Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/FKnKoarmmi6ha7YNrynCE7-GlPM.roa
File:                     FKnKoarmmi6ha7YNrynCE7-GlPM.roa (raw, json)
Hash identifier:          oKaYSJE4mcvvEbQGIWsb5jJI9dhGriaheyAzBdZoE4M=
Subject key identifier:   14:A9:CA:A1:AA:E6:9A:2E:A1:6B:B6:0D:AF:29:C2:13:BF:86:94:F3
Certificate issuer:       /CN=126c660b30f5692b2b16e289b24901c518fda520
Certificate serial:       019D1F2DA8204DC4C8806D963801914B4D51
Authority key identifier: 12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/FKnKoarmmi6ha7YNrynCE7-GlPM.roa
Signing time:             Tue 24 Mar 2026 09:29:39 +0000
ROA not before:           Tue 24 Mar 2026 09:29:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19211
IP address blocks:        45.83.112.0/22 maxlen: 24
                          185.181.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1f:2d:a8:20:4d:c4:c8:80:6d:96:38:01:91:4b:4d:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=126c660b30f5692b2b16e289b24901c518fda520
        Validity
            Not Before: Mar 24 09:29:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=14a9caa1aae69a2ea16bb60daf29c213bf8694f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:03:00:fb:4d:7b:ae:89:01:96:5f:6a:3b:e0:
                    70:7b:93:60:97:30:a0:14:d5:27:f4:9a:82:5a:90:
                    48:da:72:85:e4:e8:bf:36:63:c7:ef:ab:44:14:d6:
                    1c:bb:0e:ff:3b:bb:5e:a2:00:5c:e0:c7:3e:87:52:
                    f8:eb:0f:30:e8:9d:59:0c:c1:52:53:f0:af:e4:e5:
                    ca:cf:27:cd:6a:0c:bc:03:12:47:e2:57:3c:f5:8c:
                    5b:20:06:f1:6d:2a:fe:0e:1a:84:d1:39:87:bf:31:
                    d0:43:82:0e:ce:b6:87:ba:63:4a:31:a0:de:72:d8:
                    20:93:68:e0:7e:f5:66:27:bb:5f:af:d8:e2:2e:7e:
                    17:91:d2:46:63:e2:13:b8:58:47:8a:e1:fa:7a:18:
                    6b:72:b6:d6:a7:90:fd:04:3c:3d:1e:68:cd:8e:1d:
                    7b:32:87:ec:4c:4f:cd:5b:6c:9f:38:53:93:5a:a5:
                    ab:ab:a9:23:45:3b:0a:6c:16:84:0b:19:69:8a:cb:
                    2c:88:fc:ec:d4:4c:67:27:e1:e2:78:eb:f7:ab:e4:
                    06:15:44:dd:6c:07:96:24:a9:57:f0:52:7e:8b:c8:
                    52:2c:26:04:4b:b6:d3:d7:ff:10:7e:19:0c:b5:4e:
                    0c:4b:46:18:9f:5a:1b:ac:61:b5:9e:c8:ca:ed:14:
                    60:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:A9:CA:A1:AA:E6:9A:2E:A1:6B:B6:0D:AF:29:C2:13:BF:86:94:F3
            X509v3 Authority Key Identifier:
                keyid:12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/FKnKoarmmi6ha7YNrynCE7-GlPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.112.0/22
                  185.181.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:89:8d:fd:e1:78:2b:b1:6e:49:56:4f:39:09:10:33:9a:43:
         7e:05:a9:f6:b3:84:9b:10:16:77:34:b4:e0:8e:e4:11:64:b1:
         3e:6f:bf:92:48:e2:47:fe:f9:c4:4b:1f:06:a5:6c:9f:fd:7d:
         a6:ab:25:ee:5e:26:f5:29:6e:06:5c:64:f4:74:1f:fd:0a:fd:
         e4:32:6e:02:d3:27:f6:e5:90:91:2a:90:3a:60:ea:92:11:60:
         1c:9f:8f:cc:f5:dc:70:64:08:29:08:39:3c:51:34:d5:8a:53:
         84:96:e9:78:9b:55:6b:48:42:8e:5b:47:60:0b:a0:c2:38:f9:
         59:05:56:57:69:a5:a9:cc:2f:ca:00:3a:94:2c:80:e6:5d:6e:
         82:6b:70:12:be:62:f6:17:96:6d:5f:9f:54:b7:53:fa:77:78:
         57:02:68:98:de:ac:4c:d2:4f:df:96:a6:c0:aa:b9:bf:5a:b4:
         93:54:41:0f:a6:ac:0a:24:bb:e5:6d:63:6f:55:1f:79:9c:13:
         a1:85:7f:e9:22:30:3e:f8:34:0e:34:49:20:cf:5d:b3:4a:36:
         89:6d:b5:33:11:14:30:fb:3f:11:14:4c:92:31:95:13:93:fa:
         9c:c2:f0:b4:68:ba:d9:13:a4:75:4c:df:d0:6f:ad:fb:77:48:
         c0:93:6b:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0fLaggTcTIgG2WOAGRS01RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNmM2NjBiMzBmNTY5MmIyYjE2ZTI4OWIyNDkwMWM1MThm
ZGE1MjAwHhcNMjYwMzI0MDkyOTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGE5Y2FhMWFhZTY5YTJlYTE2YmI2MGRhZjI5YzIxM2JmODY5NGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gMA+017rokBll9qO+Bwe5NglzCg
FNUn9JqCWpBI2nKF5Oi/NmPH76tEFNYcuw7/O7teogBc4Mc+h1L46w8w6J1ZDMFS
U/Cv5OXKzyfNagy8AxJH4lc89YxbIAbxbSr+DhqE0TmHvzHQQ4IOzraHumNKMaDe
ctggk2jgfvVmJ7tfr9jiLn4XkdJGY+ITuFhHiuH6ehhrcrbWp5D9BDw9HmjNjh17
MofsTE/NW2yfOFOTWqWrq6kjRTsKbBaECxlpisssiPzs1ExnJ+HieOv3q+QGFUTd
bAeWJKlX8FJ+i8hSLCYES7bT1/8QfhkMtU4MS0YYn1obrGG1nsjK7RRgxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBSpyqGq5pouoWu2Da8pwhO/hpTzMB8GA1UdIwQY
MBaAFBJsZgsw9WkrKxbiibJJAcUY/aUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjIt
NDM4YWNiNzJmYzViLzEvRktuS29hcm1taTZoYTdZTnJ5bkNFNy1HbFBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjItNDM4YWNiNzJmYzVi
LzEvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVNwAwQC
ubU4MA0GCSqGSIb3DQEBCwUAA4IBAQA/iY394XgrsW5JVk85CRAzmkN+Ban2s4Sb
EBZ3NLTgjuQRZLE+b7+SSOJH/vnESx8GpWyf/X2mqyXuXib1KW4GXGT0dB/9Cv3k
Mm4C0yf25ZCRKpA6YOqSEWAcn4/M9dxwZAgpCDk8UTTVilOElul4m1VrSEKOW0dg
C6DCOPlZBVZXaaWpzC/KADqULIDmXW6Ca3ASvmL2F5ZtX59Ut1P6d3hXAmiY3qxM
0k/flqbAqrm/WrSTVEEPpqwKJLvlbWNvVR95nBOhhX/pIjA++DQONEkgz12zSjaJ
bbUzERQw+z8RFEySMZUTk/qcwvC0aLrZE6R1TN/Qb637d0jAk2tz
-----END CERTIFICATE-----