Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/a94780-1bf3-467a-9369-e98ff33f697c/1/SKcH6GqAnwSkb7fUKCyzsH2pE4c.roa
File:                     SKcH6GqAnwSkb7fUKCyzsH2pE4c.roa (raw, json)
Hash identifier:          FlzY0BJvsluyy6RMybQuGpqHaLrEW1okMJt3+ASEjLc=
Subject key identifier:   48:A7:07:E8:6A:80:9F:04:A4:6F:B7:D4:28:2C:B3:B0:7D:A9:13:87
Certificate issuer:       /CN=fa6df53c9fd2c5fc74f1db71834d7e46a76e91d7
Certificate serial:       019B7F14F99DAB2450A0AC1CEE81F4EAB0EA
Authority key identifier: FA:6D:F5:3C:9F:D2:C5:FC:74:F1:DB:71:83:4D:7E:46:A7:6E:91:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-m31PJ_Sxfx08dtxg01-Rqdukdc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/a94780-1bf3-467a-9369-e98ff33f697c/1/SKcH6GqAnwSkb7fUKCyzsH2pE4c.roa
Signing time:             Fri 02 Jan 2026 14:20:39 +0000
ROA not before:           Fri 02 Jan 2026 14:20:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210647
IP address blocks:        193.222.254.0/24 maxlen: 24
                          2a11:a5c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/a94780-1bf3-467a-9369-e98ff33f697c/1/1-m31PJ_Sxfx08dtxg01-Rqdukdc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/a94780-1bf3-467a-9369-e98ff33f697c/1/1-m31PJ_Sxfx08dtxg01-Rqdukdc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-m31PJ_Sxfx08dtxg01-Rqdukdc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:f9:9d:ab:24:50:a0:ac:1c:ee:81:f4:ea:b0:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa6df53c9fd2c5fc74f1db71834d7e46a76e91d7
        Validity
            Not Before: Jan  2 14:20:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=48a707e86a809f04a46fb7d4282cb3b07da91387
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fa:52:77:38:8f:35:0f:71:f0:26:ab:fe:c3:
                    89:0a:ca:2d:88:67:bb:df:8d:0a:45:0f:4a:f8:06:
                    ab:c6:ad:f1:cb:91:63:07:08:89:f4:a7:b2:1e:85:
                    be:6e:c2:35:4b:ad:87:59:62:df:3f:4c:06:09:30:
                    07:dd:af:77:d9:92:c8:03:62:b0:06:29:ac:50:17:
                    c5:0f:21:c8:51:bf:e1:fc:e2:42:19:ea:a1:d9:88:
                    73:08:c2:89:1d:78:25:6c:bc:e3:4c:84:b7:1d:99:
                    d5:1f:2e:f4:32:1c:da:ec:33:3d:1d:bd:2a:bb:79:
                    dc:4c:43:7c:e6:57:44:03:5f:73:32:ae:65:e4:d7:
                    f9:c7:aa:ac:f9:d8:e8:83:39:57:e6:c0:7f:a1:f1:
                    e0:22:8c:50:bb:d0:d0:dd:7c:62:8a:08:7d:a7:22:
                    7d:88:17:1b:3c:1d:0d:8f:7f:a0:ef:62:83:bf:f4:
                    26:ee:12:dd:69:d3:4b:b7:e1:c3:f4:c6:09:de:1f:
                    4e:3c:4e:e0:d6:80:1a:a2:50:c6:7d:a7:7f:7a:df:
                    0a:15:7c:61:ef:1e:b9:07:8c:d7:d1:7b:07:0e:91:
                    c5:fd:9e:44:79:7e:22:f5:d6:3d:81:bc:1a:7f:b5:
                    f3:37:a8:ab:8f:0e:85:73:d5:7a:2e:07:ed:8d:7c:
                    1d:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:A7:07:E8:6A:80:9F:04:A4:6F:B7:D4:28:2C:B3:B0:7D:A9:13:87
            X509v3 Authority Key Identifier:
                keyid:FA:6D:F5:3C:9F:D2:C5:FC:74:F1:DB:71:83:4D:7E:46:A7:6E:91:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-m31PJ_Sxfx08dtxg01-Rqdukdc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/a94780-1bf3-467a-9369-e98ff33f697c/1/SKcH6GqAnwSkb7fUKCyzsH2pE4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/a94780-1bf3-467a-9369-e98ff33f697c/1/1-m31PJ_Sxfx08dtxg01-Rqdukdc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.254.0/24
                IPv6:
                  2a11:a5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:8b:ea:f4:1f:b3:c9:ae:d6:ff:d5:58:69:7a:b1:e3:e2:fd:
         ff:26:c3:b8:c3:61:c5:f4:2a:5d:f6:a4:04:e8:fe:31:15:3b:
         5a:af:f3:fa:e5:36:63:1e:de:d8:ed:10:83:57:eb:21:83:f4:
         4f:36:46:f0:4f:8b:46:a5:b6:74:e8:83:e1:b3:ae:04:62:16:
         0a:73:74:98:55:8e:a2:93:b6:03:6f:b0:2e:86:c1:22:89:8b:
         88:c9:8d:79:29:ad:7c:c0:56:84:08:5d:fd:91:87:53:82:00:
         bc:f3:3a:8d:a3:44:64:75:14:4f:ec:66:e9:e8:ea:78:c9:05:
         9a:53:29:9c:2e:85:fb:f6:bd:27:66:44:67:70:ca:a0:1a:ab:
         56:eb:d3:a9:15:1d:df:96:3d:e7:3d:00:ec:a0:fe:9d:eb:1f:
         b8:38:31:16:9d:0c:18:5e:55:d9:fa:1d:af:2a:b4:24:1a:23:
         7c:59:0f:10:c4:a8:41:2b:0e:7a:64:96:35:96:4f:3e:44:fa:
         63:9b:c6:3b:6c:95:fd:b7:6e:de:01:a5:af:7d:eb:b5:95:9d:
         cb:b8:d7:2c:74:bc:11:b9:da:6b:94:dc:7f:f5:d3:2e:6e:a1:
         b3:ef:63:fb:26:01:01:74:37:a2:69:ce:2d:7a:2f:03:26:54:
         92:26:aa:1e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt/FPmdqyRQoKwc7oH06rDqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhNmRmNTNjOWZkMmM1ZmM3NGYxZGI3MTgzNGQ3ZTQ2YTc2
ZTkxZDcwHhcNMjYwMTAyMTQyMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGE3MDdlODZhODA5ZjA0YTQ2ZmI3ZDQyODJjYjNiMDdkYTkxMzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfpSdziPNQ9x8Car/sOJCsotiGe7
340KRQ9K+Aarxq3xy5FjBwiJ9KeyHoW+bsI1S62HWWLfP0wGCTAH3a932ZLIA2Kw
BimsUBfFDyHIUb/h/OJCGeqh2YhzCMKJHXglbLzjTIS3HZnVHy70Mhza7DM9Hb0q
u3ncTEN85ldEA19zMq5l5Nf5x6qs+djogzlX5sB/ofHgIoxQu9DQ3Xxiigh9pyJ9
iBcbPB0Nj3+g72KDv/Qm7hLdadNLt+HD9MYJ3h9OPE7g1oAaolDGfad/et8KFXxh
7x65B4zX0XsHDpHF/Z5EeX4i9dY9gbwaf7XzN6irjw6Fc9V6LgftjXwdHQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEinB+hqgJ8EpG+31Cgss7B9qROHMB8GA1UdIwQY
MBaAFPpt9Tyf0sX8dPHbcYNNfkanbpHXMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1tMzFQSl9TeGZ4MDhkdHhnMDEtUnFkdWtkYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTMvYTk0NzgwLTFiZjMtNDY3YS05MzY5
LWU5OGZmMzNmNjk3Yy8xL1NLY0g2R3FBbndTa2I3ZlVLQ3l6c0gycEU0Yy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTMvYTk0NzgwLTFiZjMtNDY3YS05MzY5LWU5OGZmMzNmNjk3
Yy8xLzEtbTMxUEpfU3hmeDA4ZHR4ZzAxLVJxZHVrZGMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBADB3v4w
DQQCAAIwBwMFAyoRpcAwDQYJKoZIhvcNAQELBQADggEBAIiL6vQfs8mu1v/VWGl6
sePi/f8mw7jDYcX0Kl32pATo/jEVO1qv8/rlNmMe3tjtEINX6yGD9E82RvBPi0al
tnTog+GzrgRiFgpzdJhVjqKTtgNvsC6GwSKJi4jJjXkprXzAVoQIXf2Rh1OCALzz
Oo2jRGR1FE/sZuno6njJBZpTKZwuhfv2vSdmRGdwyqAaq1br06kVHd+WPec9AOyg
/p3rH7g4MRadDBheVdn6Ha8qtCQaI3xZDxDEqEErDnpkljWWTz5E+mObxjtslf23
bt4Bpa9967WVncu41yx0vBG52muU3H/10y5uobPvY/smAQF0N6Jpzi16LwMmVJIm
qh4=
-----END CERTIFICATE-----