Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/IwASNYiDQn5xsIdNg-WSxSfiSX8.roa
File:                     IwASNYiDQn5xsIdNg-WSxSfiSX8.roa (raw, json)
Hash identifier:          YKmm1gRRj9doCaBTsSHqjZy+Ji3sBvyV73PyzK+nXo0=
Subject key identifier:   23:00:12:35:88:83:42:7E:71:B0:87:4D:83:E5:92:C5:27:E2:49:7F
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019E0693EAA22F44712DDC42BF847CFD4C89
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/IwASNYiDQn5xsIdNg-WSxSfiSX8.roa
Signing time:             Fri 08 May 2026 07:53:37 +0000
ROA not before:           Fri 08 May 2026 07:53:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198037
IP address blocks:        78.17.147.0/24 maxlen: 24
                          89.125.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:06:93:ea:a2:2f:44:71:2d:dc:42:bf:84:7c:fd:4c:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: May  8 07:53:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=230012358883427e71b0874d83e592c527e2497f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:53:40:cb:e8:75:62:c1:ac:ed:22:dc:df:47:
                    44:93:9a:48:eb:0a:a3:fd:c2:eb:6d:9e:68:8b:ab:
                    37:54:86:74:1d:fa:27:c9:d2:ae:9c:65:77:00:be:
                    d9:b5:35:e1:68:6d:0c:33:7b:fb:ba:c8:1e:f3:cd:
                    a7:bf:b3:de:1a:97:e4:5a:79:c0:a0:92:59:f1:a8:
                    bc:24:27:10:63:ad:8c:cd:3a:ce:36:86:5d:43:a2:
                    cc:59:eb:7a:df:d1:38:a5:2a:72:9c:ce:ec:f2:8d:
                    ff:7a:00:31:3e:10:81:e8:2e:2c:04:f2:93:c0:10:
                    1e:de:1a:f2:0b:df:89:3a:b9:0e:fb:3f:61:41:d2:
                    c3:19:da:36:23:cb:de:58:23:45:33:ae:0a:09:e5:
                    f7:ae:7f:96:ba:0d:ec:6e:5a:64:c2:9d:ce:3b:08:
                    03:8a:46:7b:38:97:39:3f:d3:7e:8a:da:9c:6d:8c:
                    d6:3c:d7:b1:f6:18:6c:2e:9a:80:3c:ad:12:88:3d:
                    14:05:6d:26:9a:5e:0a:19:6f:05:a9:58:e8:6e:cf:
                    cc:56:c1:8f:fb:37:ac:11:66:3e:13:d1:6c:1f:9a:
                    72:ad:dc:a0:06:a9:5d:96:c0:41:e5:8c:e7:e6:6a:
                    a2:82:23:40:df:db:9f:8f:78:f6:1e:4b:84:5d:30:
                    45:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:00:12:35:88:83:42:7E:71:B0:87:4D:83:E5:92:C5:27:E2:49:7F
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/IwASNYiDQn5xsIdNg-WSxSfiSX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.17.147.0/24
                  89.125.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:c7:73:e2:67:9c:67:f4:b9:00:de:74:6c:17:2e:c2:b7:7e:
         3a:7a:07:d7:c9:b8:fd:4f:7e:a1:27:65:39:f8:73:94:c0:d6:
         01:6e:20:36:ec:57:da:3b:00:8e:05:4b:dc:67:ea:8c:0d:ce:
         6e:4f:ec:88:a2:91:1e:a2:c7:ae:15:81:8f:9d:cf:ff:f7:a5:
         2b:07:de:34:e3:61:a6:3b:99:ed:89:f1:40:2b:e7:10:9c:c8:
         2b:78:62:f5:22:34:4f:86:b8:5e:e6:8d:d5:d4:28:f7:10:ee:
         27:eb:ea:44:2b:80:e4:34:c2:96:59:e6:aa:35:9d:10:5e:d4:
         bf:8a:90:5f:13:0a:53:f3:23:e9:57:24:83:74:0a:fa:a9:77:
         2b:55:61:0b:fd:2c:2e:0d:3b:a9:7f:84:6f:72:a8:64:44:69:
         c8:ee:90:90:63:c7:13:43:c2:b2:01:ad:79:12:bc:16:81:61:
         3a:1c:f2:16:19:0e:cf:c3:a8:07:fa:5e:4e:32:74:73:0f:d2:
         80:da:c2:f8:3c:8c:79:c1:9f:75:46:64:c0:d3:91:23:a1:a9:
         2f:37:99:e9:c0:22:08:80:11:35:25:a0:29:82:2b:3f:32:5d:
         e4:e4:26:98:e7:ad:df:59:a7:c4:96:97:ac:f0:88:03:b9:3e:
         c9:a6:9c:0f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4Gk+qiL0RxLdxCv4R8/UyJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNTA4MDc1MzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzAwMTIzNTg4ODM0MjdlNzFiMDg3NGQ4M2U1OTJjNTI3ZTI0OTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFNAy+h1YsGs7SLc30dEk5pI6wqj
/cLrbZ5oi6s3VIZ0HfonydKunGV3AL7ZtTXhaG0MM3v7usge882nv7PeGpfkWnnA
oJJZ8ai8JCcQY62MzTrONoZdQ6LMWet639E4pSpynM7s8o3/egAxPhCB6C4sBPKT
wBAe3hryC9+JOrkO+z9hQdLDGdo2I8veWCNFM64KCeX3rn+Wug3sblpkwp3OOwgD
ikZ7OJc5P9N+itqcbYzWPNex9hhsLpqAPK0SiD0UBW0mml4KGW8FqVjobs/MVsGP
+zesEWY+E9FsH5pyrdygBqldlsBB5Yzn5mqigiNA39ufj3j2HkuEXTBFFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCMAEjWIg0J+cbCHTYPlksUn4kl/MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvSXdBU05ZaURRbjV4c0lkTmctV1N4U2ZpU1g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAThGTAwQA
WX0hMA0GCSqGSIb3DQEBCwUAA4IBAQAUx3PiZ5xn9LkA3nRsFy7Ct346egfXybj9
T36hJ2U5+HOUwNYBbiA27FfaOwCOBUvcZ+qMDc5uT+yIopEeoseuFYGPnc//96Ur
B94042GmO5ntifFAK+cQnMgreGL1IjRPhrhe5o3V1Cj3EO4n6+pEK4DkNMKWWeaq
NZ0QXtS/ipBfEwpT8yPpVySDdAr6qXcrVWEL/SwuDTupf4RvcqhkRGnI7pCQY8cT
Q8KyAa15ErwWgWE6HPIWGQ7Pw6gH+l5OMnRzD9KA2sL4PIx5wZ91RmTA05Ejoakv
N5npwCIIgBE1JaApgis/Ml3k5CaY563fWafElpes8IgDuT7JppwP
-----END CERTIFICATE-----