Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/MOYj_lJgrZ-oVAiBEaObbT-2Tas.roa
File:                     MOYj_lJgrZ-oVAiBEaObbT-2Tas.roa (raw, json)
Hash identifier:          9DJtdD6de6NsRNDfedjhfhIFeqxX0+IQNv6cj1quy3I=
Subject key identifier:   30:E6:23:FE:52:60:AD:9F:A8:54:08:81:11:A3:9B:6D:3F:B6:4D:AB
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019EB621DA05E5EDD7275FA211B929992441
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/MOYj_lJgrZ-oVAiBEaObbT-2Tas.roa
Signing time:             Thu 11 Jun 2026 10:02:12 +0000
ROA not before:           Thu 11 Jun 2026 10:02:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215102
IP address blocks:        89.125.15.0/24 maxlen: 24
                          185.254.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 22:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b6:21:da:05:e5:ed:d7:27:5f:a2:11:b9:29:99:24:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jun 11 10:02:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=30e623fe5260ad9fa854088111a39b6d3fb64dab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:66:51:5c:3f:9b:57:83:9c:a4:45:23:a9:18:
                    50:19:db:61:70:53:e9:56:1f:02:cd:92:9c:d8:f4:
                    ed:59:6a:5b:21:33:5f:7e:9c:14:85:09:76:b4:dd:
                    2e:80:36:37:d3:43:a1:4f:23:e6:0f:72:c1:9b:2b:
                    b6:59:cd:32:04:29:d7:1e:42:29:2c:77:87:bc:c1:
                    f9:62:a4:bd:0c:c5:85:60:00:70:e6:77:72:f3:84:
                    ca:41:aa:7a:53:91:ae:71:e4:e9:d2:47:38:2e:68:
                    eb:98:23:30:04:d7:bb:4f:14:fc:1a:3b:84:74:7e:
                    57:bd:3f:c5:39:02:ad:3b:b8:a5:ba:f2:b3:1a:9c:
                    ab:e8:2b:2a:8e:ba:a2:b4:17:3f:e9:be:0b:5c:e0:
                    86:79:20:08:4a:2a:ae:c9:43:70:78:d4:83:d2:b2:
                    74:ef:30:b0:d5:45:7f:ad:11:e8:6b:0d:98:49:46:
                    f9:0c:45:f7:79:c8:00:92:9f:53:bc:0c:58:37:6c:
                    02:ce:d0:2b:66:48:17:77:77:19:da:9c:11:6c:24:
                    af:65:96:1b:e9:6a:e2:90:c9:21:5b:7d:05:e6:a4:
                    1f:f9:2c:3b:04:d7:89:4d:ab:0c:8b:99:62:c4:c1:
                    ea:8f:93:f8:6c:63:79:46:83:bc:38:08:16:30:39:
                    24:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:E6:23:FE:52:60:AD:9F:A8:54:08:81:11:A3:9B:6D:3F:B6:4D:AB
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/MOYj_lJgrZ-oVAiBEaObbT-2Tas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.15.0/24
                  185.254.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:a3:50:88:df:bb:0f:36:49:15:4b:43:44:37:01:30:96:ca:
         45:78:74:3e:fc:9c:fd:b8:db:60:7b:4a:e0:5d:df:d8:b9:97:
         c1:43:ae:f9:cd:05:b8:d7:6b:22:aa:38:ca:ea:d0:b9:95:4a:
         d0:74:fb:f2:c5:59:2c:38:d6:35:0f:ef:6d:2a:3c:8a:6b:4c:
         f2:07:9c:cb:74:7a:b5:a1:47:88:68:0b:7a:68:19:3a:6d:59:
         83:77:0a:aa:a1:f0:b4:e1:42:34:bd:ed:dc:88:67:ee:84:29:
         fa:56:ba:90:25:a6:2b:5f:0d:a5:3a:5c:25:80:a6:9a:98:95:
         ff:58:ea:ab:dc:90:0e:94:65:37:b2:a6:d1:96:2c:5a:af:7c:
         d4:68:4a:7f:26:3e:54:fe:44:3b:58:7e:19:54:86:39:49:76:
         1e:b0:9d:9a:28:cc:e8:d3:4d:d1:7e:dc:67:fb:e7:f3:9d:df:
         38:b2:cc:f9:bb:ef:68:93:f2:0d:f8:74:f0:0c:05:3e:12:49:
         1e:1b:c9:31:67:23:8a:03:65:c8:f6:50:37:28:0d:2c:34:06:
         4c:31:65:f6:6a:5a:fb:0f:e8:a8:52:98:9c:8d:cd:97:30:fb:
         c9:88:8e:7a:89:04:de:34:61:9f:bc:1b:bb:65:49:dc:bd:c4:
         6d:46:1a:39
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ62IdoF5e3XJ1+iEbkpmSRBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNjExMTAwMjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGU2MjNmZTUyNjBhZDlmYTg1NDA4ODExMWEzOWI2ZDNmYjY0ZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmZRXD+bV4OcpEUjqRhQGdthcFPp
Vh8CzZKc2PTtWWpbITNffpwUhQl2tN0ugDY300OhTyPmD3LBmyu2Wc0yBCnXHkIp
LHeHvMH5YqS9DMWFYABw5ndy84TKQap6U5GuceTp0kc4LmjrmCMwBNe7TxT8GjuE
dH5XvT/FOQKtO7iluvKzGpyr6CsqjrqitBc/6b4LXOCGeSAISiquyUNweNSD0rJ0
7zCw1UV/rRHoaw2YSUb5DEX3ecgAkp9TvAxYN2wCztArZkgXd3cZ2pwRbCSvZZYb
6WrikMkhW30F5qQf+Sw7BNeJTasMi5lixMHqj5P4bGN5RoO8OAgWMDkkrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDDmI/5SYK2fqFQIgRGjm20/tk2rMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvTU9Zal9sSmdyWi1vVkFpQkVhT2JiVC0yVGFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWX0PAwQA
uf5DMA0GCSqGSIb3DQEBCwUAA4IBAQASo1CI37sPNkkVS0NENwEwlspFeHQ+/Jz9
uNtge0rgXd/YuZfBQ675zQW412siqjjK6tC5lUrQdPvyxVksONY1D+9tKjyKa0zy
B5zLdHq1oUeIaAt6aBk6bVmDdwqqofC04UI0ve3ciGfuhCn6VrqQJaYrXw2lOlwl
gKaamJX/WOqr3JAOlGU3sqbRlixar3zUaEp/Jj5U/kQ7WH4ZVIY5SXYesJ2aKMzo
003Rftxn++fznd84ssz5u+9ok/IN+HTwDAU+EkkeG8kxZyOKA2XI9lA3KA0sNAZM
MWX2alr7D+ioUpicjc2XMPvJiI56iQTeNGGfvBu7ZUncvcRtRho5
-----END CERTIFICATE-----