Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/SFE5HwFeeJrezj4ibh1knL4-c9k.roa
File:                     SFE5HwFeeJrezj4ibh1knL4-c9k.roa (raw, json)
Hash identifier:          sbuJSFJ3P5x9iliJOK4C/RfPfo5sFVvKp2ueiDAMwxw=
Subject key identifier:   48:51:39:1F:01:5E:78:9A:DE:CE:3E:22:6E:1D:64:9C:BE:3E:73:D9
Certificate issuer:       /CN=f12b1b68ea1093bcee78d07192e6d8c3f70302cf
Certificate serial:       019B76EB3F9A9140BC315D021F16FBE44945
Authority key identifier: F1:2B:1B:68:EA:10:93:BC:EE:78:D0:71:92:E6:D8:C3:F7:03:02:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8SsbaOoQk7zueNBxkubYw_cDAs8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/SFE5HwFeeJrezj4ibh1knL4-c9k.roa
Signing time:             Thu 01 Jan 2026 00:18:07 +0000
ROA not before:           Thu 01 Jan 2026 00:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42913
IP address blocks:        185.193.148.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/8SsbaOoQk7zueNBxkubYw_cDAs8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/8SsbaOoQk7zueNBxkubYw_cDAs8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8SsbaOoQk7zueNBxkubYw_cDAs8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:3f:9a:91:40:bc:31:5d:02:1f:16:fb:e4:49:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f12b1b68ea1093bcee78d07192e6d8c3f70302cf
        Validity
            Not Before: Jan  1 00:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4851391f015e789adece3e226e1d649cbe3e73d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:2d:6a:85:0d:39:ee:49:7f:fd:a1:8e:d9:aa:
                    0f:5e:0d:4b:6a:3b:db:e2:5f:46:2c:a0:55:4d:03:
                    99:37:89:58:1e:7c:ca:46:36:cf:a1:5d:cf:dc:2a:
                    13:65:c6:8c:ed:26:8c:49:15:31:42:22:67:55:f4:
                    85:fb:2b:f0:e0:21:a4:a8:c0:b6:6f:7e:0a:0f:7c:
                    b4:7f:a2:8b:be:dc:fd:fb:96:98:b9:2f:52:0b:0e:
                    44:30:bf:23:ca:5e:28:54:3c:11:e1:6c:08:24:7e:
                    15:3d:9e:a5:db:3c:23:a1:2b:eb:b0:ae:18:e3:6b:
                    84:7b:e7:ff:46:5c:a9:98:74:55:6f:5a:d3:47:b6:
                    d6:47:4d:61:91:45:6c:ed:fe:b0:9c:db:0e:0c:6f:
                    af:7e:12:2d:40:de:f1:bb:fb:1a:de:55:da:07:b7:
                    a0:ea:6b:6c:bd:b7:6a:ed:40:1c:ed:84:98:95:d4:
                    0e:4c:0f:d8:49:50:fc:81:71:c5:2b:8f:ef:ab:b1:
                    f2:35:e2:1a:0b:94:d6:36:26:0b:6d:9e:6a:63:ab:
                    d8:f9:03:3b:0f:a6:4e:40:87:bc:a5:5f:41:fb:2f:
                    0c:9e:e5:d4:56:36:ae:b0:d4:6e:9f:94:3f:91:71:
                    0f:56:67:31:ef:79:17:15:95:32:f1:9d:47:37:fe:
                    8c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:51:39:1F:01:5E:78:9A:DE:CE:3E:22:6E:1D:64:9C:BE:3E:73:D9
            X509v3 Authority Key Identifier:
                keyid:F1:2B:1B:68:EA:10:93:BC:EE:78:D0:71:92:E6:D8:C3:F7:03:02:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8SsbaOoQk7zueNBxkubYw_cDAs8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/SFE5HwFeeJrezj4ibh1knL4-c9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/8SsbaOoQk7zueNBxkubYw_cDAs8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:0a:77:88:ab:af:3f:b5:24:8c:56:e2:43:97:95:40:02:63:
         63:64:88:46:a0:f4:23:92:d3:0a:85:ae:5c:55:d6:fe:24:9b:
         76:30:77:1d:17:ba:d1:c9:0a:29:ec:b4:b2:be:5b:fa:9c:c1:
         6a:ac:6e:41:11:a3:4e:30:2f:51:31:43:1f:dc:e1:90:75:70:
         e2:dc:8f:9c:6d:96:fb:b6:c5:7e:76:b0:f6:c3:e7:a5:8c:cc:
         cf:16:25:41:1d:6a:90:d9:66:f6:86:24:a7:da:e7:38:71:0e:
         e4:a6:99:db:f6:e0:6b:60:a7:cc:62:a3:e9:a2:c5:a7:47:69:
         00:d5:6b:4d:00:33:64:bd:42:35:09:02:5a:ea:b9:d3:aa:27:
         ed:37:a4:13:52:55:25:77:0a:b1:be:28:ab:14:81:b8:88:e5:
         b8:0b:5e:24:b0:24:b3:c3:f1:cc:11:12:88:65:72:d7:67:43:
         06:fe:f7:7d:61:d9:fd:b7:79:11:10:fc:6c:41:97:99:f4:67:
         3d:d0:48:77:24:38:71:ce:ac:3c:87:eb:d3:19:0a:fa:68:2e:
         d2:b3:f6:3d:4f:1c:cc:7d:aa:e4:e5:11:2c:fb:a4:8c:21:59:
         08:74:2d:e6:24:3a:d4:1d:9f:1f:25:2a:25:1c:50:77:76:6d:
         4c:43:82:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26z+akUC8MV0CHxb75ElFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMmIxYjY4ZWExMDkzYmNlZTc4ZDA3MTkyZTZkOGMzZjcw
MzAyY2YwHhcNMjYwMTAxMDAxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODUxMzkxZjAxNWU3ODlhZGVjZTNlMjI2ZTFkNjQ5Y2JlM2U3M2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzy1qhQ057kl//aGO2aoPXg1Lajvb
4l9GLKBVTQOZN4lYHnzKRjbPoV3P3CoTZcaM7SaMSRUxQiJnVfSF+yvw4CGkqMC2
b34KD3y0f6KLvtz9+5aYuS9SCw5EML8jyl4oVDwR4WwIJH4VPZ6l2zwjoSvrsK4Y
42uEe+f/RlypmHRVb1rTR7bWR01hkUVs7f6wnNsODG+vfhItQN7xu/sa3lXaB7eg
6mtsvbdq7UAc7YSYldQOTA/YSVD8gXHFK4/vq7HyNeIaC5TWNiYLbZ5qY6vY+QM7
D6ZOQIe8pV9B+y8MnuXUVjausNRun5Q/kXEPVmcx73kXFZUy8Z1HN/6MmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEhROR8BXnia3s4+Im4dZJy+PnPZMB8GA1UdIwQY
MBaAFPErG2jqEJO87njQcZLm2MP3AwLPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFNzYmFPb1FrN3p1ZU5CeGt1Yll3X2NEQXM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8yNDg3NWMtZjE1OS00NjRmLWE4YTct
MTExOWI3ZmVkZmVjLzEvU0ZFNUh3RmVlSnJlemo0aWJoMWtuTDQtYzlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8yNDg3NWMtZjE1OS00NjRmLWE4YTctMTExOWI3ZmVkZmVj
LzEvOFNzYmFPb1FrN3p1ZU5CeGt1Yll3X2NEQXM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucGUMA0G
CSqGSIb3DQEBCwUAA4IBAQCjCneIq68/tSSMVuJDl5VAAmNjZIhGoPQjktMKha5c
Vdb+JJt2MHcdF7rRyQop7LSyvlv6nMFqrG5BEaNOMC9RMUMf3OGQdXDi3I+cbZb7
tsV+drD2w+eljMzPFiVBHWqQ2Wb2hiSn2uc4cQ7kppnb9uBrYKfMYqPposWnR2kA
1WtNADNkvUI1CQJa6rnTqiftN6QTUlUldwqxviirFIG4iOW4C14ksCSzw/HMERKI
ZXLXZ0MG/vd9Ydn9t3kREPxsQZeZ9Gc90Eh3JDhxzqw8h+vTGQr6aC7Ss/Y9TxzM
fark5REs+6SMIVkIdC3mJDrUHZ8fJSolHFB3dm1MQ4KF
-----END CERTIFICATE-----