Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/aa766b-8877-415e-adac-aff31954e7a7/1/TPgJA7asD1USxd5F7pee5lciH88.roa
File:                     TPgJA7asD1USxd5F7pee5lciH88.roa (raw, json)
Hash identifier:          J3JqRxhZZokO/izJrrFgyJGCYZDVRXSpr2zjvNoSLcU=
Subject key identifier:   4C:F8:09:03:B6:AC:0F:55:12:C5:DE:45:EE:97:9E:E6:57:22:1F:CF
Certificate issuer:       /CN=766d18b7a5a837e6714fbab252400a3beabc220a
Certificate serial:       019CFAC59038A9D80305A36F3E037BB042F7
Authority key identifier: 76:6D:18:B7:A5:A8:37:E6:71:4F:BA:B2:52:40:0A:3B:EA:BC:22:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dm0Yt6WoN-ZxT7qyUkAKO-q8Igo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/aa766b-8877-415e-adac-aff31954e7a7/1/TPgJA7asD1USxd5F7pee5lciH88.roa
Signing time:             Tue 17 Mar 2026 07:49:37 +0000
ROA not before:           Tue 17 Mar 2026 07:49:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200572
IP address blocks:        131.222.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/aa766b-8877-415e-adac-aff31954e7a7/1/dm0Yt6WoN-ZxT7qyUkAKO-q8Igo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/aa766b-8877-415e-adac-aff31954e7a7/1/dm0Yt6WoN-ZxT7qyUkAKO-q8Igo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dm0Yt6WoN-ZxT7qyUkAKO-q8Igo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fa:c5:90:38:a9:d8:03:05:a3:6f:3e:03:7b:b0:42:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=766d18b7a5a837e6714fbab252400a3beabc220a
        Validity
            Not Before: Mar 17 07:49:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4cf80903b6ac0f5512c5de45ee979ee657221fcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:4f:ed:3f:64:02:7c:2c:c9:6a:a9:ab:2a:7c:
                    3a:92:6a:c9:98:6f:f3:08:0d:9c:68:0c:cf:10:0b:
                    f8:b5:b8:c3:74:dc:8b:33:57:68:89:78:cc:ba:90:
                    52:5e:49:92:25:80:bc:cb:7f:4a:eb:73:d3:bf:d2:
                    0a:a2:ed:42:31:f2:f5:ad:9c:33:53:d1:4b:ef:c5:
                    e8:60:80:23:d9:06:f7:9f:7a:04:6b:de:2a:17:c4:
                    eb:2a:c3:dc:e9:be:24:96:d8:99:a5:9f:6e:5c:ad:
                    1e:60:ec:de:fd:d4:77:29:99:c0:09:0b:3a:4a:8f:
                    c4:6d:79:1e:06:e8:22:09:42:3e:e2:78:3e:9e:93:
                    a2:fa:d3:c5:71:f8:8d:6d:b5:3d:05:ba:a2:a4:20:
                    44:ed:8a:fb:42:72:a3:ac:71:d3:19:b5:74:5b:f3:
                    6d:60:be:41:6b:1f:ca:69:0a:e7:ef:75:2e:93:0b:
                    33:fd:94:01:91:0d:f4:e8:1c:23:bd:64:be:15:da:
                    30:8e:00:21:9a:23:2e:8f:a5:da:89:a3:31:34:3a:
                    d9:98:af:eb:fd:c2:9f:fb:3d:60:91:db:8c:5a:25:
                    dc:ba:54:d0:ae:56:54:94:9b:70:a6:91:90:e7:e5:
                    74:8e:78:a3:2c:53:6b:a1:fb:32:ed:ed:c2:dc:55:
                    ac:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:F8:09:03:B6:AC:0F:55:12:C5:DE:45:EE:97:9E:E6:57:22:1F:CF
            X509v3 Authority Key Identifier:
                keyid:76:6D:18:B7:A5:A8:37:E6:71:4F:BA:B2:52:40:0A:3B:EA:BC:22:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dm0Yt6WoN-ZxT7qyUkAKO-q8Igo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/aa766b-8877-415e-adac-aff31954e7a7/1/TPgJA7asD1USxd5F7pee5lciH88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/aa766b-8877-415e-adac-aff31954e7a7/1/dm0Yt6WoN-ZxT7qyUkAKO-q8Igo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.222.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:e7:8d:9d:5b:b3:e9:0e:e9:3f:14:40:e3:76:8a:49:aa:d2:
         39:b1:18:76:9b:ac:4e:20:ca:db:83:c5:5d:b0:5c:e9:59:3f:
         9e:ce:1e:a3:ad:c1:f6:bd:1b:77:a4:77:73:b6:d5:30:62:c0:
         c5:6d:17:2d:84:5a:c9:8d:bb:6a:05:61:99:b3:92:f2:29:d0:
         07:e1:75:e3:38:34:3c:fb:68:4d:87:91:fe:eb:36:45:fc:69:
         7b:7c:60:eb:6b:3a:35:3e:f4:66:37:b5:14:eb:44:6b:3d:da:
         67:86:b4:01:21:60:00:06:30:46:a9:64:2e:f6:6f:ff:bf:6a:
         2b:7d:11:e0:5d:53:f3:38:3e:eb:65:5b:74:32:3e:60:a7:90:
         5b:c2:bc:0a:34:24:85:19:87:5c:9c:c4:c2:55:96:a2:f8:a6:
         9f:71:9a:3a:51:87:19:f8:4c:21:a2:79:d6:c5:70:63:40:9a:
         eb:bc:ae:e3:f7:7f:b7:59:3e:c4:ce:98:69:cf:71:b6:af:78:
         0d:ee:35:e9:0a:ed:f4:27:f8:29:86:68:b2:5d:ac:23:4c:24:
         6f:09:10:9f:85:11:dd:20:7d:c3:5d:e9:02:74:80:3f:fa:d8:
         a3:37:ff:f9:cb:c2:0c:8a:3c:ae:2b:b5:f9:be:7b:28:07:9d:
         af:77:86:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz6xZA4qdgDBaNvPgN7sEL3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NmQxOGI3YTVhODM3ZTY3MTRmYmFiMjUyNDAwYTNiZWFi
YzIyMGEwHhcNMjYwMzE3MDc0OTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2Y4MDkwM2I2YWMwZjU1MTJjNWRlNDVlZTk3OWVlNjU3MjIxZmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoU/tP2QCfCzJaqmrKnw6kmrJmG/z
CA2caAzPEAv4tbjDdNyLM1doiXjMupBSXkmSJYC8y39K63PTv9IKou1CMfL1rZwz
U9FL78XoYIAj2Qb3n3oEa94qF8TrKsPc6b4kltiZpZ9uXK0eYOze/dR3KZnACQs6
So/EbXkeBugiCUI+4ng+npOi+tPFcfiNbbU9BbqipCBE7Yr7QnKjrHHTGbV0W/Nt
YL5Bax/KaQrn73Uukwsz/ZQBkQ306BwjvWS+FdowjgAhmiMuj6XaiaMxNDrZmK/r
/cKf+z1gkduMWiXculTQrlZUlJtwppGQ5+V0jnijLFNrofsy7e3C3FWscQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEz4CQO2rA9VEsXeRe6XnuZXIh/PMB8GA1UdIwQY
MBaAFHZtGLelqDfmcU+6slJACjvqvCIKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG0wWXQ2V29OLVp4VDdxeVVrQUtPLXE4SWdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9hYTc2NmItODg3Ny00MTVlLWFkYWMt
YWZmMzE5NTRlN2E3LzEvVFBnSkE3YXNEMVVTeGQ1RjdwZWU1bGNpSDg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9hYTc2NmItODg3Ny00MTVlLWFkYWMtYWZmMzE5NTRlN2E3
LzEvZG0wWXQ2V29OLVp4VDdxeVVrQUtPLXE4SWdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAg971MA0G
CSqGSIb3DQEBCwUAA4IBAQB1542dW7PpDuk/FEDjdopJqtI5sRh2m6xOIMrbg8Vd
sFzpWT+ezh6jrcH2vRt3pHdzttUwYsDFbRcthFrJjbtqBWGZs5LyKdAH4XXjODQ8
+2hNh5H+6zZF/Gl7fGDrazo1PvRmN7UU60RrPdpnhrQBIWAABjBGqWQu9m//v2or
fRHgXVPzOD7rZVt0Mj5gp5BbwrwKNCSFGYdcnMTCVZai+KafcZo6UYcZ+EwhonnW
xXBjQJrrvK7j93+3WT7Ezphpz3G2r3gN7jXpCu30J/gphmiyXawjTCRvCRCfhRHd
IH3DXekCdIA/+tijN//5y8IMijyuK7X5vnsoB52vd4a1
-----END CERTIFICATE-----