Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/FOcXeSbiB998fKJzfW7g14YaovU.roa
File:                     FOcXeSbiB998fKJzfW7g14YaovU.roa (raw, json)
Hash identifier:          kT2Dwn2Z/11eQNgjBg89J4ih/DmaP3p13vgseMvAdsY=
Subject key identifier:   14:E7:17:79:26:E2:07:DF:7C:7C:A2:73:7D:6E:E0:D7:86:1A:A2:F5
Certificate issuer:       /CN=432efe16ec6c00fd45b5d918d9b172acd0a58d96
Certificate serial:       019E97828FC85221635A2CA7ABA883E29843
Authority key identifier: 43:2E:FE:16:EC:6C:00:FD:45:B5:D9:18:D9:B1:72:AC:D0:A5:8D:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qy7-FuxsAP1FtdkY2bFyrNCljZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/FOcXeSbiB998fKJzfW7g14YaovU.roa
Signing time:             Fri 05 Jun 2026 11:19:36 +0000
ROA not before:           Fri 05 Jun 2026 11:19:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41477
IP address blocks:        146.19.127.0/24 maxlen: 24
                          185.122.244.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/Qy7-FuxsAP1FtdkY2bFyrNCljZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/Qy7-FuxsAP1FtdkY2bFyrNCljZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qy7-FuxsAP1FtdkY2bFyrNCljZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Jun 2026 02:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:97:82:8f:c8:52:21:63:5a:2c:a7:ab:a8:83:e2:98:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=432efe16ec6c00fd45b5d918d9b172acd0a58d96
        Validity
            Not Before: Jun  5 11:19:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=14e7177926e207df7c7ca2737d6ee0d7861aa2f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:5b:20:19:5a:63:21:50:eb:a4:8d:a1:4a:cb:
                    97:4d:ff:7c:02:5e:38:ca:2f:b9:36:53:38:b6:dd:
                    9f:e2:ff:e2:c7:c4:ce:22:74:cb:c8:7e:06:d5:7c:
                    d5:85:ac:a5:8f:69:7e:0c:76:e2:7b:1b:39:82:26:
                    d5:4f:0e:b5:37:b6:49:45:94:d7:af:ce:77:08:0c:
                    0b:20:ed:61:d9:eb:d1:79:5d:98:6e:f9:04:b8:f1:
                    20:b2:1b:2b:e7:35:cf:77:89:ec:06:4d:78:e1:db:
                    22:ae:3f:a3:41:89:d3:12:15:9c:09:02:76:b1:90:
                    29:06:d1:12:93:86:f9:86:28:be:9b:a3:c1:52:37:
                    60:fd:b8:7f:1f:fd:5a:0d:e2:a9:89:09:ce:76:c3:
                    17:63:65:95:79:b1:39:11:1f:52:df:62:4b:08:92:
                    72:bc:ec:45:4c:11:d1:1a:6f:a3:06:4b:05:cd:38:
                    36:5c:66:21:48:79:4e:09:91:47:7c:78:ed:91:8f:
                    05:2e:13:d0:97:30:8b:23:54:48:4e:41:dd:df:bc:
                    7d:13:d7:03:68:ef:37:c5:79:d7:aa:e7:16:4b:d5:
                    5d:49:dd:e7:24:55:a9:05:49:5f:a8:e6:9b:16:e7:
                    e8:63:2a:49:e3:e8:55:29:4f:56:26:fd:3f:68:a8:
                    28:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:E7:17:79:26:E2:07:DF:7C:7C:A2:73:7D:6E:E0:D7:86:1A:A2:F5
            X509v3 Authority Key Identifier:
                keyid:43:2E:FE:16:EC:6C:00:FD:45:B5:D9:18:D9:B1:72:AC:D0:A5:8D:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qy7-FuxsAP1FtdkY2bFyrNCljZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/FOcXeSbiB998fKJzfW7g14YaovU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/25b47e-4079-4f21-911b-f389a5269fb2/1/Qy7-FuxsAP1FtdkY2bFyrNCljZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.127.0/24
                  185.122.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:1f:a5:76:37:4c:7d:a7:a4:3b:fa:8d:66:24:56:1a:66:c9:
         8c:cd:6a:14:02:7a:05:66:ba:bf:f3:a8:af:81:e3:d9:82:0b:
         98:57:87:7e:e4:d6:c5:13:ad:b6:ca:88:3c:98:3e:25:f7:d1:
         19:ff:e5:45:69:0e:57:c6:06:f3:84:80:d7:09:88:aa:75:b9:
         80:0e:ca:e7:a8:1b:00:18:ac:29:02:fe:d6:75:58:37:ec:17:
         7a:59:de:07:9d:61:cf:d9:90:63:d5:fe:c4:6f:22:b7:bf:5b:
         d4:a6:5f:47:77:df:ca:72:21:43:7e:ca:8f:66:88:59:8d:d2:
         f9:e4:8b:71:c3:86:ea:31:67:fa:d7:f4:11:e1:ed:b3:f3:e8:
         b4:e7:57:01:02:6d:9c:c2:cc:94:9d:53:66:86:36:44:b2:88:
         4a:97:53:f7:d0:6e:a2:37:34:a5:65:6e:ab:df:c4:e7:a1:57:
         d0:bd:97:47:19:6d:53:04:55:0a:cd:73:3a:9f:5b:ac:61:8e:
         56:57:47:77:3e:fd:0e:1f:66:5e:4e:4b:97:1d:8e:45:d4:91:
         74:46:00:c9:48:ae:f9:5c:79:ac:2d:15:0a:5a:5d:e4:92:a4:
         9f:fb:91:a1:56:8d:70:6c:8c:f0:83:ed:e9:b3:0c:26:02:4d:
         3a:dd:6c:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6Xgo/IUiFjWiynq6iD4phDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMmVmZTE2ZWM2YzAwZmQ0NWI1ZDkxOGQ5YjE3MmFjZDBh
NThkOTYwHhcNMjYwNjA1MTExOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGU3MTc3OTI2ZTIwN2RmN2M3Y2EyNzM3ZDZlZTBkNzg2MWFhMmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlsgGVpjIVDrpI2hSsuXTf98Al44
yi+5NlM4tt2f4v/ix8TOInTLyH4G1XzVhaylj2l+DHbiexs5gibVTw61N7ZJRZTX
r853CAwLIO1h2evReV2YbvkEuPEgshsr5zXPd4nsBk144dsirj+jQYnTEhWcCQJ2
sZApBtESk4b5hii+m6PBUjdg/bh/H/1aDeKpiQnOdsMXY2WVebE5ER9S32JLCJJy
vOxFTBHRGm+jBksFzTg2XGYhSHlOCZFHfHjtkY8FLhPQlzCLI1RITkHd37x9E9cD
aO83xXnXqucWS9VdSd3nJFWpBUlfqOabFufoYypJ4+hVKU9WJv0/aKgo5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBTnF3km4gfffHyic31u4NeGGqL1MB8GA1UdIwQY
MBaAFEMu/hbsbAD9RbXZGNmxcqzQpY2WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXk3LUZ1eHNBUDFGdGRrWTJiRnlyTkNsalpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8yNWI0N2UtNDA3OS00ZjIxLTkxMWIt
ZjM4OWE1MjY5ZmIyLzEvRk9jWGVTYmlCOTk4ZktKemZXN2cxNFlhb3ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8yNWI0N2UtNDA3OS00ZjIxLTkxMWItZjM4OWE1MjY5ZmIy
LzEvUXk3LUZ1eHNBUDFGdGRrWTJiRnlyTkNsalpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkhN/AwQC
uXr0MA0GCSqGSIb3DQEBCwUAA4IBAQAVH6V2N0x9p6Q7+o1mJFYaZsmMzWoUAnoF
Zrq/86ivgePZgguYV4d+5NbFE622yog8mD4l99EZ/+VFaQ5XxgbzhIDXCYiqdbmA
DsrnqBsAGKwpAv7WdVg37Bd6Wd4HnWHP2ZBj1f7EbyK3v1vUpl9Hd9/KciFDfsqP
ZohZjdL55Itxw4bqMWf61/QR4e2z8+i051cBAm2cwsyUnVNmhjZEsohKl1P30G6i
NzSlZW6r38TnoVfQvZdHGW1TBFUKzXM6n1usYY5WV0d3Pv0OH2ZeTkuXHY5F1JF0
RgDJSK75XHmsLRUKWl3kkqSf+5GhVo1wbIzwg+3pswwmAk063Wze
-----END CERTIFICATE-----