Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/TZVhWo_dQI-2BvlVSVV5CF22NyQ.roa
File:                     TZVhWo_dQI-2BvlVSVV5CF22NyQ.roa (raw, json)
Hash identifier:          8w5hQYMYHMA6fkRs+pBtCtlNqNny0K2BUZpxox50LGs=
Subject key identifier:   4D:95:61:5A:8F:DD:40:8F:B6:06:F9:55:49:55:79:08:5D:B6:37:24
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D299F0064F26926B6152CE900DCD2746B
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/TZVhWo_dQI-2BvlVSVV5CF22NyQ.roa
Signing time:             Thu 26 Mar 2026 10:09:39 +0000
ROA not before:           Thu 26 Mar 2026 10:09:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215402
IP address blocks:        84.21.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 06:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:9f:00:64:f2:69:26:b6:15:2c:e9:00:dc:d2:74:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 26 10:09:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4d95615a8fdd408fb606f955495579085db63724
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b6:21:ba:25:cf:2b:ae:09:0d:88:10:af:4d:
                    47:1f:8b:bf:a9:c1:5e:14:0d:c0:e6:5c:91:e4:dd:
                    e0:2e:2a:78:72:db:5a:1e:16:b9:95:ed:31:28:3f:
                    ff:b2:25:ae:1b:9e:96:1c:67:a2:06:ef:94:f7:e2:
                    34:3e:aa:34:17:3c:e7:36:3e:4f:93:82:e9:f0:02:
                    80:bf:14:5e:3b:61:ab:69:e3:c1:e4:54:9c:6c:a7:
                    bf:73:bd:d2:13:a3:e0:8f:04:aa:5f:74:61:4e:05:
                    82:d4:ad:47:f1:44:49:64:3c:36:cf:77:8f:5f:66:
                    55:8f:22:62:dc:b0:b1:9f:63:e5:5e:64:f1:15:35:
                    2b:00:3a:f7:8f:a6:45:da:9c:a9:47:66:f6:ca:3a:
                    ca:08:0b:39:8b:ab:e6:c9:e6:20:02:65:f5:68:f9:
                    ff:37:52:ad:e4:67:fe:3f:47:10:15:b8:74:07:ce:
                    1b:9b:bd:64:9c:a8:03:f4:ff:0f:36:02:1f:69:69:
                    8a:49:83:51:6e:d4:f9:02:42:d5:5a:86:56:fa:e5:
                    e8:14:8b:74:4c:e5:07:58:86:9f:c4:db:61:f7:8a:
                    73:3d:73:0c:15:8b:de:4e:68:c7:f2:f6:2e:ee:82:
                    c3:5f:dd:37:f6:df:fb:77:1b:d4:7d:a5:95:12:08:
                    99:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:95:61:5A:8F:DD:40:8F:B6:06:F9:55:49:55:79:08:5D:B6:37:24
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/TZVhWo_dQI-2BvlVSVV5CF22NyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.21.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:05:35:b0:6d:6a:db:29:27:dc:ad:d2:2b:a0:3d:55:c1:75:
         3b:09:e1:de:cc:0a:4d:6a:48:39:e7:80:c9:e8:4e:1d:9a:27:
         0f:9a:25:de:40:ab:19:3b:2e:5f:03:d5:c0:50:da:ce:66:83:
         99:3f:cb:62:7a:4a:bb:dc:c1:45:e3:57:d0:bb:63:7d:f8:3a:
         4e:d0:eb:52:00:ff:1d:fa:62:61:db:c8:bd:74:4c:ca:d4:a7:
         d8:33:00:51:19:eb:cc:d4:8b:99:a5:74:83:f7:47:28:e3:9e:
         ea:60:e3:2f:36:0a:ba:26:65:db:97:73:c0:d0:0a:b6:65:04:
         ef:51:49:25:b8:03:de:44:f3:f6:37:ff:62:0d:d8:46:39:66:
         d6:37:46:26:68:8d:4b:46:11:e7:fc:92:b8:05:5d:8e:2a:e5:
         94:1c:be:bd:0d:1e:61:9b:53:74:07:3a:cf:87:0d:3d:4f:8e:
         0e:fa:f2:f5:f4:1b:55:7c:5f:67:e5:26:4f:59:b3:a4:bc:c4:
         d7:2d:fd:56:80:40:ee:33:28:a5:7a:36:22:ab:f0:2d:94:96:
         2d:91:90:13:e7:0e:0a:22:ff:44:e8:d5:70:f9:eb:61:ea:bc:
         44:ba:2b:e4:a3:4e:f1:11:92:b8:6f:f5:28:a2:a3:ee:1a:53:
         06:a3:46:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0pnwBk8mkmthUs6QDc0nRrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMzI2MTAwOTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDk1NjE1YThmZGQ0MDhmYjYwNmY5NTU0OTU1NzkwODVkYjYzNzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrYhuiXPK64JDYgQr01HH4u/qcFe
FA3A5lyR5N3gLip4cttaHha5le0xKD//siWuG56WHGeiBu+U9+I0Pqo0FzznNj5P
k4Lp8AKAvxReO2GraePB5FScbKe/c73SE6PgjwSqX3RhTgWC1K1H8URJZDw2z3eP
X2ZVjyJi3LCxn2PlXmTxFTUrADr3j6ZF2pypR2b2yjrKCAs5i6vmyeYgAmX1aPn/
N1Kt5Gf+P0cQFbh0B84bm71knKgD9P8PNgIfaWmKSYNRbtT5AkLVWoZW+uXoFIt0
TOUHWIafxNth94pzPXMMFYveTmjH8vYu7oLDX9039t/7dxvUfaWVEgiZ/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2VYVqP3UCPtgb5VUlVeQhdtjckMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvVFpWaFdvX2RRSS0yQnZsVlNWVjVDRjIyTnlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVBW+MA0G
CSqGSIb3DQEBCwUAA4IBAQBtBTWwbWrbKSfcrdIroD1VwXU7CeHezApNakg554DJ
6E4dmicPmiXeQKsZOy5fA9XAUNrOZoOZP8tiekq73MFF41fQu2N9+DpO0OtSAP8d
+mJh28i9dEzK1KfYMwBRGevM1IuZpXSD90co457qYOMvNgq6JmXbl3PA0Aq2ZQTv
UUkluAPeRPP2N/9iDdhGOWbWN0YmaI1LRhHn/JK4BV2OKuWUHL69DR5hm1N0BzrP
hw09T44O+vL19BtVfF9n5SZPWbOkvMTXLf1WgEDuMyilejYiq/AtlJYtkZAT5w4K
Iv9E6NVw+eth6rxEuivko07xEZK4b/UooqPuGlMGo0YQ
-----END CERTIFICATE-----