Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/csf31rqb-Vtp8DxAcvND5Xzia2g.roa
File:                     csf31rqb-Vtp8DxAcvND5Xzia2g.roa (raw, json)
Hash identifier:          tIcC2hzx8VFbqFhPv8CNA+NzwFonxl1ILY4nFDsUkqc=
Subject key identifier:   72:C7:F7:D6:BA:9B:F9:5B:69:F0:3C:40:72:F3:43:E5:7C:E2:6B:68
Certificate issuer:       /CN=df0198a7b3afdcdd7003562a0871878e238760ad
Certificate serial:       019D488ADA024B7D369C0ECFB8294A56A46B
Authority key identifier: DF:01:98:A7:B3:AF:DC:DD:70:03:56:2A:08:71:87:8E:23:87:60:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/csf31rqb-Vtp8DxAcvND5Xzia2g.roa
Signing time:             Wed 01 Apr 2026 10:15:52 +0000
ROA not before:           Wed 01 Apr 2026 10:15:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8696
IP address blocks:        80.244.96.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 13:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:48:8a:da:02:4b:7d:36:9c:0e:cf:b8:29:4a:56:a4:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df0198a7b3afdcdd7003562a0871878e238760ad
        Validity
            Not Before: Apr  1 10:15:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=72c7f7d6ba9bf95b69f03c4072f343e57ce26b68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b6:05:8a:29:b1:69:17:43:2a:52:b0:24:6d:
                    cf:2a:fb:72:9c:d6:46:57:4c:05:4b:5c:60:54:9a:
                    35:54:cc:c7:35:50:02:dd:22:74:b3:13:7a:19:3a:
                    a4:33:42:91:4c:29:25:d9:97:76:88:22:a4:7b:3c:
                    fb:56:d0:6d:d6:ef:a7:57:a2:74:e3:f4:38:1c:a2:
                    15:2d:17:35:9c:c2:ee:d4:82:9b:7c:a6:4f:6e:4e:
                    31:53:bc:5f:16:98:92:18:51:59:99:cf:57:fe:cb:
                    0f:7f:c0:d8:9d:da:53:3c:32:65:b1:a2:1e:3b:1b:
                    e3:1b:15:45:ea:3d:e3:5e:ef:65:4b:0c:2f:e1:2f:
                    4d:2a:d3:f4:d4:1f:b4:09:c1:47:06:93:a8:68:0c:
                    a4:8b:70:51:cd:55:20:f8:5c:06:03:3d:55:6a:c6:
                    db:e9:a6:11:5b:46:c6:57:91:47:90:ac:f6:66:5f:
                    8b:87:61:57:1d:91:75:30:25:5c:61:58:3e:4e:c3:
                    c2:6d:35:9e:9f:ef:d6:7c:01:f3:d9:73:a4:b9:44:
                    9b:db:e4:ae:c2:42:52:20:a1:ae:b1:09:6f:83:97:
                    5e:50:35:91:6e:07:6c:cc:9f:35:db:0a:77:69:4c:
                    ab:fe:31:9e:e3:c1:90:a4:ce:a6:92:ec:f7:4e:73:
                    a9:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:C7:F7:D6:BA:9B:F9:5B:69:F0:3C:40:72:F3:43:E5:7C:E2:6B:68
            X509v3 Authority Key Identifier:
                keyid:DF:01:98:A7:B3:AF:DC:DD:70:03:56:2A:08:71:87:8E:23:87:60:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/csf31rqb-Vtp8DxAcvND5Xzia2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.244.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         37:e2:64:f1:fc:de:07:64:78:4b:89:60:26:2a:ca:47:33:ec:
         d5:98:a2:01:36:81:ac:25:04:f8:04:cb:0d:78:fb:55:d5:d6:
         41:8d:a0:5e:9a:d4:51:53:ac:57:3f:17:40:20:c5:88:08:4d:
         4f:63:f6:a6:6e:46:38:be:2f:80:3e:64:25:f8:c8:21:30:0a:
         65:1c:ba:b6:96:bc:b2:b2:06:e2:bf:5f:aa:c5:dd:36:63:8e:
         7a:c5:1c:a2:46:58:3f:29:9a:28:bd:3e:19:37:77:15:d7:03:
         e0:22:be:2b:a9:f7:3e:10:36:87:e2:a3:eb:c3:1e:f7:40:e3:
         39:cc:64:6b:39:fe:2f:2c:49:8d:01:25:04:45:0a:46:ff:36:
         b3:bb:29:0b:3b:ec:40:85:41:51:de:83:61:fc:c1:5d:21:04:
         93:48:b1:67:dc:19:e9:52:26:bb:83:3a:cf:86:0d:08:9f:39:
         cd:2a:e5:b6:c7:9e:db:4c:ac:d8:8f:3b:3c:15:ba:49:0b:dd:
         14:75:35:8c:01:da:d6:03:d2:6a:99:b6:47:dc:44:ac:91:4a:
         35:73:73:70:42:02:d4:5f:4a:25:5e:08:84:82:f9:ef:b6:c2:
         3d:fb:52:a0:c7:22:71:3d:c7:2b:13:7b:e8:d7:8e:93:c1:76:
         43:42:f8:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1IitoCS302nA7PuClKVqRrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMDE5OGE3YjNhZmRjZGQ3MDAzNTYyYTA4NzE4NzhlMjM4
NzYwYWQwHhcNMjYwNDAxMTAxNTUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmM3ZjdkNmJhOWJmOTViNjlmMDNjNDA3MmYzNDNlNTdjZTI2YjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17YFiimxaRdDKlKwJG3PKvtynNZG
V0wFS1xgVJo1VMzHNVAC3SJ0sxN6GTqkM0KRTCkl2Zd2iCKkezz7VtBt1u+nV6J0
4/Q4HKIVLRc1nMLu1IKbfKZPbk4xU7xfFpiSGFFZmc9X/ssPf8DYndpTPDJlsaIe
OxvjGxVF6j3jXu9lSwwv4S9NKtP01B+0CcFHBpOoaAyki3BRzVUg+FwGAz1Vasbb
6aYRW0bGV5FHkKz2Zl+Lh2FXHZF1MCVcYVg+TsPCbTWen+/WfAHz2XOkuUSb2+Su
wkJSIKGusQlvg5deUDWRbgdszJ812wp3aUyr/jGe48GQpM6mkuz3TnOpkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHLH99a6m/lbafA8QHLzQ+V84mtoMB8GA1UdIwQY
MBaAFN8BmKezr9zdcANWKghxh44jh2CtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3dHWXA3T3YzTjF3QTFZcUNIR0hqaU9IWUswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9kM2ZjYTYtZWNiNS00M2FhLThjOWQt
MGZjYzZjMzAxMWZjLzEvY3NmMzFycWItVnRwOER4QWN2TkQ1WHppYTJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9kM2ZjYTYtZWNiNS00M2FhLThjOWQtMGZjYzZjMzAxMWZj
LzEvM3dHWXA3T3YzTjF3QTFZcUNIR0hqaU9IWUswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUPRgMA0G
CSqGSIb3DQEBCwUAA4IBAQA34mTx/N4HZHhLiWAmKspHM+zVmKIBNoGsJQT4BMsN
ePtV1dZBjaBemtRRU6xXPxdAIMWICE1PY/ambkY4vi+APmQl+MghMAplHLq2lryy
sgbiv1+qxd02Y456xRyiRlg/KZoovT4ZN3cV1wPgIr4rqfc+EDaH4qPrwx73QOM5
zGRrOf4vLEmNASUERQpG/zazuykLO+xAhUFR3oNh/MFdIQSTSLFn3BnpUia7gzrP
hg0InznNKuW2x57bTKzYjzs8FbpJC90UdTWMAdrWA9JqmbZH3ESskUo1c3NwQgLU
X0olXgiEgvnvtsI9+1KgxyJxPccrE3vo146TwXZDQvj+
-----END CERTIFICATE-----