Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/FHmWYGqSdJ5-CsqGnoJKGcWPx4o.roa
File:                     FHmWYGqSdJ5-CsqGnoJKGcWPx4o.roa (raw, json)
Hash identifier:          S6HSVK6CcsFHebtvgQR42wkTCiX4LDp+Y8NKZpU+vms=
Subject key identifier:   14:79:96:60:6A:92:74:9E:7E:0A:CA:86:9E:82:4A:19:C5:8F:C7:8A
Certificate issuer:       /CN=de0d9d6b697ca1c86570c256862e6858b4799c85
Certificate serial:       019C9FA30532C3A8575390F390B0DB02C5D8
Authority key identifier: DE:0D:9D:6B:69:7C:A1:C8:65:70:C2:56:86:2E:68:58:B4:79:9C:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3g2da2l8ochlcMJWhi5oWLR5nIU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/FHmWYGqSdJ5-CsqGnoJKGcWPx4o.roa
Signing time:             Fri 27 Feb 2026 15:06:26 +0000
ROA not before:           Fri 27 Feb 2026 15:06:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61317
IP address blocks:        95.142.123.0/24 maxlen: 24
                          185.54.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/3g2da2l8ochlcMJWhi5oWLR5nIU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/3g2da2l8ochlcMJWhi5oWLR5nIU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3g2da2l8ochlcMJWhi5oWLR5nIU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9f:a3:05:32:c3:a8:57:53:90:f3:90:b0:db:02:c5:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de0d9d6b697ca1c86570c256862e6858b4799c85
        Validity
            Not Before: Feb 27 15:06:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=147996606a92749e7e0aca869e824a19c58fc78a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:25:27:b3:55:29:64:52:a4:73:2c:40:ee:59:
                    9b:80:72:1e:2d:a4:ae:e1:57:72:32:38:10:0d:b2:
                    eb:a0:80:12:94:23:da:89:47:51:0d:91:1e:ff:50:
                    74:ea:5d:3d:e5:af:28:5f:c9:04:07:de:36:f4:14:
                    d4:1a:c7:20:d3:8c:09:1d:f8:35:03:e9:a3:c1:cb:
                    ee:f3:12:2f:a8:6b:16:ec:6f:57:58:34:f5:3d:bc:
                    0e:d9:13:20:f0:31:f4:85:0a:04:5c:06:dc:ab:e2:
                    a5:29:52:19:05:f7:a0:27:27:4d:c3:09:1c:7d:f2:
                    07:5e:72:b9:be:34:5c:fa:9c:2c:01:85:c0:ec:a2:
                    61:eb:72:85:09:ba:49:4a:d3:93:77:70:59:06:66:
                    06:e3:3f:ad:ab:9d:18:0c:9e:68:1c:cf:5e:e6:ae:
                    4a:72:63:35:5d:8d:35:64:fe:df:ef:ce:46:33:5c:
                    29:61:0d:49:63:59:b6:ad:13:36:c0:c1:d3:e4:ba:
                    5b:01:47:20:e8:16:19:7b:75:0c:9d:96:b9:e2:4f:
                    81:6d:3e:bf:2f:73:2f:a9:5b:fc:e0:cd:4f:be:ed:
                    ad:85:ef:f1:d1:a5:b0:42:4a:87:b7:bb:89:8a:58:
                    eb:e4:3a:66:75:e1:a8:62:2b:3d:f0:12:38:f4:3b:
                    5d:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:79:96:60:6A:92:74:9E:7E:0A:CA:86:9E:82:4A:19:C5:8F:C7:8A
            X509v3 Authority Key Identifier:
                keyid:DE:0D:9D:6B:69:7C:A1:C8:65:70:C2:56:86:2E:68:58:B4:79:9C:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3g2da2l8ochlcMJWhi5oWLR5nIU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/FHmWYGqSdJ5-CsqGnoJKGcWPx4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/3g2da2l8ochlcMJWhi5oWLR5nIU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.142.123.0/24
                  185.54.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:24:eb:84:aa:c2:da:58:9f:81:d2:96:36:15:23:dc:58:d3:
         c8:36:ca:ff:9f:77:61:5b:b4:47:45:20:62:3f:bb:14:c7:02:
         de:55:21:78:ad:d7:26:a3:93:8d:a8:b3:2d:ad:75:8c:37:8e:
         05:36:b6:df:47:43:bf:34:51:03:48:77:39:8e:0d:dc:26:21:
         87:67:ec:29:e8:5a:54:01:d6:bf:9a:50:c7:ec:bc:0d:15:4f:
         71:3d:ec:58:a8:a5:0f:23:78:c5:a8:97:c9:96:97:0e:e4:39:
         1b:ca:ea:82:13:68:30:6a:10:3e:76:c1:91:e8:5f:b7:5d:f5:
         62:a8:72:8d:9d:9c:c3:97:10:ec:00:8b:5f:bc:eb:34:18:b3:
         fc:81:d8:1e:4a:3d:66:39:c7:42:f2:52:17:62:8d:4d:09:87:
         c8:1a:5f:3b:73:e0:30:ac:25:7d:c5:31:63:80:1a:83:3e:3f:
         14:eb:0d:07:9c:40:d6:dc:04:d4:95:4b:b2:af:93:09:65:c0:
         90:00:bf:fb:00:a4:a9:59:d1:db:57:f0:78:a2:74:8e:9f:71:
         f4:33:a1:7c:e6:b9:37:ca:9c:97:93:ee:35:92:a9:50:1b:ac:
         53:43:ad:9c:ba:56:c0:64:bc:6a:48:fd:c5:53:a7:10:52:ad:
         8f:b2:b3:1c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyfowUyw6hXU5DzkLDbAsXYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMGQ5ZDZiNjk3Y2ExYzg2NTcwYzI1Njg2MmU2ODU4YjQ3
OTljODUwHhcNMjYwMjI3MTUwNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDc5OTY2MDZhOTI3NDllN2UwYWNhODY5ZTgyNGExOWM1OGZjNzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiUns1UpZFKkcyxA7lmbgHIeLaSu
4VdyMjgQDbLroIASlCPaiUdRDZEe/1B06l095a8oX8kEB9429BTUGscg04wJHfg1
A+mjwcvu8xIvqGsW7G9XWDT1PbwO2RMg8DH0hQoEXAbcq+KlKVIZBfegJydNwwkc
ffIHXnK5vjRc+pwsAYXA7KJh63KFCbpJStOTd3BZBmYG4z+tq50YDJ5oHM9e5q5K
cmM1XY01ZP7f785GM1wpYQ1JY1m2rRM2wMHT5LpbAUcg6BYZe3UMnZa54k+BbT6/
L3MvqVv84M1Pvu2the/x0aWwQkqHt7uJiljr5DpmdeGoYis98BI49DtdtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBR5lmBqknSefgrKhp6CShnFj8eKMB8GA1UdIwQY
MBaAFN4NnWtpfKHIZXDCVoYuaFi0eZyFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2cyZGEybDhvY2hsY01KV2hpNW9XTFI1bklVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy82OGRjM2MtZGYyZS00NDYxLWI3YTYt
MDFjYmZjMGU5NGU3LzEvRkhtV1lHcVNkSjUtQ3NxR25vSktHY1dQeDRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy82OGRjM2MtZGYyZS00NDYxLWI3YTYtMDFjYmZjMGU5NGU3
LzEvM2cyZGEybDhvY2hsY01KV2hpNW9XTFI1bklVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX457AwQA
uTbmMA0GCSqGSIb3DQEBCwUAA4IBAQAWJOuEqsLaWJ+B0pY2FSPcWNPINsr/n3dh
W7RHRSBiP7sUxwLeVSF4rdcmo5ONqLMtrXWMN44FNrbfR0O/NFEDSHc5jg3cJiGH
Z+wp6FpUAda/mlDH7LwNFU9xPexYqKUPI3jFqJfJlpcO5DkbyuqCE2gwahA+dsGR
6F+3XfViqHKNnZzDlxDsAItfvOs0GLP8gdgeSj1mOcdC8lIXYo1NCYfIGl87c+Aw
rCV9xTFjgBqDPj8U6w0HnEDW3ATUlUuyr5MJZcCQAL/7AKSpWdHbV/B4onSOn3H0
M6F85rk3ypyXk+41kqlQG6xTQ62culbAZLxqSP3FU6cQUq2PsrMc
-----END CERTIFICATE-----