Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/fsq1k5mE0wnzWb3NlSl4P3vADZk.roa
File:                     fsq1k5mE0wnzWb3NlSl4P3vADZk.roa (raw, json)
Hash identifier:          mzeet7yvuxQ64fQ1GK4uugcHG+/Cbu3s5Ax6alp+kHE=
Subject key identifier:   7E:CA:B5:93:99:84:D3:09:F3:59:BD:CD:95:29:78:3F:7B:C0:0D:99
Certificate issuer:       /CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
Certificate serial:       019C42978818B2EE945F292AB246B2FB0CCA
Authority key identifier: 6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/fsq1k5mE0wnzWb3NlSl4P3vADZk.roa
Signing time:             Mon 09 Feb 2026 13:29:12 +0000
ROA not before:           Mon 09 Feb 2026 13:29:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        45.153.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:42:97:88:18:b2:ee:94:5f:29:2a:b2:46:b2:fb:0c:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
        Validity
            Not Before: Feb  9 13:29:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ecab5939984d309f359bdcd9529783f7bc00d99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:19:a0:fe:31:d4:d0:92:5c:b2:34:e6:0b:51:
                    f8:13:c8:e9:bc:c0:eb:2a:26:d5:88:40:16:6f:a3:
                    bc:64:39:d1:eb:8a:54:b2:93:78:64:2b:89:de:53:
                    a0:b5:8d:ec:72:c4:11:4a:92:4c:86:95:e3:8c:f3:
                    21:98:68:14:57:04:6c:1b:84:21:e3:36:3a:67:d4:
                    43:61:3c:6d:10:39:cf:cf:a0:dc:4e:82:f9:bc:6d:
                    1f:4e:2c:4b:3b:2e:d7:2a:db:9b:0b:36:88:64:77:
                    d0:44:e7:fe:d7:a7:99:d3:7c:a5:c7:f0:39:e1:02:
                    bf:7a:cc:f8:45:a5:b1:85:cb:fb:07:1c:7c:74:54:
                    0c:59:e0:07:69:77:32:be:bc:5e:5b:bd:dd:d0:00:
                    df:0b:2a:b9:94:6a:38:ef:f7:ab:87:73:84:a6:b9:
                    22:c5:41:5a:ad:5e:9e:ac:34:00:d6:f9:e0:35:4a:
                    00:d9:c1:92:7e:37:8e:32:b6:58:9d:20:b5:eb:9f:
                    95:cf:58:83:c8:6a:db:c2:56:34:ec:20:d5:a4:d5:
                    2b:ca:af:68:b7:bb:14:d2:f0:41:54:ce:f3:97:e3:
                    7b:73:0a:d9:e2:4b:46:63:81:0d:fd:a5:ec:fc:e7:
                    cc:7b:97:21:9a:46:23:60:1d:e2:fc:5f:6d:aa:32:
                    f2:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:CA:B5:93:99:84:D3:09:F3:59:BD:CD:95:29:78:3F:7B:C0:0D:99
            X509v3 Authority Key Identifier:
                keyid:6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/fsq1k5mE0wnzWb3NlSl4P3vADZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:98:d6:67:68:4f:b5:ce:0f:14:9f:1d:9d:76:6c:f9:77:bb:
         57:d5:be:89:74:36:91:eb:96:dd:c8:4a:6b:f2:ed:11:11:9e:
         55:51:b5:7e:30:5d:53:bb:5e:77:9e:b9:92:c1:bf:6d:96:62:
         e7:b6:94:c7:12:a9:5d:25:d9:1e:bd:e3:88:93:94:83:6e:e3:
         29:52:94:05:2d:0b:38:db:0b:f7:12:3d:81:34:e5:b1:16:5d:
         4b:05:55:5b:b4:fe:e4:30:d0:80:35:89:c6:bb:7c:ca:cb:40:
         79:29:95:06:e1:d3:ad:16:4b:1d:7c:13:d8:16:86:da:f2:af:
         ad:47:a5:70:6e:7f:15:4b:bf:5b:d1:2e:18:3d:2f:5a:cd:dd:
         40:a7:9d:0b:49:43:06:a4:54:c5:b7:c4:4a:67:11:84:05:39:
         5f:14:e1:de:94:86:19:32:92:1b:6e:99:42:af:27:64:ad:be:
         00:d7:90:55:19:e8:65:9d:ec:8d:2c:03:52:75:2d:33:e2:16:
         82:21:15:52:2b:d6:7a:7d:9a:13:21:4b:a2:63:d7:b9:cc:a2:
         6e:0e:57:0c:1e:ef:53:70:66:b3:23:0e:f6:c6:0c:9a:ae:14:
         ad:79:7d:9a:4c:00:69:3e:7f:a6:14:47:fb:4c:ab:f8:53:11:
         96:57:9c:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxCl4gYsu6UXykqskay+wzKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZDk4YzJjNTRiMGNiZWExMzRlMjdhOTgxY2ZkZGU3MzIz
NmUwNTUwHhcNMjYwMjA5MTMyOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWNhYjU5Mzk5ODRkMzA5ZjM1OWJkY2Q5NTI5NzgzZjdiYzAwZDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxmg/jHU0JJcsjTmC1H4E8jpvMDr
KibViEAWb6O8ZDnR64pUspN4ZCuJ3lOgtY3scsQRSpJMhpXjjPMhmGgUVwRsG4Qh
4zY6Z9RDYTxtEDnPz6DcToL5vG0fTixLOy7XKtubCzaIZHfQROf+16eZ03ylx/A5
4QK/esz4RaWxhcv7Bxx8dFQMWeAHaXcyvrxeW73d0ADfCyq5lGo47/erh3OEprki
xUFarV6erDQA1vngNUoA2cGSfjeOMrZYnSC165+Vz1iDyGrbwlY07CDVpNUryq9o
t7sU0vBBVM7zl+N7cwrZ4ktGY4EN/aXs/OfMe5chmkYjYB3i/F9tqjLyWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7KtZOZhNMJ81m9zZUpeD97wA2ZMB8GA1UdIwQY
MBaAFGzZjCxUsMvqE04nqYHP3ecyNuBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWIt
ZDM3ZGY2MzRhOTI5LzEvZnNxMWs1bUUwd256V2IzTmxTbDRQM3ZBRFprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWItZDM3ZGY2MzRhOTI5
LzEvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZmkMA0G
CSqGSIb3DQEBCwUAA4IBAQBCmNZnaE+1zg8Unx2ddmz5d7tX1b6JdDaR65bdyEpr
8u0REZ5VUbV+MF1Tu153nrmSwb9tlmLntpTHEqldJdkeveOIk5SDbuMpUpQFLQs4
2wv3Ej2BNOWxFl1LBVVbtP7kMNCANYnGu3zKy0B5KZUG4dOtFksdfBPYFoba8q+t
R6Vwbn8VS79b0S4YPS9azd1Ap50LSUMGpFTFt8RKZxGEBTlfFOHelIYZMpIbbplC
rydkrb4A15BVGehlneyNLANSdS0z4haCIRVSK9Z6fZoTIUuiY9e5zKJuDlcMHu9T
cGazIw72xgyarhSteX2aTABpPn+mFEf7TKv4UxGWV5ww
-----END CERTIFICATE-----