Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/fzC-AcNh2yOJ_5dGUvrvfw9vsok.roa
File:                     fzC-AcNh2yOJ_5dGUvrvfw9vsok.roa (raw, json)
Hash identifier:          tSTIZaYoRGt64j2os/R+JCN+/UAvU/awUqy9sBJwtAc=
Subject key identifier:   7F:30:BE:01:C3:61:DB:23:89:FF:97:46:52:FA:EF:7F:0F:6F:B2:89
Certificate issuer:       /CN=894928a39627cd5ee5f975bd897c2d775ab29940
Certificate serial:       019C3208A3936D4CDF36D92B16162D477D7F
Authority key identifier: 89:49:28:A3:96:27:CD:5E:E5:F9:75:BD:89:7C:2D:77:5A:B2:99:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iUkoo5YnzV7l-XW9iXwtd1qymUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/fzC-AcNh2yOJ_5dGUvrvfw9vsok.roa
Signing time:             Fri 06 Feb 2026 08:19:12 +0000
ROA not before:           Fri 06 Feb 2026 08:19:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201846
IP address blocks:        192.48.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/iUkoo5YnzV7l-XW9iXwtd1qymUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/iUkoo5YnzV7l-XW9iXwtd1qymUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iUkoo5YnzV7l-XW9iXwtd1qymUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:32:08:a3:93:6d:4c:df:36:d9:2b:16:16:2d:47:7d:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=894928a39627cd5ee5f975bd897c2d775ab29940
        Validity
            Not Before: Feb  6 08:19:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f30be01c361db2389ff974652faef7f0f6fb289
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:27:0f:95:b7:62:e6:33:d6:80:ed:fa:d8:96:
                    b8:92:73:b0:f7:44:82:62:41:4e:fe:d5:7f:e0:07:
                    77:38:49:d4:1d:da:b1:86:78:ab:e4:f0:59:9b:85:
                    a5:39:03:2c:f9:f6:52:0b:f7:7a:7e:70:91:cd:b1:
                    c3:0e:56:a2:2a:58:17:a5:2a:d8:83:ce:fc:de:73:
                    f2:aa:d0:73:a3:b3:3c:a1:17:2c:13:67:a2:1a:dd:
                    99:0a:ae:7c:3c:a6:59:81:0e:b1:d5:30:ec:00:6e:
                    da:9f:64:9f:74:23:89:33:58:b7:78:39:e9:36:74:
                    82:69:6c:d5:97:59:1e:81:f4:c2:11:0b:10:0b:09:
                    c3:77:6a:32:ae:db:c6:6a:f0:3f:21:f9:2b:5d:6a:
                    d5:6f:e5:fa:9e:2e:45:27:b1:4f:5a:78:58:df:0d:
                    a1:11:24:8f:f7:ac:93:17:f2:24:c5:6d:34:bc:5f:
                    8f:49:f4:4d:58:9a:7f:7f:09:f3:82:2a:9e:99:0f:
                    8f:8f:1a:12:f8:34:39:68:b7:3b:54:b7:10:2f:c4:
                    18:ad:f3:7d:6e:0e:3a:14:8b:63:95:1c:96:20:eb:
                    40:df:2d:97:bd:ca:9c:52:31:5d:77:cf:8e:c1:f0:
                    53:8f:7d:86:3d:56:49:0e:98:3a:ea:4d:07:20:54:
                    0d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:30:BE:01:C3:61:DB:23:89:FF:97:46:52:FA:EF:7F:0F:6F:B2:89
            X509v3 Authority Key Identifier:
                keyid:89:49:28:A3:96:27:CD:5E:E5:F9:75:BD:89:7C:2D:77:5A:B2:99:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iUkoo5YnzV7l-XW9iXwtd1qymUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/fzC-AcNh2yOJ_5dGUvrvfw9vsok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/iUkoo5YnzV7l-XW9iXwtd1qymUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.48.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:c7:a3:43:bc:46:6a:a3:6d:ff:e7:70:33:9a:bd:19:1f:1c:
         ab:38:8c:0c:29:78:b7:21:55:21:3f:26:b9:86:bc:9b:f4:a2:
         0e:f7:c2:25:51:d7:7f:92:ff:61:87:ce:e9:de:05:06:56:3e:
         ea:d6:20:17:3d:58:fc:58:74:ee:a8:67:67:e8:c2:99:62:1e:
         a8:db:fb:cf:f7:27:cb:21:4b:79:66:65:7d:b8:3d:11:32:7d:
         7c:0a:c6:0b:21:99:5b:5d:e5:9d:d7:ae:a4:20:a9:1c:c8:47:
         1f:ca:7a:73:40:b1:c4:8a:dd:92:38:c1:6f:fc:ef:54:9f:db:
         49:46:c3:e0:dd:94:dc:40:03:c5:63:21:5d:76:df:7b:45:8c:
         11:ef:a2:fc:e6:fb:e7:d5:09:36:e8:48:bc:fb:67:cc:7e:f3:
         a4:de:f2:8a:a5:39:83:9e:d3:fd:e2:a4:c3:ba:f4:1e:1a:c7:
         d3:35:4a:ae:44:6b:ac:2b:2c:05:41:88:af:9f:a3:f6:ba:58:
         a1:4f:4d:a8:fc:df:71:2f:e0:e5:b2:a7:81:1e:cf:80:c4:c0:
         cf:fb:5f:a4:51:3e:ff:57:0f:1c:ca:31:95:d6:9f:86:e3:86:
         4d:bf:be:35:da:fc:71:dd:16:96:30:9a:56:8d:03:d0:69:04:
         25:b5:cd:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwyCKOTbUzfNtkrFhYtR31/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NDkyOGEzOTYyN2NkNWVlNWY5NzViZDg5N2MyZDc3NWFi
Mjk5NDAwHhcNMjYwMjA2MDgxOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjMwYmUwMWMzNjFkYjIzODlmZjk3NDY1MmZhZWY3ZjBmNmZiMjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyycPlbdi5jPWgO362Ja4knOw90SC
YkFO/tV/4Ad3OEnUHdqxhnir5PBZm4WlOQMs+fZSC/d6fnCRzbHDDlaiKlgXpSrY
g8783nPyqtBzo7M8oRcsE2eiGt2ZCq58PKZZgQ6x1TDsAG7an2SfdCOJM1i3eDnp
NnSCaWzVl1kegfTCEQsQCwnDd2oyrtvGavA/IfkrXWrVb+X6ni5FJ7FPWnhY3w2h
ESSP96yTF/IkxW00vF+PSfRNWJp/fwnzgiqemQ+PjxoS+DQ5aLc7VLcQL8QYrfN9
bg46FItjlRyWIOtA3y2XvcqcUjFdd8+OwfBTj32GPVZJDpg66k0HIFQNswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8wvgHDYdsjif+XRlL6738Pb7KJMB8GA1UdIwQY
MBaAFIlJKKOWJ81e5fl1vYl8LXdasplAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVVrb281WW56VjdsLVhXOWlYd3RkMXF5bVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC82OWM3ZDEtYzQzZC00YmNkLThlNmEt
MTU5M2Q0MDQ1Y2JjLzEvZnpDLUFjTmgyeU9KXzVkR1V2cnZmdzl2c29rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC82OWM3ZDEtYzQzZC00YmNkLThlNmEtMTU5M2Q0MDQ1Y2Jj
LzEvaVVrb281WW56VjdsLVhXOWlYd3RkMXF5bVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwDAfMA0G
CSqGSIb3DQEBCwUAA4IBAQA0x6NDvEZqo23/53Azmr0ZHxyrOIwMKXi3IVUhPya5
hryb9KIO98IlUdd/kv9hh87p3gUGVj7q1iAXPVj8WHTuqGdn6MKZYh6o2/vP9yfL
IUt5ZmV9uD0RMn18CsYLIZlbXeWd166kIKkcyEcfynpzQLHEit2SOMFv/O9Un9tJ
RsPg3ZTcQAPFYyFddt97RYwR76L85vvn1Qk26Ei8+2fMfvOk3vKKpTmDntP94qTD
uvQeGsfTNUquRGusKywFQYivn6P2ulihT02o/N9xL+DlsqeBHs+AxMDP+1+kUT7/
Vw8cyjGV1p+G44ZNv7412vxx3RaWMJpWjQPQaQQltc1v
-----END CERTIFICATE-----