Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/FkRKPYmdQ_5Uw6uf-qrKiu1z604.roa
File:                     FkRKPYmdQ_5Uw6uf-qrKiu1z604.roa (raw, json)
Hash identifier:          7d3RQe8zUsFi/wr7V2puj4vtJZCBuk3sMl8g2gQ6BlI=
Subject key identifier:   16:44:4A:3D:89:9D:43:FE:54:C3:AB:9F:FA:AA:CA:8A:ED:73:EB:4E
Certificate issuer:       /CN=cd4065967dec092b5fc90152e4a95339ba1d2289
Certificate serial:       019CD2A14815BB50039A1795B5550CEF93EE
Authority key identifier: CD:40:65:96:7D:EC:09:2B:5F:C9:01:52:E4:A9:53:39:BA:1D:22:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zUBlln3sCStfyQFS5KlTObodIok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/FkRKPYmdQ_5Uw6uf-qrKiu1z604.roa
Signing time:             Mon 09 Mar 2026 12:45:10 +0000
ROA not before:           Mon 09 Mar 2026 12:45:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        185.144.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/zUBlln3sCStfyQFS5KlTObodIok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/zUBlln3sCStfyQFS5KlTObodIok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zUBlln3sCStfyQFS5KlTObodIok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d2:a1:48:15:bb:50:03:9a:17:95:b5:55:0c:ef:93:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd4065967dec092b5fc90152e4a95339ba1d2289
        Validity
            Not Before: Mar  9 12:45:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=16444a3d899d43fe54c3ab9ffaaaca8aed73eb4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:af:05:38:92:8e:9a:60:fc:ea:2a:9a:f1:72:
                    81:58:97:24:28:9d:57:3e:cb:a7:d4:33:9d:0b:88:
                    40:e9:c6:67:f8:2a:bb:d4:2d:74:79:20:70:9b:6e:
                    61:de:92:56:f0:c5:3e:b3:b8:4d:91:d3:05:6a:08:
                    39:16:03:c4:ae:af:24:c6:10:12:3a:e5:f4:7e:c9:
                    8d:c9:5d:f4:64:cf:91:29:af:32:c6:6e:42:32:af:
                    24:8e:31:23:c0:d0:3e:5b:02:cd:2f:76:d9:18:7e:
                    2f:71:5f:94:31:d9:aa:d3:ea:fc:a7:49:1f:be:bb:
                    4f:d4:c1:65:4c:04:d0:48:30:0a:7c:ac:a7:f4:47:
                    c4:f5:ef:f9:7c:87:ed:76:a2:35:3a:93:30:cb:87:
                    fc:a8:6a:68:9b:dd:6f:b7:f1:7a:84:c7:80:40:59:
                    ea:c9:03:d8:e2:0e:ab:96:5a:fc:d4:a7:93:e8:a9:
                    99:c4:4e:ac:ad:ec:e4:29:5c:c9:cb:04:c3:f0:19:
                    05:21:3f:58:43:cf:5d:ce:f1:05:ce:94:8f:29:2f:
                    81:36:7b:03:06:2f:5f:9f:6c:b2:96:3f:be:9b:58:
                    be:5d:10:dd:ca:b2:a5:4f:4b:67:02:7f:14:44:31:
                    e0:2b:95:03:f4:a0:0e:ed:53:09:4e:e7:3b:34:8f:
                    0e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:44:4A:3D:89:9D:43:FE:54:C3:AB:9F:FA:AA:CA:8A:ED:73:EB:4E
            X509v3 Authority Key Identifier:
                keyid:CD:40:65:96:7D:EC:09:2B:5F:C9:01:52:E4:A9:53:39:BA:1D:22:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zUBlln3sCStfyQFS5KlTObodIok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/FkRKPYmdQ_5Uw6uf-qrKiu1z604.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/zUBlln3sCStfyQFS5KlTObodIok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:6a:b8:7b:ff:d6:f4:db:1f:01:fb:fa:63:e6:50:76:4b:b6:
         50:0c:6c:d3:56:7a:09:d9:b3:dd:08:b4:61:54:c8:a7:e3:ac:
         7e:07:c0:7a:b3:8d:57:ef:a9:bb:e9:70:ca:72:3c:a1:41:33:
         40:b2:39:9f:f0:a6:bf:a7:da:3c:78:d1:8d:db:d7:c5:a2:59:
         a7:72:88:cf:f9:5a:a0:56:c2:6c:ab:35:fc:35:5c:09:1e:9c:
         39:49:37:c1:e1:0d:67:09:92:5d:5d:04:ca:cf:21:58:68:19:
         4b:f1:59:9d:b0:a7:38:22:6b:01:12:bb:b8:5f:fb:8c:08:84:
         42:0c:09:34:e1:13:6b:b7:14:42:1b:bc:fd:ba:74:93:bd:9c:
         78:79:41:e7:88:08:62:b8:25:58:b3:3e:9d:30:a4:ca:bf:f3:
         79:13:92:c6:aa:b6:46:b0:90:b7:d3:65:9b:25:fe:93:12:8f:
         63:38:d0:1b:38:9c:87:4a:ea:e4:21:f0:2e:4b:c4:63:84:bb:
         2d:27:48:5c:bd:6d:b2:0e:be:f2:62:01:bb:89:69:c4:c8:16:
         11:04:25:e0:01:e8:3a:6f:cb:14:c7:21:28:d3:69:0f:a9:39:
         8f:e9:f7:00:9c:12:1a:cf:19:fa:40:af:dc:eb:1a:8d:a9:4c:
         9a:18:19:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzSoUgVu1ADmheVtVUM75PuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNDA2NTk2N2RlYzA5MmI1ZmM5MDE1MmU0YTk1MzM5YmEx
ZDIyODkwHhcNMjYwMzA5MTI0NTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjQ0NGEzZDg5OWQ0M2ZlNTRjM2FiOWZmYWFhY2E4YWVkNzNlYjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzK8FOJKOmmD86iqa8XKBWJckKJ1X
Psun1DOdC4hA6cZn+Cq71C10eSBwm25h3pJW8MU+s7hNkdMFagg5FgPErq8kxhAS
OuX0fsmNyV30ZM+RKa8yxm5CMq8kjjEjwNA+WwLNL3bZGH4vcV+UMdmq0+r8p0kf
vrtP1MFlTATQSDAKfKyn9EfE9e/5fIftdqI1OpMwy4f8qGpom91vt/F6hMeAQFnq
yQPY4g6rllr81KeT6KmZxE6srezkKVzJywTD8BkFIT9YQ89dzvEFzpSPKS+BNnsD
Bi9fn2yylj++m1i+XRDdyrKlT0tnAn8URDHgK5UD9KAO7VMJTuc7NI8OAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZESj2JnUP+VMOrn/qqyortc+tOMB8GA1UdIwQY
MBaAFM1AZZZ97AkrX8kBUuSpUzm6HSKJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelVCbGxuM3NDU3RmeVFGUzVLbFRPYm9kSW9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85NDRmMmEtZjY3My00MmJmLTllM2Qt
ZWRjZWY3NDUxZWY0LzEvRmtSS1BZbWRRXzVVdzZ1Zi1xcktpdTF6NjA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85NDRmMmEtZjY3My00MmJmLTllM2QtZWRjZWY3NDUxZWY0
LzEvelVCbGxuM3NDU3RmeVFGUzVLbFRPYm9kSW9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZAMMA0G
CSqGSIb3DQEBCwUAA4IBAQBCarh7/9b02x8B+/pj5lB2S7ZQDGzTVnoJ2bPdCLRh
VMin46x+B8B6s41X76m76XDKcjyhQTNAsjmf8Ka/p9o8eNGN29fFolmncojP+Vqg
VsJsqzX8NVwJHpw5STfB4Q1nCZJdXQTKzyFYaBlL8VmdsKc4ImsBEru4X/uMCIRC
DAk04RNrtxRCG7z9unSTvZx4eUHniAhiuCVYsz6dMKTKv/N5E5LGqrZGsJC302Wb
Jf6TEo9jONAbOJyHSurkIfAuS8RjhLstJ0hcvW2yDr7yYgG7iWnEyBYRBCXgAeg6
b8sUxyEo02kPqTmP6fcAnBIazxn6QK/c6xqNqUyaGBmo
-----END CERTIFICATE-----