Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/fpfJfS_0BfVlwGpnzcKEFoZJphs.roa
File:                     fpfJfS_0BfVlwGpnzcKEFoZJphs.roa (raw, json)
Hash identifier:          2jUL3U2b9HcRGTwEQDd4xTGEfKZgzgW50XHsjSJkMpM=
Subject key identifier:   7E:97:C9:7D:2F:F4:05:F5:65:C0:6A:67:CD:C2:84:16:86:49:A6:1B
Certificate issuer:       /CN=fc4d06978969a8bdab6d6359062d7781e03449ca
Certificate serial:       019D635FA5FB9F1D28C1D295C351BB086E1F
Authority key identifier: FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/fpfJfS_0BfVlwGpnzcKEFoZJphs.roa
Signing time:             Mon 06 Apr 2026 15:18:25 +0000
ROA not before:           Mon 06 Apr 2026 15:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        80.243.16.0/21 maxlen: 21
                          80.243.24.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:63:5f:a5:fb:9f:1d:28:c1:d2:95:c3:51:bb:08:6e:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc4d06978969a8bdab6d6359062d7781e03449ca
        Validity
            Not Before: Apr  6 15:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7e97c97d2ff405f565c06a67cdc284168649a61b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:4c:1f:af:8d:6c:ab:0a:95:24:03:52:7d:41:
                    e1:e2:44:df:9f:f0:d5:0b:d6:ec:a3:8c:f8:97:59:
                    e4:7c:0c:95:26:1b:d0:00:60:6f:f6:29:d4:16:24:
                    62:07:52:47:17:66:cc:4c:0e:4a:09:17:39:6f:6f:
                    84:b6:5c:05:fb:a3:76:e7:36:8d:3e:9b:99:24:f5:
                    a6:11:ec:5e:e0:16:a7:d6:b1:42:2d:a2:dd:13:87:
                    f2:b4:52:2b:f4:ad:2f:71:5a:f2:22:c8:75:5a:6a:
                    da:4c:e9:4f:af:99:0d:0d:63:23:ee:63:a5:64:12:
                    9a:a5:c7:a9:1d:25:cb:e1:37:4d:d4:da:51:21:38:
                    57:4c:6f:2b:94:69:9b:8d:0d:52:0e:ea:c5:25:db:
                    63:cc:71:c0:e1:1b:d3:c7:c7:93:f1:c3:c9:2c:5d:
                    06:62:ca:d1:ca:0d:f0:b8:11:0f:1f:21:e2:06:cf:
                    02:08:08:04:7d:12:cb:a6:70:54:02:09:6c:2c:2c:
                    b1:4e:ba:10:ce:bb:fb:19:25:94:ad:d7:e5:d6:84:
                    8d:e8:53:df:56:66:ce:04:f8:88:a3:54:b7:68:bc:
                    ef:33:18:75:2f:74:93:56:d1:cc:38:c1:e6:ba:5d:
                    e7:c6:21:cd:84:40:82:25:d1:f3:ef:3c:a1:30:00:
                    6f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:97:C9:7D:2F:F4:05:F5:65:C0:6A:67:CD:C2:84:16:86:49:A6:1B
            X509v3 Authority Key Identifier:
                keyid:FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/fpfJfS_0BfVlwGpnzcKEFoZJphs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.243.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7b:e6:cb:8f:9e:de:d7:14:32:a5:63:64:5f:26:5f:61:b9:f7:
         cd:8c:37:b5:3a:12:af:b9:7f:06:eb:9e:b8:80:e4:47:e9:80:
         3e:a6:7e:a2:85:78:47:fb:ee:05:b9:03:61:39:b8:0d:74:8b:
         37:40:99:8d:59:22:1f:0a:68:25:71:7f:e5:f8:a0:73:5d:ba:
         77:b3:ad:62:e1:11:86:ce:ce:f0:f3:56:1b:ab:8b:22:b8:22:
         08:be:9c:1c:68:be:1a:6e:96:e4:50:8c:cd:7b:f1:b4:fb:ea:
         b7:71:c0:2b:63:e0:3d:ce:9d:b3:fe:a0:ff:91:01:b7:d5:bc:
         ed:d6:e5:b5:1d:65:39:e7:aa:ab:d6:4f:fd:08:1d:f3:c4:4d:
         f6:96:d4:69:48:64:1e:fa:c5:9a:fe:87:3b:83:42:df:cf:97:
         7f:a7:36:e2:63:54:85:be:66:f8:2a:93:ff:80:f4:04:f4:0d:
         81:58:42:53:15:da:de:ea:91:b1:40:a9:6a:b2:94:9e:45:06:
         50:7b:f4:0c:33:af:81:b0:a7:c1:b7:46:34:0f:d6:6d:7c:76:
         29:aa:a1:8a:75:9d:75:28:40:99:e6:20:48:29:12:9d:fe:48:
         92:cb:d7:66:d6:59:f8:d6:ad:6a:aa:03:1d:9e:49:94:8b:f6:
         83:71:80:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1jX6X7nx0owdKVw1G7CG4fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNGQwNjk3ODk2OWE4YmRhYjZkNjM1OTA2MmQ3NzgxZTAz
NDQ5Y2EwHhcNMjYwNDA2MTUxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTk3Yzk3ZDJmZjQwNWY1NjVjMDZhNjdjZGMyODQxNjg2NDlhNjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkwfr41sqwqVJANSfUHh4kTfn/DV
C9bso4z4l1nkfAyVJhvQAGBv9inUFiRiB1JHF2bMTA5KCRc5b2+EtlwF+6N25zaN
PpuZJPWmEexe4Ban1rFCLaLdE4fytFIr9K0vcVryIsh1WmraTOlPr5kNDWMj7mOl
ZBKapcepHSXL4TdN1NpRIThXTG8rlGmbjQ1SDurFJdtjzHHA4RvTx8eT8cPJLF0G
YsrRyg3wuBEPHyHiBs8CCAgEfRLLpnBUAglsLCyxTroQzrv7GSWUrdfl1oSN6FPf
VmbOBPiIo1S3aLzvMxh1L3STVtHMOMHmul3nxiHNhECCJdHz7zyhMABv0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH6XyX0v9AX1ZcBqZ83ChBaGSaYbMB8GA1UdIwQY
MBaAFPxNBpeJaai9q21jWQYtd4HgNEnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEt
ZGEwM2JmN2EyZWMyLzEvZnBmSmZTXzBCZlZsd0dwbnpjS0VGb1pKcGhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEtZGEwM2JmN2EyZWMy
LzEvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUPMQMA0G
CSqGSIb3DQEBCwUAA4IBAQB75suPnt7XFDKlY2RfJl9huffNjDe1OhKvuX8G6564
gORH6YA+pn6ihXhH++4FuQNhObgNdIs3QJmNWSIfCmglcX/l+KBzXbp3s61i4RGG
zs7w81Ybq4siuCIIvpwcaL4abpbkUIzNe/G0++q3ccArY+A9zp2z/qD/kQG31bzt
1uW1HWU556qr1k/9CB3zxE32ltRpSGQe+sWa/oc7g0Lfz5d/pzbiY1SFvmb4KpP/
gPQE9A2BWEJTFdre6pGxQKlqspSeRQZQe/QMM6+BsKfBt0Y0D9ZtfHYpqqGKdZ11
KECZ5iBIKRKd/kiSy9dm1ln41q1qqgMdnkmUi/aDcYBr
-----END CERTIFICATE-----