Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/cfONAnh7EKHW0HzS87oYk6MYkCs.roa
File:                     cfONAnh7EKHW0HzS87oYk6MYkCs.roa (raw, json)
Hash identifier:          bDvTseVFRP89oR1+SO0uIXWWjc7R1qOvKzgWqB1moiI=
Subject key identifier:   71:F3:8D:02:78:7B:10:A1:D6:D0:7C:D2:F3:BA:18:93:A3:18:90:2B
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019C4357CC9FBC847939F2B176DED7DFA4CE
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/cfONAnh7EKHW0HzS87oYk6MYkCs.roa
Signing time:             Mon 09 Feb 2026 16:59:13 +0000
ROA not before:           Mon 09 Feb 2026 16:59:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     142019
IP address blocks:        45.142.28.0/24 maxlen: 24
                          193.39.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:43:57:cc:9f:bc:84:79:39:f2:b1:76:de:d7:df:a4:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Feb  9 16:59:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=71f38d02787b10a1d6d07cd2f3ba1893a318902b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:fe:35:ed:e2:7f:ce:33:4f:6d:bf:01:4c:ea:
                    15:36:ec:f3:76:2c:33:77:ec:9a:59:d8:43:1e:ac:
                    b4:7b:3f:d9:a4:dd:5b:74:1c:b5:3b:d0:41:0b:43:
                    fd:83:e1:4f:64:b9:8a:fe:2d:9d:13:10:d3:9b:84:
                    90:73:9e:87:76:44:05:c7:1d:99:8a:7f:23:62:34:
                    cb:43:b9:fa:1b:03:27:44:ad:74:17:b9:5a:44:a0:
                    e2:cd:d5:6a:f5:d8:b8:bc:ee:a4:b0:d0:4c:5c:c8:
                    c6:7e:46:19:a6:74:10:c9:a4:5e:71:04:75:ca:94:
                    a4:ff:84:35:2d:b1:4e:bf:00:43:ed:97:33:bb:65:
                    de:f0:78:b9:fa:e5:e8:71:5a:dc:46:13:7c:66:5d:
                    e7:53:2b:74:21:eb:bd:de:a6:e2:dc:5b:d9:fb:a2:
                    b9:f4:3c:7b:83:bd:fa:47:a6:82:a1:37:18:0e:40:
                    dc:9a:91:2a:74:39:ac:4f:04:2d:1a:e6:c3:96:6d:
                    c0:57:f5:43:45:d0:fd:f3:cf:b0:d4:20:ba:e9:d1:
                    a8:df:ef:a1:c7:0d:fd:e8:ad:7b:1d:d4:b4:12:ff:
                    8e:86:b3:aa:1d:ba:0b:24:c9:80:d7:74:81:b2:e4:
                    6a:4a:49:fb:fa:33:c3:d4:33:14:e4:39:0c:1d:86:
                    3b:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:F3:8D:02:78:7B:10:A1:D6:D0:7C:D2:F3:BA:18:93:A3:18:90:2B
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/cfONAnh7EKHW0HzS87oYk6MYkCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.28.0/24
                  193.39.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:ad:dd:64:be:76:0c:2b:71:c8:2e:c2:df:81:d0:3f:5e:58:
         ab:be:c5:7b:fd:67:f4:d3:25:78:3d:fc:03:18:a5:57:4e:f4:
         32:dc:ed:a7:39:d4:be:c2:d3:d4:f8:18:81:5b:07:47:96:31:
         06:07:86:35:74:d2:76:bc:7c:0a:c5:39:c9:55:9c:d5:04:d0:
         af:c7:79:f1:69:21:b4:63:a9:19:05:48:7f:6c:77:7e:e9:8d:
         9e:5e:0c:b5:bc:f0:bc:e7:f3:b1:a6:57:f8:61:3f:5c:e7:17:
         f8:14:28:ff:0f:c9:73:b3:92:f7:d8:27:49:15:4a:68:6b:1d:
         56:29:87:25:d8:48:8b:16:b7:27:fb:82:c8:6c:cc:65:36:90:
         64:59:8f:6d:5c:01:26:a3:26:cf:56:1e:6d:7e:28:71:cb:76:
         91:ab:22:c1:be:ec:1f:8c:de:31:f0:84:a5:af:31:d0:bf:7c:
         b3:e8:55:c0:a0:78:8e:25:2b:3e:28:51:61:dd:31:cf:cf:5e:
         41:12:89:6d:01:6d:1f:bc:bf:1c:9d:41:e6:19:5e:5b:3c:aa:
         64:e2:e4:9b:e6:7b:27:47:c8:11:58:98:ed:8b:49:b2:60:da:
         bd:14:17:63:21:30:7f:67:18:a3:ab:de:05:45:83:bf:1b:55:
         0b:61:8e:62
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxDV8yfvIR5OfKxdt7X36TOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMjA5MTY1OTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWYzOGQwMjc4N2IxMGExZDZkMDdjZDJmM2JhMTg5M2EzMTg5MDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/417eJ/zjNPbb8BTOoVNuzzdiwz
d+yaWdhDHqy0ez/ZpN1bdBy1O9BBC0P9g+FPZLmK/i2dExDTm4SQc56HdkQFxx2Z
in8jYjTLQ7n6GwMnRK10F7laRKDizdVq9di4vO6ksNBMXMjGfkYZpnQQyaRecQR1
ypSk/4Q1LbFOvwBD7Zczu2Xe8Hi5+uXocVrcRhN8Zl3nUyt0Ieu93qbi3FvZ+6K5
9Dx7g736R6aCoTcYDkDcmpEqdDmsTwQtGubDlm3AV/VDRdD988+w1CC66dGo3++h
xw396K17HdS0Ev+OhrOqHboLJMmA13SBsuRqSkn7+jPD1DMU5DkMHYY7YQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHHzjQJ4exCh1tB80vO6GJOjGJArMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvY2ZPTkFuaDdFS0hXMEh6Uzg3b1lrNk1Za0NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALY4cAwQA
wSfRMA0GCSqGSIb3DQEBCwUAA4IBAQBKrd1kvnYMK3HILsLfgdA/XlirvsV7/Wf0
0yV4PfwDGKVXTvQy3O2nOdS+wtPU+BiBWwdHljEGB4Y1dNJ2vHwKxTnJVZzVBNCv
x3nxaSG0Y6kZBUh/bHd+6Y2eXgy1vPC85/Oxplf4YT9c5xf4FCj/D8lzs5L32CdJ
FUpoax1WKYcl2EiLFrcn+4LIbMxlNpBkWY9tXAEmoybPVh5tfihxy3aRqyLBvuwf
jN4x8ISlrzHQv3yz6FXAoHiOJSs+KFFh3THPz15BEoltAW0fvL8cnUHmGV5bPKpk
4uSb5nsnR8gRWJjti0myYNq9FBdjITB/Zxijq94FRYO/G1ULYY5i
-----END CERTIFICATE-----