Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/1028e7-fe04-4ad7-9ebe-b7f72815df7c/1/TaFHcEVpHBuOtmOo9bfUHF86wA8.roa
File:                     TaFHcEVpHBuOtmOo9bfUHF86wA8.roa (raw, json)
Hash identifier:          W6pJRD0Lz0NwRk9iK9nsLKMeEmNlAixYW23qwf2NLk8=
Subject key identifier:   4D:A1:47:70:45:69:1C:1B:8E:B6:63:A8:F5:B7:D4:1C:5F:3A:C0:0F
Certificate issuer:       /CN=dae9df4576e5c654ff557d9f9bea31f2b6778608
Certificate serial:       019E4F14640ED85A6BEE570B4D81063B8234
Authority key identifier: DA:E9:DF:45:76:E5:C6:54:FF:55:7D:9F:9B:EA:31:F2:B6:77:86:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2unfRXblxlT_VX2fm-ox8rZ3hgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/1028e7-fe04-4ad7-9ebe-b7f72815df7c/1/TaFHcEVpHBuOtmOo9bfUHF86wA8.roa
Signing time:             Fri 22 May 2026 09:46:36 +0000
ROA not before:           Fri 22 May 2026 09:46:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47505
IP address blocks:        89.36.8.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/1028e7-fe04-4ad7-9ebe-b7f72815df7c/1/2unfRXblxlT_VX2fm-ox8rZ3hgg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/1028e7-fe04-4ad7-9ebe-b7f72815df7c/1/2unfRXblxlT_VX2fm-ox8rZ3hgg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2unfRXblxlT_VX2fm-ox8rZ3hgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4f:14:64:0e:d8:5a:6b:ee:57:0b:4d:81:06:3b:82:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dae9df4576e5c654ff557d9f9bea31f2b6778608
        Validity
            Not Before: May 22 09:46:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4da1477045691c1b8eb663a8f5b7d41c5f3ac00f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:fb:52:34:f7:e4:78:9a:c7:c4:3a:7b:50:4c:
                    e9:39:93:34:b9:04:5a:ad:3e:d0:7c:c1:cf:db:ed:
                    18:df:e6:99:9c:4a:90:2f:4a:da:28:70:f6:66:60:
                    6a:39:09:c2:4f:96:58:48:15:2c:82:bf:8e:c7:32:
                    6d:c5:06:c4:95:8a:79:7d:7a:58:31:32:99:a2:ce:
                    36:1d:b6:a2:46:8b:ff:82:44:22:a2:b2:fe:f7:6e:
                    f7:78:98:43:4a:c9:57:76:a7:94:4c:9b:6a:27:3f:
                    f3:b6:cb:52:92:b5:e9:db:a1:f5:6e:8f:e7:de:fe:
                    ce:2f:93:30:93:5b:bd:20:4f:32:f6:0b:2e:ce:b9:
                    cf:29:73:91:83:56:37:50:12:cb:d9:bd:31:fa:75:
                    4a:fe:16:bf:29:43:fa:a5:bf:64:72:7e:c6:98:37:
                    26:cc:59:06:14:a8:a9:d5:37:e8:6a:8e:f7:68:78:
                    51:ee:d0:22:d1:54:c1:7c:e3:22:36:b9:4c:04:36:
                    c7:a8:31:e1:32:ed:a5:2a:5b:39:bc:0e:03:cf:0c:
                    8e:66:fb:39:d2:30:88:55:b0:4b:7d:fc:82:b5:48:
                    c4:67:06:04:49:06:20:ec:e6:b6:db:4f:ed:a8:4f:
                    1b:29:29:73:ca:56:d6:57:f6:bc:00:ab:11:d4:4e:
                    28:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:A1:47:70:45:69:1C:1B:8E:B6:63:A8:F5:B7:D4:1C:5F:3A:C0:0F
            X509v3 Authority Key Identifier:
                keyid:DA:E9:DF:45:76:E5:C6:54:FF:55:7D:9F:9B:EA:31:F2:B6:77:86:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2unfRXblxlT_VX2fm-ox8rZ3hgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/1028e7-fe04-4ad7-9ebe-b7f72815df7c/1/TaFHcEVpHBuOtmOo9bfUHF86wA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/1028e7-fe04-4ad7-9ebe-b7f72815df7c/1/2unfRXblxlT_VX2fm-ox8rZ3hgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.36.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b3:75:b6:b2:73:19:a7:78:e0:77:9f:41:a1:21:2e:8b:57:47:
         2a:44:c3:f5:fe:46:56:ee:a3:6b:ea:19:e5:e1:68:e3:13:cd:
         3c:6a:94:3d:dd:ab:7b:85:e3:82:84:1e:fa:1b:47:e0:5e:ac:
         73:c9:16:49:0f:4b:71:28:f4:b6:22:1f:b5:b6:fd:10:1b:63:
         8c:56:9a:c5:d0:f2:ef:5f:a4:65:76:01:83:71:f7:a3:60:6b:
         48:17:13:0d:72:e4:9a:3f:ef:ef:d4:07:d2:73:11:bc:55:ba:
         7f:c8:9c:4c:8e:d1:7d:dd:59:8a:2a:20:e2:64:2f:78:b6:7a:
         e7:f6:b5:84:e5:23:0c:88:57:29:0b:8b:13:da:6a:18:2a:d2:
         74:bd:6c:7c:01:be:28:5b:d1:3d:c3:80:5e:34:e5:fa:6f:f4:
         de:49:1a:1e:94:80:a7:fc:ae:5a:ee:6e:c8:34:55:02:fa:1c:
         ea:bd:21:d7:3d:e9:06:b0:dd:f0:75:35:39:be:23:d8:66:6a:
         d6:a7:3f:d5:50:f6:48:91:be:57:57:f3:f4:3a:bd:fc:65:9d:
         c7:af:b5:6b:16:0a:94:51:33:b7:76:2d:42:d3:fb:df:a1:00:
         0f:a7:6b:a4:f4:40:4b:95:0b:35:1e:df:83:2f:a0:3d:ae:82:
         10:63:1c:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5PFGQO2Fpr7lcLTYEGO4I0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZTlkZjQ1NzZlNWM2NTRmZjU1N2Q5ZjliZWEzMWYyYjY3
Nzg2MDgwHhcNMjYwNTIyMDk0NjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGExNDc3MDQ1NjkxYzFiOGViNjYzYThmNWI3ZDQxYzVmM2FjMDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/tSNPfkeJrHxDp7UEzpOZM0uQRa
rT7QfMHP2+0Y3+aZnEqQL0raKHD2ZmBqOQnCT5ZYSBUsgr+OxzJtxQbElYp5fXpY
MTKZos42HbaiRov/gkQiorL+9273eJhDSslXdqeUTJtqJz/ztstSkrXp26H1bo/n
3v7OL5Mwk1u9IE8y9gsuzrnPKXORg1Y3UBLL2b0x+nVK/ha/KUP6pb9kcn7GmDcm
zFkGFKip1Tfoao73aHhR7tAi0VTBfOMiNrlMBDbHqDHhMu2lKls5vA4DzwyOZvs5
0jCIVbBLffyCtUjEZwYESQYg7Oa220/tqE8bKSlzylbWV/a8AKsR1E4o7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2hR3BFaRwbjrZjqPW31BxfOsAPMB8GA1UdIwQY
MBaAFNrp30V25cZU/1V9n5vqMfK2d4YIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnVuZlJYYmx4bFRfVlgyZm0tb3g4clozaGdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8xMDI4ZTctZmUwNC00YWQ3LTllYmUt
YjdmNzI4MTVkZjdjLzEvVGFGSGNFVnBIQnVPdG1PbzliZlVIRjg2d0E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8xMDI4ZTctZmUwNC00YWQ3LTllYmUtYjdmNzI4MTVkZjdj
LzEvMnVuZlJYYmx4bFRfVlgyZm0tb3g4clozaGdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDWSQIMA0G
CSqGSIb3DQEBCwUAA4IBAQCzdbaycxmneOB3n0GhIS6LV0cqRMP1/kZW7qNr6hnl
4WjjE808apQ93at7heOChB76G0fgXqxzyRZJD0txKPS2Ih+1tv0QG2OMVprF0PLv
X6RldgGDcfejYGtIFxMNcuSaP+/v1AfScxG8Vbp/yJxMjtF93VmKKiDiZC94tnrn
9rWE5SMMiFcpC4sT2moYKtJ0vWx8Ab4oW9E9w4BeNOX6b/TeSRoelICn/K5a7m7I
NFUC+hzqvSHXPekGsN3wdTU5viPYZmrWpz/VUPZIkb5XV/P0Or38ZZ3Hr7VrFgqU
UTO3di1C0/vfoQAPp2uk9EBLlQs1Ht+DL6A9roIQYxwn
-----END CERTIFICATE-----