Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/FsJFy4QzX3uJ4UdyViwCikynttA.roa
File:                     FsJFy4QzX3uJ4UdyViwCikynttA.roa (raw, json)
Hash identifier:          RlB8FaaAry3OAsuD+Dw02lKQL3ZJpmsn7VXQvAtrEQQ=
Subject key identifier:   16:C2:45:CB:84:33:5F:7B:89:E1:47:72:56:2C:02:8A:4C:A7:B6:D0
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       019D4483707D231350F8BDA6BE329B54900B
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/FsJFy4QzX3uJ4UdyViwCikynttA.roa
Signing time:             Tue 31 Mar 2026 15:29:17 +0000
ROA not before:           Tue 31 Mar 2026 15:29:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        217.147.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:44:83:70:7d:23:13:50:f8:bd:a6:be:32:9b:54:90:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Mar 31 15:29:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=16c245cb84335f7b89e14772562c028a4ca7b6d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:4e:2e:ca:a1:ab:9d:5e:1e:4e:db:af:b0:12:
                    8d:1d:e6:13:81:a4:dc:0e:c4:e9:0c:a0:fe:17:01:
                    82:7c:67:e6:de:2b:e2:f1:9f:db:8b:94:31:ef:de:
                    2b:dd:6e:1f:e6:66:b8:5a:8d:0d:c5:d1:3f:6c:ac:
                    53:f9:fb:89:5f:35:aa:8c:85:60:17:41:ab:ce:51:
                    7b:27:90:54:04:a7:ce:f3:2c:84:b1:8a:79:34:bc:
                    2e:77:ea:22:d1:66:40:5f:a7:f5:a5:d2:16:8c:83:
                    a5:fb:c3:61:fb:52:18:75:ec:aa:81:d3:68:3b:6e:
                    fe:f5:1e:93:de:d6:f7:df:15:f8:27:f5:18:43:d4:
                    bd:94:1b:44:a1:b9:87:0a:cc:b8:47:a3:ef:8d:ac:
                    27:83:20:c8:bc:bc:15:f2:55:40:dd:13:c2:5b:ef:
                    f3:1f:44:0d:9a:ec:e2:1e:d7:13:ad:47:e7:e2:5d:
                    6e:aa:0f:cf:3d:84:45:05:98:d2:b1:c0:45:f5:1f:
                    e1:48:32:0f:ce:b7:fe:93:f2:be:29:34:e9:a6:26:
                    30:c7:ba:ef:f1:e8:34:fa:de:17:dd:6d:3f:64:15:
                    18:2f:51:76:ca:f5:37:2c:f1:29:ff:41:c6:f7:84:
                    7f:e8:1d:43:36:1b:9a:ef:61:19:10:6e:c2:bc:24:
                    ba:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:C2:45:CB:84:33:5F:7B:89:E1:47:72:56:2C:02:8A:4C:A7:B6:D0
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/FsJFy4QzX3uJ4UdyViwCikynttA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:d6:bb:2b:54:a3:8f:c1:27:86:a9:5b:93:31:10:08:2c:ab:
         09:54:af:37:83:92:ab:02:bd:68:d7:30:47:d9:9c:54:c9:f8:
         41:4b:91:d2:ba:22:21:07:66:ae:15:e3:d2:d5:b7:cb:85:53:
         5c:12:f2:60:d9:45:68:8f:ab:70:9a:e5:55:88:54:3e:06:66:
         63:b7:3a:6b:6d:86:98:f7:81:37:86:49:83:f2:48:99:11:d4:
         e3:5b:80:d9:94:fe:f9:f8:d9:59:f8:51:e3:84:2f:73:43:41:
         c8:0c:11:29:e2:b6:d7:ee:a0:2e:72:bc:49:db:2f:8c:16:cb:
         d1:83:e9:a6:79:b4:5b:69:8a:66:e8:c2:52:02:03:47:d5:91:
         0c:8f:79:a4:c9:df:b8:f3:a4:75:67:b2:b9:13:bb:df:d7:ab:
         df:48:b2:e7:20:f8:c5:90:92:54:7a:b7:55:61:bf:e1:4a:55:
         47:d3:8a:ff:66:4f:ce:5a:7a:d5:c0:6a:06:be:cd:29:ce:ec:
         94:b6:bc:4f:dc:9f:e4:50:9e:34:6f:14:34:5d:9c:86:1c:a3:
         28:b4:cd:76:b2:26:26:72:44:77:36:6e:92:5b:6e:ce:10:3b:
         cd:70:06:7d:0e:d7:cc:dd:08:85:a0:73:47:66:b9:b8:55:3a:
         94:fe:1d:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1Eg3B9IxNQ+L2mvjKbVJALMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjYwMzMxMTUyOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmMyNDVjYjg0MzM1ZjdiODllMTQ3NzI1NjJjMDI4YTRjYTdiNmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA504uyqGrnV4eTtuvsBKNHeYTgaTc
DsTpDKD+FwGCfGfm3ivi8Z/bi5Qx794r3W4f5ma4Wo0NxdE/bKxT+fuJXzWqjIVg
F0GrzlF7J5BUBKfO8yyEsYp5NLwud+oi0WZAX6f1pdIWjIOl+8Nh+1IYdeyqgdNo
O27+9R6T3tb33xX4J/UYQ9S9lBtEobmHCsy4R6PvjawngyDIvLwV8lVA3RPCW+/z
H0QNmuziHtcTrUfn4l1uqg/PPYRFBZjSscBF9R/hSDIPzrf+k/K+KTTppiYwx7rv
8eg0+t4X3W0/ZBUYL1F2yvU3LPEp/0HG94R/6B1DNhua72EZEG7CvCS6HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBbCRcuEM197ieFHclYsAopMp7bQMB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvRnNKRnk0UXpYM3VKNFVkeVZpd0Npa3ludHRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZOoMA0G
CSqGSIb3DQEBCwUAA4IBAQBy1rsrVKOPwSeGqVuTMRAILKsJVK83g5KrAr1o1zBH
2ZxUyfhBS5HSuiIhB2auFePS1bfLhVNcEvJg2UVoj6twmuVViFQ+BmZjtzprbYaY
94E3hkmD8kiZEdTjW4DZlP75+NlZ+FHjhC9zQ0HIDBEp4rbX7qAucrxJ2y+MFsvR
g+mmebRbaYpm6MJSAgNH1ZEMj3mkyd+486R1Z7K5E7vf16vfSLLnIPjFkJJUerdV
Yb/hSlVH04r/Zk/OWnrVwGoGvs0pzuyUtrxP3J/kUJ40bxQ0XZyGHKMotM12siYm
ckR3Nm6SW27OEDvNcAZ9DtfM3QiFoHNHZrm4VTqU/h3X
-----END CERTIFICATE-----