Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/_F1YpDKssPOYPWe4RnEpOxPmSvk.roa
File:                     _F1YpDKssPOYPWe4RnEpOxPmSvk.roa (raw, json)
Hash identifier:          RSHMkPuv6FyT1uLd+pMQRI0fb/HI7KNAClenZ8mEOt8=
Subject key identifier:   FC:5D:58:A4:32:AC:B0:F3:98:3D:67:B8:46:71:29:3B:13:E6:4A:F9
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019D1BB3C421D219C729B5D08719D2BE165C
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/_F1YpDKssPOYPWe4RnEpOxPmSvk.roa
Signing time:             Mon 23 Mar 2026 17:17:39 +0000
ROA not before:           Mon 23 Mar 2026 17:17:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209843
IP address blocks:        2a0d:6f80:2302::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1b:b3:c4:21:d2:19:c7:29:b5:d0:87:19:d2:be:16:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Mar 23 17:17:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fc5d58a432acb0f3983d67b84671293b13e64af9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:36:17:db:e5:fd:f9:f5:c0:95:51:f8:af:3e:
                    f9:b8:28:fd:32:bb:4c:83:3c:ad:ac:fe:94:1e:46:
                    0b:7b:29:64:c4:5c:f2:d0:67:45:7c:ba:c0:8c:14:
                    b8:1c:a7:03:c4:d2:21:5d:a2:ba:e3:0d:82:a7:87:
                    a4:1a:12:64:30:7c:4c:2c:70:57:4c:b2:b9:ed:64:
                    b2:cd:e7:19:4b:2b:74:7b:8e:9f:fb:e9:fc:54:2b:
                    4f:f7:36:b8:b4:9e:1f:bc:74:8d:2e:97:08:30:cf:
                    f6:aa:9f:0f:aa:ee:95:b1:1f:55:43:ec:1e:a2:42:
                    67:84:01:3b:a0:0f:65:a0:86:ac:ef:6f:82:59:43:
                    ad:36:89:60:3c:a2:8a:0a:51:23:e7:f4:3e:d3:96:
                    e6:57:4b:92:ff:fb:cd:d2:11:50:17:5a:84:01:75:
                    44:26:76:25:d0:f9:e6:24:5c:b0:37:7c:9f:8b:8f:
                    7f:08:18:0f:f7:91:18:08:28:ab:fa:29:aa:50:49:
                    53:4f:b5:4e:b3:34:8b:dd:1a:13:d3:cc:c0:3b:0c:
                    6e:c3:9e:89:37:49:54:47:2c:4a:48:0c:ed:d3:b1:
                    54:60:7a:b4:04:3e:72:3b:eb:ee:e6:a7:41:88:b4:
                    ee:b2:98:60:2d:65:53:2a:19:9f:6a:43:fb:cc:52:
                    86:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:5D:58:A4:32:AC:B0:F3:98:3D:67:B8:46:71:29:3B:13:E6:4A:F9
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/_F1YpDKssPOYPWe4RnEpOxPmSvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:6f80:2302::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:f5:6f:90:c5:11:f0:a9:17:bf:e7:47:90:3d:6f:44:c4:9f:
         37:a2:c2:ca:94:fc:7f:cf:e4:5b:67:8d:9c:e2:e1:da:a9:28:
         71:29:9c:17:90:bf:00:34:c4:27:67:2f:2b:36:bb:11:43:a2:
         9e:fe:d2:9d:ff:05:62:8a:ff:49:eb:e0:2a:c7:cc:6c:4f:4b:
         97:22:74:da:97:2b:5d:cc:25:dc:d0:53:8c:cc:15:d4:da:fc:
         a0:5d:ae:4d:9e:7c:0b:64:60:0c:47:ad:97:58:55:59:b1:70:
         15:07:d8:e7:00:76:18:ab:b4:53:1b:8f:7e:d4:0b:82:62:bd:
         17:0e:00:56:d9:3a:a3:2e:34:11:d6:57:fb:3d:d4:9a:7d:1c:
         a7:28:c2:45:c9:16:bc:c4:24:e3:8b:99:8d:bf:a7:d2:24:09:
         03:d9:c4:be:12:fd:fc:63:8c:49:8a:64:24:a9:89:b2:a7:95:
         3f:48:a3:d7:d9:a7:8f:9c:88:60:02:f5:b8:04:df:72:cb:c5:
         04:92:ad:c0:e8:0b:f5:f6:88:16:15:53:21:5c:d5:d4:fd:bf:
         d1:7f:81:af:d6:de:f1:e2:5b:52:1d:7d:3d:10:87:9b:75:9d:
         80:c9:8e:b0:a5:7d:f6:66:0d:0e:c0:c3:ad:8e:d3:43:f1:a2:
         c3:2c:dd:bd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0bs8Qh0hnHKbXQhxnSvhZcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwMzIzMTcxNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzVkNThhNDMyYWNiMGYzOTgzZDY3Yjg0NjcxMjkzYjEzZTY0YWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszYX2+X9+fXAlVH4rz75uCj9MrtM
gzytrP6UHkYLeylkxFzy0GdFfLrAjBS4HKcDxNIhXaK64w2Cp4ekGhJkMHxMLHBX
TLK57WSyzecZSyt0e46f++n8VCtP9za4tJ4fvHSNLpcIMM/2qp8Pqu6VsR9VQ+we
okJnhAE7oA9loIas72+CWUOtNolgPKKKClEj5/Q+05bmV0uS//vN0hFQF1qEAXVE
JnYl0PnmJFywN3yfi49/CBgP95EYCCir+imqUElTT7VOszSL3RoT08zAOwxuw56J
N0lURyxKSAzt07FUYHq0BD5yO+vu5qdBiLTusphgLWVTKhmfakP7zFKGiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPxdWKQyrLDzmD1nuEZxKTsT5kr5MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvX0YxWXBES3NzUE9ZUFdlNFJuRXBPeFBtU3ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg1vgCMC
MA0GCSqGSIb3DQEBCwUAA4IBAQCN9W+QxRHwqRe/50eQPW9ExJ83osLKlPx/z+Rb
Z42c4uHaqShxKZwXkL8ANMQnZy8rNrsRQ6Ke/tKd/wViiv9J6+Aqx8xsT0uXInTa
lytdzCXc0FOMzBXU2vygXa5NnnwLZGAMR62XWFVZsXAVB9jnAHYYq7RTG49+1AuC
Yr0XDgBW2TqjLjQR1lf7PdSafRynKMJFyRa8xCTji5mNv6fSJAkD2cS+Ev38Y4xJ
imQkqYmyp5U/SKPX2aePnIhgAvW4BN9yy8UEkq3A6Av19ogWFVMhXNXU/b/Rf4Gv
1t7x4ltSHX09EIebdZ2AyY6wpX32Zg0OwMOtjtND8aLDLN29
-----END CERTIFICATE-----