Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/gZN0ubYqOfKHhkHWa3AckTvwRLw.roa
File:                     gZN0ubYqOfKHhkHWa3AckTvwRLw.roa (raw, json)
Hash identifier:          tkY9Znd59Usph4Tm3soVWPi523DI015PBAn20gIz7Bg=
Subject key identifier:   81:93:74:B9:B6:2A:39:F2:87:86:41:D6:6B:70:1C:91:3B:F0:44:BC
Certificate issuer:       /CN=fc157d396ed992843daeef7b9cca73b043966c08
Certificate serial:       019E651DDE060FB9ADC570E165B969283069
Authority key identifier: FC:15:7D:39:6E:D9:92:84:3D:AE:EF:7B:9C:CA:73:B0:43:96:6C:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/gZN0ubYqOfKHhkHWa3AckTvwRLw.roa
Signing time:             Tue 26 May 2026 16:28:36 +0000
ROA not before:           Tue 26 May 2026 16:28:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216054
IP address blocks:        217.18.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 16:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:65:1d:de:06:0f:b9:ad:c5:70:e1:65:b9:69:28:30:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc157d396ed992843daeef7b9cca73b043966c08
        Validity
            Not Before: May 26 16:28:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=819374b9b62a39f2878641d66b701c913bf044bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:84:62:fb:f7:43:59:bd:8c:83:0e:39:1a:9b:
                    08:a4:6d:a1:0c:08:f8:3c:3e:d4:dd:2d:39:28:d9:
                    76:27:2b:86:de:a2:e3:72:fd:d2:93:1f:d8:c3:33:
                    7b:28:95:af:e1:bc:72:f0:b0:38:85:1e:f2:0e:1b:
                    73:c7:e8:1f:8f:dd:b6:ab:78:a1:04:20:ad:24:d1:
                    b8:20:26:6a:ae:ab:1e:e2:8e:3a:55:86:3b:66:41:
                    58:ed:8c:c0:1f:e2:d2:3d:b2:d5:a0:8c:27:51:e6:
                    f2:2b:6e:29:2b:19:eb:5d:6a:d1:2a:5a:1b:fd:db:
                    5a:d9:16:49:fb:fe:dd:5d:04:c6:f3:c0:0f:a9:ff:
                    55:17:ae:aa:ad:dc:66:70:3f:80:81:3c:a9:82:bb:
                    a5:45:fc:71:d9:e3:98:8f:f3:d8:7b:ac:87:6c:f8:
                    28:23:ed:14:ba:95:f3:0d:60:79:e7:d5:23:b2:0f:
                    cb:41:9f:57:6a:0f:47:44:9b:e3:f7:70:b2:ff:f6:
                    4c:27:4d:2e:7e:64:af:7b:79:7e:b3:19:3a:7d:e4:
                    18:dc:80:c2:cf:97:2b:25:99:de:eb:ef:6f:fe:3b:
                    ee:51:e8:75:10:b2:56:b5:49:5a:f2:44:b0:c2:c1:
                    e4:55:83:56:e7:28:a2:ae:01:bf:24:38:4e:75:00:
                    e3:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:93:74:B9:B6:2A:39:F2:87:86:41:D6:6B:70:1C:91:3B:F0:44:BC
            X509v3 Authority Key Identifier:
                keyid:FC:15:7D:39:6E:D9:92:84:3D:AE:EF:7B:9C:CA:73:B0:43:96:6C:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/gZN0ubYqOfKHhkHWa3AckTvwRLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fcea50-fe47-4664-9267-c0dccdb7a905/1/_BV9OW7ZkoQ9ru97nMpzsEOWbAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:68:5e:bd:28:d7:2b:1e:70:ff:3c:f9:43:53:c4:1b:61:40:
         bb:e5:d5:48:1e:d2:9f:c0:56:5e:c2:1c:c4:86:dc:21:51:ed:
         ed:83:98:c1:26:ce:fd:7b:c9:26:8f:16:27:46:dc:36:ef:ad:
         b0:ca:31:99:6b:4d:ba:c4:3b:67:0c:31:72:1c:3c:f2:25:34:
         10:3c:79:04:1f:ee:f0:55:f6:49:51:9a:eb:21:40:58:5d:48:
         b1:4e:6e:fa:f0:a6:17:67:d5:09:d7:69:c7:9c:e5:a6:f8:35:
         4a:6a:5b:e5:90:9a:8e:78:9d:7d:e8:33:dc:2c:4d:19:4a:35:
         77:8d:5d:d7:f8:1e:0d:b0:cb:5b:fb:38:ee:84:6e:4f:6d:a3:
         4f:ea:bd:14:ff:7a:c3:f0:b1:b4:fe:4e:03:b9:6d:1c:71:8b:
         88:24:34:e6:3e:3d:a5:58:5d:47:73:8c:6c:d4:68:d9:28:ed:
         79:65:90:65:5b:7c:89:d1:f1:3a:44:e7:e6:37:39:4c:11:7b:
         0b:7f:79:b0:d2:10:98:5b:23:82:67:12:1b:1f:6e:08:b1:5c:
         cc:f9:35:60:5f:6e:ff:c3:3a:70:ff:bd:58:52:a1:61:09:96:
         b8:70:59:f5:3a:b6:8b:50:eb:a5:98:d2:1b:a3:8c:ce:e3:99:
         9e:26:a8:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5lHd4GD7mtxXDhZblpKDBpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMTU3ZDM5NmVkOTkyODQzZGFlZWY3YjljY2E3M2IwNDM5
NjZjMDgwHhcNMjYwNTI2MTYyODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTkzNzRiOWI2MmEzOWYyODc4NjQxZDY2YjcwMWM5MTNiZjA0NGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4Ri+/dDWb2Mgw45GpsIpG2hDAj4
PD7U3S05KNl2JyuG3qLjcv3Skx/YwzN7KJWv4bxy8LA4hR7yDhtzx+gfj922q3ih
BCCtJNG4ICZqrqse4o46VYY7ZkFY7YzAH+LSPbLVoIwnUebyK24pKxnrXWrRKlob
/dta2RZJ+/7dXQTG88APqf9VF66qrdxmcD+AgTypgrulRfxx2eOYj/PYe6yHbPgo
I+0UupXzDWB559Ujsg/LQZ9Xag9HRJvj93Cy//ZMJ00ufmSve3l+sxk6feQY3IDC
z5crJZne6+9v/jvuUeh1ELJWtUla8kSwwsHkVYNW5yiirgG/JDhOdQDjcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIGTdLm2Kjnyh4ZB1mtwHJE78ES8MB8GA1UdIwQY
MBaAFPwVfTlu2ZKEPa7ve5zKc7BDlmwIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0JWOU9XN1prb1E5cnU5N25NcHpzRU9XYkFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9mY2VhNTAtZmU0Ny00NjY0LTkyNjct
YzBkY2NkYjdhOTA1LzEvZ1pOMHViWXFPZktIaGtIV2EzQWNrVHZ3Ukx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9mY2VhNTAtZmU0Ny00NjY0LTkyNjctYzBkY2NkYjdhOTA1
LzEvX0JWOU9XN1prb1E5cnU5N25NcHpzRU9XYkFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RJeMA0G
CSqGSIb3DQEBCwUAA4IBAQBgaF69KNcrHnD/PPlDU8QbYUC75dVIHtKfwFZewhzE
htwhUe3tg5jBJs79e8kmjxYnRtw2762wyjGZa026xDtnDDFyHDzyJTQQPHkEH+7w
VfZJUZrrIUBYXUixTm768KYXZ9UJ12nHnOWm+DVKalvlkJqOeJ196DPcLE0ZSjV3
jV3X+B4NsMtb+zjuhG5PbaNP6r0U/3rD8LG0/k4DuW0ccYuIJDTmPj2lWF1Hc4xs
1GjZKO15ZZBlW3yJ0fE6ROfmNzlMEXsLf3mw0hCYWyOCZxIbH24IsVzM+TVgX27/
wzpw/71YUqFhCZa4cFn1OraLUOulmNIbo4zO45meJqhY
-----END CERTIFICATE-----