Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/439efe-f130-4931-931c-c8d5c04e3d43/1/1FToxn8IaILCIZFR28ymjf3izQw.roa
File:                     1FToxn8IaILCIZFR28ymjf3izQw.roa (raw, json)
Hash identifier:          n66yLkILpzoSdA5/n4UY3B4CIambhY+CnJWm7sQK/vQ=
Subject key identifier:   D4:54:E8:C6:7F:08:68:82:C2:21:91:51:DB:CC:A6:8D:FD:E2:CD:0C
Certificate issuer:       /CN=cc4491558cd24875db524273410502fdae3a6782
Certificate serial:       019B7BA4C5E4ED7DD3F8FDF3EE886555EF96
Authority key identifier: CC:44:91:55:8C:D2:48:75:DB:52:42:73:41:05:02:FD:AE:3A:67:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zESRVYzSSHXbUkJzQQUC_a46Z4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/439efe-f130-4931-931c-c8d5c04e3d43/1/1FToxn8IaILCIZFR28ymjf3izQw.roa
Signing time:             Thu 01 Jan 2026 22:19:14 +0000
ROA not before:           Thu 01 Jan 2026 22:19:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47949
IP address blocks:        92.43.24.0/21 maxlen: 21
                          185.7.45.0/24 maxlen: 24
                          2a02:29c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/439efe-f130-4931-931c-c8d5c04e3d43/1/zESRVYzSSHXbUkJzQQUC_a46Z4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/439efe-f130-4931-931c-c8d5c04e3d43/1/zESRVYzSSHXbUkJzQQUC_a46Z4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zESRVYzSSHXbUkJzQQUC_a46Z4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:c5:e4:ed:7d:d3:f8:fd:f3:ee:88:65:55:ef:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc4491558cd24875db524273410502fdae3a6782
        Validity
            Not Before: Jan  1 22:19:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d454e8c67f086882c2219151dbcca68dfde2cd0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0b:80:e8:92:f7:06:31:71:7d:64:dc:b4:03:
                    ba:64:5f:2d:b0:93:6a:3a:12:e1:7b:40:3e:75:a5:
                    60:aa:df:17:91:13:c6:a5:a1:81:dd:59:38:1c:f2:
                    8c:2f:d4:3f:c1:80:17:28:48:fe:37:70:a5:4c:92:
                    52:bf:66:25:f2:81:18:85:c8:93:42:88:25:72:4f:
                    9b:10:eb:48:0e:34:38:5e:44:12:e5:f0:2c:bf:29:
                    0a:cc:68:47:d2:a6:b1:9f:34:9e:80:49:09:df:3a:
                    a4:c6:2c:ea:60:06:4b:d1:31:d9:0d:e7:a6:a4:cb:
                    b2:5d:6c:d0:cb:42:f8:92:d2:77:45:b7:1e:fe:2c:
                    66:7a:13:f9:ae:9d:e9:b5:3e:d1:2e:20:bb:f0:25:
                    37:dc:bc:54:df:69:94:51:7a:ee:65:b2:c4:24:b5:
                    f4:c0:4b:f9:37:8e:b8:05:54:83:1b:b2:e1:24:9a:
                    0c:4a:47:b8:de:03:e9:07:c0:02:f1:e2:51:2b:68:
                    68:6b:e6:be:7d:3c:e8:97:9b:6c:ba:73:78:d3:2a:
                    d9:91:5c:ca:ff:a5:b3:a6:c9:8e:36:60:76:39:03:
                    a7:31:4b:ca:9a:06:bd:b4:92:04:14:4a:66:87:a4:
                    a9:e0:94:09:4b:fe:5f:95:80:60:d3:f9:2f:c2:79:
                    fa:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:54:E8:C6:7F:08:68:82:C2:21:91:51:DB:CC:A6:8D:FD:E2:CD:0C
            X509v3 Authority Key Identifier:
                keyid:CC:44:91:55:8C:D2:48:75:DB:52:42:73:41:05:02:FD:AE:3A:67:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zESRVYzSSHXbUkJzQQUC_a46Z4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/439efe-f130-4931-931c-c8d5c04e3d43/1/1FToxn8IaILCIZFR28ymjf3izQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/439efe-f130-4931-931c-c8d5c04e3d43/1/zESRVYzSSHXbUkJzQQUC_a46Z4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.43.24.0/21
                  185.7.45.0/24
                IPv6:
                  2a02:29c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:84:ca:a7:d6:0c:21:1b:48:50:75:20:14:c6:04:f2:6c:be:
         66:60:c4:ab:87:2d:28:d1:f0:30:a2:19:2c:92:c4:3c:66:d3:
         f8:53:62:bf:25:e7:09:69:bc:d7:69:71:80:37:e0:29:62:9c:
         70:49:fb:3d:31:c2:b0:c3:d9:c3:4c:3e:52:97:ed:fb:21:30:
         b3:81:96:67:98:46:56:a1:df:a3:08:ea:67:af:b5:aa:66:9b:
         25:75:d3:24:95:b4:ec:b0:7b:77:04:5d:10:d7:54:68:4f:b5:
         92:eb:98:92:54:27:14:4c:6f:be:b2:e1:f2:29:5b:13:48:ff:
         21:2c:cf:ab:c1:40:11:03:fc:3a:5a:9d:6e:25:01:12:d0:19:
         f4:7e:84:31:68:7d:df:7e:d3:b4:85:db:df:3d:8b:33:c5:f6:
         b6:db:86:5e:d7:98:34:49:1f:50:47:2d:df:6b:ab:8d:9c:9d:
         f8:8c:54:1e:5a:bc:d5:30:92:be:89:9f:c1:7c:1f:10:3d:11:
         f8:f8:66:47:17:4e:56:76:a8:5a:e9:b8:f5:03:b3:ff:40:82:
         ca:68:25:b3:72:bc:67:84:27:fe:98:a5:8b:f8:f4:9e:c0:83:
         a2:d5:97:19:3b:01:fd:2b:24:31:8f:b7:48:5f:33:d9:c1:6d:
         81:d9:de:7c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt7pMXk7X3T+P3z7ohlVe+WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNDQ5MTU1OGNkMjQ4NzVkYjUyNDI3MzQxMDUwMmZkYWUz
YTY3ODIwHhcNMjYwMTAxMjIxOTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDU0ZThjNjdmMDg2ODgyYzIyMTkxNTFkYmNjYTY4ZGZkZTJjZDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQuA6JL3BjFxfWTctAO6ZF8tsJNq
OhLhe0A+daVgqt8XkRPGpaGB3Vk4HPKML9Q/wYAXKEj+N3ClTJJSv2Yl8oEYhciT
Qoglck+bEOtIDjQ4XkQS5fAsvykKzGhH0qaxnzSegEkJ3zqkxizqYAZL0THZDeem
pMuyXWzQy0L4ktJ3Rbce/ixmehP5rp3ptT7RLiC78CU33LxU32mUUXruZbLEJLX0
wEv5N464BVSDG7LhJJoMSke43gPpB8AC8eJRK2hoa+a+fTzol5tsunN40yrZkVzK
/6WzpsmONmB2OQOnMUvKmga9tJIEFEpmh6Sp4JQJS/5flYBg0/kvwnn6cwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNRU6MZ/CGiCwiGRUdvMpo394s0MMB8GA1UdIwQY
MBaAFMxEkVWM0kh121JCc0EFAv2uOmeCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekVTUlZZelNTSFhiVWtKelFRVUNfYTQ2WjRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC80MzllZmUtZjEzMC00OTMxLTkzMWMt
YzhkNWMwNGUzZDQzLzEvMUZUb3huOElhSUxDSVpGUjI4eW1qZjNpelF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC80MzllZmUtZjEzMC00OTMxLTkzMWMtYzhkNWMwNGUzZDQz
LzEvekVTUlZZelNTSFhiVWtKelFRVUNfYTQ2WjRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXCsYAwQA
uQctMA0EAgACMAcDBQAqAinAMA0GCSqGSIb3DQEBCwUAA4IBAQCEhMqn1gwhG0hQ
dSAUxgTybL5mYMSrhy0o0fAwohksksQ8ZtP4U2K/JecJabzXaXGAN+ApYpxwSfs9
McKww9nDTD5Sl+37ITCzgZZnmEZWod+jCOpnr7WqZpslddMklbTssHt3BF0Q11Ro
T7WS65iSVCcUTG++suHyKVsTSP8hLM+rwUARA/w6Wp1uJQES0Bn0foQxaH3fftO0
hdvfPYszxfa224Ze15g0SR9QRy3fa6uNnJ34jFQeWrzVMJK+iZ/BfB8QPRH4+GZH
F05Wdqha6bj1A7P/QILKaCWzcrxnhCf+mKWL+PSewIOi1ZcZOwH9KyQxj7dIXzPZ
wW2B2d58
-----END CERTIFICATE-----