Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/2a9dd4-17b8-473c-83bf-9af1074c227f/1/fxHBsVKaXsttW_zXOj8FZqtqL7U.roa
File:                     fxHBsVKaXsttW_zXOj8FZqtqL7U.roa (raw, json)
Hash identifier:          J1BSTHyqQv5WDh3XQtbmLEWduZkd0l1Wk4UUhPLMUhY=
Subject key identifier:   7F:11:C1:B1:52:9A:5E:CB:6D:5B:FC:D7:3A:3F:05:66:AB:6A:2F:B5
Certificate issuer:       /CN=1c0a6f6f3a9ae1da5e5be8752fab18deb28ba614
Certificate serial:       019D71ACC147737AA615EAB8454DD584CFF4
Authority key identifier: 1C:0A:6F:6F:3A:9A:E1:DA:5E:5B:E8:75:2F:AB:18:DE:B2:8B:A6:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HApvbzqa4dpeW-h1L6sY3rKLphQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/2a9dd4-17b8-473c-83bf-9af1074c227f/1/fxHBsVKaXsttW_zXOj8FZqtqL7U.roa
Signing time:             Thu 09 Apr 2026 09:57:20 +0000
ROA not before:           Thu 09 Apr 2026 09:57:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42093
IP address blocks:        91.205.192.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/2a9dd4-17b8-473c-83bf-9af1074c227f/1/HApvbzqa4dpeW-h1L6sY3rKLphQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/2a9dd4-17b8-473c-83bf-9af1074c227f/1/HApvbzqa4dpeW-h1L6sY3rKLphQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HApvbzqa4dpeW-h1L6sY3rKLphQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 15:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:71:ac:c1:47:73:7a:a6:15:ea:b8:45:4d:d5:84:cf:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c0a6f6f3a9ae1da5e5be8752fab18deb28ba614
        Validity
            Not Before: Apr  9 09:57:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f11c1b1529a5ecb6d5bfcd73a3f0566ab6a2fb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:22:a2:97:45:58:ff:d1:3d:ce:6c:f9:69:a0:
                    6d:b0:4a:2e:b5:85:ef:65:54:47:30:11:a9:14:51:
                    18:e3:9a:95:74:b2:c7:7a:d5:86:1f:b8:41:2f:34:
                    ab:34:f9:6a:ed:16:ac:88:5a:93:33:c3:a4:85:11:
                    25:ac:77:e6:07:49:92:f1:5b:96:b0:0a:6f:3a:3e:
                    32:b2:7b:3e:f7:f4:cd:a1:ec:59:a6:5f:72:ab:9f:
                    f8:a0:31:ff:14:3a:c5:e2:88:fb:1d:93:4a:f7:08:
                    88:fb:7d:1e:81:37:03:82:62:fc:ca:45:81:ba:71:
                    2c:ce:ee:f0:0b:4d:35:ae:7f:e1:d4:6a:00:55:df:
                    ed:cc:eb:d1:00:9d:bc:cf:bc:ab:aa:83:6e:e0:31:
                    d5:2e:7e:52:95:13:fd:71:06:b8:cb:ff:ee:eb:3d:
                    c5:bf:e7:9e:7f:10:7e:33:f3:8e:45:9c:cd:2e:6d:
                    48:03:1b:0f:bf:31:80:64:51:d5:2a:b4:f5:20:74:
                    2b:7c:d2:87:d5:fa:1f:fc:e2:d8:cf:f2:c9:eb:9d:
                    49:2b:61:2e:31:1a:41:10:86:81:c5:59:0b:fd:6f:
                    66:c2:92:90:7a:f2:11:78:8f:6e:19:02:4b:eb:c1:
                    f4:5f:b7:46:ff:f0:00:51:80:0e:87:77:93:e3:3b:
                    35:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:11:C1:B1:52:9A:5E:CB:6D:5B:FC:D7:3A:3F:05:66:AB:6A:2F:B5
            X509v3 Authority Key Identifier:
                keyid:1C:0A:6F:6F:3A:9A:E1:DA:5E:5B:E8:75:2F:AB:18:DE:B2:8B:A6:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HApvbzqa4dpeW-h1L6sY3rKLphQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/2a9dd4-17b8-473c-83bf-9af1074c227f/1/fxHBsVKaXsttW_zXOj8FZqtqL7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/2a9dd4-17b8-473c-83bf-9af1074c227f/1/HApvbzqa4dpeW-h1L6sY3rKLphQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:02:f1:ae:02:c9:15:98:88:f6:75:56:5a:76:05:3d:c6:62:
         a8:36:02:78:cc:6f:29:8a:f2:e6:d4:b9:c7:bb:76:0a:a9:f5:
         d2:d0:fa:66:79:b9:d5:8c:16:be:23:ae:bb:30:44:a0:df:39:
         2d:84:74:76:92:a8:57:79:13:5a:13:c4:16:0e:db:46:62:7b:
         bd:74:4b:c4:67:60:f9:65:8b:3b:8d:dc:d6:66:7d:92:41:e1:
         60:c5:67:97:14:93:9c:7a:fe:ef:07:fb:d6:06:75:be:9b:ee:
         7b:18:d0:4f:72:5a:9d:d6:59:73:08:59:f3:6a:52:1b:74:c3:
         29:a5:a2:d6:e8:2c:b5:38:33:5c:82:9b:42:a0:2a:8f:43:5b:
         33:41:f1:d2:cc:13:08:3a:05:7d:01:a9:b2:96:c7:b4:a1:c1:
         a2:0c:ae:b8:e2:ad:38:5a:1f:04:3e:c7:50:bd:bb:33:3b:97:
         70:bd:8b:c4:15:a5:7b:68:f6:ef:1f:8d:c3:fb:eb:06:d8:71:
         5c:84:54:bf:ba:9b:eb:9d:87:6c:ff:f6:56:af:a5:56:e2:0f:
         e4:4f:ed:a8:2a:8a:95:bf:f3:5a:65:9c:b0:66:ed:97:08:2f:
         96:e0:91:6a:bc:33:bf:d6:71:94:9b:b4:26:22:c3:88:c8:39:
         f5:72:6f:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1xrMFHc3qmFeq4RU3VhM/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMGE2ZjZmM2E5YWUxZGE1ZTViZTg3NTJmYWIxOGRlYjI4
YmE2MTQwHhcNMjYwNDA5MDk1NzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjExYzFiMTUyOWE1ZWNiNmQ1YmZjZDczYTNmMDU2NmFiNmEyZmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiKil0VY/9E9zmz5aaBtsEoutYXv
ZVRHMBGpFFEY45qVdLLHetWGH7hBLzSrNPlq7RasiFqTM8OkhRElrHfmB0mS8VuW
sApvOj4ysns+9/TNoexZpl9yq5/4oDH/FDrF4oj7HZNK9wiI+30egTcDgmL8ykWB
unEszu7wC001rn/h1GoAVd/tzOvRAJ28z7yrqoNu4DHVLn5SlRP9cQa4y//u6z3F
v+eefxB+M/OORZzNLm1IAxsPvzGAZFHVKrT1IHQrfNKH1fof/OLYz/LJ651JK2Eu
MRpBEIaBxVkL/W9mwpKQevIReI9uGQJL68H0X7dG//AAUYAOh3eT4zs1IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8RwbFSml7LbVv81zo/BWarai+1MB8GA1UdIwQY
MBaAFBwKb286muHaXlvodS+rGN6yi6YUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFwdmJ6cWE0ZHBlVy1oMUw2c1kzcktMcGhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8yYTlkZDQtMTdiOC00NzNjLTgzYmYt
OWFmMTA3NGMyMjdmLzEvZnhIQnNWS2FYc3R0V196WE9qOEZacXRxTDdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8yYTlkZDQtMTdiOC00NzNjLTgzYmYtOWFmMTA3NGMyMjdm
LzEvSEFwdmJ6cWE0ZHBlVy1oMUw2c1kzcktMcGhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW83AMA0G
CSqGSIb3DQEBCwUAA4IBAQBJAvGuAskVmIj2dVZadgU9xmKoNgJ4zG8pivLm1LnH
u3YKqfXS0PpmebnVjBa+I667MESg3zkthHR2kqhXeRNaE8QWDttGYnu9dEvEZ2D5
ZYs7jdzWZn2SQeFgxWeXFJOcev7vB/vWBnW+m+57GNBPclqd1llzCFnzalIbdMMp
paLW6Cy1ODNcgptCoCqPQ1szQfHSzBMIOgV9Aamylse0ocGiDK644q04Wh8EPsdQ
vbszO5dwvYvEFaV7aPbvH43D++sG2HFchFS/upvrnYds//ZWr6VW4g/kT+2oKoqV
v/NaZZywZu2XCC+W4JFqvDO/1nGUm7QmIsOIyDn1cm9w
-----END CERTIFICATE-----