Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/PT0Hh_zA6DA7Ygm3lsv3kQf_fks.roa
File:                     PT0Hh_zA6DA7Ygm3lsv3kQf_fks.roa (raw, json)
Hash identifier:          FxFcWo8Y6GRlCILxAgJ+3ut0eY9so1Z8V3wHguGCZXE=
Subject key identifier:   3D:3D:07:87:FC:C0:E8:30:3B:62:09:B7:96:CB:F7:91:07:FF:7E:4B
Certificate issuer:       /CN=0c17dae04476db1016caa43e3ed9bc6bd69f3975
Certificate serial:       019E89ED2CD0876A4FDD21B9CFE5B3D31A01
Authority key identifier: 0C:17:DA:E0:44:76:DB:10:16:CA:A4:3E:3E:D9:BC:6B:D6:9F:39:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DBfa4ER22xAWyqQ-Ptm8a9afOXU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/PT0Hh_zA6DA7Ygm3lsv3kQf_fks.roa
Signing time:             Tue 02 Jun 2026 20:01:22 +0000
ROA not before:           Tue 02 Jun 2026 20:01:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207436
IP address blocks:        185.124.75.0/24 maxlen: 24
                          2a03:93e0:1000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/DBfa4ER22xAWyqQ-Ptm8a9afOXU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/DBfa4ER22xAWyqQ-Ptm8a9afOXU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DBfa4ER22xAWyqQ-Ptm8a9afOXU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:89:ed:2c:d0:87:6a:4f:dd:21:b9:cf:e5:b3:d3:1a:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c17dae04476db1016caa43e3ed9bc6bd69f3975
        Validity
            Not Before: Jun  2 20:01:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3d3d0787fcc0e8303b6209b796cbf79107ff7e4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:ea:a9:6a:10:3a:bf:2c:17:0e:be:68:a2:ac:
                    33:85:be:b8:98:10:33:45:9a:0a:65:9d:09:cc:0d:
                    6d:23:ba:aa:8d:2d:79:63:03:4c:a8:57:d4:e1:dd:
                    49:64:83:16:4c:f0:16:12:38:6a:6f:d7:3a:2c:2a:
                    56:63:5c:a4:78:3d:4a:9a:6f:bb:ac:69:9d:f2:c3:
                    e2:85:9a:b2:a1:91:14:f2:22:3b:aa:0d:bb:cc:b6:
                    41:d4:92:d3:71:9e:fc:a2:e2:ac:12:19:b8:08:14:
                    60:29:1a:c8:bd:50:ca:4f:04:32:57:0e:6c:70:53:
                    1e:50:68:e0:73:4e:d2:78:6e:09:9c:c2:e0:73:09:
                    d0:91:76:ff:65:86:c7:89:84:17:1f:74:58:a7:84:
                    1e:1c:43:08:6c:d8:c6:64:12:02:56:32:86:54:bc:
                    78:92:e2:0f:be:cd:a5:81:d3:44:ff:f9:e7:ed:36:
                    d4:e8:99:df:11:74:93:f8:b0:b7:cb:f8:1f:4d:71:
                    31:fd:02:87:fb:97:f5:52:e3:2d:d9:2c:c7:5a:2c:
                    ba:37:cc:5e:fc:11:9d:ce:3b:59:d4:a0:9c:14:33:
                    34:16:46:19:a6:49:91:7c:16:5d:cf:ff:14:67:11:
                    3f:1c:32:c0:d5:3a:43:75:3e:91:d0:39:c8:63:01:
                    31:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:3D:07:87:FC:C0:E8:30:3B:62:09:B7:96:CB:F7:91:07:FF:7E:4B
            X509v3 Authority Key Identifier:
                keyid:0C:17:DA:E0:44:76:DB:10:16:CA:A4:3E:3E:D9:BC:6B:D6:9F:39:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DBfa4ER22xAWyqQ-Ptm8a9afOXU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/PT0Hh_zA6DA7Ygm3lsv3kQf_fks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/81d94d-2e40-4546-8b89-804f17ec245e/1/DBfa4ER22xAWyqQ-Ptm8a9afOXU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.75.0/24
                IPv6:
                  2a03:93e0:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         22:6f:6a:a2:25:b1:b9:2d:17:36:d7:cf:df:5f:17:4d:53:b3:
         ea:c0:07:d3:be:d7:f0:b3:6b:78:56:66:b0:e6:be:db:6f:85:
         2d:7f:52:87:c2:50:87:57:21:13:79:a5:40:34:18:f9:87:f2:
         c0:a4:e6:86:ca:6b:42:e1:1f:d0:72:c9:80:79:74:8d:14:7f:
         89:64:d1:43:67:7a:34:c0:a7:91:de:aa:c2:4b:1b:28:25:43:
         8e:27:a0:a6:5f:3b:f0:cf:d5:a6:fb:bf:1b:91:bb:2c:61:fe:
         2c:7b:1b:01:cd:0d:73:f1:be:da:f4:4f:3a:33:fa:a2:bb:d5:
         1b:c2:99:9f:33:35:98:76:ac:34:7c:ff:91:9f:f0:b0:d4:02:
         9f:56:27:e2:31:84:e5:0f:e8:b8:60:0d:d2:ab:30:b0:1a:7f:
         58:f9:c3:fd:4c:fb:a3:ad:34:23:fb:80:1f:3f:81:f3:a9:e6:
         db:9f:12:1e:6d:e3:86:c6:e7:b3:1c:69:84:ac:1d:2a:a4:72:
         4a:1c:a3:93:95:a7:cb:d8:9b:f7:c4:2a:69:03:02:8f:7c:a9:
         11:11:e3:c3:1b:ae:e2:4a:61:c2:80:8f:3a:e3:b2:a5:d1:d9:
         13:5f:5f:14:0d:1d:cb:29:44:e1:96:07:e0:a6:a3:39:df:dc:
         08:d4:1a:11
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZ6J7SzQh2pP3SG5z+Wz0xoBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMTdkYWUwNDQ3NmRiMTAxNmNhYTQzZTNlZDliYzZiZDY5
ZjM5NzUwHhcNMjYwNjAyMjAwMTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDNkMDc4N2ZjYzBlODMwM2I2MjA5Yjc5NmNiZjc5MTA3ZmY3ZTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3uqpahA6vywXDr5ooqwzhb64mBAz
RZoKZZ0JzA1tI7qqjS15YwNMqFfU4d1JZIMWTPAWEjhqb9c6LCpWY1ykeD1Kmm+7
rGmd8sPihZqyoZEU8iI7qg27zLZB1JLTcZ78ouKsEhm4CBRgKRrIvVDKTwQyVw5s
cFMeUGjgc07SeG4JnMLgcwnQkXb/ZYbHiYQXH3RYp4QeHEMIbNjGZBICVjKGVLx4
kuIPvs2lgdNE//nn7TbU6JnfEXST+LC3y/gfTXEx/QKH+5f1UuMt2SzHWiy6N8xe
/BGdzjtZ1KCcFDM0FkYZpkmRfBZdz/8UZxE/HDLA1TpDdT6R0DnIYwExCwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFD09B4f8wOgwO2IJt5bL95EH/35LMB8GA1UdIwQY
MBaAFAwX2uBEdtsQFsqkPj7ZvGvWnzl1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREJmYTRFUjIyeEFXeXFRLVB0bThhOWFmT1hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi84MWQ5NGQtMmU0MC00NTQ2LThiODkt
ODA0ZjE3ZWMyNDVlLzEvUFQwSGhfekE2REE3WWdtM2xzdjNrUWZfZmtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi84MWQ5NGQtMmU0MC00NTQ2LThiODktODA0ZjE3ZWMyNDVl
LzEvREJmYTRFUjIyeEFXeXFRLVB0bThhOWFmT1hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuXxLMA4E
AgACMAgDBgQqA5PgEDANBgkqhkiG9w0BAQsFAAOCAQEAIm9qoiWxuS0XNtfP318X
TVOz6sAH077X8LNreFZmsOa+22+FLX9Sh8JQh1chE3mlQDQY+YfywKTmhsprQuEf
0HLJgHl0jRR/iWTRQ2d6NMCnkd6qwksbKCVDjiegpl878M/Vpvu/G5G7LGH+LHsb
Ac0Nc/G+2vRPOjP6orvVG8KZnzM1mHasNHz/kZ/wsNQCn1Yn4jGE5Q/ouGAN0qsw
sBp/WPnD/Uz7o600I/uAHz+B86nm258SHm3jhsbnsxxphKwdKqRyShyjk5Wny9ib
98QqaQMCj3ypERHjwxuu4kphwoCPOuOypdHZE19fFA0dyylE4ZYH4KajOd/cCNQa
EQ==
-----END CERTIFICATE-----