Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Tfc5e614550dQdOyYtAgfesa66w.roa
File:                     Tfc5e614550dQdOyYtAgfesa66w.roa (raw, json)
Hash identifier:          zoJ21akqVRLpsBuJCied1LEDXRMScZkaOeoSC2ApX9w=
Subject key identifier:   4D:F7:39:7B:AD:78:E7:9D:1D:41:D3:B2:62:D0:20:7D:EB:1A:EB:AC
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019EEEB0A6143EA4CB0608AD5AC714E7CA65
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Tfc5e614550dQdOyYtAgfesa66w.roa
Signing time:             Mon 22 Jun 2026 09:36:54 +0000
ROA not before:           Mon 22 Jun 2026 09:36:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     141280
IP address blocks:        62.105.196.0/24 maxlen: 24
                          195.21.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 13:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ee:b0:a6:14:3e:a4:cb:06:08:ad:5a:c7:14:e7:ca:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jun 22 09:36:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4df7397bad78e79d1d41d3b262d0207deb1aebac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:82:f0:8b:40:2b:9a:ed:67:3f:e5:68:ac:c7:
                    d7:ea:52:67:42:8c:09:25:5c:f1:7c:30:d4:02:b2:
                    63:91:9c:13:37:cf:7a:c5:9e:54:c6:04:31:b0:bf:
                    50:fd:c1:c6:04:51:d8:ba:5d:0c:2c:94:03:2e:c0:
                    80:63:1e:37:0e:d0:9d:75:07:4b:b5:4f:e3:86:ca:
                    45:ce:51:f0:d0:fc:39:d0:be:06:95:12:3e:3d:a1:
                    e4:47:7f:1b:5b:91:2c:94:30:81:9d:80:6e:a9:6b:
                    67:01:17:b5:69:e9:be:34:36:38:97:bb:39:30:c3:
                    35:d1:47:20:e2:a2:6e:86:5b:87:34:3f:81:fd:32:
                    87:d5:d0:14:fa:03:61:aa:40:9c:f2:77:a3:94:c8:
                    a7:e5:43:0e:ec:4e:60:06:df:31:6f:35:88:aa:5f:
                    25:15:fa:fd:5c:5a:7d:2c:dd:46:5c:8a:29:cb:50:
                    7e:fa:09:ea:da:81:68:33:a0:48:5a:4c:2a:a6:ee:
                    73:28:94:b2:29:96:b3:e0:1f:06:00:b3:dc:89:0d:
                    15:fa:82:25:4a:ba:48:10:df:29:3a:92:0c:14:63:
                    31:03:50:6d:43:8d:96:b5:55:ae:f2:fa:64:27:45:
                    88:b2:2a:6d:fd:c8:3d:84:71:6e:ff:02:02:c5:37:
                    de:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:F7:39:7B:AD:78:E7:9D:1D:41:D3:B2:62:D0:20:7D:EB:1A:EB:AC
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Tfc5e614550dQdOyYtAgfesa66w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.105.196.0/24
                  195.21.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:a6:fd:9c:cc:98:24:c1:f9:be:80:d3:58:b4:f6:17:77:65:
         58:63:19:76:fe:fd:49:43:b2:cb:53:fb:b8:ee:ec:a5:0e:e3:
         e8:a4:64:b4:73:d0:0f:d6:1d:f2:f8:77:2d:f8:c2:6d:71:87:
         cd:79:47:70:84:83:5e:8e:7a:b3:da:89:1e:54:6a:ef:de:ab:
         67:ba:d6:c3:d7:0b:01:fd:de:36:0f:60:b3:33:ab:0e:fc:e1:
         e8:b4:03:23:ed:3a:52:52:ac:e9:ad:7c:fa:c6:f3:4a:1f:61:
         87:c6:7e:6f:6f:17:5b:6b:bd:d1:36:2d:7e:e5:40:91:45:82:
         9f:fd:be:81:aa:e3:1a:0d:e5:95:c4:3b:a2:fb:1b:01:c0:ce:
         1a:53:d4:2e:6c:58:1d:18:c0:5b:ec:95:53:02:9e:15:16:75:
         ca:91:0f:af:34:59:7b:c4:2b:17:72:b3:fe:f2:dd:de:cd:09:
         82:23:98:82:04:e8:84:cd:f0:c4:82:9e:71:64:13:7d:3e:20:
         50:65:47:f3:35:9c:d5:5a:52:e0:0c:72:94:4f:e7:b3:af:a4:
         45:6f:75:71:28:bb:98:e1:e7:89:6e:51:fe:69:b0:de:ec:74:
         61:11:6c:e7:69:91:45:d2:62:2e:80:af:16:81:df:cf:ad:b1:
         ae:67:94:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7usKYUPqTLBgitWscU58plMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNjIyMDkzNjU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGY3Mzk3YmFkNzhlNzlkMWQ0MWQzYjI2MmQwMjA3ZGViMWFlYmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ILwi0Armu1nP+VorMfX6lJnQowJ
JVzxfDDUArJjkZwTN896xZ5UxgQxsL9Q/cHGBFHYul0MLJQDLsCAYx43DtCddQdL
tU/jhspFzlHw0Pw50L4GlRI+PaHkR38bW5EslDCBnYBuqWtnARe1aem+NDY4l7s5
MMM10Ucg4qJuhluHND+B/TKH1dAU+gNhqkCc8nejlMin5UMO7E5gBt8xbzWIql8l
Ffr9XFp9LN1GXIopy1B++gnq2oFoM6BIWkwqpu5zKJSyKZaz4B8GALPciQ0V+oIl
SrpIEN8pOpIMFGMxA1BtQ42WtVWu8vpkJ0WIsipt/cg9hHFu/wICxTfehQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE33OXuteOedHUHTsmLQIH3rGuusMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvVGZjNWU2MTQ1NTBkUWRPeVl0QWdmZXNhNjZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPmnEAwQA
wxWBMA0GCSqGSIb3DQEBCwUAA4IBAQC5pv2czJgkwfm+gNNYtPYXd2VYYxl2/v1J
Q7LLU/u47uylDuPopGS0c9AP1h3y+Hct+MJtcYfNeUdwhINejnqz2okeVGrv3qtn
utbD1wsB/d42D2CzM6sO/OHotAMj7TpSUqzprXz6xvNKH2GHxn5vbxdba73RNi1+
5UCRRYKf/b6BquMaDeWVxDui+xsBwM4aU9QubFgdGMBb7JVTAp4VFnXKkQ+vNFl7
xCsXcrP+8t3ezQmCI5iCBOiEzfDEgp5xZBN9PiBQZUfzNZzVWlLgDHKUT+ezr6RF
b3VxKLuY4eeJblH+abDe7HRhEWznaZFF0mIugK8Wgd/PrbGuZ5Ty
-----END CERTIFICATE-----