Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/q75Auw46HOyioxQrtlcW_9rI6i8.roa
File:                     q75Auw46HOyioxQrtlcW_9rI6i8.roa (raw, json)
Hash identifier:          GxDQWkbEH/25O4NXpOH9wwy+2KRJocT9o1F2wenI7/Y=
Subject key identifier:   AB:BE:40:BB:0E:3A:1C:EC:A2:A3:14:2B:B6:57:16:FF:DA:C8:EA:2F
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019DFD38D1B385582AD08A8274D61FADDB21
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/q75Auw46HOyioxQrtlcW_9rI6i8.roa
Signing time:             Wed 06 May 2026 12:17:32 +0000
ROA not before:           Wed 06 May 2026 12:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215620
IP address blocks:        89.45.44.0/24 maxlen: 24
                          94.177.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:38:d1:b3:85:58:2a:d0:8a:82:74:d6:1f:ad:db:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: May  6 12:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=abbe40bb0e3a1ceca2a3142bb65716ffdac8ea2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:83:89:d3:ca:5f:e6:d2:7d:ae:86:f4:23:73:
                    9e:5f:fe:fc:0b:c2:d5:b3:c0:e1:18:79:86:3f:2e:
                    4d:f0:05:42:75:35:11:38:78:92:3b:96:48:74:4d:
                    de:73:61:1c:af:8a:7a:91:53:0c:fc:f0:e5:36:1b:
                    2f:af:6f:ed:2a:45:81:26:d3:60:46:5a:90:6e:85:
                    32:83:5f:06:8c:d9:c4:39:73:bd:6e:79:23:a4:37:
                    f0:3c:73:6b:76:ce:72:34:c7:ed:f9:ee:52:57:56:
                    4a:ac:0a:99:08:ef:35:49:0c:22:a0:37:9b:99:08:
                    aa:08:fc:6b:2b:ea:ec:49:9b:a8:18:85:f5:cf:21:
                    0e:29:71:a7:57:c1:23:35:b8:90:fc:ac:53:ec:3f:
                    88:87:74:68:d2:8e:11:07:ae:7c:99:5e:4a:68:bf:
                    ac:af:69:45:0b:ff:5a:d4:ee:7d:33:28:37:53:7b:
                    41:3c:5c:35:5c:34:47:28:03:49:fe:a5:8e:75:b5:
                    0e:46:c0:e9:72:09:0a:13:52:1e:2e:10:5e:2c:05:
                    42:e6:a2:94:d8:ce:71:d3:5f:d7:83:cc:03:18:80:
                    58:39:05:91:e3:ab:18:fb:f3:46:3a:35:3b:33:4e:
                    eb:67:56:90:eb:35:ea:3d:9c:93:65:7c:9e:b0:74:
                    47:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:BE:40:BB:0E:3A:1C:EC:A2:A3:14:2B:B6:57:16:FF:DA:C8:EA:2F
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/q75Auw46HOyioxQrtlcW_9rI6i8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.45.44.0/24
                  94.177.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:21:41:1b:0b:a4:7d:f6:e3:30:dd:3d:b9:ef:86:47:8f:92:
         4e:be:cf:9d:af:13:de:93:91:d0:dd:8f:2d:c3:66:a4:57:61:
         75:71:e4:b5:02:ed:cf:68:53:18:f5:81:0e:b6:57:a0:86:59:
         b2:52:32:92:4e:9a:03:ea:fb:ae:9b:d0:e5:52:a8:07:8e:02:
         78:95:77:66:d0:fa:94:79:b9:9b:d8:5e:4c:5c:0f:64:ee:96:
         06:78:8d:89:7b:37:79:9f:d2:b1:09:5f:8c:d4:ca:11:4d:f4:
         cf:08:a5:12:bf:c5:5c:a9:8d:8b:2c:2c:57:e1:24:fc:e8:ee:
         89:33:00:73:78:03:5e:14:1f:5e:f3:92:be:3b:7f:e1:c0:2c:
         1f:7f:6b:db:64:d3:c2:8a:6e:32:8a:4f:34:c0:10:77:ac:88:
         40:a0:5a:c7:82:a3:29:2b:46:94:6f:90:1a:6f:47:42:01:5f:
         23:4a:16:8b:0b:8c:14:6c:a4:1b:41:2f:5f:29:fe:2f:11:7a:
         cc:aa:a1:fa:66:9c:89:21:c9:46:4f:3c:f8:bd:35:e6:de:f9:
         38:82:38:9f:9f:e9:67:34:ca:bc:c7:d7:e5:75:e2:45:97:0a:
         f8:cc:30:9b:6d:58:de:91:e0:da:18:8e:0d:0a:ff:7c:a4:5b:
         06:15:93:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ39ONGzhVgq0IqCdNYfrdshMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNTA2MTIxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmJlNDBiYjBlM2ExY2VjYTJhMzE0MmJiNjU3MTZmZmRhYzhlYTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4OJ08pf5tJ9rob0I3OeX/78C8LV
s8DhGHmGPy5N8AVCdTUROHiSO5ZIdE3ec2Ecr4p6kVMM/PDlNhsvr2/tKkWBJtNg
RlqQboUyg18GjNnEOXO9bnkjpDfwPHNrds5yNMft+e5SV1ZKrAqZCO81SQwioDeb
mQiqCPxrK+rsSZuoGIX1zyEOKXGnV8EjNbiQ/KxT7D+Ih3Ro0o4RB658mV5KaL+s
r2lFC/9a1O59Myg3U3tBPFw1XDRHKANJ/qWOdbUORsDpcgkKE1IeLhBeLAVC5qKU
2M5x01/Xg8wDGIBYOQWR46sY+/NGOjU7M07rZ1aQ6zXqPZyTZXyesHRHNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKu+QLsOOhzsoqMUK7ZXFv/ayOovMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvcTc1QXV3NDZIT3lpb3hRcnRsY1dfOXJJNmk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWS0sAwQA
XrGTMA0GCSqGSIb3DQEBCwUAA4IBAQCRIUEbC6R99uMw3T2574ZHj5JOvs+drxPe
k5HQ3Y8tw2akV2F1ceS1Au3PaFMY9YEOtleghlmyUjKSTpoD6vuum9DlUqgHjgJ4
lXdm0PqUebmb2F5MXA9k7pYGeI2Jezd5n9KxCV+M1MoRTfTPCKUSv8VcqY2LLCxX
4ST86O6JMwBzeANeFB9e85K+O3/hwCwff2vbZNPCim4yik80wBB3rIhAoFrHgqMp
K0aUb5Aab0dCAV8jShaLC4wUbKQbQS9fKf4vEXrMqqH6ZpyJIclGTzz4vTXm3vk4
gjifn+lnNMq8x9fldeJFlwr4zDCbbVjekeDaGI4NCv98pFsGFZNL
-----END CERTIFICATE-----