
                    50:be:7f:ee:bb:3a:3a:07:1a:85:2f:33:10:3c:ed:
                    d0:46:b6:3d:c7:ec:99:b5:c9:9e:d5:0b:98:a3:71:
                    65:e7:64:63:9d:9a:18:fa:85:b3:bb:0a:f9:64:44:
                    1a:df:91:1d:0a:87:55:76:52:2f:dc:29:b7:df:70:
                    21:21:13:9c:98:0e:01:56:07:c1:43:6b:eb:7a:4b:
                    2c:07:b1:27:3c:83:a3:de:73:0d:c0:ed:be:61:e8:
                    8c:62:93:be:86:7d:23:29:7f:60:d3:91:f4:28:39:
                    b9:86:00:7e:c0:83:f7:9b:8e:d2:76:e2:13:fe:83:
                    8c:10:f2:3a:56:2d:62:de:80:7b:f6:f4:ec:f3:b3:
                    90:2b:20:ce:86:9f:da:d9:eb:2b:9f:f3:60:a3:66:
                    ed:6a:c0:dd:b4:32:7a:a9:7e:b9:fe:47:4b:ed:d0:
                    2a:2b:ed:33:2b:3e:e7:47:a4:cf:d9:d5:aa:c4:e7:
                    17:1d:a9:35:be:54:e3:88:ed:fe:f3:3c:5e:dd:ba:
                    e1:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:FF:1D:CD:2D:2F:EF:B1:99:A1:FE:63:5C:9F:13:9B:3A:85:23:1E
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/6v8dzS0v77GZof5jXJ8TmzqFIx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:ec:82:7c:72:23:48:2e:fa:c5:c1:9b:f4:1d:92:df:05:e1:
         af:f6:2c:a4:9e:84:73:b8:3f:6b:b8:c1:80:c6:0e:74:63:93:
         aa:1a:e0:a9:be:fd:f0:05:f9:e8:44:be:45:da:0e:c8:b2:18:
         55:e1:8a:e6:59:48:90:ff:7c:2e:7f:21:bd:70:04:69:e9:b3:
         5e:a7:15:5d:9f:b0:74:27:c2:a6:e5:45:89:0a:5f:51:a7:4f:
         54:39:a5:88:e0:da:ac:ea:9a:f0:4e:a6:ad:d6:44:56:9b:1a:
         ff:0f:dc:9f:2d:e3:48:91:0c:f1:1a:ec:52:b4:83:18:59:e0:
         0e:65:09:f5:7d:55:c3:af:a7:0b:2f:de:5c:10:90:27:1c:a5:
         16:a1:dc:18:5f:f1:91:cd:ef:f8:a7:cc:4a:69:bc:ec:14:1e:
         a0:6b:cd:fe:cc:59:64:84:55:32:ac:e6:65:6c:51:b4:bb:93:
         45:78:c4:be:7b:2c:81:27:3c:6d:29:a9:41:5a:e0:cf:57:16:
         5e:45:74:c6:e3:67:a1:d2:b5:31:48:f2:d4:c4:08:55:13:f8:
         28:b2:55:06:73:37:a4:e0:93:46:4a:5c:aa:d8:e1:22:7e:41:
         84:9f:19:b9:f1:3b:d5:0a:22:8f:2f:c9:a8:f8:42:a4:f7:1f:
         a5:06:73:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ39uD0ENUOSvqogAcPY7pHxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNTA2MTQzNjQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWZmMWRjZDJkMmZlZmIxOTlhMWZlNjM1YzlmMTM5YjNhODUyMzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwtSOTJ00mKaqR1WPTL72PLMvsB8
xRUjGkiCeg0oI9DVJ/kTeHC0brPE6Aq1L+Hm3e8HC0TuzVvHmThQvn/uuzo6BxqF
LzMQPO3QRrY9x+yZtcme1QuYo3Fl52RjnZoY+oWzuwr5ZEQa35EdCodVdlIv3Cm3
33AhIROcmA4BVgfBQ2vrekssB7EnPIOj3nMNwO2+YeiMYpO+hn0jKX9g05H0KDm5
hgB+wIP3m47SduIT/oOMEPI6Vi1i3oB79vTs87OQKyDOhp/a2esrn/Ngo2btasDd
tDJ6qX65/kdL7dAqK+0zKz7nR6TP2dWqxOcXHak1vlTjiO3+8zxe3brhPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOr/Hc0tL++xmaH+Y1yfE5s6hSMeMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvNnY4ZHpTMHY3N0dab2Y1alhKOFRtenFGSXg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWX0EMA0G
CSqGSIb3DQEBCwUAA4IBAQAy7IJ8ciNILvrFwZv0HZLfBeGv9iyknoRzuD9ruMGA
xg50Y5OqGuCpvv3wBfnoRL5F2g7IshhV4YrmWUiQ/3wufyG9cARp6bNepxVdn7B0
J8Km5UWJCl9Rp09UOaWI4Nqs6prwTqat1kRWmxr/D9yfLeNIkQzxGuxStIMYWeAO
ZQn1fVXDr6cLL95cEJAnHKUWodwYX/GRze/4p8xKabzsFB6ga83+zFlkhFUyrOZl
bFG0u5NFeMS+eyyBJzxtKalBWuDPVxZeRXTG42eh0rUxSPLUxAhVE/goslUGczek
4JNGSlyq2OEifkGEnxm58TvVCiKPL8mo+EKk9x+lBnMF
-----END CERTIFICATE-----