Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/T5TMwGb9m6fUOsdYTFdKcxckCwE.roa
File:                     T5TMwGb9m6fUOsdYTFdKcxckCwE.roa (raw, json)
Hash identifier:          6C5v17D7/Uget8KwdfI4ebcMg2hmmMi+WsrJCuJSCCI=
Subject key identifier:   4F:94:CC:C0:66:FD:9B:A7:D4:3A:C7:58:4C:57:4A:73:17:24:0B:01
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019DB3ED003DFC73DF259A4C926E61823363
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/T5TMwGb9m6fUOsdYTFdKcxckCwE.roa
Signing time:             Wed 22 Apr 2026 06:42:26 +0000
ROA not before:           Wed 22 Apr 2026 06:42:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211019
IP address blocks:        78.17.72.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b3:ed:00:3d:fc:73:df:25:9a:4c:92:6e:61:82:33:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr 22 06:42:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4f94ccc066fd9ba7d43ac7584c574a7317240b01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:16:8d:b1:04:6d:ed:32:eb:3b:f3:67:96:a9:
                    65:58:57:16:b2:34:0c:f6:42:db:c7:dd:44:d6:9f:
                    75:3f:83:fb:e9:2a:83:1a:b0:52:72:91:a3:80:7b:
                    89:8f:5c:84:4b:db:d7:35:93:56:d6:ed:38:c6:ba:
                    c3:f3:d0:3b:80:f6:d1:b8:ba:fa:18:44:e3:de:cf:
                    39:b6:50:b7:9e:f2:0a:55:b6:1e:4a:8d:3a:d1:70:
                    52:1d:2c:45:93:1f:51:c1:5b:23:cd:f9:7f:dc:22:
                    85:54:3c:fd:bb:9e:df:b1:4b:36:4c:80:05:ff:e0:
                    09:56:d0:e3:c1:75:92:fe:27:54:3d:cc:84:92:c9:
                    56:b4:8d:f3:3f:c0:75:99:22:68:7b:5e:08:2c:91:
                    7f:d2:92:18:3b:b0:d4:e0:ab:7d:5d:cf:ae:3d:c8:
                    0f:7b:ab:ef:2e:b6:41:ff:f3:3d:ba:79:a8:c6:c1:
                    bc:be:a6:83:b8:e2:c8:b0:d5:aa:e2:7c:8d:ac:c5:
                    5f:8c:7c:db:5b:80:1f:67:89:a5:6d:c6:b7:57:bb:
                    7c:e7:48:f7:bb:df:67:fe:48:92:f6:21:e7:6e:f4:
                    89:cd:a5:3f:7e:f0:41:f1:53:30:7b:2d:f3:ff:61:
                    47:33:ff:01:0a:1e:33:21:dd:37:11:ef:dd:a9:8e:
                    a7:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:94:CC:C0:66:FD:9B:A7:D4:3A:C7:58:4C:57:4A:73:17:24:0B:01
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/T5TMwGb9m6fUOsdYTFdKcxckCwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.17.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:6b:e0:d4:9b:66:99:94:a9:61:ad:fb:42:54:46:fb:1a:38:
         d1:d8:6c:f2:04:bf:9a:4e:61:4c:53:61:37:7e:cf:90:e5:59:
         6c:21:46:74:c6:ae:d4:55:11:69:ee:71:dc:cd:3c:3b:da:9d:
         c4:07:0d:61:dc:8b:87:2a:65:ba:ce:91:37:4a:fb:d5:b6:92:
         ca:e2:8e:ca:a8:0a:a8:cd:26:37:2e:22:f5:71:12:dd:a6:e1:
         f2:09:7e:34:d5:02:08:c6:9d:9f:ab:52:2e:1e:36:e2:7a:56:
         bf:12:17:0c:91:37:33:2d:37:1f:86:08:b5:bd:bf:18:00:1f:
         20:5c:13:28:78:ba:f4:d5:39:5f:22:81:39:28:6f:57:be:84:
         ed:8e:12:f9:63:5c:b3:59:34:ee:67:44:e2:93:57:94:b8:7b:
         26:ae:9b:39:90:97:2d:59:e6:e5:27:3f:9f:25:db:51:21:46:
         db:bd:37:c3:dc:ab:ef:28:dd:83:c4:14:34:08:17:88:d7:58:
         32:7f:34:2d:f3:72:4f:7a:3b:fc:ba:1d:65:68:62:5c:9e:1f:
         74:56:fa:ba:ce:b9:96:2d:b2:6a:04:17:68:ce:78:5e:69:56:
         12:f2:b1:c7:b1:dd:f4:ce:fc:fa:74:70:c7:24:6c:bb:73:48:
         5f:82:84:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2z7QA9/HPfJZpMkm5hgjNjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDIyMDY0MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjk0Y2NjMDY2ZmQ5YmE3ZDQzYWM3NTg0YzU3NGE3MzE3MjQwYjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRaNsQRt7TLrO/NnlqllWFcWsjQM
9kLbx91E1p91P4P76SqDGrBScpGjgHuJj1yES9vXNZNW1u04xrrD89A7gPbRuLr6
GETj3s85tlC3nvIKVbYeSo060XBSHSxFkx9RwVsjzfl/3CKFVDz9u57fsUs2TIAF
/+AJVtDjwXWS/idUPcyEkslWtI3zP8B1mSJoe14ILJF/0pIYO7DU4Kt9Xc+uPcgP
e6vvLrZB//M9unmoxsG8vqaDuOLIsNWq4nyNrMVfjHzbW4AfZ4mlbca3V7t850j3
u99n/kiS9iHnbvSJzaU/fvBB8VMwey3z/2FHM/8BCh4zId03Ee/dqY6n1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+UzMBm/Zun1DrHWExXSnMXJAsBMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvVDVUTXdHYjltNmZVT3NkWVRGZEtjeGNrQ3dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBThFIMA0G
CSqGSIb3DQEBCwUAA4IBAQCUa+DUm2aZlKlhrftCVEb7GjjR2GzyBL+aTmFMU2E3
fs+Q5VlsIUZ0xq7UVRFp7nHczTw72p3EBw1h3IuHKmW6zpE3SvvVtpLK4o7KqAqo
zSY3LiL1cRLdpuHyCX401QIIxp2fq1IuHjbiela/EhcMkTczLTcfhgi1vb8YAB8g
XBMoeLr01TlfIoE5KG9XvoTtjhL5Y1yzWTTuZ0Tik1eUuHsmrps5kJctWeblJz+f
JdtRIUbbvTfD3KvvKN2DxBQ0CBeI11gyfzQt83JPejv8uh1laGJcnh90Vvq6zrmW
LbJqBBdoznheaVYS8rHHsd30zvz6dHDHJGy7c0hfgoS3
-----END CERTIFICATE-----