Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/331333-9e8c-49e8-97da-5efb498da391/1/FF4TfaXEfQnUn4NVjK5tcE5No1I.roa
File:                     FF4TfaXEfQnUn4NVjK5tcE5No1I.roa (raw, json)
Hash identifier:          Xkl+Zf8Igvlgx9OzHID1XncnraaTP8CjQg0pZdxD9JU=
Subject key identifier:   14:5E:13:7D:A5:C4:7D:09:D4:9F:83:55:8C:AE:6D:70:4E:4D:A3:52
Certificate issuer:       /CN=96b8ca9490ba667def56bac17915365b4e86fb91
Certificate serial:       019CDD4FF5B858D9987C16BC185A1CF78A7D
Authority key identifier: 96:B8:CA:94:90:BA:66:7D:EF:56:BA:C1:79:15:36:5B:4E:86:FB:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lrjKlJC6Zn3vVrrBeRU2W06G-5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/331333-9e8c-49e8-97da-5efb498da391/1/FF4TfaXEfQnUn4NVjK5tcE5No1I.roa
Signing time:             Wed 11 Mar 2026 14:32:10 +0000
ROA not before:           Wed 11 Mar 2026 14:32:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202237
IP address blocks:        37.77.224.0/19 maxlen: 24
                          2a00:6dc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/331333-9e8c-49e8-97da-5efb498da391/1/lrjKlJC6Zn3vVrrBeRU2W06G-5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/331333-9e8c-49e8-97da-5efb498da391/1/lrjKlJC6Zn3vVrrBeRU2W06G-5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lrjKlJC6Zn3vVrrBeRU2W06G-5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dd:4f:f5:b8:58:d9:98:7c:16:bc:18:5a:1c:f7:8a:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96b8ca9490ba667def56bac17915365b4e86fb91
        Validity
            Not Before: Mar 11 14:32:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=145e137da5c47d09d49f83558cae6d704e4da352
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:58:6c:a5:08:bc:d7:ae:24:4d:3b:1c:4b:ac:
                    51:38:d3:ec:ad:33:30:14:ae:3b:ee:e7:07:ec:8b:
                    e7:79:1a:98:bb:75:43:93:f3:d8:70:6d:b4:b9:3b:
                    ea:9a:71:eb:61:ee:a8:82:f0:45:f3:3c:52:8e:b8:
                    81:a8:f7:5d:36:42:27:af:6c:d6:9f:3d:63:97:19:
                    1d:9d:ad:c9:8e:cf:f0:c5:c5:b1:dd:65:cd:51:59:
                    7b:c9:7b:76:f5:8e:26:d4:29:69:c3:db:1b:4b:b8:
                    d2:bd:8a:58:ea:f7:f3:ea:19:0b:08:d9:e7:d0:04:
                    33:25:53:18:9a:58:cf:1b:a4:57:c0:70:42:ff:4e:
                    1b:2e:67:12:38:67:1d:99:98:ef:2f:b4:8a:1e:cd:
                    2b:06:3b:af:b2:92:8a:eb:a6:bb:54:93:ab:6c:44:
                    d2:b2:a4:4a:90:35:5e:d9:d7:26:4b:5d:49:1e:24:
                    65:51:a2:63:76:b6:98:1e:69:f8:5a:91:dc:cc:54:
                    f4:41:d0:42:9e:fa:57:b7:39:bc:09:45:6c:de:bb:
                    43:f9:17:8d:58:55:20:93:ce:ae:17:5a:7c:4b:19:
                    3a:3d:f1:a7:c6:20:72:58:e9:86:f5:20:08:de:68:
                    e9:9e:bf:f6:26:f6:98:32:fa:c7:3d:90:5f:3b:80:
                    91:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:5E:13:7D:A5:C4:7D:09:D4:9F:83:55:8C:AE:6D:70:4E:4D:A3:52
            X509v3 Authority Key Identifier:
                keyid:96:B8:CA:94:90:BA:66:7D:EF:56:BA:C1:79:15:36:5B:4E:86:FB:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lrjKlJC6Zn3vVrrBeRU2W06G-5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/331333-9e8c-49e8-97da-5efb498da391/1/FF4TfaXEfQnUn4NVjK5tcE5No1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/331333-9e8c-49e8-97da-5efb498da391/1/lrjKlJC6Zn3vVrrBeRU2W06G-5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.224.0/19
                IPv6:
                  2a00:6dc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         00:de:71:7e:40:56:cb:3a:db:f0:ee:1f:59:bb:16:12:86:46:
         2e:fd:b9:4f:67:6c:f1:63:9c:95:2a:5e:84:65:83:3f:fe:4d:
         2f:e6:6c:dd:9f:17:1f:a1:0c:42:00:91:b7:f0:a4:5c:99:6d:
         f8:3d:cb:05:bb:22:b7:3f:67:4f:70:3c:77:2c:ce:f6:7b:2b:
         b0:b5:da:9d:a5:5a:ad:f8:1d:cf:e1:2c:5f:2b:50:f1:45:9d:
         70:49:35:bd:ad:97:a4:73:be:01:7a:d5:29:03:65:e8:e2:23:
         95:11:7d:31:c6:6a:73:c9:4e:71:66:7f:62:f7:a2:42:80:d8:
         1a:e7:c9:3a:59:3e:fb:06:a7:83:50:80:e6:50:36:9e:7c:f5:
         b7:70:a3:4d:13:11:2b:88:91:55:11:7c:11:7b:f6:f9:c5:43:
         ef:1d:1d:84:4f:39:7a:c5:48:b3:e7:a6:45:e1:ce:79:3b:f3:
         9f:20:02:21:ea:a9:a2:3a:6b:8e:fc:c1:34:63:62:d5:a8:65:
         bc:5e:b7:d3:53:d3:98:0d:eb:c0:01:9c:1b:d6:94:85:21:19:
         b9:56:ef:dc:99:f5:df:dc:e4:bb:b4:cc:6b:e6:50:df:56:02:
         b0:8e:56:48:03:22:13:f2:5d:13:be:51:b7:40:40:19:93:b5:
         33:83:0a:24
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZzdT/W4WNmYfBa8GFoc94p9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YjhjYTk0OTBiYTY2N2RlZjU2YmFjMTc5MTUzNjViNGU4
NmZiOTEwHhcNMjYwMzExMTQzMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDVlMTM3ZGE1YzQ3ZDA5ZDQ5ZjgzNTU4Y2FlNmQ3MDRlNGRhMzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFhspQi8164kTTscS6xRONPsrTMw
FK477ucH7IvneRqYu3VDk/PYcG20uTvqmnHrYe6ogvBF8zxSjriBqPddNkInr2zW
nz1jlxkdna3Jjs/wxcWx3WXNUVl7yXt29Y4m1Clpw9sbS7jSvYpY6vfz6hkLCNnn
0AQzJVMYmljPG6RXwHBC/04bLmcSOGcdmZjvL7SKHs0rBjuvspKK66a7VJOrbETS
sqRKkDVe2dcmS11JHiRlUaJjdraYHmn4WpHczFT0QdBCnvpXtzm8CUVs3rtD+ReN
WFUgk86uF1p8Sxk6PfGnxiByWOmG9SAI3mjpnr/2JvaYMvrHPZBfO4CRIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBReE32lxH0J1J+DVYyubXBOTaNSMB8GA1UdIwQY
MBaAFJa4ypSQumZ971a6wXkVNltOhvuRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHJqS2xKQzZabjN2VnJyQmVSVTJXMDZHLTVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8zMzEzMzMtOWU4Yy00OWU4LTk3ZGEt
NWVmYjQ5OGRhMzkxLzEvRkY0VGZhWEVmUW5VbjROVmpLNXRjRTVObzFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8zMzEzMzMtOWU4Yy00OWU4LTk3ZGEtNWVmYjQ5OGRhMzkx
LzEvbHJqS2xKQzZabjN2VnJyQmVSVTJXMDZHLTVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFJU3gMA0E
AgACMAcDBQAqAG3AMA0GCSqGSIb3DQEBCwUAA4IBAQAA3nF+QFbLOtvw7h9ZuxYS
hkYu/blPZ2zxY5yVKl6EZYM//k0v5mzdnxcfoQxCAJG38KRcmW34PcsFuyK3P2dP
cDx3LM72eyuwtdqdpVqt+B3P4SxfK1DxRZ1wSTW9rZekc74BetUpA2Xo4iOVEX0x
xmpzyU5xZn9i96JCgNga58k6WT77BqeDUIDmUDaefPW3cKNNExEriJFVEXwRe/b5
xUPvHR2ETzl6xUiz56ZF4c55O/OfIAIh6qmiOmuO/ME0Y2LVqGW8XrfTU9OYDevA
AZwb1pSFIRm5Vu/cmfXf3OS7tMxr5lDfVgKwjlZIAyIT8l0TvlG3QEAZk7Uzgwok
-----END CERTIFICATE-----