Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/c0bfe8-9a3e-4000-adf8-ff287c062b61/1/spfof1qfNrG8DP4YucletEfRpvg.roa
File:                     spfof1qfNrG8DP4YucletEfRpvg.roa (raw, json)
Hash identifier:          0XwtNa6D8NCr9C81FgWMcj2pj/49mCSFu4hQMqHa/Lc=
Subject key identifier:   B2:97:E8:7F:5A:9F:36:B1:BC:0C:FE:18:B9:C9:5E:B4:47:D1:A6:F8
Certificate issuer:       /CN=c45a6011c6b76158c0f6c5c272d82d8027f88fa3
Certificate serial:       019B79ED60C4C3CD733DB74843C8183305E2
Authority key identifier: C4:5A:60:11:C6:B7:61:58:C0:F6:C5:C2:72:D8:2D:80:27:F8:8F:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xFpgEca3YVjA9sXCctgtgCf4j6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/c0bfe8-9a3e-4000-adf8-ff287c062b61/1/spfof1qfNrG8DP4YucletEfRpvg.roa
Signing time:             Thu 01 Jan 2026 14:19:18 +0000
ROA not before:           Thu 01 Jan 2026 14:19:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200125
IP address blocks:        89.39.168.0/22 maxlen: 22
                          185.35.196.0/22 maxlen: 22
                          185.238.64.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/c0bfe8-9a3e-4000-adf8-ff287c062b61/1/xFpgEca3YVjA9sXCctgtgCf4j6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/c0bfe8-9a3e-4000-adf8-ff287c062b61/1/xFpgEca3YVjA9sXCctgtgCf4j6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xFpgEca3YVjA9sXCctgtgCf4j6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 14:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:60:c4:c3:cd:73:3d:b7:48:43:c8:18:33:05:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c45a6011c6b76158c0f6c5c272d82d8027f88fa3
        Validity
            Not Before: Jan  1 14:19:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b297e87f5a9f36b1bc0cfe18b9c95eb447d1a6f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ca:a9:e1:d3:70:cd:68:90:40:0f:06:aa:a3:
                    77:af:97:67:de:05:21:b4:83:6c:74:87:91:08:eb:
                    d3:f7:61:44:55:b8:30:5f:7c:cd:43:13:44:57:45:
                    e9:78:f5:6c:a3:43:10:2f:72:93:48:8f:51:5b:d9:
                    69:63:a5:74:f1:8e:e5:62:1e:af:03:1d:5b:91:40:
                    3c:41:71:db:64:f9:f1:e0:6b:f8:9d:24:27:92:a3:
                    d0:5b:d9:a2:40:14:1d:e0:e9:f3:08:1d:85:86:38:
                    db:26:b9:58:92:df:91:98:10:11:a5:cc:51:fa:fc:
                    77:8d:25:37:a1:6d:c1:b0:c4:21:02:9e:be:ca:b0:
                    b4:cd:d6:9f:ee:53:52:80:38:ad:59:a7:cf:b1:67:
                    20:e7:96:e7:03:73:d2:de:e3:c6:3c:39:52:32:96:
                    52:fd:59:e5:76:b1:24:7d:f8:62:a7:f7:37:5b:a6:
                    fc:72:16:f4:04:d2:6b:f8:cf:34:d3:af:ac:b4:d6:
                    aa:13:75:b4:13:b1:f8:7a:a3:78:e3:12:d1:de:8b:
                    f9:15:f1:0b:c4:1e:c7:91:13:22:d4:33:5e:98:d6:
                    f2:f0:05:e2:c1:36:61:75:12:09:8b:60:ed:2d:0f:
                    ac:e6:8a:0e:40:67:0a:03:32:45:22:ba:d3:c1:53:
                    6d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:97:E8:7F:5A:9F:36:B1:BC:0C:FE:18:B9:C9:5E:B4:47:D1:A6:F8
            X509v3 Authority Key Identifier:
                keyid:C4:5A:60:11:C6:B7:61:58:C0:F6:C5:C2:72:D8:2D:80:27:F8:8F:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFpgEca3YVjA9sXCctgtgCf4j6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/c0bfe8-9a3e-4000-adf8-ff287c062b61/1/spfof1qfNrG8DP4YucletEfRpvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/c0bfe8-9a3e-4000-adf8-ff287c062b61/1/xFpgEca3YVjA9sXCctgtgCf4j6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.39.168.0/22
                  185.35.196.0/22
                  185.238.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:a8:37:8d:e6:67:b4:78:d0:db:a1:8e:e4:d1:bb:2b:75:13:
         1e:66:14:fa:d6:63:85:9f:32:45:5c:03:89:ea:93:68:da:f2:
         f9:0c:a0:89:a7:61:e3:fe:fb:5e:61:07:29:62:83:b3:17:27:
         6d:e6:1d:42:7e:7b:af:38:2f:52:e2:d9:47:2a:7f:4e:32:a2:
         63:4c:7e:8e:3c:37:eb:14:7e:12:30:89:4c:53:e1:bc:7b:17:
         30:5d:3d:ed:bb:05:2a:1c:72:ed:65:49:53:cd:a2:f2:06:d0:
         a1:a8:ae:de:ef:72:2b:43:0d:a3:0c:82:fb:28:b6:15:da:d6:
         e3:10:7b:76:72:b6:a1:69:1e:92:47:37:f6:12:93:ef:7d:b7:
         2f:6f:1b:1d:12:d7:31:4d:a4:47:40:58:f6:16:c4:8a:38:1c:
         d0:b5:74:cb:5a:e7:72:c9:1f:12:c2:06:91:14:19:3a:1e:a4:
         8b:4a:f4:ea:7b:53:c5:8f:f4:4c:c6:99:00:a9:19:6d:94:60:
         56:0e:da:1d:41:24:10:9b:7d:fb:88:ab:94:ec:ce:35:e4:bd:
         8c:98:78:64:2b:b9:73:1e:ba:b6:f7:a6:4a:0d:58:76:75:2e:
         a0:61:51:8a:26:17:90:56:78:d6:d2:5f:a6:77:aa:52:73:9e:
         b1:b0:cb:f8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt57WDEw81zPbdIQ8gYMwXiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NWE2MDExYzZiNzYxNThjMGY2YzVjMjcyZDgyZDgwMjdm
ODhmYTMwHhcNMjYwMTAxMTQxOTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjk3ZTg3ZjVhOWYzNmIxYmMwY2ZlMThiOWM5NWViNDQ3ZDFhNmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMqp4dNwzWiQQA8GqqN3r5dn3gUh
tINsdIeRCOvT92FEVbgwX3zNQxNEV0XpePVso0MQL3KTSI9RW9lpY6V08Y7lYh6v
Ax1bkUA8QXHbZPnx4Gv4nSQnkqPQW9miQBQd4OnzCB2FhjjbJrlYkt+RmBARpcxR
+vx3jSU3oW3BsMQhAp6+yrC0zdaf7lNSgDitWafPsWcg55bnA3PS3uPGPDlSMpZS
/VnldrEkffhip/c3W6b8chb0BNJr+M8006+stNaqE3W0E7H4eqN44xLR3ov5FfEL
xB7HkRMi1DNemNby8AXiwTZhdRIJi2DtLQ+s5ooOQGcKAzJFIrrTwVNtIQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLKX6H9anzaxvAz+GLnJXrRH0ab4MB8GA1UdIwQY
MBaAFMRaYBHGt2FYwPbFwnLYLYAn+I+jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZwZ0VjYTNZVmpBOXNYQ2N0Z3RnQ2Y0ajZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9jMGJmZTgtOWEzZS00MDAwLWFkZjgt
ZmYyODdjMDYyYjYxLzEvc3Bmb2YxcWZOckc4RFA0WXVjbGV0RWZScHZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9jMGJmZTgtOWEzZS00MDAwLWFkZjgtZmYyODdjMDYyYjYx
LzEveEZwZ0VjYTNZVmpBOXNYQ2N0Z3RnQ2Y0ajZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCWSeoAwQC
uSPEAwQCue5AMA0GCSqGSIb3DQEBCwUAA4IBAQBiqDeN5me0eNDboY7k0bsrdRMe
ZhT61mOFnzJFXAOJ6pNo2vL5DKCJp2Hj/vteYQcpYoOzFydt5h1CfnuvOC9S4tlH
Kn9OMqJjTH6OPDfrFH4SMIlMU+G8excwXT3tuwUqHHLtZUlTzaLyBtChqK7e73Ir
Qw2jDIL7KLYV2tbjEHt2crahaR6SRzf2EpPvfbcvbxsdEtcxTaRHQFj2FsSKOBzQ
tXTLWudyyR8SwgaRFBk6HqSLSvTqe1PFj/RMxpkAqRltlGBWDtodQSQQm337iKuU
7M415L2MmHhkK7lzHrq296ZKDVh2dS6gYVGKJheQVnjW0l+md6pSc56xsMv4
-----END CERTIFICATE-----