Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/tXRou836sWSHaKyCZp3oRjnDf4o.roa
File:                     tXRou836sWSHaKyCZp3oRjnDf4o.roa (raw, json)
Hash identifier:          J2Ao585n1e9ibSlrdTNEo3VKGryVXlpaJXSNT1NNST0=
Subject key identifier:   B5:74:68:BB:CD:FA:B1:64:87:68:AC:82:66:9D:E8:46:39:C3:7F:8A
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019CE116C2B53A536645BF065DF6CA98C736
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/tXRou836sWSHaKyCZp3oRjnDf4o.roa
Signing time:             Thu 12 Mar 2026 08:08:11 +0000
ROA not before:           Thu 12 Mar 2026 08:08:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7346
IP address blocks:        92.52.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e1:16:c2:b5:3a:53:66:45:bf:06:5d:f6:ca:98:c7:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Mar 12 08:08:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b57468bbcdfab1648768ac82669de84639c37f8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:ef:50:d3:41:f3:36:f5:06:1f:a7:07:95:18:
                    f5:01:a5:87:bb:59:fd:1a:12:d9:53:20:bd:44:b8:
                    7f:da:b7:ae:79:df:df:3e:54:45:13:7e:f7:c3:bc:
                    9c:eb:b5:82:14:91:3f:d2:a9:a5:a4:f3:d3:17:17:
                    50:1c:41:61:d6:2d:b8:14:fd:48:04:f4:3e:b7:2a:
                    bc:49:76:49:5b:5c:d5:22:6e:e1:de:87:d4:33:99:
                    b7:26:06:57:14:5d:65:86:c8:26:da:3c:09:66:f6:
                    6d:a4:6b:6a:5f:0d:f2:59:71:b4:3b:1c:0d:41:be:
                    75:57:3b:a5:5d:e6:95:e7:9f:fa:f9:92:88:de:02:
                    f7:b5:ab:49:a2:16:5d:8b:f2:0a:c9:b2:1a:cd:79:
                    30:19:cc:ee:ea:9f:7f:68:45:e4:9c:0a:a6:34:a4:
                    70:bf:bc:40:2b:08:92:2d:eb:83:8f:a6:19:25:2f:
                    96:79:f6:c4:e4:ee:9c:08:f0:a9:f5:f6:2f:42:b3:
                    76:a4:0a:29:b2:bf:d9:45:1f:21:75:96:2c:4a:e8:
                    a6:28:06:98:83:07:bb:75:21:8e:15:68:5e:31:75:
                    6a:43:08:80:98:80:e1:76:2c:dd:53:0d:6c:d8:e3:
                    0f:03:e9:37:4a:b2:e6:80:98:ea:42:a9:db:d2:9f:
                    b1:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:74:68:BB:CD:FA:B1:64:87:68:AC:82:66:9D:E8:46:39:C3:7F:8A
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/tXRou836sWSHaKyCZp3oRjnDf4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.52.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:eb:49:b7:b4:98:8f:3b:33:cb:77:2c:27:b2:76:51:a3:34:
         4d:9b:3c:81:c7:ff:59:79:f0:d9:96:63:05:ab:5c:cd:77:10:
         5c:34:c4:a6:35:44:14:ea:53:16:50:b2:40:8b:d3:67:3f:62:
         80:ba:e4:70:e9:5c:6b:68:f2:2a:7b:a0:6c:25:65:e3:f7:0f:
         80:30:1e:1f:13:e2:30:9a:04:cf:31:50:c8:d9:5d:bc:dd:37:
         64:1a:ea:a2:6c:e0:5f:c6:28:31:b8:3f:db:ee:6a:e3:e2:02:
         45:8d:31:c5:6d:f2:19:ac:a6:91:45:7b:98:cc:d8:ac:8e:e5:
         75:f3:62:23:aa:6f:20:45:d7:72:0e:fd:08:5e:df:09:ac:ee:
         9a:da:b9:56:4e:32:99:20:3c:91:a4:a1:95:69:fd:74:1e:1f:
         48:ea:51:fc:a0:b9:a9:2b:52:5c:71:17:10:f5:1d:41:1b:4a:
         5f:34:da:8c:4c:b1:30:09:3c:38:cc:4c:9e:55:b1:84:fd:86:
         2a:c1:85:c7:e6:c8:3c:4e:6e:f5:50:67:f0:cc:37:15:ca:b7:
         3a:a3:37:7f:8b:56:ea:dc:10:bc:bc:6a:79:85:c6:b4:bb:08:
         c7:db:97:aa:34:87:03:bd:40:91:76:cf:0a:48:e0:b7:b4:46:
         a7:9b:29:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzhFsK1OlNmRb8GXfbKmMc2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjYwMzEyMDgwODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTc0NjhiYmNkZmFiMTY0ODc2OGFjODI2NjlkZTg0NjM5YzM3ZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4+9Q00HzNvUGH6cHlRj1AaWHu1n9
GhLZUyC9RLh/2reued/fPlRFE373w7yc67WCFJE/0qmlpPPTFxdQHEFh1i24FP1I
BPQ+tyq8SXZJW1zVIm7h3ofUM5m3JgZXFF1lhsgm2jwJZvZtpGtqXw3yWXG0OxwN
Qb51VzulXeaV55/6+ZKI3gL3tatJohZdi/IKybIazXkwGczu6p9/aEXknAqmNKRw
v7xAKwiSLeuDj6YZJS+WefbE5O6cCPCp9fYvQrN2pAopsr/ZRR8hdZYsSuimKAaY
gwe7dSGOFWheMXVqQwiAmIDhdizdUw1s2OMPA+k3SrLmgJjqQqnb0p+xIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLV0aLvN+rFkh2isgmad6EY5w3+KMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvdFhSb3U4MzZzV1NIYUt5Q1pwM29Sam5EZjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXDTWMA0G
CSqGSIb3DQEBCwUAA4IBAQAv60m3tJiPOzPLdywnsnZRozRNmzyBx/9ZefDZlmMF
q1zNdxBcNMSmNUQU6lMWULJAi9NnP2KAuuRw6VxraPIqe6BsJWXj9w+AMB4fE+Iw
mgTPMVDI2V283TdkGuqibOBfxigxuD/b7mrj4gJFjTHFbfIZrKaRRXuYzNisjuV1
82Ijqm8gRddyDv0IXt8JrO6a2rlWTjKZIDyRpKGVaf10Hh9I6lH8oLmpK1JccRcQ
9R1BG0pfNNqMTLEwCTw4zEyeVbGE/YYqwYXH5sg8Tm71UGfwzDcVyrc6ozd/i1bq
3BC8vGp5hca0uwjH25eqNIcDvUCRds8KSOC3tEanmyk+
-----END CERTIFICATE-----