Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/f741Q7g4kseNO1ry24nPUdQstbs.roa
File:                     f741Q7g4kseNO1ry24nPUdQstbs.roa (raw, json)
Hash identifier:          /ArewhrEGu9bVv2osl1xlS+ZuEvT8uAPiOtXxX8FF0k=
Subject key identifier:   7F:BE:35:43:B8:38:92:C7:8D:3B:5A:F2:DB:89:CF:51:D4:2C:B5:BB
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       019D2EEE3B3C58CA2A575F3C26714DACA105
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/f741Q7g4kseNO1ry24nPUdQstbs.roa
Signing time:             Fri 27 Mar 2026 10:54:17 +0000
ROA not before:           Fri 27 Mar 2026 10:54:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     22773
IP address blocks:        194.38.48.0/24 maxlen: 24
                          194.38.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2e:ee:3b:3c:58:ca:2a:57:5f:3c:26:71:4d:ac:a1:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Mar 27 10:54:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7fbe3543b83892c78d3b5af2db89cf51d42cb5bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:0f:99:c7:d3:87:bb:84:d8:04:5a:27:43:c5:
                    66:a7:fb:ae:9b:36:68:30:a5:85:81:e5:2e:9c:cd:
                    9e:0a:19:ec:de:ce:71:a2:98:c1:cd:5b:93:e2:de:
                    90:ba:40:b8:5f:7c:b2:83:e6:8d:82:d0:e9:6a:0a:
                    23:51:96:be:ce:b9:df:68:32:12:78:43:59:5a:5b:
                    ac:54:b0:44:99:bf:35:db:91:10:91:a2:94:04:44:
                    12:24:51:56:4e:46:a3:2e:b7:c8:15:e8:59:04:56:
                    3d:3e:9d:20:7b:7b:84:af:23:06:ea:d3:17:b2:a6:
                    49:55:dd:34:16:8f:20:41:e2:dd:3e:55:dd:fd:21:
                    67:8e:6d:07:38:63:ab:f7:80:7b:09:7a:3d:f6:f6:
                    29:e4:80:37:32:40:0a:4c:72:2e:57:34:43:a5:46:
                    a4:3f:43:b6:0e:85:50:91:ea:94:26:88:bc:74:32:
                    50:7f:84:91:d0:77:e5:fe:6d:e9:0e:4b:7d:f0:84:
                    4f:41:1b:31:90:b8:5c:aa:0e:d4:77:32:55:09:2d:
                    17:76:4d:8e:63:b8:f0:b1:9b:b5:1e:05:b4:48:16:
                    42:2f:68:d7:28:0d:f2:6c:d2:d1:bc:6c:81:c2:32:
                    df:24:60:fb:39:cb:a8:78:f4:e6:51:4b:ad:0b:19:
                    94:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:BE:35:43:B8:38:92:C7:8D:3B:5A:F2:DB:89:CF:51:D4:2C:B5:BB
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/f741Q7g4kseNO1ry24nPUdQstbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.38.48.0/24
                  194.38.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:6e:2e:53:fb:3a:93:a1:06:2f:96:fb:76:6f:c6:fa:c3:fe:
         24:f8:bc:e6:de:66:a9:c3:0a:6f:4d:53:44:eb:5f:e9:04:d8:
         58:7a:64:03:af:74:ab:e9:b3:70:38:3b:9b:38:31:bf:f6:84:
         57:7b:99:7e:20:56:79:80:33:49:1e:0b:38:83:4a:12:1f:e0:
         04:86:65:94:b2:a6:b6:b9:8b:fd:1d:a4:a5:63:df:f6:9b:dd:
         91:83:e3:07:7b:93:70:6e:b7:44:c9:28:38:6c:c1:f0:2b:42:
         98:02:bf:76:a5:9b:fc:3a:d8:66:5f:ea:df:bb:7e:96:86:b0:
         45:e9:06:88:bd:fb:bf:b3:c6:b2:4d:18:07:db:59:c3:9b:83:
         eb:68:51:bc:69:43:42:e1:fe:40:6b:62:e0:31:53:23:d4:17:
         72:13:f2:bf:aa:47:40:3d:40:df:78:02:9d:5b:ed:a1:31:c9:
         3d:6d:18:21:fb:5f:ea:a9:91:b0:29:17:e2:fb:63:d5:c5:5a:
         72:bc:f1:62:66:d7:83:1e:f9:6b:2a:ed:de:bf:20:c2:a1:e2:
         e3:7f:27:bd:65:82:0e:76:51:38:e5:7a:69:4b:94:75:84:73:
         ec:96:78:94:ee:49:58:3e:45:d4:dd:50:81:88:19:ab:c8:4c:
         a4:24:b5:89
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0u7js8WMoqV188JnFNrKEFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjYwMzI3MTA1NDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmJlMzU0M2I4Mzg5MmM3OGQzYjVhZjJkYjg5Y2Y1MWQ0MmNiNWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1g+Zx9OHu4TYBFonQ8Vmp/uumzZo
MKWFgeUunM2eChns3s5xopjBzVuT4t6QukC4X3yyg+aNgtDpagojUZa+zrnfaDIS
eENZWlusVLBEmb8125EQkaKUBEQSJFFWTkajLrfIFehZBFY9Pp0ge3uEryMG6tMX
sqZJVd00Fo8gQeLdPlXd/SFnjm0HOGOr94B7CXo99vYp5IA3MkAKTHIuVzRDpUak
P0O2DoVQkeqUJoi8dDJQf4SR0Hfl/m3pDkt98IRPQRsxkLhcqg7UdzJVCS0Xdk2O
Y7jwsZu1HgW0SBZCL2jXKA3ybNLRvGyBwjLfJGD7OcuoePTmUUutCxmUtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH++NUO4OJLHjTta8tuJz1HULLW7MB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvZjc0MVE3ZzRrc2VOTzFyeTI0blBVZFFzdGJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwiYwAwQA
wiYyMA0GCSqGSIb3DQEBCwUAA4IBAQCmbi5T+zqToQYvlvt2b8b6w/4k+Lzm3map
wwpvTVNE61/pBNhYemQDr3Sr6bNwODubODG/9oRXe5l+IFZ5gDNJHgs4g0oSH+AE
hmWUsqa2uYv9HaSlY9/2m92Rg+MHe5NwbrdEySg4bMHwK0KYAr92pZv8OthmX+rf
u36WhrBF6QaIvfu/s8ayTRgH21nDm4PraFG8aUNC4f5Aa2LgMVMj1BdyE/K/qkdA
PUDfeAKdW+2hMck9bRgh+1/qqZGwKRfi+2PVxVpyvPFiZteDHvlrKu3evyDCoeLj
fye9ZYIOdlE45XppS5R1hHPslniU7klYPkXU3VCBiBmryEykJLWJ
-----END CERTIFICATE-----