Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/tZte8n1HudZeANPtBHv3nnai8sM.roa
File:                     tZte8n1HudZeANPtBHv3nnai8sM.roa (raw, json)
Hash identifier:          QCkWDsgxzolvfhykOvONZC6AtWXczPNbF261p/fSSHg=
Subject key identifier:   B5:9B:5E:F2:7D:47:B9:D6:5E:00:D3:ED:04:7B:F7:9E:76:A2:F2:C3
Certificate issuer:       /CN=2e252a477242fb45f20bb08020a403a2bb466a9b
Certificate serial:       019CE21C9B47A1ACED1145DD825825F36834
Authority key identifier: 2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/tZte8n1HudZeANPtBHv3nnai8sM.roa
Signing time:             Thu 12 Mar 2026 12:54:11 +0000
ROA not before:           Thu 12 Mar 2026 12:54:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61304
IP address blocks:        94.20.164.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:1c:9b:47:a1:ac:ed:11:45:dd:82:58:25:f3:68:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e252a477242fb45f20bb08020a403a2bb466a9b
        Validity
            Not Before: Mar 12 12:54:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b59b5ef27d47b9d65e00d3ed047bf79e76a2f2c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b2:f5:5a:30:30:8c:4f:ca:0a:a9:40:02:7f:
                    d3:f9:55:e9:a9:62:7c:30:dd:64:34:52:af:ec:d0:
                    2a:db:8e:0b:a5:da:37:c4:be:67:22:0f:ab:96:58:
                    21:95:21:e1:9b:cf:5c:22:7d:a7:98:a6:3f:61:11:
                    84:56:18:79:07:d4:20:4b:4a:dd:6f:86:7e:99:5d:
                    66:e2:20:c5:93:52:ef:a5:65:5c:b9:46:27:1e:c9:
                    72:6e:55:b4:be:d8:02:be:8e:6b:f8:d4:9e:1e:24:
                    0c:f4:4d:5c:bc:79:2b:83:1a:35:de:30:c8:db:50:
                    d3:6d:b7:0c:c7:b8:31:e3:3f:5a:b8:f5:7c:58:99:
                    6e:d4:5b:a0:a0:58:04:fe:b0:5e:f2:20:be:fc:21:
                    6d:e4:c7:07:48:25:0a:0f:32:4e:fd:d3:e8:4d:41:
                    92:05:ea:be:78:f8:2c:ec:8c:55:1f:00:1f:cf:40:
                    85:0a:45:65:76:3e:32:c8:fe:54:1c:4d:e9:3c:9e:
                    1a:7e:5c:48:20:e7:f8:f7:6a:db:30:05:56:28:e8:
                    62:3f:a4:53:00:08:f5:8d:8d:b7:01:f1:e8:f2:79:
                    3c:b4:70:86:5a:ee:94:81:24:fb:de:6d:eb:9b:ad:
                    99:27:49:2f:56:96:72:29:bc:6a:75:9c:bb:fd:33:
                    75:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:9B:5E:F2:7D:47:B9:D6:5E:00:D3:ED:04:7B:F7:9E:76:A2:F2:C3
            X509v3 Authority Key Identifier:
                keyid:2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/tZte8n1HudZeANPtBHv3nnai8sM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.20.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:1d:eb:2f:f2:80:d5:c0:ae:ab:a7:36:59:91:a8:62:4b:c0:
         93:73:f2:51:9e:3f:2b:11:36:1c:84:8c:b0:a0:f3:2c:48:1e:
         23:2b:8a:e0:6b:b8:d0:17:b8:a4:e7:91:1e:e6:00:5f:5f:5a:
         8d:e4:d6:1d:49:42:46:60:80:fd:bd:2e:ad:66:81:c4:36:40:
         a1:ff:2c:5c:8e:0e:ed:01:80:06:32:ae:d3:dd:4e:d2:eb:67:
         5e:ae:26:84:17:24:19:09:0a:73:e5:ec:9b:22:88:9b:3a:1c:
         53:7e:40:3f:82:27:8d:6e:b7:b1:cf:05:eb:aa:57:97:fc:40:
         92:7e:e4:2f:fb:2b:46:d0:28:5e:28:79:f1:09:85:d6:5f:6c:
         56:41:3c:a1:8f:a1:e0:43:c9:6f:4e:98:9c:ac:30:d1:ec:8d:
         f4:7c:84:48:81:6f:b2:42:39:05:22:4f:06:36:fc:4a:fb:49:
         72:45:1f:8e:78:ff:1d:c5:59:ce:7d:f7:64:f4:c2:53:51:32:
         5b:94:1e:13:6e:8e:95:a8:c7:50:4f:b8:e5:80:5a:b4:33:0c:
         0a:c4:93:3c:a8:06:5a:cd:c2:4f:05:c9:38:28:35:2e:ca:2b:
         c9:a7:d9:1b:3e:b5:cb:2c:7f:b8:23:6f:7a:6c:8c:23:fb:c6:
         f8:58:d6:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZziHJtHoaztEUXdglgl82g0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMjUyYTQ3NzI0MmZiNDVmMjBiYjA4MDIwYTQwM2EyYmI0
NjZhOWIwHhcNMjYwMzEyMTI1NDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTliNWVmMjdkNDdiOWQ2NWUwMGQzZWQwNDdiZjc5ZTc2YTJmMmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07L1WjAwjE/KCqlAAn/T+VXpqWJ8
MN1kNFKv7NAq244Lpdo3xL5nIg+rllghlSHhm89cIn2nmKY/YRGEVhh5B9QgS0rd
b4Z+mV1m4iDFk1LvpWVcuUYnHslyblW0vtgCvo5r+NSeHiQM9E1cvHkrgxo13jDI
21DTbbcMx7gx4z9auPV8WJlu1FugoFgE/rBe8iC+/CFt5McHSCUKDzJO/dPoTUGS
Beq+ePgs7IxVHwAfz0CFCkVldj4yyP5UHE3pPJ4aflxIIOf492rbMAVWKOhiP6RT
AAj1jY23AfHo8nk8tHCGWu6UgST73m3rm62ZJ0kvVpZyKbxqdZy7/TN1DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWbXvJ9R7nWXgDT7QR79552ovLDMB8GA1UdIwQY
MBaAFC4lKkdyQvtF8guwgCCkA6K7RmqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmIt
MTZmMTQ2YmVmOTk1LzEvdFp0ZThuMUh1ZFplQU5QdEJIdjNubmFpOHNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmItMTZmMTQ2YmVmOTk1
LzEvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXhSkMA0G
CSqGSIb3DQEBCwUAA4IBAQB7Hesv8oDVwK6rpzZZkahiS8CTc/JRnj8rETYchIyw
oPMsSB4jK4rga7jQF7ik55Ee5gBfX1qN5NYdSUJGYID9vS6tZoHENkCh/yxcjg7t
AYAGMq7T3U7S62deriaEFyQZCQpz5eybIoibOhxTfkA/gieNbrexzwXrqleX/ECS
fuQv+ytG0CheKHnxCYXWX2xWQTyhj6HgQ8lvTpicrDDR7I30fIRIgW+yQjkFIk8G
NvxK+0lyRR+OeP8dxVnOffdk9MJTUTJblB4Tbo6VqMdQT7jlgFq0MwwKxJM8qAZa
zcJPBck4KDUuyivJp9kbPrXLLH+4I296bIwj+8b4WNbM
-----END CERTIFICATE-----