Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/fp1sLUeIRXFqhsdIFZLdl0__7pM.roa
File:                     fp1sLUeIRXFqhsdIFZLdl0__7pM.roa (raw, json)
Hash identifier:          zYsrMGDZPKYtnkQ+At/0eP5XyC5n7qFFGT9wnz8DZQg=
Subject key identifier:   7E:9D:6C:2D:47:88:45:71:6A:86:C7:48:15:92:DD:97:4F:FF:EE:93
Certificate issuer:       /CN=321ec194107843848cd36330232b5f6a43791db4
Certificate serial:       019D718CB537EF03C23037A0610F629E493A
Authority key identifier: 32:1E:C1:94:10:78:43:84:8C:D3:63:30:23:2B:5F:6A:43:79:1D:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mh7BlBB4Q4SM02MwIytfakN5HbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/fp1sLUeIRXFqhsdIFZLdl0__7pM.roa
Signing time:             Thu 09 Apr 2026 09:22:20 +0000
ROA not before:           Thu 09 Apr 2026 09:22:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43519
IP address blocks:        194.227.194.0/24 maxlen: 24
                          194.227.195.0/24 maxlen: 24
                          212.148.212.0/24 maxlen: 24
                          212.148.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/Mh7BlBB4Q4SM02MwIytfakN5HbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/Mh7BlBB4Q4SM02MwIytfakN5HbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mh7BlBB4Q4SM02MwIytfakN5HbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:71:8c:b5:37:ef:03:c2:30:37:a0:61:0f:62:9e:49:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=321ec194107843848cd36330232b5f6a43791db4
        Validity
            Not Before: Apr  9 09:22:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7e9d6c2d478845716a86c7481592dd974fffee93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:52:6a:67:75:f2:9f:78:3e:b7:e0:67:38:a8:
                    8b:49:41:1d:5e:d7:70:53:cb:20:63:ff:6e:44:98:
                    c1:d3:2b:ed:07:5b:89:8e:cb:1c:9a:f4:9f:0b:f0:
                    88:52:3f:cd:b0:07:12:3b:fa:c6:94:6b:bd:10:25:
                    a9:ce:f1:7f:36:5d:fa:b1:eb:14:b7:f6:5f:b8:93:
                    2b:ef:0c:6e:8e:83:b5:70:65:6c:a8:0d:f8:c0:4f:
                    44:6b:9d:46:ff:b5:1b:ee:17:04:b4:f0:17:38:87:
                    28:02:22:14:53:ff:7d:63:db:ee:a6:34:ab:a2:16:
                    f0:cf:86:1f:a4:ec:49:13:97:a6:ca:29:75:90:54:
                    3d:38:d2:27:bc:9b:3c:fb:60:9a:4d:79:0a:6a:95:
                    a1:f2:59:c9:71:93:8e:8c:55:33:e1:4e:5c:79:ba:
                    ec:ed:98:5a:33:bd:ce:f1:03:f8:89:43:6d:82:14:
                    6d:02:ba:3e:4b:fa:ea:66:63:62:40:d6:4b:c8:d2:
                    0b:b5:ae:62:81:7f:8e:84:f5:e8:48:7b:44:4e:88:
                    60:f0:a2:f5:a0:c9:9a:c0:91:71:01:a7:17:a7:4a:
                    36:68:53:88:e3:08:f7:59:0e:f1:c3:98:cf:92:fb:
                    7d:84:c0:d2:d5:48:35:e1:19:00:03:f3:47:4e:c7:
                    db:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:9D:6C:2D:47:88:45:71:6A:86:C7:48:15:92:DD:97:4F:FF:EE:93
            X509v3 Authority Key Identifier:
                keyid:32:1E:C1:94:10:78:43:84:8C:D3:63:30:23:2B:5F:6A:43:79:1D:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mh7BlBB4Q4SM02MwIytfakN5HbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/fp1sLUeIRXFqhsdIFZLdl0__7pM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/Mh7BlBB4Q4SM02MwIytfakN5HbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.227.194.0/23
                  212.148.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:f3:49:74:36:12:da:9c:f1:6e:45:6a:20:cb:78:b0:d4:b1:
         01:f5:18:80:ec:9b:bd:ca:fb:e2:b9:57:02:38:41:0e:7a:35:
         73:0f:e8:06:e8:78:07:8e:f9:f3:c2:e7:ba:f5:97:d4:da:26:
         fb:37:f5:2d:13:ba:98:e5:15:4f:cf:6b:c5:0e:4b:72:59:d0:
         b1:7c:7d:93:8d:de:f2:30:7c:cf:9d:ca:9c:a9:ec:22:23:43:
         e8:de:ac:c7:35:65:5e:b6:c3:5a:f0:aa:f6:5b:ac:ca:eb:e2:
         58:bc:bf:f2:1c:cb:14:f6:c8:db:cb:51:45:81:23:8d:27:61:
         cb:fe:53:17:35:75:6b:aa:35:f9:ee:9f:cf:12:36:c8:ff:77:
         68:e3:cd:3b:53:f6:ea:db:01:0f:e3:75:13:3c:bd:3e:0b:aa:
         5c:12:c4:aa:64:9a:7d:9a:0e:db:05:7b:a3:3f:c3:bb:a7:70:
         9c:45:7f:04:08:5d:d0:59:73:63:6e:d2:75:d4:52:af:06:9d:
         e1:60:1b:80:45:21:95:a8:33:46:f7:b3:04:3a:e7:dd:5c:61:
         2c:4f:72:b9:11:75:77:24:ea:fb:b9:c4:89:2b:02:aa:70:3d:
         1d:18:47:47:63:77:1b:80:cd:41:d5:eb:e4:6b:4a:91:aa:cb:
         f0:77:63:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1xjLU37wPCMDegYQ9inkk6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMWVjMTk0MTA3ODQzODQ4Y2QzNjMzMDIzMmI1ZjZhNDM3
OTFkYjQwHhcNMjYwNDA5MDkyMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTlkNmMyZDQ3ODg0NTcxNmE4NmM3NDgxNTkyZGQ5NzRmZmZlZTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlJqZ3Xyn3g+t+BnOKiLSUEdXtdw
U8sgY/9uRJjB0yvtB1uJjsscmvSfC/CIUj/NsAcSO/rGlGu9ECWpzvF/Nl36sesU
t/ZfuJMr7wxujoO1cGVsqA34wE9Ea51G/7Ub7hcEtPAXOIcoAiIUU/99Y9vupjSr
ohbwz4YfpOxJE5emyil1kFQ9ONInvJs8+2CaTXkKapWh8lnJcZOOjFUz4U5cebrs
7ZhaM73O8QP4iUNtghRtAro+S/rqZmNiQNZLyNILta5igX+OhPXoSHtETohg8KL1
oMmawJFxAacXp0o2aFOI4wj3WQ7xw5jPkvt9hMDS1Ug14RkAA/NHTsfbswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH6dbC1HiEVxaobHSBWS3ZdP/+6TMB8GA1UdIwQY
MBaAFDIewZQQeEOEjNNjMCMrX2pDeR20MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWg3QmxCQjRRNFNNMDJNd0l5dGZha041SGJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9mMTQ1OGYtYmRjMy00ZTRiLTlmNjgt
M2E2MTFjMDkzYTJjLzEvZnAxc0xVZUlSWEZxaHNkSUZaTGRsMF9fN3BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9mMTQ1OGYtYmRjMy00ZTRiLTlmNjgtM2E2MTFjMDkzYTJj
LzEvTWg3QmxCQjRRNFNNMDJNd0l5dGZha041SGJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwuPCAwQB
1JTUMA0GCSqGSIb3DQEBCwUAA4IBAQA680l0NhLanPFuRWogy3iw1LEB9RiA7Ju9
yvviuVcCOEEOejVzD+gG6HgHjvnzwue69ZfU2ib7N/UtE7qY5RVPz2vFDktyWdCx
fH2Tjd7yMHzPncqcqewiI0Po3qzHNWVetsNa8Kr2W6zK6+JYvL/yHMsU9sjby1FF
gSONJ2HL/lMXNXVrqjX57p/PEjbI/3do4807U/bq2wEP43UTPL0+C6pcEsSqZJp9
mg7bBXujP8O7p3CcRX8ECF3QWXNjbtJ11FKvBp3hYBuARSGVqDNG97MEOufdXGEs
T3K5EXV3JOr7ucSJKwKqcD0dGEdHY3cbgM1B1evka0qRqsvwd2Nn
-----END CERTIFICATE-----