Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/TwrfV5jkb4tCYWMEeSP4fWNSbA4.roa
File:                     TwrfV5jkb4tCYWMEeSP4fWNSbA4.roa (raw, json)
Hash identifier:          KOuy9oknofmDI0DA+mmtLHCDoJov8QBBOeqoALqorIU=
Subject key identifier:   4F:0A:DF:57:98:E4:6F:8B:42:61:63:04:79:23:F8:7D:63:52:6C:0E
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019DC5330258C1006E4E1DFD9D69FE60AE24
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/TwrfV5jkb4tCYWMEeSP4fWNSbA4.roa
Signing time:             Sat 25 Apr 2026 15:12:27 +0000
ROA not before:           Sat 25 Apr 2026 15:12:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198420
IP address blocks:        89.125.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c5:33:02:58:c1:00:6e:4e:1d:fd:9d:69:fe:60:ae:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr 25 15:12:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4f0adf5798e46f8b426163047923f87d63526c0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0a:53:ef:74:f7:80:3a:b4:b6:63:5d:29:b1:
                    c1:c0:7d:a2:0f:3a:ec:8a:e8:95:70:48:ed:98:a0:
                    af:c1:9d:6e:ad:c8:f8:ac:13:40:e3:8a:a8:4b:a6:
                    0b:b0:a4:da:09:2e:42:7b:c9:64:6a:62:c5:fe:b0:
                    41:de:a3:98:83:ad:46:91:d1:c5:f0:10:f2:bb:b6:
                    da:3b:3d:8c:6f:b5:9e:af:63:b7:cd:11:bc:ce:79:
                    f5:d9:a0:62:7b:dc:23:38:f2:21:f0:c5:d7:c0:13:
                    cb:ad:8f:cd:4f:d1:e8:6b:39:38:a7:ef:50:38:fd:
                    77:c9:60:79:ec:77:69:c6:7d:27:77:66:64:10:82:
                    69:7c:64:25:27:6c:5f:4d:c4:7c:04:88:ce:80:7b:
                    2b:11:6d:23:90:7f:ea:ad:09:0e:cb:ab:a5:2c:87:
                    eb:2a:05:08:24:24:4e:87:63:e2:db:d8:2a:89:45:
                    87:6f:52:b7:64:9a:99:85:eb:15:00:05:07:64:a6:
                    fa:08:8c:a4:5d:5e:87:4c:26:65:26:89:c9:25:0c:
                    50:1a:6a:fd:35:4b:7c:76:90:38:be:4c:fe:d2:48:
                    0e:eb:18:1a:27:56:30:1b:99:fa:ed:3f:74:1e:d5:
                    a9:c5:75:88:32:b6:b9:36:95:0a:55:fa:3e:b5:65:
                    92:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:0A:DF:57:98:E4:6F:8B:42:61:63:04:79:23:F8:7D:63:52:6C:0E
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/TwrfV5jkb4tCYWMEeSP4fWNSbA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:10:6b:84:f7:00:f6:37:60:a0:93:81:17:7f:35:8e:f8:08:
         85:67:29:8d:a2:24:98:9e:83:58:b3:1d:3d:b5:b9:b3:da:89:
         4a:9b:46:f8:71:64:d8:41:35:3e:fb:0e:13:7f:a8:ab:76:fa:
         18:88:d5:65:8a:d2:96:30:67:e1:4a:f7:07:fb:86:bc:ad:ce:
         c0:53:ef:d1:d3:11:9b:2d:27:78:48:c9:5d:29:7e:04:90:dc:
         39:e3:cf:25:d0:8b:0e:ca:30:c1:57:d8:11:a0:0d:21:41:b1:
         60:e8:78:c8:de:33:23:6d:e1:a3:5e:97:57:bc:32:da:f6:c1:
         8f:40:4e:7c:95:32:62:a1:f0:2a:83:fa:87:b1:a6:c4:17:4d:
         9d:06:be:01:3b:d6:24:3b:c3:2b:0a:9d:df:21:7c:ca:61:d1:
         9b:0a:0b:31:a9:8d:62:21:85:7c:b3:1c:bc:fe:e9:64:04:3f:
         7d:64:0c:2a:d3:fe:41:17:70:c9:b5:f4:89:43:a6:c5:6e:c3:
         d5:eb:37:42:26:0d:80:d3:e5:ea:94:af:b1:5f:3c:8e:55:2e:
         ef:c8:72:30:a9:b3:92:47:08:bb:00:62:ac:53:5d:a4:09:b8:
         71:ff:8c:25:f3:56:5f:15:a7:83:48:e8:33:e3:35:a0:14:d2:
         eb:07:d9:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3FMwJYwQBuTh39nWn+YK4kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDI1MTUxMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjBhZGY1Nzk4ZTQ2ZjhiNDI2MTYzMDQ3OTIzZjg3ZDYzNTI2YzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwpT73T3gDq0tmNdKbHBwH2iDzrs
iuiVcEjtmKCvwZ1urcj4rBNA44qoS6YLsKTaCS5Ce8lkamLF/rBB3qOYg61GkdHF
8BDyu7baOz2Mb7Wer2O3zRG8znn12aBie9wjOPIh8MXXwBPLrY/NT9Hoazk4p+9Q
OP13yWB57Hdpxn0nd2ZkEIJpfGQlJ2xfTcR8BIjOgHsrEW0jkH/qrQkOy6ulLIfr
KgUIJCROh2Pi29gqiUWHb1K3ZJqZhesVAAUHZKb6CIykXV6HTCZlJonJJQxQGmr9
NUt8dpA4vkz+0kgO6xgaJ1YwG5n67T90HtWpxXWIMra5NpUKVfo+tWWSdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8K31eY5G+LQmFjBHkj+H1jUmwOMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvVHdyZlY1amtiNHRDWVdNRWVTUDRmV05TYkE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWX0UMA0G
CSqGSIb3DQEBCwUAA4IBAQAZEGuE9wD2N2Cgk4EXfzWO+AiFZymNoiSYnoNYsx09
tbmz2olKm0b4cWTYQTU++w4Tf6irdvoYiNVlitKWMGfhSvcH+4a8rc7AU+/R0xGb
LSd4SMldKX4EkNw5488l0IsOyjDBV9gRoA0hQbFg6HjI3jMjbeGjXpdXvDLa9sGP
QE58lTJiofAqg/qHsabEF02dBr4BO9YkO8MrCp3fIXzKYdGbCgsxqY1iIYV8sxy8
/ulkBD99ZAwq0/5BF3DJtfSJQ6bFbsPV6zdCJg2A0+XqlK+xXzyOVS7vyHIwqbOS
Rwi7AGKsU12kCbhx/4wl81ZfFaeDSOgz4zWgFNLrB9lR
-----END CERTIFICATE-----