Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TVfejaG_YszhrwDbQnkTNpusgtg.roa
File:                     TVfejaG_YszhrwDbQnkTNpusgtg.roa (raw, json)
Hash identifier:          3gIiJAIYTWMrnvjUT2Ehn/pXLE+A6cRIOyHr0BPGdr8=
Subject key identifier:   4D:57:DE:8D:A1:BF:62:CC:E1:AF:00:DB:42:79:13:36:9B:AC:82:D8
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E014BC65A60B64F3E78CD0503F08A5C9A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TVfejaG_YszhrwDbQnkTNpusgtg.roa
Signing time:             Thu 07 May 2026 07:16:43 +0000
ROA not before:           Thu 07 May 2026 07:16:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215152
IP address blocks:        217.145.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:01:4b:c6:5a:60:b6:4f:3e:78:cd:05:03:f0:8a:5c:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  7 07:16:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4d57de8da1bf62cce1af00db427913369bac82d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:74:5d:26:28:d8:44:e6:ef:52:66:d0:bd:21:
                    c8:d9:1b:64:05:74:a1:fe:05:5f:6c:02:47:2b:2a:
                    d7:1a:6b:6c:af:d6:e0:49:9a:26:d0:c3:08:7f:43:
                    d8:a3:f4:b7:b5:a1:b3:89:aa:cf:7c:1d:b4:ca:c7:
                    e6:fb:cf:65:bd:59:fb:1f:66:2f:45:2c:de:6c:38:
                    6b:9d:f5:f1:df:45:58:20:90:9e:12:2d:31:05:58:
                    dd:3e:41:a1:ca:0d:84:b8:31:b2:a8:1c:dc:0e:11:
                    b7:6d:02:94:ca:48:65:90:97:31:a3:7d:9f:21:8d:
                    d2:7c:ba:4a:a5:1a:b6:55:66:58:80:1e:75:47:b0:
                    d3:2a:63:0e:8e:87:1f:a3:7f:06:75:14:78:66:8b:
                    f8:ae:ac:b6:12:97:2e:9b:33:30:18:11:e5:9e:d7:
                    b7:04:c8:fd:01:61:48:71:d4:84:57:70:8b:78:e9:
                    de:09:09:16:a1:e7:15:7c:aa:45:a1:07:be:28:34:
                    b9:61:b3:0c:52:b1:76:91:44:59:65:98:5a:9b:60:
                    24:6a:0b:9a:39:f4:82:11:78:84:7c:47:20:bc:ae:
                    0e:c4:92:2d:87:b0:50:ee:7c:4f:53:7f:e2:06:f0:
                    e6:07:14:a0:9d:60:37:c6:27:92:74:9b:28:b6:11:
                    1c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:57:DE:8D:A1:BF:62:CC:E1:AF:00:DB:42:79:13:36:9B:AC:82:D8
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TVfejaG_YszhrwDbQnkTNpusgtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:da:19:a7:b1:50:d7:99:01:1e:32:21:63:94:0e:1b:a0:26:
         f4:16:5e:d9:ff:3b:77:40:82:3d:86:9b:c0:c8:29:6e:81:37:
         f8:07:84:73:01:c0:c4:90:2d:b0:09:b4:dc:31:96:84:9c:f2:
         b1:73:d9:8c:d3:dd:21:57:1f:03:3c:b8:6f:4b:41:64:34:83:
         31:e5:c2:2f:66:31:94:c6:95:a2:95:c6:f7:c1:78:6b:76:b9:
         4a:12:b2:ff:84:1d:89:ad:c5:c4:bf:92:99:69:40:08:68:b4:
         2a:e4:eb:2b:ef:db:1a:b0:4f:ee:14:de:5e:f1:85:82:6d:6d:
         86:08:dc:29:e5:54:04:ae:72:b8:27:92:2e:fa:82:78:bd:ce:
         ef:d3:38:9c:66:8b:92:b8:99:5f:ab:5f:38:2f:f8:b4:91:f8:
         47:7e:36:12:8c:85:47:34:90:62:dd:95:09:cc:70:6c:12:87:
         06:5f:ad:a6:45:80:26:10:ee:89:ff:c8:df:99:d0:32:8f:d9:
         3b:42:79:f7:c5:55:e5:39:2b:f0:59:c9:b1:73:be:ec:44:ae:
         7e:80:b6:45:83:23:03:2c:20:ff:e1:ae:68:de:31:ed:66:ad:
         88:07:ce:f0:19:66:9e:ee:f5:70:ee:91:bb:02:a2:2c:b8:3b:
         46:44:e8:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4BS8ZaYLZPPnjNBQPwilyaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTA3MDcxNjQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDU3ZGU4ZGExYmY2MmNjZTFhZjAwZGI0Mjc5MTMzNjliYWM4MmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynRdJijYRObvUmbQvSHI2RtkBXSh
/gVfbAJHKyrXGmtsr9bgSZom0MMIf0PYo/S3taGziarPfB20ysfm+89lvVn7H2Yv
RSzebDhrnfXx30VYIJCeEi0xBVjdPkGhyg2EuDGyqBzcDhG3bQKUykhlkJcxo32f
IY3SfLpKpRq2VWZYgB51R7DTKmMOjocfo38GdRR4Zov4rqy2EpcumzMwGBHlnte3
BMj9AWFIcdSEV3CLeOneCQkWoecVfKpFoQe+KDS5YbMMUrF2kURZZZham2Akagua
OfSCEXiEfEcgvK4OxJIth7BQ7nxPU3/iBvDmBxSgnWA3xieSdJsothEctQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1X3o2hv2LM4a8A20J5EzabrILYMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVFZmZWphR19Zc3pocndEYlFua1ROcHVzZ3RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZFBMA0G
CSqGSIb3DQEBCwUAA4IBAQAI2hmnsVDXmQEeMiFjlA4boCb0Fl7Z/zt3QII9hpvA
yClugTf4B4RzAcDEkC2wCbTcMZaEnPKxc9mM090hVx8DPLhvS0FkNIMx5cIvZjGU
xpWilcb3wXhrdrlKErL/hB2JrcXEv5KZaUAIaLQq5Osr79sasE/uFN5e8YWCbW2G
CNwp5VQErnK4J5Iu+oJ4vc7v0zicZouSuJlfq184L/i0kfhHfjYSjIVHNJBi3ZUJ
zHBsEocGX62mRYAmEO6J/8jfmdAyj9k7Qnn3xVXlOSvwWcmxc77sRK5+gLZFgyMD
LCD/4a5o3jHtZq2IB87wGWae7vVw7pG7AqIsuDtGROip
-----END CERTIFICATE-----