Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/ac51b2-ad16-4529-8f82-453d37b4921c/1/FjNtau_2C7-IteTYIoQTiESBcVg.roa
File:                     FjNtau_2C7-IteTYIoQTiESBcVg.roa (raw, json)
Hash identifier:          SON6ioGxRvj1OfUX9ytmsl2A9Mp6k9lzhCA/d2PBUSY=
Subject key identifier:   16:33:6D:6A:EF:F6:0B:BF:88:B5:E4:D8:22:84:13:88:44:81:71:58
Certificate issuer:       /CN=fef7fd5710ae5a473e158dc3fd6c8f17efa3e55b
Certificate serial:       019B7758DC0B0AD69CEE3713E9E9FAC5C209
Authority key identifier: FE:F7:FD:57:10:AE:5A:47:3E:15:8D:C3:FD:6C:8F:17:EF:A3:E5:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_vf9VxCuWkc-FY3D_WyPF--j5Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/ac51b2-ad16-4529-8f82-453d37b4921c/1/FjNtau_2C7-IteTYIoQTiESBcVg.roa
Signing time:             Thu 01 Jan 2026 02:17:50 +0000
ROA not before:           Thu 01 Jan 2026 02:17:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210671
IP address blocks:        46.243.150.0/24 maxlen: 24
                          85.92.119.0/24 maxlen: 24
                          194.48.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/ac51b2-ad16-4529-8f82-453d37b4921c/1/_vf9VxCuWkc-FY3D_WyPF--j5Vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/ac51b2-ad16-4529-8f82-453d37b4921c/1/_vf9VxCuWkc-FY3D_WyPF--j5Vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_vf9VxCuWkc-FY3D_WyPF--j5Vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:dc:0b:0a:d6:9c:ee:37:13:e9:e9:fa:c5:c2:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fef7fd5710ae5a473e158dc3fd6c8f17efa3e55b
        Validity
            Not Before: Jan  1 02:17:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=16336d6aeff60bbf88b5e4d82284138844817158
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:8a:b6:8c:89:55:d0:4c:ff:d9:d0:11:b2:c6:
                    0b:97:fc:e2:ed:50:d4:94:0f:5c:b4:8b:20:0a:e3:
                    9b:e6:fa:c0:f9:38:6d:b1:c8:f1:b4:cd:47:70:1b:
                    db:b8:03:45:da:ec:d9:6f:75:14:62:79:30:a2:7f:
                    8c:5c:1e:dc:e7:67:5a:ef:ce:ee:21:aa:14:c0:18:
                    8c:73:84:aa:47:3b:67:74:1a:59:f1:46:2c:6d:77:
                    f7:d9:64:a7:11:d1:81:d3:de:d3:06:4e:99:7c:24:
                    9b:18:a6:d6:d8:f8:25:ca:40:02:b7:5e:ae:4a:6d:
                    5b:aa:31:de:b0:09:0e:4c:bb:c4:c5:55:67:6a:4e:
                    5c:c3:f0:e1:8f:59:2a:86:7e:e8:2f:9e:64:3d:c2:
                    49:10:df:78:b1:fe:78:20:66:88:70:70:75:9b:98:
                    f4:fb:fd:10:49:35:f3:f9:c0:d2:61:f7:f4:fd:59:
                    27:17:8f:36:f5:4a:cf:5d:11:2d:54:36:61:f4:93:
                    18:3c:13:78:bf:c9:57:32:f6:15:32:3f:d1:75:76:
                    cc:6b:4f:b8:08:c1:96:3d:f4:cc:86:9c:a1:68:ba:
                    8f:ca:76:81:0a:ca:59:23:a9:ba:2f:55:e5:17:df:
                    f4:66:0b:c3:a6:3d:82:5e:1b:bd:ba:04:a6:be:86:
                    94:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:33:6D:6A:EF:F6:0B:BF:88:B5:E4:D8:22:84:13:88:44:81:71:58
            X509v3 Authority Key Identifier:
                keyid:FE:F7:FD:57:10:AE:5A:47:3E:15:8D:C3:FD:6C:8F:17:EF:A3:E5:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_vf9VxCuWkc-FY3D_WyPF--j5Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/ac51b2-ad16-4529-8f82-453d37b4921c/1/FjNtau_2C7-IteTYIoQTiESBcVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/ac51b2-ad16-4529-8f82-453d37b4921c/1/_vf9VxCuWkc-FY3D_WyPF--j5Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.150.0/24
                  85.92.119.0/24
                  194.48.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:ad:2d:70:74:08:7d:78:c1:44:23:e0:eb:14:f9:41:5b:f5:
         a7:e5:c6:da:69:dd:e6:c6:16:f8:79:35:e4:2b:27:fb:d8:48:
         e6:9e:1a:6d:67:08:ed:e9:76:4e:4f:c2:82:49:03:5a:9b:df:
         cc:45:b9:fd:1b:0d:76:ef:ab:67:2d:07:17:0e:d2:9b:97:04:
         f0:84:d1:80:ff:e3:81:cc:93:04:82:c5:f5:ac:7c:61:80:84:
         fd:9a:fc:2e:91:07:c0:0e:cb:6d:b0:7b:7f:b8:94:f0:6a:dd:
         95:a4:5f:99:38:84:ed:1b:da:f1:56:76:82:dc:f9:21:c1:db:
         f1:4e:3f:3a:88:ae:a6:95:0d:cd:99:4a:69:65:36:cd:a6:a8:
         c7:7d:cb:07:50:b8:fa:54:f4:1a:1c:ed:e6:45:54:81:72:4e:
         8c:52:cd:b2:63:51:a7:64:a3:0b:63:0e:16:2f:3b:5c:7a:ea:
         0e:a7:13:b5:c2:f0:47:e2:dd:8d:33:96:e1:b0:a0:a2:11:cb:
         59:36:5a:8a:97:a1:07:b9:f1:51:2a:61:f1:9c:3e:a5:69:84:
         a8:25:f4:a3:59:2f:78:87:d8:50:01:1c:96:3e:83:b4:ae:8a:
         c8:6e:63:f4:7b:6d:18:ca:71:1a:25:bc:f9:ae:4f:4f:c7:e0:
         86:a1:88:08
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt3WNwLCtac7jcT6en6xcIJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlZjdmZDU3MTBhZTVhNDczZTE1OGRjM2ZkNmM4ZjE3ZWZh
M2U1NWIwHhcNMjYwMTAxMDIxNzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjMzNmQ2YWVmZjYwYmJmODhiNWU0ZDgyMjg0MTM4ODQ0ODE3MTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIq2jIlV0Ez/2dARssYLl/zi7VDU
lA9ctIsgCuOb5vrA+ThtscjxtM1HcBvbuANF2uzZb3UUYnkwon+MXB7c52da787u
IaoUwBiMc4SqRztndBpZ8UYsbXf32WSnEdGB097TBk6ZfCSbGKbW2PglykACt16u
Sm1bqjHesAkOTLvExVVnak5cw/Dhj1kqhn7oL55kPcJJEN94sf54IGaIcHB1m5j0
+/0QSTXz+cDSYff0/VknF4829UrPXREtVDZh9JMYPBN4v8lXMvYVMj/RdXbMa0+4
CMGWPfTMhpyhaLqPynaBCspZI6m6L1XlF9/0ZgvDpj2CXhu9ugSmvoaUSwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBYzbWrv9gu/iLXk2CKEE4hEgXFYMB8GA1UdIwQY
MBaAFP73/VcQrlpHPhWNw/1sjxfvo+VbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3ZmOVZ4Q3VXa2MtRlkzRF9XeVBGLS1qNVZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9hYzUxYjItYWQxNi00NTI5LThmODIt
NDUzZDM3YjQ5MjFjLzEvRmpOdGF1XzJDNy1JdGVUWUlvUVRpRVNCY1ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9hYzUxYjItYWQxNi00NTI5LThmODItNDUzZDM3YjQ5MjFj
LzEvX3ZmOVZ4Q3VXa2MtRlkzRF9XeVBGLS1qNVZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALvOWAwQA
VVx3AwQAwjDTMA0GCSqGSIb3DQEBCwUAA4IBAQBgrS1wdAh9eMFEI+DrFPlBW/Wn
5cbaad3mxhb4eTXkKyf72EjmnhptZwjt6XZOT8KCSQNam9/MRbn9Gw1276tnLQcX
DtKblwTwhNGA/+OBzJMEgsX1rHxhgIT9mvwukQfADsttsHt/uJTwat2VpF+ZOITt
G9rxVnaC3PkhwdvxTj86iK6mlQ3NmUppZTbNpqjHfcsHULj6VPQaHO3mRVSBck6M
Us2yY1GnZKMLYw4WLztceuoOpxO1wvBH4t2NM5bhsKCiEctZNlqKl6EHufFRKmHx
nD6laYSoJfSjWS94h9hQARyWPoO0rorIbmP0e20YynEaJbz5rk9Px+CGoYgI
-----END CERTIFICATE-----