Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/b_TRZnQbpKGGr7WruYBNW7N39mI.roa
File:                     b_TRZnQbpKGGr7WruYBNW7N39mI.roa (raw, json)
Hash identifier:          vbQnurk8ZzdTBK99uDa/ZNS1iZlMBI/qDpBfj+6WAww=
Subject key identifier:   6F:F4:D1:66:74:1B:A4:A1:86:AF:B5:AB:B9:80:4D:5B:B3:77:F6:62
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       019CB504F5D2C7C1601135D9235FF6FB2BBA
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/b_TRZnQbpKGGr7WruYBNW7N39mI.roa
Signing time:             Tue 03 Mar 2026 18:45:27 +0000
ROA not before:           Tue 03 Mar 2026 18:45:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        89.187.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b5:04:f5:d2:c7:c1:60:11:35:d9:23:5f:f6:fb:2b:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Mar  3 18:45:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ff4d166741ba4a186afb5abb9804d5bb377f662
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d8:9c:70:04:21:e1:dd:85:ce:a5:c2:e1:85:
                    b2:e2:b7:7f:e1:e7:3c:64:d7:b3:aa:39:65:be:ee:
                    dc:68:6c:92:29:08:58:56:f9:ef:82:f4:ce:91:78:
                    22:4c:12:47:3e:f2:fd:b5:69:76:03:1e:83:fb:71:
                    86:77:7b:99:ba:93:9b:62:98:9e:ad:98:c4:af:14:
                    45:96:63:6d:4f:0d:26:77:1f:8e:b2:22:81:f7:22:
                    32:ac:74:8f:9f:9b:8e:1d:0e:61:46:3d:cb:ca:75:
                    d6:8a:76:c7:ab:50:c5:b9:4b:3a:89:4a:4e:44:97:
                    24:17:0e:87:46:ef:f7:25:74:a6:8c:b3:7f:3b:66:
                    e3:99:ee:c6:01:f1:2e:16:c3:86:52:51:8e:25:9d:
                    70:33:22:18:d1:90:bb:c7:7a:83:57:97:cf:06:53:
                    fc:cd:c6:1b:2d:47:3b:1e:4d:07:99:4c:ab:f9:c4:
                    cb:36:10:fd:bd:66:82:92:d2:af:05:34:b3:52:82:
                    b8:49:33:c8:c8:48:89:7b:df:f7:97:4d:24:3f:75:
                    e9:f6:ff:b1:77:d6:d2:f1:5f:8d:8f:fe:56:da:1f:
                    16:c1:8e:fa:f3:83:4b:e0:9b:5f:de:49:d3:7b:e0:
                    3d:17:d1:04:26:55:26:aa:f2:f2:f7:51:5d:03:da:
                    f2:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:F4:D1:66:74:1B:A4:A1:86:AF:B5:AB:B9:80:4D:5B:B3:77:F6:62
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/b_TRZnQbpKGGr7WruYBNW7N39mI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:ad:08:14:70:69:33:46:1e:d3:fb:5f:d6:db:48:ed:fc:45:
         f0:24:b8:01:7d:d7:3f:c0:af:92:33:97:df:9a:aa:58:eb:68:
         49:0d:2e:aa:03:19:05:86:a0:0f:7b:8e:58:60:bd:43:2c:30:
         8c:cd:11:61:75:f9:03:38:29:83:e1:90:46:b9:c1:ee:81:fe:
         ca:a8:f3:de:70:1a:2b:99:13:b0:56:04:86:f0:3f:f8:db:80:
         6d:4b:ab:d4:f3:c1:91:21:5e:de:cd:12:2e:95:ca:64:be:00:
         ba:3e:61:f6:39:60:41:28:af:ec:fa:9f:72:91:32:ac:ba:48:
         da:41:79:eb:c4:09:07:a0:66:89:1e:40:5b:ff:e6:b4:82:48:
         60:b8:8c:f2:4a:5d:6d:c7:e4:2c:12:9d:8b:8d:16:9a:f1:84:
         aa:da:32:f6:b2:6c:f4:b2:b1:bb:2c:3b:a6:37:29:f8:94:b9:
         02:b4:1c:4b:90:f4:59:6b:ae:bd:f3:2b:a4:bb:f7:55:03:dd:
         98:6e:69:d3:1a:4a:01:b7:30:8c:99:45:db:e5:92:2e:b7:fd:
         e3:40:05:6a:8a:5c:cb:2a:7e:05:5f:c6:57:72:5a:84:2c:fb:
         e6:b1:9f:a3:82:b7:24:75:73:7e:21:b4:fc:5d:f7:32:ce:82:
         ba:86:16:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy1BPXSx8FgETXZI1/2+yu6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjYwMzAzMTg0NTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmY0ZDE2Njc0MWJhNGExODZhZmI1YWJiOTgwNGQ1YmIzNzdmNjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9iccAQh4d2FzqXC4YWy4rd/4ec8
ZNezqjllvu7caGySKQhYVvnvgvTOkXgiTBJHPvL9tWl2Ax6D+3GGd3uZupObYpie
rZjErxRFlmNtTw0mdx+OsiKB9yIyrHSPn5uOHQ5hRj3LynXWinbHq1DFuUs6iUpO
RJckFw6HRu/3JXSmjLN/O2bjme7GAfEuFsOGUlGOJZ1wMyIY0ZC7x3qDV5fPBlP8
zcYbLUc7Hk0HmUyr+cTLNhD9vWaCktKvBTSzUoK4STPIyEiJe9/3l00kP3Xp9v+x
d9bS8V+Nj/5W2h8WwY7684NL4Jtf3knTe+A9F9EEJlUmqvLy91FdA9ry1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/00WZ0G6Shhq+1q7mATVuzd/ZiMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvYl9UUlpuUWJwS0dHcjdXcnVZQk5XN04zOW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsNMA0G
CSqGSIb3DQEBCwUAA4IBAQBorQgUcGkzRh7T+1/W20jt/EXwJLgBfdc/wK+SM5ff
mqpY62hJDS6qAxkFhqAPe45YYL1DLDCMzRFhdfkDOCmD4ZBGucHugf7KqPPecBor
mROwVgSG8D/424BtS6vU88GRIV7ezRIulcpkvgC6PmH2OWBBKK/s+p9ykTKsukja
QXnrxAkHoGaJHkBb/+a0gkhguIzySl1tx+QsEp2LjRaa8YSq2jL2smz0srG7LDum
Nyn4lLkCtBxLkPRZa6698yuku/dVA92YbmnTGkoBtzCMmUXb5ZIut/3jQAVqilzL
Kn4FX8ZXclqELPvmsZ+jgrckdXN+IbT8XfcyzoK6hhZi
-----END CERTIFICATE-----