Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/fhYFfzpNCeYN-6aptUrvJYkFapA.roa
File:                     fhYFfzpNCeYN-6aptUrvJYkFapA.roa (raw, json)
Hash identifier:          7EPT/rc6IdHoTsikhb5A89BATansqIVi1Qzsfs6cwdU=
Subject key identifier:   7E:16:05:7F:3A:4D:09:E6:0D:FB:A6:A9:B5:4A:EF:25:89:05:6A:90
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       019CE68F83B705A82850A2D216E47127237D
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/fhYFfzpNCeYN-6aptUrvJYkFapA.roa
Signing time:             Fri 13 Mar 2026 09:38:10 +0000
ROA not before:           Fri 13 Mar 2026 09:38:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61090
IP address blocks:        213.0.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 12:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e6:8f:83:b7:05:a8:28:50:a2:d2:16:e4:71:27:23:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Mar 13 09:38:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7e16057f3a4d09e60dfba6a9b54aef2589056a90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:fe:7a:ab:ec:fd:f8:06:a9:ba:3b:45:d7:a9:
                    85:8c:26:7f:d2:77:76:7a:e6:74:64:e8:fc:c1:05:
                    d8:e3:42:44:df:d3:d2:e0:22:74:28:b4:06:d7:ad:
                    3d:82:78:e1:d0:bf:71:8b:a3:d3:cc:90:97:46:42:
                    75:dd:bd:ac:bd:b5:b0:59:06:d2:51:24:ba:57:fa:
                    d0:8c:8e:06:43:03:87:6e:f1:2d:ba:c2:b9:bf:07:
                    4a:3e:61:fa:fc:db:cf:b8:43:a9:1e:3e:8c:97:f8:
                    ff:1b:f3:91:23:d4:1b:18:e8:6d:62:93:21:bf:ee:
                    03:31:9d:47:da:cd:87:7c:b6:b8:a6:0f:1b:74:c9:
                    83:01:8e:22:a8:22:4b:a0:f5:59:a3:51:9a:1f:75:
                    31:1b:b9:ed:02:01:3a:3b:0e:ab:62:6a:16:99:3c:
                    7b:30:a4:b6:a0:92:f6:2c:50:fe:ca:94:0b:2c:f8:
                    ca:cd:8f:b1:67:a8:18:be:1d:f8:07:79:f9:54:15:
                    69:71:e3:1c:20:54:7c:f0:92:05:a4:10:97:c1:2e:
                    9c:a6:d7:b2:f4:ea:23:15:ba:ce:32:4e:22:6a:0e:
                    e1:a6:5d:e4:ff:cc:d9:8f:c5:80:39:a8:84:6a:33:
                    f5:a8:7a:9e:65:b2:62:2e:08:fb:58:f1:af:e6:ca:
                    bf:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:16:05:7F:3A:4D:09:E6:0D:FB:A6:A9:B5:4A:EF:25:89:05:6A:90
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/fhYFfzpNCeYN-6aptUrvJYkFapA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.0.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:f2:28:c1:1c:1a:dc:5f:94:44:b6:c3:ad:c6:aa:d4:71:16:
         7d:70:0d:69:d6:af:2c:f8:e1:29:9d:24:5b:f5:18:ac:10:0a:
         36:d2:76:c8:a8:e3:67:60:f2:11:28:29:f9:c2:32:9d:80:7f:
         5d:29:90:dc:e4:11:bd:17:9c:d9:05:5a:4b:4b:d6:82:26:6e:
         58:93:39:d1:0f:2d:db:94:46:9d:66:1d:56:5a:79:ec:bc:01:
         e0:1f:1e:64:d5:eb:87:ed:cb:2b:5b:5f:19:f6:9c:e2:82:49:
         bf:73:29:e7:de:4e:93:93:82:04:ce:35:07:e2:fd:07:5d:5e:
         eb:bb:97:f9:12:a2:01:72:e7:42:55:53:92:96:eb:01:ef:24:
         76:98:bf:62:fa:39:b4:f2:5b:d3:4a:65:15:d3:18:25:b0:39:
         20:b0:2a:01:ec:d6:50:c7:44:c3:c6:e9:78:7b:de:c3:1b:2b:
         08:7e:f1:95:bc:ff:cd:1b:ed:c6:d5:ac:48:27:b8:be:29:e9:
         01:1f:c8:9f:9c:e2:56:79:4a:d0:46:48:79:61:a8:c1:f8:bf:
         f4:c1:ef:48:29:85:75:56:18:03:d6:5e:2b:6f:48:a2:5e:c5:
         f6:1c:a8:48:ab:38:0c:d3:46:0e:66:89:b5:f8:48:75:ad:55:
         98:6b:76:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzmj4O3BagoUKLSFuRxJyN9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjYwMzEzMDkzODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTE2MDU3ZjNhNGQwOWU2MGRmYmE2YTliNTRhZWYyNTg5MDU2YTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/56q+z9+AapujtF16mFjCZ/0nd2
euZ0ZOj8wQXY40JE39PS4CJ0KLQG1609gnjh0L9xi6PTzJCXRkJ13b2svbWwWQbS
USS6V/rQjI4GQwOHbvEtusK5vwdKPmH6/NvPuEOpHj6Ml/j/G/ORI9QbGOhtYpMh
v+4DMZ1H2s2HfLa4pg8bdMmDAY4iqCJLoPVZo1GaH3UxG7ntAgE6Ow6rYmoWmTx7
MKS2oJL2LFD+ypQLLPjKzY+xZ6gYvh34B3n5VBVpceMcIFR88JIFpBCXwS6cptey
9OojFbrOMk4iag7hpl3k/8zZj8WAOaiEajP1qHqeZbJiLgj7WPGv5sq/1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4WBX86TQnmDfumqbVK7yWJBWqQMB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvZmhZRmZ6cE5DZVlOLTZhcHRVcnZKWWtGYXBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1QANMA0G
CSqGSIb3DQEBCwUAA4IBAQBE8ijBHBrcX5REtsOtxqrUcRZ9cA1p1q8s+OEpnSRb
9RisEAo20nbIqONnYPIRKCn5wjKdgH9dKZDc5BG9F5zZBVpLS9aCJm5YkznRDy3b
lEadZh1WWnnsvAHgHx5k1euH7csrW18Z9pzigkm/cynn3k6Tk4IEzjUH4v0HXV7r
u5f5EqIBcudCVVOSlusB7yR2mL9i+jm08lvTSmUV0xglsDkgsCoB7NZQx0TDxul4
e97DGysIfvGVvP/NG+3G1axIJ7i+KekBH8ifnOJWeUrQRkh5YajB+L/0we9IKYV1
VhgD1l4rb0iiXsX2HKhIqzgM00YOZom1+Eh1rVWYa3bi
-----END CERTIFICATE-----