Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/fzxoNfiPUD7xeSSlqYVskKUZ9gQ.roa
File:                     fzxoNfiPUD7xeSSlqYVskKUZ9gQ.roa (raw, json)
Hash identifier:          XjcQQ4lJaJtOIDs0K1l+gH5MfloiUUpBeoZaPEDBX6c=
Subject key identifier:   7F:3C:68:35:F8:8F:50:3E:F1:79:24:A5:A9:85:6C:90:A5:19:F6:04
Certificate issuer:       /CN=464952bc165441ec6e2e2010c933dc830f361731
Certificate serial:       019CD2822718246BFCAA39F3036A61911911
Authority key identifier: 46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/fzxoNfiPUD7xeSSlqYVskKUZ9gQ.roa
Signing time:             Mon 09 Mar 2026 12:11:10 +0000
ROA not before:           Mon 09 Mar 2026 12:11:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31313
IP address blocks:        185.118.4.0/23 maxlen: 24
                          188.213.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d2:82:27:18:24:6b:fc:aa:39:f3:03:6a:61:91:19:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=464952bc165441ec6e2e2010c933dc830f361731
        Validity
            Not Before: Mar  9 12:11:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f3c6835f88f503ef17924a5a9856c90a519f604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:14:c4:c3:ff:ab:c5:b7:6e:f8:f5:76:6e:38:
                    b2:8f:da:7e:7e:0f:df:d9:b9:5c:46:49:3c:10:17:
                    be:7c:6f:36:13:6d:c5:77:75:39:19:91:cf:c3:3d:
                    c2:54:59:dd:b3:14:cc:d4:28:1b:b6:d5:70:16:63:
                    b1:c7:8c:80:ff:43:f0:6c:35:6f:78:d1:58:5b:e9:
                    cf:59:10:95:ce:e4:fc:11:d9:91:c2:8e:85:96:6a:
                    b6:6e:ea:76:33:a6:c3:6e:fd:e8:d8:c1:97:df:b9:
                    70:d0:38:59:a9:02:ca:3a:4a:c3:30:6a:ea:75:b5:
                    84:bd:52:b1:a4:f2:86:af:0c:6a:d2:eb:14:54:40:
                    ef:b0:4f:69:90:70:d4:63:f8:8f:16:50:d7:6c:83:
                    f1:58:cd:81:0c:8a:21:86:77:c5:26:52:cb:8c:93:
                    aa:c5:18:1b:58:68:39:71:19:9c:7f:5e:7d:04:82:
                    e3:a9:e9:45:55:a1:47:7f:7a:cf:c7:0f:2f:d2:6a:
                    48:22:5a:3f:bc:7f:da:4f:7e:0f:6b:9c:15:cf:6b:
                    a4:59:0b:3f:4d:ad:74:e9:ae:53:fb:f4:e2:19:b6:
                    84:ba:c0:f4:6f:b7:9e:36:4f:a4:7e:03:6b:56:73:
                    fd:f3:4a:01:e1:0d:43:81:ee:09:8d:3e:10:7d:ad:
                    94:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:3C:68:35:F8:8F:50:3E:F1:79:24:A5:A9:85:6C:90:A5:19:F6:04
            X509v3 Authority Key Identifier:
                keyid:46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/fzxoNfiPUD7xeSSlqYVskKUZ9gQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.4.0/23
                  188.213.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:3e:bf:c0:f4:5e:cb:26:0e:b6:15:5f:df:a8:a3:84:29:d6:
         c4:0d:34:d7:a3:b1:70:7a:e0:a0:73:84:c7:c2:80:3a:c8:7c:
         87:0e:37:dc:84:93:67:f8:f4:ca:41:bb:15:ae:03:3a:3a:a4:
         44:ee:4a:49:41:67:36:eb:d3:27:66:4e:13:69:86:16:70:f9:
         ef:16:0a:a7:d6:d4:17:7c:75:45:54:d8:ea:0b:24:a5:f5:08:
         40:f7:6a:b0:92:0a:c1:a9:68:e5:26:ed:68:c3:af:43:9c:d8:
         82:42:c7:b7:71:31:1a:07:6e:a7:f1:e3:27:bd:3a:e5:32:94:
         7e:ce:61:72:64:8b:2a:af:35:3d:2e:25:b0:3e:36:c3:54:12:
         15:cb:2a:da:5e:44:61:a7:74:23:72:ad:5c:a9:c9:71:0b:4f:
         6c:c6:f9:8f:05:b4:46:43:ca:51:3d:26:1d:30:ca:ff:7c:98:
         5a:5a:f5:63:12:1f:4a:46:bd:ea:28:9e:12:87:28:34:af:57:
         4a:38:24:2c:01:7c:ec:84:21:bc:30:f2:17:c7:a8:fc:b2:ec:
         a1:ad:5d:5e:d2:3c:81:1d:e9:c4:77:52:91:01:4e:03:7f:f8:
         b3:fc:62:c7:2a:2d:9b:01:93:3d:50:10:d2:c0:77:eb:8d:b1:
         2a:7d:bd:ee
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzSgicYJGv8qjnzA2phkRkRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NDk1MmJjMTY1NDQxZWM2ZTJlMjAxMGM5MzNkYzgzMGYz
NjE3MzEwHhcNMjYwMzA5MTIxMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjNjNjgzNWY4OGY1MDNlZjE3OTI0YTVhOTg1NmM5MGE1MTlmNjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRTEw/+rxbdu+PV2bjiyj9p+fg/f
2blcRkk8EBe+fG82E23Fd3U5GZHPwz3CVFndsxTM1CgbttVwFmOxx4yA/0PwbDVv
eNFYW+nPWRCVzuT8EdmRwo6Flmq2bup2M6bDbv3o2MGX37lw0DhZqQLKOkrDMGrq
dbWEvVKxpPKGrwxq0usUVEDvsE9pkHDUY/iPFlDXbIPxWM2BDIohhnfFJlLLjJOq
xRgbWGg5cRmcf159BILjqelFVaFHf3rPxw8v0mpIIlo/vH/aT34Pa5wVz2ukWQs/
Ta106a5T+/TiGbaEusD0b7eeNk+kfgNrVnP980oB4Q1Dge4JjT4Qfa2UMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH88aDX4j1A+8XkkpamFbJClGfYEMB8GA1UdIwQY
MBaAFEZJUrwWVEHsbi4gEMkz3IMPNhcxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQt
ODQyODU4MTIyYmJjLzEvZnp4b05maVBVRDd4ZVNTbHFZVnNrS1VaOWdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQtODQyODU4MTIyYmJj
LzEvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuXYEAwQA
vNUjMA0GCSqGSIb3DQEBCwUAA4IBAQBqPr/A9F7LJg62FV/fqKOEKdbEDTTXo7Fw
euCgc4THwoA6yHyHDjfchJNn+PTKQbsVrgM6OqRE7kpJQWc269MnZk4TaYYWcPnv
Fgqn1tQXfHVFVNjqCySl9QhA92qwkgrBqWjlJu1ow69DnNiCQse3cTEaB26n8eMn
vTrlMpR+zmFyZIsqrzU9LiWwPjbDVBIVyyraXkRhp3Qjcq1cqclxC09sxvmPBbRG
Q8pRPSYdMMr/fJhaWvVjEh9KRr3qKJ4Shyg0r1dKOCQsAXzshCG8MPIXx6j8suyh
rV1e0jyBHenEd1KRAU4Df/iz/GLHKi2bAZM9UBDSwHfrjbEqfb3u
-----END CERTIFICATE-----