Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/963QwE_Al93olXILL6K_X0ZSOP4.roa
File:                     963QwE_Al93olXILL6K_X0ZSOP4.roa (raw, json)
Hash identifier:          gBDKwZ+jqTbjwdO4Ars8U168dufI+WiFibcdyPMucPE=
Subject key identifier:   F7:AD:D0:C0:4F:C0:97:DD:E8:95:72:0B:2F:A2:BF:5F:46:52:38:FE
Certificate issuer:       /CN=fc4d06978969a8bdab6d6359062d7781e03449ca
Certificate serial:       019D635FA54432808C2607809452D3DBF3D9
Authority key identifier: FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/963QwE_Al93olXILL6K_X0ZSOP4.roa
Signing time:             Mon 06 Apr 2026 15:18:25 +0000
ROA not before:           Mon 06 Apr 2026 15:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        185.54.12.0/23 maxlen: 24
                          217.77.24.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:63:5f:a5:44:32:80:8c:26:07:80:94:52:d3:db:f3:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc4d06978969a8bdab6d6359062d7781e03449ca
        Validity
            Not Before: Apr  6 15:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f7add0c04fc097dde895720b2fa2bf5f465238fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ff:2a:e6:85:ce:87:19:bd:0a:95:cd:54:76:
                    2f:fd:3f:13:83:37:0c:b8:c7:f3:05:95:92:1e:3d:
                    d1:cf:66:88:15:9e:98:50:fb:68:2f:cd:58:51:e0:
                    b4:08:23:8c:52:c9:f9:3a:b6:1a:48:41:93:b3:15:
                    42:4f:fb:15:07:f9:58:85:fa:1e:a2:b2:f9:1f:a7:
                    2f:c5:5c:bd:16:9f:2c:d0:f2:21:be:dd:6c:2b:37:
                    38:56:b5:e5:b7:61:b4:3f:f8:c1:e7:87:c4:93:c3:
                    10:c3:47:72:0f:55:bf:94:ad:a2:3c:fa:9b:45:d4:
                    47:ba:b2:90:b2:20:f8:1e:f0:1b:cd:68:e7:95:fc:
                    55:43:ae:8d:78:f0:6b:a8:64:7f:69:34:44:1a:28:
                    56:a1:df:55:d6:fa:5d:ab:ab:74:ed:1c:fd:e6:89:
                    dc:1a:d1:35:91:d8:dc:a1:f5:18:df:a4:95:44:20:
                    71:26:4e:35:cd:35:1f:5b:50:0f:7a:f8:87:9e:2a:
                    01:a3:2d:01:ca:0f:bd:3f:8c:db:4b:33:45:8a:5d:
                    30:fc:2a:6e:84:d7:36:2d:5a:10:6a:3c:0f:9b:85:
                    8d:3c:e0:f9:fe:87:40:18:57:88:bc:71:26:6f:35:
                    09:b2:1a:9c:1f:7d:82:72:23:23:39:62:37:92:b0:
                    df:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:AD:D0:C0:4F:C0:97:DD:E8:95:72:0B:2F:A2:BF:5F:46:52:38:FE
            X509v3 Authority Key Identifier:
                keyid:FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/963QwE_Al93olXILL6K_X0ZSOP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.12.0/23
                  217.77.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         08:ec:c2:27:f8:d2:ee:9f:f6:cb:3a:3d:b6:92:ce:82:98:c5:
         39:39:b1:c3:02:d7:21:e3:3a:77:42:7b:d9:76:fa:00:0f:fa:
         d8:42:40:27:0b:06:ad:bc:1e:77:7c:77:a0:b4:2a:08:ce:34:
         32:24:32:82:cc:bc:93:3e:e0:8d:49:53:84:92:25:b4:27:78:
         83:40:29:06:15:84:68:be:b2:76:34:f7:77:ba:01:b2:92:e3:
         64:34:e5:a8:92:24:a7:f0:c6:fe:bd:71:3f:20:12:68:45:72:
         92:63:18:5f:d1:59:ae:c4:60:c4:b8:de:95:5c:48:60:56:3e:
         83:a9:b7:3e:fb:16:d5:be:1c:de:df:31:21:2e:e2:fd:b9:fd:
         1c:7f:ff:66:e4:b7:9e:07:ad:59:fc:e6:5e:87:4a:47:f7:99:
         e0:a0:62:28:21:fa:8c:4b:28:de:2a:34:08:b9:80:9c:69:c4:
         6a:30:4d:71:4e:53:bd:a7:87:a0:36:ce:98:72:06:67:cb:00:
         8b:cb:62:71:54:33:7c:f9:a9:b3:79:b3:2d:74:ca:cf:ad:9f:
         0e:2a:d5:39:03:a8:d2:a3:20:8e:ce:f7:b8:a6:c2:9a:40:90:
         7d:aa:f8:cc:34:7d:29:e5:64:9b:c2:93:3d:0a:32:3a:ce:4b:
         89:fa:cb:be
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1jX6VEMoCMJgeAlFLT2/PZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNGQwNjk3ODk2OWE4YmRhYjZkNjM1OTA2MmQ3NzgxZTAz
NDQ5Y2EwHhcNMjYwNDA2MTUxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2FkZDBjMDRmYzA5N2RkZTg5NTcyMGIyZmEyYmY1ZjQ2NTIzOGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/8q5oXOhxm9CpXNVHYv/T8TgzcM
uMfzBZWSHj3Rz2aIFZ6YUPtoL81YUeC0CCOMUsn5OrYaSEGTsxVCT/sVB/lYhfoe
orL5H6cvxVy9Fp8s0PIhvt1sKzc4VrXlt2G0P/jB54fEk8MQw0dyD1W/lK2iPPqb
RdRHurKQsiD4HvAbzWjnlfxVQ66NePBrqGR/aTREGihWod9V1vpdq6t07Rz95onc
GtE1kdjcofUY36SVRCBxJk41zTUfW1APeviHnioBoy0Byg+9P4zbSzNFil0w/Cpu
hNc2LVoQajwPm4WNPOD5/odAGFeIvHEmbzUJshqcH32CciMjOWI3krDfBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPet0MBPwJfd6JVyCy+iv19GUjj+MB8GA1UdIwQY
MBaAFPxNBpeJaai9q21jWQYtd4HgNEnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEt
ZGEwM2JmN2EyZWMyLzEvOTYzUXdFX0FsOTNvbFhJTEw2S19YMFpTT1A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEtZGEwM2JmN2EyZWMy
LzEvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuTYMAwQD
2U0YMA0GCSqGSIb3DQEBCwUAA4IBAQAI7MIn+NLun/bLOj22ks6CmMU5ObHDAtch
4zp3QnvZdvoAD/rYQkAnCwatvB53fHegtCoIzjQyJDKCzLyTPuCNSVOEkiW0J3iD
QCkGFYRovrJ2NPd3ugGykuNkNOWokiSn8Mb+vXE/IBJoRXKSYxhf0VmuxGDEuN6V
XEhgVj6Dqbc++xbVvhze3zEhLuL9uf0cf/9m5LeeB61Z/OZeh0pH95ngoGIoIfqM
SyjeKjQIuYCcacRqME1xTlO9p4egNs6YcgZnywCLy2JxVDN8+amzebMtdMrPrZ8O
KtU5A6jSoyCOzve4psKaQJB9qvjMNH0p5WSbwpM9CjI6zkuJ+su+
-----END CERTIFICATE-----