Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/hSPUDriBFUPkOhUeKC6Y9oSTdZI.roa
File:                     hSPUDriBFUPkOhUeKC6Y9oSTdZI.roa (raw, json)
Hash identifier:          7jTlCQCzPDALzsRPiXMqvUwWzgkv9Ko9WwplcAGJOl0=
Subject key identifier:   85:23:D4:0E:B8:81:15:43:E4:3A:15:1E:28:2E:98:F6:84:93:75:92
Certificate issuer:       /CN=fc4d06978969a8bdab6d6359062d7781e03449ca
Certificate serial:       019D0C5E56C69E708038159C861C8A18D47C
Authority key identifier: FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/hSPUDriBFUPkOhUeKC6Y9oSTdZI.roa
Signing time:             Fri 20 Mar 2026 17:50:02 +0000
ROA not before:           Fri 20 Mar 2026 17:50:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        80.243.16.0/21 maxlen: 21
                          80.243.24.0/21 maxlen: 21
                          185.54.12.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0c:5e:56:c6:9e:70:80:38:15:9c:86:1c:8a:18:d4:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc4d06978969a8bdab6d6359062d7781e03449ca
        Validity
            Not Before: Mar 20 17:50:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8523d40eb8811543e43a151e282e98f684937592
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:91:b1:c7:85:d5:22:9a:72:fa:8b:f7:43:aa:
                    45:53:9c:5b:8d:a5:e0:3a:3b:a2:4b:df:3a:f4:25:
                    a9:56:b9:9c:95:96:b8:18:41:64:d5:cf:09:d2:03:
                    37:d4:37:a0:ef:73:08:13:99:1f:68:e1:fa:ba:5a:
                    ad:aa:c8:a1:81:b2:13:4b:cf:2e:1c:81:0a:ed:b4:
                    c3:7b:1a:e9:a0:13:30:fd:0a:0f:2a:b3:28:30:fe:
                    35:b9:bd:4d:fd:87:f6:e5:e1:de:42:33:87:43:07:
                    fc:22:ff:fe:65:d9:21:09:ab:49:1c:e6:c6:c5:a2:
                    d9:9b:2e:4e:ea:6f:64:69:34:12:7f:79:58:48:cd:
                    82:bf:db:1e:27:8e:75:27:1e:88:97:75:d5:b3:74:
                    6a:39:e6:88:df:6b:7d:7c:2d:b1:1a:90:3a:16:fe:
                    48:32:1b:b2:73:2a:29:de:31:67:d9:cd:09:3f:ad:
                    78:9d:3e:37:b4:93:a9:42:9a:a6:8d:18:81:4f:92:
                    e4:69:66:bc:24:da:0c:4c:a8:3f:f4:77:19:e6:3e:
                    c0:a3:df:94:3c:f8:07:27:ae:9a:90:db:04:29:43:
                    ad:07:f3:2d:25:2d:13:fc:f9:e3:74:81:6b:bb:0f:
                    4f:fb:78:e9:9b:c5:40:63:f2:21:23:bd:a8:07:76:
                    06:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:23:D4:0E:B8:81:15:43:E4:3A:15:1E:28:2E:98:F6:84:93:75:92
            X509v3 Authority Key Identifier:
                keyid:FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/hSPUDriBFUPkOhUeKC6Y9oSTdZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.243.16.0/20
                  185.54.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:4e:64:b7:91:b4:be:8a:a7:f6:b1:6d:5d:6b:23:df:cf:58:
         a8:3e:c8:6b:a4:c2:88:2d:13:ef:8b:32:a0:7d:23:03:e0:58:
         f1:d8:1c:9b:b7:36:4b:da:04:03:3f:20:27:d8:f2:45:5f:bd:
         d3:9a:90:cd:83:d3:a0:20:c9:79:5d:95:29:09:38:d6:d0:a1:
         63:40:b5:4c:b4:e0:30:0b:a9:c5:f5:07:cf:eb:74:99:b1:b2:
         c2:ff:67:3f:d6:84:e6:e7:cf:64:af:29:32:c5:fb:b0:3c:5f:
         78:c5:e6:e5:e4:5a:23:4e:fa:63:ed:c6:42:c8:9e:01:e4:61:
         0a:71:79:6e:28:e9:87:fb:ad:4a:8d:ec:0b:99:2a:7a:45:e7:
         bd:ef:83:d0:a8:01:27:80:fa:fb:00:c8:78:d6:7b:f9:c1:24:
         29:fd:ed:93:2e:1f:9a:50:bf:a9:19:98:38:5a:8b:b4:9e:52:
         41:0b:b8:d5:21:7a:2b:ad:ce:36:d9:50:02:a6:ff:04:68:ec:
         77:b3:bf:f2:d8:10:52:7f:ad:40:f3:2a:21:7a:96:9c:2d:8e:
         e8:ee:32:30:6a:e4:56:45:5f:f6:a1:ba:0b:91:a6:61:2d:4b:
         97:af:01:7c:cb:79:ba:84:0c:07:a2:da:2f:2f:38:44:88:cb:
         b3:42:e0:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0MXlbGnnCAOBWchhyKGNR8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNGQwNjk3ODk2OWE4YmRhYjZkNjM1OTA2MmQ3NzgxZTAz
NDQ5Y2EwHhcNMjYwMzIwMTc1MDAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTIzZDQwZWI4ODExNTQzZTQzYTE1MWUyODJlOThmNjg0OTM3NTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35Gxx4XVIppy+ov3Q6pFU5xbjaXg
OjuiS9869CWpVrmclZa4GEFk1c8J0gM31Deg73MIE5kfaOH6ulqtqsihgbITS88u
HIEK7bTDexrpoBMw/QoPKrMoMP41ub1N/Yf25eHeQjOHQwf8Iv/+ZdkhCatJHObG
xaLZmy5O6m9kaTQSf3lYSM2Cv9seJ451Jx6Il3XVs3RqOeaI32t9fC2xGpA6Fv5I
Mhuycyop3jFn2c0JP614nT43tJOpQpqmjRiBT5LkaWa8JNoMTKg/9HcZ5j7Ao9+U
PPgHJ66akNsEKUOtB/MtJS0T/PnjdIFruw9P+3jpm8VAY/IhI72oB3YGQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIUj1A64gRVD5DoVHigumPaEk3WSMB8GA1UdIwQY
MBaAFPxNBpeJaai9q21jWQYtd4HgNEnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEt
ZGEwM2JmN2EyZWMyLzEvaFNQVURyaUJGVVBrT2hVZUtDNlk5b1NUZFpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEtZGEwM2JmN2EyZWMy
LzEvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUPMQAwQB
uTYMMA0GCSqGSIb3DQEBCwUAA4IBAQAHTmS3kbS+iqf2sW1dayPfz1ioPshrpMKI
LRPvizKgfSMD4Fjx2BybtzZL2gQDPyAn2PJFX73TmpDNg9OgIMl5XZUpCTjW0KFj
QLVMtOAwC6nF9QfP63SZsbLC/2c/1oTm589krykyxfuwPF94xebl5FojTvpj7cZC
yJ4B5GEKcXluKOmH+61KjewLmSp6Ree974PQqAEngPr7AMh41nv5wSQp/e2TLh+a
UL+pGZg4Wou0nlJBC7jVIXorrc422VACpv8EaOx3s7/y2BBSf61A8yohepacLY7o
7jIwauRWRV/2oboLkaZhLUuXrwF8y3m6hAwHotovLzhEiMuzQuDs
-----END CERTIFICATE-----