Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/Ts__go_5kraAxg_xlkVG1jwWF4s.roa
File:                     Ts__go_5kraAxg_xlkVG1jwWF4s.roa (raw, json)
Hash identifier:          SzNoYDdJ9H0cE2yBXjlxrXi58YXnSypRhyX9GFV3rA4=
Subject key identifier:   4E:CF:FF:82:8F:F9:92:B6:80:C6:0F:F1:96:45:46:D6:3C:16:17:8B
Certificate issuer:       /CN=9fb1f50fbf839488292b96fd93216f2001197546
Certificate serial:       019F2368BDFF9937F839E653A87C0C1E7235
Authority key identifier: 9F:B1:F5:0F:BF:83:94:88:29:2B:96:FD:93:21:6F:20:01:19:75:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n7H1D7-DlIgpK5b9kyFvIAEZdUY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/Ts__go_5kraAxg_xlkVG1jwWF4s.roa
Signing time:             Thu 02 Jul 2026 15:18:14 +0000
ROA not before:           Thu 02 Jul 2026 15:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202572
IP address blocks:        185.254.64.0/24 maxlen: 24
                          2a0a:2303::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/n7H1D7-DlIgpK5b9kyFvIAEZdUY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/n7H1D7-DlIgpK5b9kyFvIAEZdUY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n7H1D7-DlIgpK5b9kyFvIAEZdUY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 18:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:bd:ff:99:37:f8:39:e6:53:a8:7c:0c:1e:72:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fb1f50fbf839488292b96fd93216f2001197546
        Validity
            Not Before: Jul  2 15:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4ecfff828ff992b680c60ff1964546d63c16178b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ab:89:7f:02:f8:2e:1c:ff:0f:5f:ee:25:96:
                    fa:af:de:1a:a8:38:66:e7:ee:6c:b0:18:5b:a6:35:
                    a2:d9:64:51:80:f1:45:e7:a0:c2:c8:bb:b9:86:63:
                    3c:68:c4:bc:80:31:4b:22:51:fc:21:1f:46:8f:fb:
                    df:c9:21:e7:18:51:5e:8b:41:e8:5e:c6:88:58:ec:
                    64:fe:5f:0f:50:7c:db:f8:e6:7e:74:46:ff:b7:62:
                    5e:8b:7c:a1:68:29:b5:0e:df:9f:46:ee:67:50:f8:
                    d0:87:95:75:42:a9:00:73:34:40:f8:0c:da:1a:4d:
                    53:e9:a8:b6:8a:97:38:82:c8:f1:1f:0b:fe:ca:ad:
                    af:15:55:dd:15:0b:be:41:ac:39:98:cf:84:24:47:
                    7b:fb:cb:d0:25:d0:4a:8a:cd:c0:b8:6a:ec:b2:fe:
                    5d:b6:32:d8:cf:34:e2:a6:db:4f:a8:56:b3:5e:e7:
                    57:e6:e7:73:75:67:4d:a6:66:89:6c:76:07:85:de:
                    09:21:ee:f8:91:97:d0:11:85:ac:6b:fb:e6:33:36:
                    53:2b:c7:fa:3c:d4:8c:22:ba:e5:4b:b2:72:a1:44:
                    db:b6:a3:f2:fe:f9:64:91:d8:d6:67:fe:54:24:9d:
                    c3:a8:b1:86:12:60:13:a1:c4:9e:dd:2b:57:95:6b:
                    05:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:CF:FF:82:8F:F9:92:B6:80:C6:0F:F1:96:45:46:D6:3C:16:17:8B
            X509v3 Authority Key Identifier:
                keyid:9F:B1:F5:0F:BF:83:94:88:29:2B:96:FD:93:21:6F:20:01:19:75:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n7H1D7-DlIgpK5b9kyFvIAEZdUY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/Ts__go_5kraAxg_xlkVG1jwWF4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/n7H1D7-DlIgpK5b9kyFvIAEZdUY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.64.0/24
                IPv6:
                  2a0a:2303::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:8a:ef:56:7f:b7:8d:3c:e2:ff:8d:60:91:af:40:88:91:99:
         46:a8:3d:98:13:e3:23:d5:cb:6d:d4:86:57:86:0c:e3:de:be:
         c6:d6:5e:68:93:d1:ba:36:3f:d3:e3:d5:b8:c0:96:78:b6:e6:
         29:15:a5:cb:6a:9c:ec:39:66:f1:eb:a7:2d:62:e0:cf:83:a7:
         dd:29:a8:a7:b4:17:6f:51:f5:97:3c:6e:25:56:93:7a:30:d7:
         9c:69:a5:f2:13:2d:d3:a0:f3:a4:4f:5b:44:44:6f:d3:a1:27:
         70:b3:c9:3b:63:14:79:f4:ed:5d:98:b9:88:a5:58:8f:6c:48:
         e3:f8:c7:38:f1:82:9a:d8:61:f3:03:4e:cb:73:b3:51:0f:54:
         cc:8f:bf:a5:bf:09:f1:5a:b6:1c:51:cf:d8:22:3a:d2:ba:81:
         73:27:69:97:df:7c:fc:b3:2b:90:71:d6:fe:76:e0:71:df:0b:
         ab:96:66:09:20:80:b8:95:a8:0a:61:4e:18:a0:50:81:0f:e6:
         0b:ce:e3:96:02:4f:2f:22:c6:5b:2b:99:2f:3b:2e:d0:fa:ba:
         84:b1:15:46:f3:73:cd:7f:07:bd:ef:7c:ba:3c:f8:d8:a5:08:
         32:d4:d8:9b:36:43:e1:d8:11:00:3f:3a:dd:7b:eb:b2:b6:9d:
         5d:74:9c:59
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ8jaL3/mTf4OeZTqHwMHnI1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYjFmNTBmYmY4Mzk0ODgyOTJiOTZmZDkzMjE2ZjIwMDEx
OTc1NDYwHhcNMjYwNzAyMTUxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWNmZmY4MjhmZjk5MmI2ODBjNjBmZjE5NjQ1NDZkNjNjMTYxNzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqauJfwL4Lhz/D1/uJZb6r94aqDhm
5+5ssBhbpjWi2WRRgPFF56DCyLu5hmM8aMS8gDFLIlH8IR9Gj/vfySHnGFFei0Ho
XsaIWOxk/l8PUHzb+OZ+dEb/t2Jei3yhaCm1Dt+fRu5nUPjQh5V1QqkAczRA+Aza
Gk1T6ai2ipc4gsjxHwv+yq2vFVXdFQu+Qaw5mM+EJEd7+8vQJdBKis3AuGrssv5d
tjLYzzTipttPqFazXudX5udzdWdNpmaJbHYHhd4JIe74kZfQEYWsa/vmMzZTK8f6
PNSMIrrlS7JyoUTbtqPy/vlkkdjWZ/5UJJ3DqLGGEmATocSe3StXlWsFjQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE7P/4KP+ZK2gMYP8ZZFRtY8FheLMB8GA1UdIwQY
MBaAFJ+x9Q+/g5SIKSuW/ZMhbyABGXVGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjdIMUQ3LURsSWdwSzViOWt5RnZJQUVaZFVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81ZWQ1MjUtM2YzNy00YzcwLWEyZWMt
YTQxNTFiNWUyZmNmLzEvVHNfX2dvXzVrcmFBeGdfeGxrVkcxandXRjRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81ZWQ1MjUtM2YzNy00YzcwLWEyZWMtYTQxNTFiNWUyZmNm
LzEvbjdIMUQ3LURsSWdwSzViOWt5RnZJQUVaZFVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuf5AMA0E
AgACMAcDBQAqCiMDMA0GCSqGSIb3DQEBCwUAA4IBAQCjiu9Wf7eNPOL/jWCRr0CI
kZlGqD2YE+Mj1ctt1IZXhgzj3r7G1l5ok9G6Nj/T49W4wJZ4tuYpFaXLapzsOWbx
66ctYuDPg6fdKaintBdvUfWXPG4lVpN6MNecaaXyEy3ToPOkT1tERG/ToSdws8k7
YxR59O1dmLmIpViPbEjj+Mc48YKa2GHzA07Lc7NRD1TMj7+lvwnxWrYcUc/YIjrS
uoFzJ2mX33z8syuQcdb+duBx3wurlmYJIIC4lagKYU4YoFCBD+YLzuOWAk8vIsZb
K5kvOy7Q+rqEsRVG83PNfwe973y6PPjYpQgy1NibNkPh2BEAPzrde+uytp1ddJxZ
-----END CERTIFICATE-----
Generated at Fri Jul 3 22:29:33 2026 by rpki-client