Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/c316b6-72e3-4bce-bbe2-1b432872bcff/1/FImc6744QQwEQQovKDqizeaFC7c.roa
File:                     FImc6744QQwEQQovKDqizeaFC7c.roa (raw, json)
Hash identifier:          sUbtOcLGidbBgbl2zkqKhUn8p3q1zKed/eARiNS1qdI=
Subject key identifier:   14:89:9C:EB:BE:38:41:0C:04:41:0A:2F:28:3A:A2:CD:E6:85:0B:B7
Certificate issuer:       /CN=e54ab89d33bd8aa9438a1dd0b4c59edbeb0c64ee
Certificate serial:       019B7AC8AE0DFC6DDF2C0C2CD6080DAE84D9
Authority key identifier: E5:4A:B8:9D:33:BD:8A:A9:43:8A:1D:D0:B4:C5:9E:DB:EB:0C:64:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Uq4nTO9iqlDih3QtMWe2-sMZO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/c316b6-72e3-4bce-bbe2-1b432872bcff/1/FImc6744QQwEQQovKDqizeaFC7c.roa
Signing time:             Thu 01 Jan 2026 18:18:50 +0000
ROA not before:           Thu 01 Jan 2026 18:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200001
IP address blocks:        194.42.110.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/c316b6-72e3-4bce-bbe2-1b432872bcff/1/5Uq4nTO9iqlDih3QtMWe2-sMZO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/c316b6-72e3-4bce-bbe2-1b432872bcff/1/5Uq4nTO9iqlDih3QtMWe2-sMZO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Uq4nTO9iqlDih3QtMWe2-sMZO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:ae:0d:fc:6d:df:2c:0c:2c:d6:08:0d:ae:84:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e54ab89d33bd8aa9438a1dd0b4c59edbeb0c64ee
        Validity
            Not Before: Jan  1 18:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=14899cebbe38410c04410a2f283aa2cde6850bb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:31:db:a5:f0:5c:6f:14:f3:4f:c9:4a:f6:6d:
                    e4:a6:5d:42:76:66:a7:00:dd:a6:27:2a:11:3f:19:
                    a3:7c:76:fd:92:b4:40:b4:b7:e9:72:69:6e:af:e1:
                    f0:2b:01:74:31:94:d3:64:4a:89:12:72:14:e0:5f:
                    d0:ba:a0:78:5d:0e:af:df:1c:95:3a:7f:02:d5:62:
                    4a:be:97:f0:38:1d:c8:88:01:a0:30:ae:84:4f:c0:
                    32:5c:08:a6:38:22:bd:b8:c0:1e:3a:b1:4f:5a:e5:
                    50:d9:23:35:87:dc:64:ab:b5:de:6c:f3:6d:6d:e3:
                    b3:6f:92:7d:f8:8d:02:56:80:f4:36:52:5e:d8:c0:
                    cc:27:04:80:ac:af:7d:51:61:05:af:92:e4:6a:ba:
                    0d:4c:7e:0c:22:b5:1c:c0:36:e8:ab:34:05:9e:3f:
                    d6:75:63:c6:43:e1:d1:05:f0:74:19:e4:70:f3:7e:
                    30:9e:de:89:36:84:87:cd:ae:f9:60:f4:53:9e:00:
                    b7:ad:75:72:7e:f9:e2:87:11:95:7d:fc:ca:a2:ad:
                    3f:96:10:94:d3:54:fa:35:98:44:d5:1d:db:d4:22:
                    d3:f7:20:4b:d4:7d:18:30:6f:f2:60:55:5a:ea:4f:
                    40:4a:ad:27:f4:eb:b6:63:5f:b1:2e:0f:a2:3b:8c:
                    b6:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:89:9C:EB:BE:38:41:0C:04:41:0A:2F:28:3A:A2:CD:E6:85:0B:B7
            X509v3 Authority Key Identifier:
                keyid:E5:4A:B8:9D:33:BD:8A:A9:43:8A:1D:D0:B4:C5:9E:DB:EB:0C:64:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Uq4nTO9iqlDih3QtMWe2-sMZO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/c316b6-72e3-4bce-bbe2-1b432872bcff/1/FImc6744QQwEQQovKDqizeaFC7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/c316b6-72e3-4bce-bbe2-1b432872bcff/1/5Uq4nTO9iqlDih3QtMWe2-sMZO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.42.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:1b:a5:66:f3:19:94:ad:60:8d:11:75:38:33:0a:cc:54:c8:
         30:b9:1c:c3:04:a5:5b:da:a3:55:d2:d1:8f:d9:d4:93:83:47:
         87:2e:67:9b:89:b1:a2:72:55:d3:d3:8e:c6:e4:23:00:36:22:
         16:e3:7b:28:02:5a:07:4d:a2:12:b6:41:dc:a0:28:75:a8:ef:
         4f:da:61:91:be:14:18:5f:95:f0:bb:0c:43:05:5f:81:f2:83:
         40:45:dd:ff:72:c7:4f:82:15:89:c1:50:ef:0b:14:55:1e:2b:
         72:bb:88:93:6f:e1:58:63:fa:f8:e4:8b:43:6a:da:63:b4:15:
         18:56:f0:c8:23:aa:67:ad:13:a8:e5:8c:43:52:6e:ff:00:16:
         4a:50:4f:b6:1e:07:14:f0:9e:47:66:c8:6f:0c:52:ec:d1:1e:
         aa:f5:6b:a3:ab:fd:71:b2:08:d0:29:7e:c8:15:63:96:4e:fa:
         c4:17:3e:59:e4:16:22:ce:d9:e0:06:c2:b3:c1:89:c2:a7:3b:
         72:1b:e9:79:e1:e5:97:b7:e8:11:57:c5:e6:a7:93:90:a0:8e:
         62:62:0c:1d:a7:be:c3:53:fa:0e:a3:0a:ec:51:c4:90:db:96:
         12:fe:58:f8:54:8a:20:13:b9:f0:d3:dc:37:b7:50:b9:1c:a8:
         e4:d2:98:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yK4N/G3fLAws1ggNroTZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NGFiODlkMzNiZDhhYTk0MzhhMWRkMGI0YzU5ZWRiZWIw
YzY0ZWUwHhcNMjYwMTAxMTgxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDg5OWNlYmJlMzg0MTBjMDQ0MTBhMmYyODNhYTJjZGU2ODUwYmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTHbpfBcbxTzT8lK9m3kpl1Cdman
AN2mJyoRPxmjfHb9krRAtLfpcmlur+HwKwF0MZTTZEqJEnIU4F/QuqB4XQ6v3xyV
On8C1WJKvpfwOB3IiAGgMK6ET8AyXAimOCK9uMAeOrFPWuVQ2SM1h9xkq7XebPNt
beOzb5J9+I0CVoD0NlJe2MDMJwSArK99UWEFr5LkaroNTH4MIrUcwDboqzQFnj/W
dWPGQ+HRBfB0GeRw834wnt6JNoSHza75YPRTngC3rXVyfvnihxGVffzKoq0/lhCU
01T6NZhE1R3b1CLT9yBL1H0YMG/yYFVa6k9ASq0n9Ou2Y1+xLg+iO4y2+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSJnOu+OEEMBEEKLyg6os3mhQu3MB8GA1UdIwQY
MBaAFOVKuJ0zvYqpQ4od0LTFntvrDGTuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVVxNG5UTzlpcWxEaWgzUXRNV2UyLXNNWk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9jMzE2YjYtNzJlMy00YmNlLWJiZTIt
MWI0MzI4NzJiY2ZmLzEvRkltYzY3NDRRUXdFUVFvdktEcWl6ZWFGQzdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9jMzE2YjYtNzJlMy00YmNlLWJiZTItMWI0MzI4NzJiY2Zm
LzEvNVVxNG5UTzlpcWxEaWgzUXRNV2UyLXNNWk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwipuMA0G
CSqGSIb3DQEBCwUAA4IBAQBHG6Vm8xmUrWCNEXU4MwrMVMgwuRzDBKVb2qNV0tGP
2dSTg0eHLmebibGiclXT047G5CMANiIW43soAloHTaIStkHcoCh1qO9P2mGRvhQY
X5XwuwxDBV+B8oNARd3/csdPghWJwVDvCxRVHityu4iTb+FYY/r45ItDatpjtBUY
VvDII6pnrROo5YxDUm7/ABZKUE+2HgcU8J5HZshvDFLs0R6q9Wujq/1xsgjQKX7I
FWOWTvrEFz5Z5BYiztngBsKzwYnCpztyG+l54eWXt+gRV8Xmp5OQoI5iYgwdp77D
U/oOowrsUcSQ25YS/lj4VIogE7nw09w3t1C5HKjk0pg2
-----END CERTIFICATE-----