Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/GfbeQ7RaqZGNR34Bi2zbkDaB4X8.roa
File:                     GfbeQ7RaqZGNR34Bi2zbkDaB4X8.roa (raw, json)
Hash identifier:          4GeIXB2ql0bNrMLGjM5CGEui22fPB3IRs/6T17skf6A=
Subject key identifier:   19:F6:DE:43:B4:5A:A9:91:8D:47:7E:01:8B:6C:DB:90:36:81:E1:7F
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019CDB310E806EF601A4E571938C6893CF71
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/GfbeQ7RaqZGNR34Bi2zbkDaB4X8.roa
Signing time:             Wed 11 Mar 2026 04:39:11 +0000
ROA not before:           Wed 11 Mar 2026 04:39:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205489
IP address blocks:        89.125.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 15:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:db:31:0e:80:6e:f6:01:a4:e5:71:93:8c:68:93:cf:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Mar 11 04:39:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=19f6de43b45aa9918d477e018b6cdb903681e17f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:44:b0:13:de:45:c3:c5:2f:2f:a7:ff:97:e8:
                    05:a9:6b:5c:5d:bd:31:82:0c:19:cf:ba:90:29:58:
                    2c:21:6e:3e:fd:17:62:45:6f:f6:9b:af:ee:60:c5:
                    d2:8c:2c:b4:c6:f3:e6:a4:2c:87:79:f8:19:39:38:
                    64:68:7d:a8:22:2f:ee:bb:99:6d:0d:11:7b:76:7c:
                    28:2b:29:2f:b9:23:c7:3d:7c:c4:76:61:7c:e4:ee:
                    9b:af:81:17:cf:2f:80:93:c6:c4:b3:1a:15:08:a3:
                    e0:b6:8d:2d:c8:ba:f3:9e:9e:da:a7:51:39:df:7e:
                    ab:7c:3f:10:ab:b2:c0:26:dd:fa:31:56:7b:8d:d4:
                    35:e4:6e:17:4a:ac:af:0b:90:2a:0d:53:72:cd:45:
                    61:f1:9b:b3:83:b5:33:62:1a:4e:af:dc:0f:4c:1e:
                    16:2a:0e:02:ee:e8:26:de:a6:df:16:21:ea:7a:2f:
                    2a:b4:a1:79:5f:ff:4c:9d:c4:a8:d5:9d:ea:20:54:
                    a3:78:fe:a7:b2:37:0f:1f:0e:cb:e8:65:1f:78:dc:
                    62:c2:70:81:7e:ab:ab:ee:0c:9b:b4:e4:56:29:bb:
                    e2:ce:b8:91:b9:29:08:1a:e1:4d:ce:5f:86:5a:e4:
                    31:6b:8f:be:5b:19:38:8e:54:c5:28:73:de:c5:2d:
                    5c:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:F6:DE:43:B4:5A:A9:91:8D:47:7E:01:8B:6C:DB:90:36:81:E1:7F
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/GfbeQ7RaqZGNR34Bi2zbkDaB4X8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:8d:14:27:23:cb:51:a4:f0:f3:ab:53:f6:8e:96:37:fc:2a:
         e6:f1:c8:49:c6:ea:47:82:bd:4b:3d:5b:1e:fb:c8:08:06:2e:
         14:52:02:74:8f:ad:a0:d4:c8:bc:a3:4b:26:43:57:45:36:4e:
         80:dc:16:9d:00:07:fb:1f:3c:de:24:d5:c0:ba:7a:be:ed:3f:
         6b:a3:99:3b:ca:6f:3c:b0:db:bc:ba:3f:b5:65:5e:43:35:3a:
         82:ce:9f:30:68:02:77:70:27:a0:85:22:1d:11:af:e7:6e:d0:
         8a:09:dc:02:39:ac:c3:2e:6d:c7:1e:ee:95:e4:56:c5:ce:20:
         b9:07:22:d7:62:e0:0b:62:8a:f3:ba:49:45:47:18:82:21:37:
         ef:46:f5:0b:1e:ed:c3:36:02:f3:77:b0:09:8a:5b:65:12:96:
         ef:e9:c1:9f:ae:4e:d0:3f:90:a1:f1:eb:2c:eb:63:61:93:4e:
         b0:8b:58:5f:d3:6f:f0:90:7c:5b:01:73:6c:1b:2d:1b:0f:b7:
         33:8c:39:69:e8:0e:28:26:6b:f1:31:e0:bb:23:99:4e:c3:d4:
         1d:9f:24:49:4c:16:9e:65:e8:01:3a:66:a2:1a:e2:c7:3c:14:
         27:89:92:f2:c2:ef:9a:b9:c6:f9:e8:19:4a:07:1c:60:8e:46:
         e7:5e:43:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzbMQ6AbvYBpOVxk4xok89xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwMzExMDQzOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWY2ZGU0M2I0NWFhOTkxOGQ0NzdlMDE4YjZjZGI5MDM2ODFlMTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ESwE95Fw8UvL6f/l+gFqWtcXb0x
ggwZz7qQKVgsIW4+/RdiRW/2m6/uYMXSjCy0xvPmpCyHefgZOThkaH2oIi/uu5lt
DRF7dnwoKykvuSPHPXzEdmF85O6br4EXzy+Ak8bEsxoVCKPgto0tyLrznp7ap1E5
336rfD8Qq7LAJt36MVZ7jdQ15G4XSqyvC5AqDVNyzUVh8Zuzg7UzYhpOr9wPTB4W
Kg4C7ugm3qbfFiHqei8qtKF5X/9MncSo1Z3qIFSjeP6nsjcPHw7L6GUfeNxiwnCB
fqur7gybtORWKbvizriRuSkIGuFNzl+GWuQxa4++Wxk4jlTFKHPexS1c/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBn23kO0WqmRjUd+AYts25A2geF/MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvR2ZiZVE3UmFxWkdOUjM0QmkyemJrRGFCNFg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWX1BMA0G
CSqGSIb3DQEBCwUAA4IBAQCJjRQnI8tRpPDzq1P2jpY3/Crm8chJxupHgr1LPVse
+8gIBi4UUgJ0j62g1Mi8o0smQ1dFNk6A3BadAAf7HzzeJNXAunq+7T9ro5k7ym88
sNu8uj+1ZV5DNTqCzp8waAJ3cCeghSIdEa/nbtCKCdwCOazDLm3HHu6V5FbFziC5
ByLXYuALYorzuklFRxiCITfvRvULHu3DNgLzd7AJiltlEpbv6cGfrk7QP5Ch8ess
62Nhk06wi1hf02/wkHxbAXNsGy0bD7czjDlp6A4oJmvxMeC7I5lOw9QdnyRJTBae
ZegBOmaiGuLHPBQniZLywu+aucb56BlKBxxgjkbnXkMS
-----END CERTIFICATE-----