Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/dcf9b7-6d72-475a-baa7-646ee6dfa6b6/1/_V1LSsZtamsE4WXP60Yw8QNvv70.roa
File:                     _V1LSsZtamsE4WXP60Yw8QNvv70.roa (raw, json)
Hash identifier:          86294W5FbZlicyPxaf1Bh5Vh3kJ1iu3Y1KxTGDfYWAk=
Subject key identifier:   FD:5D:4B:4A:C6:6D:6A:6B:04:E1:65:CF:EB:46:30:F1:03:6F:BF:BD
Certificate issuer:       /CN=fd89381307ae5e3b1ba8658cda7ee2ada4141447
Certificate serial:       019D7C64973C07006388CA7EFADD12E918AA
Authority key identifier: FD:89:38:13:07:AE:5E:3B:1B:A8:65:8C:DA:7E:E2:AD:A4:14:14:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Yk4EweuXjsbqGWM2n7iraQUFEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/dcf9b7-6d72-475a-baa7-646ee6dfa6b6/1/_V1LSsZtamsE4WXP60Yw8QNvv70.roa
Signing time:             Sat 11 Apr 2026 11:54:20 +0000
ROA not before:           Sat 11 Apr 2026 11:54:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58349
IP address blocks:        104.167.20.0/23 maxlen: 23
                          193.42.23.0/24 maxlen: 24
                          2a10:e5c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/dcf9b7-6d72-475a-baa7-646ee6dfa6b6/1/_Yk4EweuXjsbqGWM2n7iraQUFEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/dcf9b7-6d72-475a-baa7-646ee6dfa6b6/1/_Yk4EweuXjsbqGWM2n7iraQUFEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Yk4EweuXjsbqGWM2n7iraQUFEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 02:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:7c:64:97:3c:07:00:63:88:ca:7e:fa:dd:12:e9:18:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd89381307ae5e3b1ba8658cda7ee2ada4141447
        Validity
            Not Before: Apr 11 11:54:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd5d4b4ac66d6a6b04e165cfeb4630f1036fbfbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:9e:61:39:c5:77:4a:1c:f4:96:19:72:55:4f:
                    33:35:fa:7c:32:00:d9:b6:16:b9:d4:df:0f:31:e5:
                    bf:08:fd:e3:fa:c7:d9:d3:24:29:59:75:27:79:6f:
                    55:f7:0e:ad:0c:19:b1:e8:5e:75:3b:4d:79:7e:f6:
                    bb:a3:05:27:8a:fd:49:bb:e4:56:5a:47:b5:c1:9f:
                    b4:16:d4:8c:4e:ce:0c:78:33:de:05:cb:9f:59:0e:
                    42:f3:ac:96:19:ee:15:59:3d:da:8b:99:a4:b3:9b:
                    3d:07:a2:ab:69:49:51:62:d8:9b:6b:f6:45:87:a5:
                    f8:f0:91:3f:0a:44:79:38:bd:1d:15:c1:0b:4c:54:
                    59:bf:75:89:6c:db:7e:57:1e:96:bd:45:f3:f0:f3:
                    09:fb:0c:a9:b5:58:6c:96:0f:54:f4:06:d5:c8:17:
                    8f:bd:8b:57:03:67:d4:52:03:72:f4:91:ba:a3:52:
                    c3:9f:0e:7f:e5:09:fb:7c:f7:d0:1d:93:07:da:8d:
                    2b:ec:33:f6:e7:a1:ff:d6:10:40:c1:ee:8e:10:dc:
                    a1:8e:d3:53:75:c3:16:e2:4c:ca:2d:66:f9:44:b9:
                    a5:ae:34:ca:b1:8c:0a:3f:51:11:3e:1a:dd:fe:0e:
                    e5:b8:d4:44:0a:1a:88:38:88:a5:ad:f3:ea:5f:94:
                    44:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:5D:4B:4A:C6:6D:6A:6B:04:E1:65:CF:EB:46:30:F1:03:6F:BF:BD
            X509v3 Authority Key Identifier:
                keyid:FD:89:38:13:07:AE:5E:3B:1B:A8:65:8C:DA:7E:E2:AD:A4:14:14:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Yk4EweuXjsbqGWM2n7iraQUFEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/dcf9b7-6d72-475a-baa7-646ee6dfa6b6/1/_V1LSsZtamsE4WXP60Yw8QNvv70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/dcf9b7-6d72-475a-baa7-646ee6dfa6b6/1/_Yk4EweuXjsbqGWM2n7iraQUFEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.167.20.0/23
                  193.42.23.0/24
                IPv6:
                  2a10:e5c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:c4:ce:4d:ea:7c:7d:ae:ba:22:a7:a9:f4:a7:7b:e3:5c:ec:
         f1:a6:27:d3:d2:30:c3:eb:a0:fa:79:c9:b2:a9:03:ff:61:3d:
         f6:40:1d:10:41:e7:c1:48:cb:fd:19:b8:21:ac:bc:e9:34:0b:
         d0:57:e1:e0:c1:96:6a:36:1c:01:02:f2:e2:0e:07:93:5a:33:
         3e:eb:ed:b2:7f:b2:f9:d6:06:90:e8:42:ab:3a:c8:05:c5:9b:
         76:94:f4:88:18:5a:83:bf:97:28:68:95:61:b7:61:7e:c7:e4:
         13:cd:e0:3f:36:fb:4d:65:86:c3:b1:d5:27:81:ae:86:e5:0d:
         e5:1b:28:a2:5a:a7:bc:63:9e:31:94:c3:4b:15:87:97:1c:15:
         13:a3:7b:d9:0e:57:62:0e:5d:77:56:08:6a:e4:34:d3:0b:77:
         66:fb:03:92:9d:16:bb:c9:fa:3f:ce:10:b3:c5:2b:60:23:c9:
         e7:33:33:f4:7d:b1:57:5f:6c:fa:4b:9c:57:56:ff:55:ce:84:
         3c:17:81:e0:6c:9c:14:ea:f6:fd:e9:4e:bd:4a:ae:24:61:a6:
         fa:ec:4d:c7:9c:c8:d5:01:8e:23:5d:5f:e4:b3:c4:64:e0:29:
         df:e0:4b:c4:9a:f5:32:3e:64:15:fe:0a:9c:c1:bb:15:14:35:
         25:f3:39:c9
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ18ZJc8BwBjiMp++t0S6RiqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkODkzODEzMDdhZTVlM2IxYmE4NjU4Y2RhN2VlMmFkYTQx
NDE0NDcwHhcNMjYwNDExMTE1NDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDVkNGI0YWM2NmQ2YTZiMDRlMTY1Y2ZlYjQ2MzBmMTAzNmZiZmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Z5hOcV3Shz0lhlyVU8zNfp8MgDZ
tha51N8PMeW/CP3j+sfZ0yQpWXUneW9V9w6tDBmx6F51O015fva7owUniv1Ju+RW
Wke1wZ+0FtSMTs4MeDPeBcufWQ5C86yWGe4VWT3ai5mks5s9B6KraUlRYtiba/ZF
h6X48JE/CkR5OL0dFcELTFRZv3WJbNt+Vx6WvUXz8PMJ+wyptVhslg9U9AbVyBeP
vYtXA2fUUgNy9JG6o1LDnw5/5Qn7fPfQHZMH2o0r7DP256H/1hBAwe6OENyhjtNT
dcMW4kzKLWb5RLmlrjTKsYwKP1ERPhrd/g7luNREChqIOIilrfPqX5RE2QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFP1dS0rGbWprBOFlz+tGMPEDb7+9MB8GA1UdIwQY
MBaAFP2JOBMHrl47G6hljNp+4q2kFBRHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1lrNEV3ZXVYanNicUdXTTJuN2lyYVFVRkVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9kY2Y5YjctNmQ3Mi00NzVhLWJhYTct
NjQ2ZWU2ZGZhNmI2LzEvX1YxTFNzWnRhbXNFNFdYUDYwWXc4UU52djcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9kY2Y5YjctNmQ3Mi00NzVhLWJhYTctNjQ2ZWU2ZGZhNmI2
LzEvX1lrNEV3ZXVYanNicUdXTTJuN2lyYVFVRkVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBaKcUAwQA
wSoXMA8EAgACMAkDBwAqEOXAAAAwDQYJKoZIhvcNAQELBQADggEBADTEzk3qfH2u
uiKnqfSne+Nc7PGmJ9PSMMProPp5ybKpA/9hPfZAHRBB58FIy/0ZuCGsvOk0C9BX
4eDBlmo2HAEC8uIOB5NaMz7r7bJ/svnWBpDoQqs6yAXFm3aU9IgYWoO/lyholWG3
YX7H5BPN4D82+01lhsOx1SeBroblDeUbKKJap7xjnjGUw0sVh5ccFROje9kOV2IO
XXdWCGrkNNMLd2b7A5KdFrvJ+j/OELPFK2AjyeczM/R9sVdfbPpLnFdW/1XOhDwX
geBsnBTq9v3pTr1KriRhpvrsTcecyNUBjiNdX+SzxGTgKd/gS8Sa9TI+ZBX+CpzB
uxUUNSXzOck=
-----END CERTIFICATE-----