Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/Fg5HAyCv6b7sSfLqSOcD2vtlGl8.roa
File:                     Fg5HAyCv6b7sSfLqSOcD2vtlGl8.roa (raw, json)
Hash identifier:          Y5ctBSFcozZDys/LCzFhu11DBzWJnR4MW+cvCOiTB2A=
Subject key identifier:   16:0E:47:03:20:AF:E9:BE:EC:49:F2:EA:48:E7:03:DA:FB:65:1A:5F
Certificate issuer:       /CN=1c4e6a1d3cc1e4f3dc01ab96c94196b9c49d2916
Certificate serial:       019CD2B82BA91A5F35B3B3695F833FFACA17
Authority key identifier: 1C:4E:6A:1D:3C:C1:E4:F3:DC:01:AB:96:C9:41:96:B9:C4:9D:29:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/Fg5HAyCv6b7sSfLqSOcD2vtlGl8.roa
Signing time:             Mon 09 Mar 2026 13:10:10 +0000
ROA not before:           Mon 09 Mar 2026 13:10:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198584
IP address blocks:        194.88.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d2:b8:2b:a9:1a:5f:35:b3:b3:69:5f:83:3f:fa:ca:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c4e6a1d3cc1e4f3dc01ab96c94196b9c49d2916
        Validity
            Not Before: Mar  9 13:10:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=160e470320afe9beec49f2ea48e703dafb651a5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:69:06:1d:b4:84:f2:bc:1c:7b:21:0e:88:78:
                    5f:9b:d6:a1:20:eb:f0:48:b8:98:c8:e6:fc:6f:1a:
                    63:61:58:bb:54:29:e3:d6:cd:2d:12:ea:8d:ef:6c:
                    7e:aa:be:a7:dc:0e:d2:50:19:b1:ce:17:6a:52:90:
                    eb:cf:8e:f5:68:9a:fa:a1:e3:20:08:f4:ea:cb:2e:
                    84:35:9b:fe:84:93:e8:81:6e:f8:22:c3:b8:58:57:
                    0c:13:df:9a:22:ab:75:f5:d5:61:7f:57:8a:2f:8d:
                    02:b6:92:bd:62:ba:44:8c:a9:c1:3a:8c:4d:e7:1a:
                    b8:17:17:87:e7:18:bc:78:37:71:c7:a5:87:76:4d:
                    5a:1e:96:9d:17:a5:d0:e2:6f:b0:a2:a9:73:a6:2e:
                    0f:2d:c5:0b:c3:fb:c9:d7:64:7b:a4:e6:5a:2e:3e:
                    75:16:b9:6b:85:f8:91:9a:54:0e:c8:35:1d:11:e1:
                    bf:60:45:0a:e2:15:b1:de:8f:70:ae:f2:54:13:a4:
                    65:f1:6d:64:e1:9f:01:4d:61:99:bf:65:65:41:f2:
                    94:26:d1:11:83:96:2f:e9:33:fc:12:aa:c9:7a:9b:
                    21:f5:ba:41:bb:ee:d9:52:59:77:2b:4b:3a:bf:af:
                    aa:e3:12:00:7e:ad:1e:01:5e:cb:41:d6:57:9c:93:
                    25:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:0E:47:03:20:AF:E9:BE:EC:49:F2:EA:48:E7:03:DA:FB:65:1A:5F
            X509v3 Authority Key Identifier:
                keyid:1C:4E:6A:1D:3C:C1:E4:F3:DC:01:AB:96:C9:41:96:B9:C4:9D:29:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HE5qHTzB5PPcAauWyUGWucSdKRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/Fg5HAyCv6b7sSfLqSOcD2vtlGl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/96b117-fd3b-4f74-b3bf-1a42f632c307/1/HE5qHTzB5PPcAauWyUGWucSdKRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:57:bc:4e:fd:6a:99:96:2b:89:39:13:eb:d6:4a:23:15:57:
         ea:83:b7:39:22:03:3d:38:31:75:45:bf:9a:04:8b:83:e4:17:
         d6:02:f1:0c:15:6e:31:42:aa:6f:9f:5f:c6:e4:a6:02:7f:89:
         a7:bd:16:a9:ea:92:03:ee:1b:8f:96:3a:84:7d:2b:ab:f4:d7:
         74:d2:3c:09:06:72:d4:d6:04:81:c7:18:54:71:a9:47:d1:be:
         c7:c9:22:f9:40:12:df:e8:80:3b:83:6c:bb:ab:6c:2d:17:f6:
         e2:65:bf:a9:bb:1d:48:37:c3:5e:c0:59:ce:0e:45:5b:fc:b6:
         3f:2a:5d:6e:fb:71:17:c8:5c:51:5e:d6:26:82:0a:d4:51:68:
         da:60:28:ba:50:94:ca:f7:43:e9:f0:fb:f9:d1:5a:ae:8b:34:
         cb:c6:8f:ba:c5:bc:55:e3:ae:01:23:2a:e0:4b:44:68:78:0d:
         93:30:70:75:e8:16:a3:d4:56:0d:b3:17:2f:db:1c:3e:c6:12:
         86:00:24:86:5c:e6:c6:ca:4e:94:64:c2:bd:1a:7f:7f:92:4a:
         38:dc:77:6c:82:de:3e:5a:e1:68:94:69:39:b9:42:17:71:47:
         03:7d:5b:f4:56:2f:44:a3:76:82:ac:19:0f:4b:b2:f6:bf:3c:
         4f:dd:51:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzSuCupGl81s7NpX4M/+soXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNGU2YTFkM2NjMWU0ZjNkYzAxYWI5NmM5NDE5NmI5YzQ5
ZDI5MTYwHhcNMjYwMzA5MTMxMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjBlNDcwMzIwYWZlOWJlZWM0OWYyZWE0OGU3MDNkYWZiNjUxYTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmkGHbSE8rwceyEOiHhfm9ahIOvw
SLiYyOb8bxpjYVi7VCnj1s0tEuqN72x+qr6n3A7SUBmxzhdqUpDrz471aJr6oeMg
CPTqyy6ENZv+hJPogW74IsO4WFcME9+aIqt19dVhf1eKL40CtpK9YrpEjKnBOoxN
5xq4FxeH5xi8eDdxx6WHdk1aHpadF6XQ4m+woqlzpi4PLcULw/vJ12R7pOZaLj51
FrlrhfiRmlQOyDUdEeG/YEUK4hWx3o9wrvJUE6Rl8W1k4Z8BTWGZv2VlQfKUJtER
g5Yv6TP8EqrJepsh9bpBu+7ZUll3K0s6v6+q4xIAfq0eAV7LQdZXnJMlcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYORwMgr+m+7Eny6kjnA9r7ZRpfMB8GA1UdIwQY
MBaAFBxOah08weTz3AGrlslBlrnEnSkWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEU1cUhUekI1UFBjQWF1V3lVR1d1Y1NkS1JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi85NmIxMTctZmQzYi00Zjc0LWIzYmYt
MWE0MmY2MzJjMzA3LzEvRmc1SEF5Q3Y2YjdzU2ZMcVNPY0QydnRsR2w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi85NmIxMTctZmQzYi00Zjc0LWIzYmYtMWE0MmY2MzJjMzA3
LzEvSEU1cUhUekI1UFBjQWF1V3lVR1d1Y1NkS1JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwljoMA0G
CSqGSIb3DQEBCwUAA4IBAQBkV7xO/WqZliuJORPr1kojFVfqg7c5IgM9ODF1Rb+a
BIuD5BfWAvEMFW4xQqpvn1/G5KYCf4mnvRap6pID7huPljqEfSur9Nd00jwJBnLU
1gSBxxhUcalH0b7HySL5QBLf6IA7g2y7q2wtF/biZb+pux1IN8NewFnODkVb/LY/
Kl1u+3EXyFxRXtYmggrUUWjaYCi6UJTK90Pp8Pv50VquizTLxo+6xbxV464BIyrg
S0RoeA2TMHB16Baj1FYNsxcv2xw+xhKGACSGXObGyk6UZMK9Gn9/kko43Hdsgt4+
WuFolGk5uUIXcUcDfVv0Vi9Eo3aCrBkPS7L2vzxP3VGS
-----END CERTIFICATE-----