Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/tnrCXGUad010wmnlJx0Fw_W63uY.roa
File:                     tnrCXGUad010wmnlJx0Fw_W63uY.roa (raw, json)
Hash identifier:          /NKMJR4M4K9iD9GZDZ0cMVnbFJFtcGysMXr192B5gDw=
Subject key identifier:   B6:7A:C2:5C:65:1A:77:4D:74:C2:69:E5:27:1D:05:C3:F5:BA:DE:E6
Certificate issuer:       /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial:       019C18D09C33230141A6F6137CE2ACBA5418
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/tnrCXGUad010wmnlJx0Fw_W63uY.roa
Signing time:             Sun 01 Feb 2026 10:47:30 +0000
ROA not before:           Sun 01 Feb 2026 10:47:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        5.10.216.0/24 maxlen: 24
                          5.10.222.0/24 maxlen: 24
                          185.23.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Feb 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:18:d0:9c:33:23:01:41:a6:f6:13:7c:e2:ac:ba:54:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
        Validity
            Not Before: Feb  1 10:47:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b67ac25c651a774d74c269e5271d05c3f5badee6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1c:21:b9:fa:66:e1:77:37:70:42:4e:d5:f6:
                    1a:78:7e:67:d8:80:41:2d:aa:16:52:2e:63:ef:17:
                    32:b4:fe:53:ba:27:9c:91:ca:52:50:72:12:a2:27:
                    d2:98:6c:96:5a:ff:85:c6:54:8a:1d:ce:c7:8c:52:
                    0d:48:6d:77:f2:c3:f8:30:13:17:c6:0f:07:ba:b3:
                    3b:de:01:c3:49:78:18:ce:de:3f:7a:b9:ff:58:f8:
                    1c:8a:bd:c2:64:cd:88:7c:ef:3b:70:4b:ef:9e:70:
                    09:1f:db:97:f2:c1:d3:f4:b3:c7:12:56:2e:e3:2d:
                    70:9e:aa:61:b4:77:a7:d0:96:e6:b9:59:2e:11:35:
                    67:a0:4d:d8:9e:7c:d5:32:44:70:b8:73:70:0a:14:
                    76:9d:04:5b:85:5b:77:28:9b:f4:ca:ff:15:ea:5c:
                    00:1d:44:80:36:fe:82:d2:38:7b:51:9c:d9:5e:fb:
                    57:e3:95:cf:4d:f2:9c:16:1f:51:45:ce:23:c9:80:
                    46:9b:62:95:9a:5a:5a:4f:88:de:3f:80:96:e5:d0:
                    11:67:5a:86:b4:62:74:4a:dc:46:97:bf:e0:a8:46:
                    c8:05:dd:2e:d4:b9:aa:70:f6:c5:df:c7:32:a8:f5:
                    dd:b8:cb:9c:f3:d1:82:67:e7:d6:7c:bc:de:a7:d5:
                    d7:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:7A:C2:5C:65:1A:77:4D:74:C2:69:E5:27:1D:05:C3:F5:BA:DE:E6
            X509v3 Authority Key Identifier:
                keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/tnrCXGUad010wmnlJx0Fw_W63uY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.216.0/24
                  5.10.222.0/24
                  185.23.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:f9:08:f5:4b:95:1f:b7:89:dc:80:53:b2:4d:a5:33:06:91:
         96:3f:54:f1:15:7e:62:25:d4:3f:a6:7f:0e:16:5c:6d:df:77:
         6c:15:2c:9f:06:e5:64:4b:6e:92:16:1d:f8:76:2a:b4:ee:cd:
         a4:fd:a7:c7:01:81:87:d1:76:23:a4:19:4a:0d:f2:70:dd:da:
         87:98:5b:bc:41:ad:0d:54:c7:5c:2b:44:f8:db:dd:6a:92:36:
         78:a0:6c:eb:b3:16:7b:24:bb:2d:c2:96:5a:2d:c2:de:f9:6c:
         5f:68:12:1c:dd:c1:19:22:1f:14:d2:82:40:62:ab:a5:60:74:
         47:a6:15:54:9a:ab:be:e9:3f:60:e1:e0:2d:08:38:f9:6d:83:
         20:f8:ab:ae:79:52:fc:22:5c:e0:be:03:0c:71:98:83:2a:44:
         b8:02:00:52:2b:35:1f:e6:a1:36:da:2c:fc:23:90:46:11:17:
         8a:ad:e2:8e:20:a0:a0:f0:37:ff:dc:ee:1c:44:4b:01:1a:e6:
         0a:a8:34:17:54:30:a0:24:48:00:70:2c:67:1b:33:99:64:a6:
         51:ba:7e:93:a4:e0:ce:02:44:a0:c6:c8:2b:f4:a8:ca:45:63:
         9f:5a:55:80:34:bb:7c:cb:bc:d3:95:51:87:74:5c:23:b9:13:
         f4:dc:fc:1a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZwY0JwzIwFBpvYTfOKsulQYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjYwMjAxMTA0NzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjdhYzI1YzY1MWE3NzRkNzRjMjY5ZTUyNzFkMDVjM2Y1YmFkZWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBwhufpm4Xc3cEJO1fYaeH5n2IBB
LaoWUi5j7xcytP5TuieckcpSUHISoifSmGyWWv+FxlSKHc7HjFINSG138sP4MBMX
xg8HurM73gHDSXgYzt4/ern/WPgcir3CZM2IfO87cEvvnnAJH9uX8sHT9LPHElYu
4y1wnqphtHen0JbmuVkuETVnoE3YnnzVMkRwuHNwChR2nQRbhVt3KJv0yv8V6lwA
HUSANv6C0jh7UZzZXvtX45XPTfKcFh9RRc4jyYBGm2KVmlpaT4jeP4CW5dARZ1qG
tGJ0StxGl7/gqEbIBd0u1LmqcPbF38cyqPXduMuc89GCZ+fWfLzep9XX6wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLZ6wlxlGndNdMJp5ScdBcP1ut7mMB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvdG5yQ1hHVWFkMDEwd21ubEp4MEZ3X1c2M3VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABQrYAwQA
BQreAwQAuRftMA0GCSqGSIb3DQEBCwUAA4IBAQCi+Qj1S5Uft4ncgFOyTaUzBpGW
P1TxFX5iJdQ/pn8OFlxt33dsFSyfBuVkS26SFh34diq07s2k/afHAYGH0XYjpBlK
DfJw3dqHmFu8Qa0NVMdcK0T4291qkjZ4oGzrsxZ7JLstwpZaLcLe+WxfaBIc3cEZ
Ih8U0oJAYqulYHRHphVUmqu+6T9g4eAtCDj5bYMg+KuueVL8IlzgvgMMcZiDKkS4
AgBSKzUf5qE22iz8I5BGEReKreKOIKCg8Df/3O4cREsBGuYKqDQXVDCgJEgAcCxn
GzOZZKZRun6TpODOAkSgxsgr9KjKRWOfWlWANLt8y7zTlVGHdFwjuRP03Pwa
-----END CERTIFICATE-----