Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/fed42clRt5kmDi1C2nfhRZ3rDno.roa
File:                     fed42clRt5kmDi1C2nfhRZ3rDno.roa (raw, json)
Hash identifier:          S/WW2Jm1todEDyUBwm1EX3hFhesOufSJcoOUAWdDFXU=
Subject key identifier:   7D:E7:78:D9:C9:51:B7:99:26:0E:2D:42:DA:77:E1:45:9D:EB:0E:7A
Certificate issuer:       /CN=e4c86da3f483246518d368034bc86113906a55a3
Certificate serial:       019CAEB163C95E22CA37FD591BBE5AA33779
Authority key identifier: E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/fed42clRt5kmDi1C2nfhRZ3rDno.roa
Signing time:             Mon 02 Mar 2026 13:16:26 +0000
ROA not before:           Mon 02 Mar 2026 13:16:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9457
IP address blocks:        79.110.0.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 01:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ae:b1:63:c9:5e:22:ca:37:fd:59:1b:be:5a:a3:37:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4c86da3f483246518d368034bc86113906a55a3
        Validity
            Not Before: Mar  2 13:16:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7de778d9c951b799260e2d42da77e1459deb0e7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fd:d2:6c:dc:ed:9c:bc:8d:a6:70:d3:e7:f1:
                    94:40:8c:7c:15:d6:0a:c4:a2:10:9b:d7:22:2a:7f:
                    63:2a:c9:83:46:07:52:e0:9f:5d:8a:7b:36:65:59:
                    e4:9c:68:f1:2b:f6:f2:0f:d0:1f:94:26:6d:05:c6:
                    28:1a:0a:55:72:da:77:cc:ac:70:eb:13:fa:49:e2:
                    2c:dc:0a:8e:2b:68:3e:8c:14:32:30:ae:b3:63:ff:
                    83:5b:ed:e6:95:bf:5f:36:2a:63:99:12:a9:43:31:
                    d2:53:d6:12:6d:3c:cf:56:d3:04:0e:28:40:a6:ec:
                    3a:40:d7:a9:90:e7:e5:4c:ce:95:c4:21:c3:cb:a5:
                    b6:b2:32:24:60:4b:6f:d8:ab:ac:5d:fd:7e:e6:c4:
                    ec:2a:d8:09:ce:a4:1b:6f:db:12:79:d3:cd:63:29:
                    bb:1f:4f:dc:d1:84:1a:d6:74:1f:4a:90:97:ce:cb:
                    a8:ef:3a:b8:f5:71:86:3f:b7:a7:7f:ce:11:ae:39:
                    c9:cb:9a:e7:5a:0e:ca:a2:34:ed:7c:82:90:19:ed:
                    03:4c:1a:0c:47:24:81:0d:85:7a:5b:14:c7:a7:47:
                    3a:f1:b0:d6:25:09:7e:35:1b:ae:10:d2:89:2c:f6:
                    50:f3:6d:95:e4:b5:95:38:0b:cc:1a:c8:f8:53:f0:
                    7d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:E7:78:D9:C9:51:B7:99:26:0E:2D:42:DA:77:E1:45:9D:EB:0E:7A
            X509v3 Authority Key Identifier:
                keyid:E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/fed42clRt5kmDi1C2nfhRZ3rDno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:68:d0:1e:59:e2:36:d4:ec:20:94:c8:91:c7:67:2d:54:fc:
         b6:fa:74:3c:44:81:50:a7:30:cc:79:42:7d:f6:d8:ed:d8:6c:
         36:6a:19:4b:61:4d:ae:75:d8:1e:b3:98:f6:30:78:49:5d:10:
         bb:a8:ed:a0:f4:8d:b9:7b:23:ad:5f:23:3c:de:0b:86:a2:77:
         85:60:30:e2:93:57:f0:67:a0:64:20:e5:28:e6:bf:bd:b5:79:
         59:aa:dd:15:a7:e9:4e:2e:b3:b0:5c:3e:37:da:c4:8f:7f:17:
         61:2e:c1:9c:35:70:4b:b4:f7:fe:00:41:7b:65:be:d1:50:ba:
         e4:55:70:e0:fd:1c:e6:a5:0b:08:8f:8a:52:52:f1:29:a8:dd:
         d8:df:e7:73:a1:54:9d:fb:0a:52:75:5f:64:11:d9:8d:ff:32:
         2a:01:84:1d:5e:e1:b9:67:7c:49:4a:ae:67:8f:92:c8:c4:41:
         ee:16:82:93:b7:0c:55:b2:c6:61:fe:28:6e:36:68:76:a0:27:
         d8:d1:b0:ea:aa:6e:51:6d:74:88:d7:9b:58:0f:56:94:8c:49:
         84:50:c9:43:27:39:eb:95:b2:17:d6:98:96:dd:4b:ee:51:5a:
         44:32:b1:b0:d1:14:24:c9:82:ba:54:b8:0d:7a:fa:07:88:3e:
         97:e4:6b:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyusWPJXiLKN/1ZG75aozd5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Yzg2ZGEzZjQ4MzI0NjUxOGQzNjgwMzRiYzg2MTEzOTA2
YTU1YTMwHhcNMjYwMzAyMTMxNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGU3NzhkOWM5NTFiNzk5MjYwZTJkNDJkYTc3ZTE0NTlkZWIwZTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/3SbNztnLyNpnDT5/GUQIx8FdYK
xKIQm9ciKn9jKsmDRgdS4J9dins2ZVnknGjxK/byD9AflCZtBcYoGgpVctp3zKxw
6xP6SeIs3AqOK2g+jBQyMK6zY/+DW+3mlb9fNipjmRKpQzHSU9YSbTzPVtMEDihA
puw6QNepkOflTM6VxCHDy6W2sjIkYEtv2KusXf1+5sTsKtgJzqQbb9sSedPNYym7
H0/c0YQa1nQfSpCXzsuo7zq49XGGP7enf84RrjnJy5rnWg7KojTtfIKQGe0DTBoM
RySBDYV6WxTHp0c68bDWJQl+NRuuENKJLPZQ822V5LWVOAvMGsj4U/B9gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3neNnJUbeZJg4tQtp34UWd6w56MB8GA1UdIwQY
MBaAFOTIbaP0gyRlGNNoA0vIYROQalWjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTct
YzUxMWEzZTkxMmI2LzEvZmVkNDJjbFJ0NWttRGkxQzJuZmhSWjNyRG5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTctYzUxMWEzZTkxMmI2
LzEvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCT24AMA0G
CSqGSIb3DQEBCwUAA4IBAQBZaNAeWeI21OwglMiRx2ctVPy2+nQ8RIFQpzDMeUJ9
9tjt2Gw2ahlLYU2uddges5j2MHhJXRC7qO2g9I25eyOtXyM83guGoneFYDDik1fw
Z6BkIOUo5r+9tXlZqt0Vp+lOLrOwXD432sSPfxdhLsGcNXBLtPf+AEF7Zb7RULrk
VXDg/RzmpQsIj4pSUvEpqN3Y3+dzoVSd+wpSdV9kEdmN/zIqAYQdXuG5Z3xJSq5n
j5LIxEHuFoKTtwxVssZh/ihuNmh2oCfY0bDqqm5RbXSI15tYD1aUjEmEUMlDJznr
lbIX1piW3UvuUVpEMrGw0RQkyYK6VLgNevoHiD6X5GtN
-----END CERTIFICATE-----