Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/FKDB1nLn_ZS_a9rdy0c5mxFNjAw.roa
File:                     FKDB1nLn_ZS_a9rdy0c5mxFNjAw.roa (raw, json)
Hash identifier:          2sgSFU9TG23xIm09t4WNIN0wcgWuOUk3p2yOrCzVZt8=
Subject key identifier:   14:A0:C1:D6:72:E7:FD:94:BF:6B:DA:DD:CB:47:39:9B:11:4D:8C:0C
Certificate issuer:       /CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
Certificate serial:       019E1BBC2A2D9B492578804F5708B7E3BB9E
Authority key identifier: 1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/FKDB1nLn_ZS_a9rdy0c5mxFNjAw.roa
Signing time:             Tue 12 May 2026 10:29:36 +0000
ROA not before:           Tue 12 May 2026 10:29:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207279
IP address blocks:        131.222.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1b:bc:2a:2d:9b:49:25:78:80:4f:57:08:b7:e3:bb:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
        Validity
            Not Before: May 12 10:29:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=14a0c1d672e7fd94bf6bdaddcb47399b114d8c0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:2d:86:a9:46:9f:0c:bf:10:ff:38:4d:57:eb:
                    12:94:d3:c8:f6:1a:da:20:9c:70:55:d8:4a:6d:c1:
                    0e:45:3e:1d:07:77:de:d9:df:72:9b:00:c4:03:0e:
                    44:6a:b7:09:63:01:26:5b:ce:f5:df:91:31:79:32:
                    46:ce:f4:71:a5:bf:91:2f:4d:4d:60:a6:bb:46:3b:
                    a5:fc:4c:f3:e1:a0:1a:51:f6:2a:da:a2:b1:69:2b:
                    f5:11:bf:c6:a9:52:7d:22:f2:d0:05:b0:84:22:62:
                    55:49:bd:92:4e:dc:f2:34:8b:96:4b:ca:e4:ce:90:
                    f7:30:ea:6d:f4:ba:a4:c7:44:19:27:44:02:26:04:
                    ab:40:69:28:1b:c4:ba:af:8d:ab:28:5f:c4:79:06:
                    40:fc:bc:b6:ef:04:24:8f:73:86:fe:b2:f5:a5:72:
                    a1:5a:97:f0:72:18:60:f8:3d:cc:28:ab:31:98:b6:
                    b8:6b:90:8b:21:39:f1:8d:e2:3d:15:11:df:01:57:
                    7c:42:1f:82:b4:8f:54:55:1b:69:b3:99:84:9e:0a:
                    35:ca:d1:fd:69:77:00:d7:7e:8e:54:3b:e4:b1:82:
                    15:a3:83:e7:1e:37:5d:13:b7:16:a4:0b:b6:2f:e2:
                    dc:ce:fa:e5:fd:f0:5b:23:78:63:37:2b:69:33:c8:
                    bb:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:A0:C1:D6:72:E7:FD:94:BF:6B:DA:DD:CB:47:39:9B:11:4D:8C:0C
            X509v3 Authority Key Identifier:
                keyid:1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/FKDB1nLn_ZS_a9rdy0c5mxFNjAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.222.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:70:0d:85:a2:02:31:f3:8e:5d:86:60:58:2a:80:98:71:a1:
         63:16:a8:6a:5c:12:43:96:32:16:93:e5:04:e2:73:18:d9:b0:
         a9:9c:f2:22:cc:7d:ca:6c:9a:61:7d:3f:cf:9e:e6:09:dc:2d:
         88:ed:b0:5d:e4:7b:70:32:40:ff:6e:f6:bb:5f:b6:4b:7e:73:
         02:2f:99:42:a2:33:bc:33:bd:69:cb:a6:41:1c:3f:38:be:33:
         f2:f0:41:84:d0:1a:76:18:c5:37:05:a0:56:bb:87:a6:80:c1:
         83:81:c0:35:2d:7c:8b:5e:94:44:a5:fd:fb:62:82:e7:93:29:
         88:02:81:f8:d6:8b:2b:6b:e6:23:32:6b:c5:fd:01:1e:ff:27:
         54:4d:bf:d3:40:44:b1:9f:bb:37:fc:dd:a7:38:1c:74:d1:07:
         91:1f:2e:db:16:0c:ae:ec:01:5a:28:9e:8c:1e:03:e1:c8:aa:
         b6:c0:72:63:24:03:64:4f:1f:99:6f:a5:a5:da:d7:07:2d:92:
         15:4a:59:e1:48:05:bb:74:f2:ec:d9:30:9c:8b:03:7d:f4:a0:
         db:25:9d:68:ba:c8:b3:f3:50:ad:cf:46:55:d8:14:4e:01:21:
         da:01:90:2e:4d:53:fe:f0:8f:31:20:97:f0:b9:2c:58:39:b5:
         e5:27:6b:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4bvCotm0kleIBPVwi347ueMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGRjMjI1OTVmYzFmNTg4ZmJjNGRkZTA3YzFjMzk0OTk4
ZjMzYTcwHhcNMjYwNTEyMTAyOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGEwYzFkNjcyZTdmZDk0YmY2YmRhZGRjYjQ3Mzk5YjExNGQ4YzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhC2GqUafDL8Q/zhNV+sSlNPI9hra
IJxwVdhKbcEORT4dB3fe2d9ymwDEAw5EarcJYwEmW87135ExeTJGzvRxpb+RL01N
YKa7Rjul/Ezz4aAaUfYq2qKxaSv1Eb/GqVJ9IvLQBbCEImJVSb2STtzyNIuWS8rk
zpD3MOpt9Lqkx0QZJ0QCJgSrQGkoG8S6r42rKF/EeQZA/Ly27wQkj3OG/rL1pXKh
Wpfwchhg+D3MKKsxmLa4a5CLITnxjeI9FRHfAVd8Qh+CtI9UVRtps5mEngo1ytH9
aXcA136OVDvksYIVo4PnHjddE7cWpAu2L+Lczvrl/fBbI3hjNytpM8i7JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSgwdZy5/2Uv2va3ctHOZsRTYwMMB8GA1UdIwQY
MBaAFBpNwiWV/B9Yj7xN3gfBw5SZjzOnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYt
MmI3OGIxOWI1YTg3LzEvRktEQjFuTG5fWlNfYTlyZHkwYzVteEZOakF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYtMmI3OGIxOWI1YTg3
LzEvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAg97CMA0G
CSqGSIb3DQEBCwUAA4IBAQCScA2FogIx845dhmBYKoCYcaFjFqhqXBJDljIWk+UE
4nMY2bCpnPIizH3KbJphfT/PnuYJ3C2I7bBd5HtwMkD/bva7X7ZLfnMCL5lCojO8
M71py6ZBHD84vjPy8EGE0Bp2GMU3BaBWu4emgMGDgcA1LXyLXpREpf37YoLnkymI
AoH41osra+YjMmvF/QEe/ydUTb/TQESxn7s3/N2nOBx00QeRHy7bFgyu7AFaKJ6M
HgPhyKq2wHJjJANkTx+Zb6Wl2tcHLZIVSlnhSAW7dPLs2TCciwN99KDbJZ1ousiz
81Ctz0ZV2BROASHaAZAuTVP+8I8xIJfwuSxYObXlJ2tk
-----END CERTIFICATE-----