Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3eebf9-0e05-48b6-8450-dcf5b86693c9/1/f_g1_FIZZK96z7ZSNPocxjCjsbQ.roa
File:                     f_g1_FIZZK96z7ZSNPocxjCjsbQ.roa (raw, json)
Hash identifier:          gb0q9RjIvyLcVT8CSfpFcZqoMX+jR12UyGETqF9tVsE=
Subject key identifier:   7F:F8:35:FC:52:19:64:AF:7A:CF:B6:52:34:FA:1C:C6:30:A3:B1:B4
Certificate issuer:       /CN=5feb7565e21cf5b07bd971c96ecc3a4a64fad204
Certificate serial:       019B7BA3C7E3E89F8BF4DE9668AB235647A4
Authority key identifier: 5F:EB:75:65:E2:1C:F5:B0:7B:D9:71:C9:6E:CC:3A:4A:64:FA:D2:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-t1ZeIc9bB72XHJbsw6SmT60gQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3eebf9-0e05-48b6-8450-dcf5b86693c9/1/f_g1_FIZZK96z7ZSNPocxjCjsbQ.roa
Signing time:             Thu 01 Jan 2026 22:18:09 +0000
ROA not before:           Thu 01 Jan 2026 22:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47454
IP address blocks:        45.80.40.0/22 maxlen: 22
                          2a0e:3a80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3eebf9-0e05-48b6-8450-dcf5b86693c9/1/X-t1ZeIc9bB72XHJbsw6SmT60gQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3eebf9-0e05-48b6-8450-dcf5b86693c9/1/X-t1ZeIc9bB72XHJbsw6SmT60gQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X-t1ZeIc9bB72XHJbsw6SmT60gQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:c7:e3:e8:9f:8b:f4:de:96:68:ab:23:56:47:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5feb7565e21cf5b07bd971c96ecc3a4a64fad204
        Validity
            Not Before: Jan  1 22:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ff835fc521964af7acfb65234fa1cc630a3b1b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:95:18:1f:be:a9:1d:d6:2d:5a:a6:a5:f6:db:
                    18:43:65:5d:9f:ce:62:28:41:aa:ca:05:03:20:45:
                    aa:ac:ae:0e:5a:ba:43:26:36:7b:f8:e7:20:f0:76:
                    f2:cc:d5:5c:42:69:b8:63:52:b1:5d:54:50:bc:10:
                    12:72:e3:67:8e:ca:3b:9e:d4:c5:fe:a6:3c:f1:3a:
                    dd:87:ed:3c:39:e3:65:8b:ee:3e:7e:21:25:68:ef:
                    d2:aa:f3:7c:04:bf:f2:5c:4b:93:7c:f8:13:c0:dd:
                    4a:5d:06:8c:1f:49:d8:3a:20:58:dd:25:c7:28:67:
                    f5:38:06:60:fb:57:30:aa:ab:c2:09:4f:b9:d4:7d:
                    9e:09:25:a8:fc:0f:a1:a0:c4:83:af:b9:da:53:26:
                    78:d2:8b:7b:36:dc:5e:9f:80:ca:5e:da:fa:50:1f:
                    0c:7b:e3:4a:1a:21:55:09:70:16:4c:0b:43:0e:20:
                    c1:c2:ce:f6:d5:22:b6:b7:55:f9:23:31:21:aa:58:
                    aa:5a:ed:1a:ac:3a:c9:49:80:40:5c:78:82:54:f2:
                    5e:94:15:68:1a:c6:5c:6d:f8:6c:b6:b5:1a:96:c1:
                    64:1f:51:c5:cd:16:48:68:84:20:39:80:e4:68:0b:
                    a2:da:65:6a:f9:be:b9:91:f6:93:c6:0d:24:9e:94:
                    23:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:F8:35:FC:52:19:64:AF:7A:CF:B6:52:34:FA:1C:C6:30:A3:B1:B4
            X509v3 Authority Key Identifier:
                keyid:5F:EB:75:65:E2:1C:F5:B0:7B:D9:71:C9:6E:CC:3A:4A:64:FA:D2:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-t1ZeIc9bB72XHJbsw6SmT60gQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3eebf9-0e05-48b6-8450-dcf5b86693c9/1/f_g1_FIZZK96z7ZSNPocxjCjsbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3eebf9-0e05-48b6-8450-dcf5b86693c9/1/X-t1ZeIc9bB72XHJbsw6SmT60gQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.40.0/22
                IPv6:
                  2a0e:3a80::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:36:c4:29:97:11:3b:44:aa:27:a1:9c:17:d6:e6:80:14:ac:
         50:08:55:c5:a1:8d:9e:43:7c:b3:e2:27:ee:92:18:3a:63:70:
         e7:f1:98:b2:f1:30:04:22:ac:d3:c8:af:91:a3:d9:31:99:cc:
         cb:7a:70:d1:4d:00:3a:67:e7:81:17:ea:87:18:a2:eb:df:2a:
         d7:e1:c9:7e:9e:cc:62:c8:00:f9:d8:86:b7:fe:a9:ae:2c:a3:
         19:db:61:c9:40:a1:e9:47:56:78:92:9a:f2:7c:99:51:e0:9e:
         94:26:e3:1c:e3:8e:b8:b3:ec:e2:2d:04:0b:7b:f8:49:93:27:
         44:8f:34:fa:ce:be:2b:3f:b3:ba:7d:a0:b2:72:36:b2:6e:79:
         41:28:b0:b1:19:45:bb:29:4d:04:cd:f4:7b:dc:f5:34:61:35:
         ff:e8:c9:14:61:39:2d:db:7e:5d:2f:88:30:87:39:b6:aa:4d:
         ec:4b:bd:f6:22:a4:a8:10:ab:04:f6:55:2d:73:51:71:f8:36:
         fb:42:d4:dd:b7:bf:04:99:42:a2:1f:95:16:53:4a:15:a6:67:
         0f:05:4f:32:1a:33:fb:3c:36:d5:7d:08:3a:50:e5:c9:d8:b5:
         4e:33:51:69:50:aa:65:7c:09:01:81:26:49:b2:d6:36:83:d4:
         85:d5:0c:78
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt7o8fj6J+L9N6WaKsjVkekMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZWI3NTY1ZTIxY2Y1YjA3YmQ5NzFjOTZlY2MzYTRhNjRm
YWQyMDQwHhcNMjYwMTAxMjIxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmY4MzVmYzUyMTk2NGFmN2FjZmI2NTIzNGZhMWNjNjMwYTNiMWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZUYH76pHdYtWqal9tsYQ2Vdn85i
KEGqygUDIEWqrK4OWrpDJjZ7+Ocg8HbyzNVcQmm4Y1KxXVRQvBAScuNnjso7ntTF
/qY88Trdh+08OeNli+4+fiElaO/SqvN8BL/yXEuTfPgTwN1KXQaMH0nYOiBY3SXH
KGf1OAZg+1cwqqvCCU+51H2eCSWo/A+hoMSDr7naUyZ40ot7Ntxen4DKXtr6UB8M
e+NKGiFVCXAWTAtDDiDBws721SK2t1X5IzEhqliqWu0arDrJSYBAXHiCVPJelBVo
GsZcbfhstrUalsFkH1HFzRZIaIQgOYDkaAui2mVq+b65kfaTxg0knpQjBQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH/4NfxSGWSves+2UjT6HMYwo7G0MB8GA1UdIwQY
MBaAFF/rdWXiHPWwe9lxyW7MOkpk+tIEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC10MVplSWM5YkI3MlhISmJzdzZTbVQ2MGdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zZWViZjktMGUwNS00OGI2LTg0NTAt
ZGNmNWI4NjY5M2M5LzEvZl9nMV9GSVpaSzk2ejdaU05Qb2N4akNqc2JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zZWViZjktMGUwNS00OGI2LTg0NTAtZGNmNWI4NjY5M2M5
LzEvWC10MVplSWM5YkI3MlhISmJzdzZTbVQ2MGdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVAoMA0E
AgACMAcDBQAqDjqAMA0GCSqGSIb3DQEBCwUAA4IBAQAXNsQplxE7RKonoZwX1uaA
FKxQCFXFoY2eQ3yz4ifukhg6Y3Dn8Ziy8TAEIqzTyK+Ro9kxmczLenDRTQA6Z+eB
F+qHGKLr3yrX4cl+nsxiyAD52Ia3/qmuLKMZ22HJQKHpR1Z4kpryfJlR4J6UJuMc
4464s+ziLQQLe/hJkydEjzT6zr4rP7O6faCycjaybnlBKLCxGUW7KU0EzfR73PU0
YTX/6MkUYTkt235dL4gwhzm2qk3sS732IqSoEKsE9lUtc1Fx+Db7QtTdt78EmUKi
H5UWU0oVpmcPBU8yGjP7PDbVfQg6UOXJ2LVOM1FpUKplfAkBgSZJstY2g9SF1Qx4
-----END CERTIFICATE-----