Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/Foozh9139Ob3t6yalUoc2B8jzgg.roa
File:                     Foozh9139Ob3t6yalUoc2B8jzgg.roa (raw, json)
Hash identifier:          R87wLYq01GyFUCIGs0k6z98fcx0Fx69moha+KyH758M=
Subject key identifier:   16:8A:33:87:DD:77:F4:E6:F7:B7:AC:9A:95:4A:1C:D8:1F:23:CE:08
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019CE14E9B75480AB2C82520223CF7CD64F0
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/Foozh9139Ob3t6yalUoc2B8jzgg.roa
Signing time:             Thu 12 Mar 2026 09:09:11 +0000
ROA not before:           Thu 12 Mar 2026 09:09:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402186
IP address blocks:        89.28.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e1:4e:9b:75:48:0a:b2:c8:25:20:22:3c:f7:cd:64:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Mar 12 09:09:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=168a3387dd77f4e6f7b7ac9a954a1cd81f23ce08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:6e:00:04:f6:32:dc:a1:96:4e:88:a4:4a:f4:
                    6b:3f:44:7e:70:9d:9d:55:59:a2:9a:58:0b:fc:77:
                    dd:c9:91:53:d4:61:ef:92:02:40:1e:20:9e:99:73:
                    a8:81:0c:b3:88:4f:11:13:f6:98:d1:46:9b:9d:68:
                    f9:47:84:f8:c7:29:00:a3:77:14:71:ec:7b:de:54:
                    a4:e1:ab:d9:2e:a7:d4:cd:d7:c8:a5:b4:f0:51:bd:
                    47:b1:7e:bb:6f:be:8a:c4:b1:d7:dc:6e:8d:d9:51:
                    16:dc:c1:16:0c:26:55:a6:19:35:62:a1:8c:51:8a:
                    bb:68:c6:c2:83:73:b8:cf:2b:97:a7:d4:91:5d:ca:
                    1f:b9:72:a7:7d:db:df:83:f2:a3:4d:e8:d2:df:cf:
                    97:54:32:b0:71:48:9d:23:f2:d0:c4:9a:fa:01:30:
                    2b:df:53:49:86:82:32:92:1f:7d:e2:3b:b9:75:7e:
                    00:0f:ba:c9:af:16:2e:d4:d2:0b:53:0a:cc:df:0a:
                    e8:f5:4c:66:e6:5d:7f:2c:3f:0d:bf:66:b5:cf:b9:
                    fb:60:22:00:08:26:50:b8:50:29:62:79:d1:a7:9d:
                    10:a9:d7:b6:35:0b:a9:4e:7f:1f:67:ad:42:0b:39:
                    16:b1:83:18:8a:e8:91:e4:16:a3:8e:b6:57:23:a1:
                    64:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:8A:33:87:DD:77:F4:E6:F7:B7:AC:9A:95:4A:1C:D8:1F:23:CE:08
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/Foozh9139Ob3t6yalUoc2B8jzgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.28.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:78:92:b6:98:fe:57:6e:49:fd:76:b5:08:72:1a:c2:97:0f:
         ea:c7:16:40:3c:79:4b:75:c5:ee:be:97:ca:f8:51:e2:1e:7a:
         17:84:5c:2b:da:5f:8f:8e:60:19:fa:9c:4b:c5:45:69:35:af:
         94:bc:49:7f:ab:ed:be:8c:d2:65:42:4b:09:b8:c0:9e:ea:e5:
         29:1e:98:72:23:2b:72:e1:74:95:1a:1b:94:13:ae:35:28:5f:
         46:db:d3:6c:79:99:61:dc:4d:8f:40:0e:24:dc:4d:23:f9:de:
         9e:4f:7c:d6:18:4c:50:20:16:c9:59:27:70:dd:16:71:c2:3f:
         35:01:e1:e8:fb:94:68:93:7c:fd:da:38:55:ac:90:eb:9c:78:
         b3:d9:47:e3:e3:0a:c2:8a:a8:7c:6a:20:9a:18:0a:94:ad:fd:
         92:b0:ab:ce:df:1b:ff:d3:ec:09:6f:97:93:64:94:48:be:26:
         92:bf:c8:13:1a:a4:54:88:a2:0c:0f:27:c7:18:9a:1f:3f:52:
         7a:d2:6f:af:79:25:1d:02:5d:23:14:c2:0d:18:f3:09:0d:3c:
         80:af:85:30:34:d3:f6:b4:99:af:47:5b:bc:e8:31:e3:43:5c:
         37:2f:50:db:25:ad:c2:5c:4e:af:ac:78:54:a5:60:c1:63:8f:
         84:19:11:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzhTpt1SAqyyCUgIjz3zWTwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwMzEyMDkwOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjhhMzM4N2RkNzdmNGU2ZjdiN2FjOWE5NTRhMWNkODFmMjNjZTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3m4ABPYy3KGWToikSvRrP0R+cJ2d
VVmimlgL/HfdyZFT1GHvkgJAHiCemXOogQyziE8RE/aY0UabnWj5R4T4xykAo3cU
cex73lSk4avZLqfUzdfIpbTwUb1HsX67b76KxLHX3G6N2VEW3MEWDCZVphk1YqGM
UYq7aMbCg3O4zyuXp9SRXcofuXKnfdvfg/KjTejS38+XVDKwcUidI/LQxJr6ATAr
31NJhoIykh994ju5dX4AD7rJrxYu1NILUwrM3wro9Uxm5l1/LD8Nv2a1z7n7YCIA
CCZQuFApYnnRp50Qqde2NQupTn8fZ61CCzkWsYMYiuiR5BajjrZXI6FkbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBaKM4fdd/Tm97esmpVKHNgfI84IMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvRm9vemg5MTM5T2IzdDZ5YWxVb2MyQjhqemdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRzNMA0G
CSqGSIb3DQEBCwUAA4IBAQBFeJK2mP5Xbkn9drUIchrClw/qxxZAPHlLdcXuvpfK
+FHiHnoXhFwr2l+PjmAZ+pxLxUVpNa+UvEl/q+2+jNJlQksJuMCe6uUpHphyIyty
4XSVGhuUE641KF9G29NseZlh3E2PQA4k3E0j+d6eT3zWGExQIBbJWSdw3RZxwj81
AeHo+5Rok3z92jhVrJDrnHiz2Ufj4wrCiqh8aiCaGAqUrf2SsKvO3xv/0+wJb5eT
ZJRIviaSv8gTGqRUiKIMDyfHGJofP1J60m+veSUdAl0jFMINGPMJDTyAr4UwNNP2
tJmvR1u86DHjQ1w3L1DbJa3CXE6vrHhUpWDBY4+EGRFM
-----END CERTIFICATE-----