Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/d7be5e-8546-4aca-8b6e-a33e8eb5a538/1/FMHMs5u6nqIr6z09yDsjzYxfks8.roa
File:                     FMHMs5u6nqIr6z09yDsjzYxfks8.roa (raw, json)
Hash identifier:          cXOK9Ev2UNFSti3Tqnxxgi2cL3wHqDi6S1Qe8D5ON6A=
Subject key identifier:   14:C1:CC:B3:9B:BA:9E:A2:2B:EB:3D:3D:C8:3B:23:CD:8C:5F:92:CF
Certificate issuer:       /CN=1c237b6883697912957f8d3373702bc906d26445
Certificate serial:       019CA5F02E081F80FE19F9C2F2FEF3B42CC3
Authority key identifier: 1C:23:7B:68:83:69:79:12:95:7F:8D:33:73:70:2B:C9:06:D2:64:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HCN7aINpeRKVf40zc3AryQbSZEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/d7be5e-8546-4aca-8b6e-a33e8eb5a538/1/FMHMs5u6nqIr6z09yDsjzYxfks8.roa
Signing time:             Sat 28 Feb 2026 20:28:26 +0000
ROA not before:           Sat 28 Feb 2026 20:28:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208031
IP address blocks:        193.58.150.0/24 maxlen: 24
                          193.58.151.0/24 maxlen: 24
                          193.58.152.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/d7be5e-8546-4aca-8b6e-a33e8eb5a538/1/HCN7aINpeRKVf40zc3AryQbSZEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/d7be5e-8546-4aca-8b6e-a33e8eb5a538/1/HCN7aINpeRKVf40zc3AryQbSZEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HCN7aINpeRKVf40zc3AryQbSZEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a5:f0:2e:08:1f:80:fe:19:f9:c2:f2:fe:f3:b4:2c:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c237b6883697912957f8d3373702bc906d26445
        Validity
            Not Before: Feb 28 20:28:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=14c1ccb39bba9ea22beb3d3dc83b23cd8c5f92cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a4:ba:c4:a3:14:eb:c0:ae:f1:bb:7a:e6:dd:
                    e8:68:3d:0b:9f:1b:c7:db:3d:d4:c0:49:2a:54:cb:
                    f1:b6:c6:2b:3e:38:28:7c:32:ca:77:51:dc:79:da:
                    83:ba:0b:4e:fb:31:38:de:b8:b6:a8:4f:d9:fa:5b:
                    d2:8d:2c:a6:03:6d:9f:e6:2f:b3:78:21:16:51:5e:
                    ed:b9:35:a9:d1:0f:29:22:1b:32:9f:f5:db:09:1e:
                    fb:36:34:fa:c0:09:64:cd:9e:4c:ce:ea:43:6a:e2:
                    87:75:3c:fa:0c:e7:60:03:2f:2c:57:85:bc:52:70:
                    0f:30:a2:42:df:f2:c7:dc:96:c0:b0:f3:1d:01:43:
                    08:a9:aa:a7:19:7f:fe:8c:e7:8e:ec:72:cd:81:a1:
                    63:53:c9:fb:15:7a:02:94:cc:89:9a:a8:e9:2d:77:
                    22:aa:5a:f4:cc:94:3e:c8:d5:75:10:4c:83:92:64:
                    dc:c8:c0:a0:5b:3f:85:d2:df:1e:21:3a:dd:80:c9:
                    64:20:34:2b:76:09:2b:0e:12:da:95:af:ae:f0:12:
                    ea:87:9f:ad:8a:93:94:8b:21:7c:f5:00:81:46:7b:
                    4d:f7:6b:f1:9f:f9:3d:75:47:03:23:4e:5f:db:c1:
                    7e:54:ca:83:ae:24:d7:24:9e:63:e7:3d:4b:38:0d:
                    c6:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:C1:CC:B3:9B:BA:9E:A2:2B:EB:3D:3D:C8:3B:23:CD:8C:5F:92:CF
            X509v3 Authority Key Identifier:
                keyid:1C:23:7B:68:83:69:79:12:95:7F:8D:33:73:70:2B:C9:06:D2:64:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HCN7aINpeRKVf40zc3AryQbSZEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/d7be5e-8546-4aca-8b6e-a33e8eb5a538/1/FMHMs5u6nqIr6z09yDsjzYxfks8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/d7be5e-8546-4aca-8b6e-a33e8eb5a538/1/HCN7aINpeRKVf40zc3AryQbSZEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.150.0-193.58.153.255

    Signature Algorithm: sha256WithRSAEncryption
         36:0f:2e:5c:5d:f8:e1:3c:92:3e:78:0c:de:95:4e:a4:99:29:
         6b:84:66:66:c8:e9:00:b6:f7:2d:3f:a2:08:a1:c4:6b:5d:eb:
         1b:4c:f7:88:a0:b6:85:c6:bf:9d:d6:52:b4:53:93:49:4d:c9:
         9d:b9:97:4d:61:ac:78:3e:dd:ec:c6:20:cc:5e:81:cc:77:c3:
         2a:22:0d:72:b3:67:0b:b8:6c:fa:32:82:75:75:01:d7:15:bd:
         09:ea:11:cd:2c:db:8e:2c:1b:0b:06:55:0e:e1:cd:f6:69:d1:
         53:41:31:61:d9:28:72:c7:75:af:c0:e1:54:15:2b:33:5b:a3:
         20:33:e4:bb:92:58:19:c7:0a:d0:c5:6e:38:af:8a:33:9e:cd:
         58:b5:bf:96:21:6f:85:92:e1:21:d8:98:f8:aa:9e:e7:2e:30:
         18:44:69:5d:8d:91:b2:dd:57:7a:8d:3d:91:ff:77:57:6f:49:
         11:8a:da:f8:af:a6:a3:e4:cc:67:3b:ae:d6:bc:56:81:59:02:
         a4:0d:61:1d:98:40:b2:91:88:cd:2b:af:b1:54:47:a8:44:58:
         9f:b8:07:9c:b1:e9:c7:6d:6d:4d:f8:ab:3d:15:21:ed:9b:74:
         01:d7:d7:5c:37:df:7b:05:24:8e:ea:6c:00:10:a3:80:83:e2:
         89:72:c6:6b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZyl8C4IH4D+GfnC8v7ztCzDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMjM3YjY4ODM2OTc5MTI5NTdmOGQzMzczNzAyYmM5MDZk
MjY0NDUwHhcNMjYwMjI4MjAyODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGMxY2NiMzliYmE5ZWEyMmJlYjNkM2RjODNiMjNjZDhjNWY5MmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6S6xKMU68Cu8bt65t3oaD0LnxvH
2z3UwEkqVMvxtsYrPjgofDLKd1HcedqDugtO+zE43ri2qE/Z+lvSjSymA22f5i+z
eCEWUV7tuTWp0Q8pIhsyn/XbCR77NjT6wAlkzZ5MzupDauKHdTz6DOdgAy8sV4W8
UnAPMKJC3/LH3JbAsPMdAUMIqaqnGX/+jOeO7HLNgaFjU8n7FXoClMyJmqjpLXci
qlr0zJQ+yNV1EEyDkmTcyMCgWz+F0t8eITrdgMlkIDQrdgkrDhLala+u8BLqh5+t
ipOUiyF89QCBRntN92vxn/k9dUcDI05f28F+VMqDriTXJJ5j5z1LOA3GhQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBTBzLObup6iK+s9Pcg7I82MX5LPMB8GA1UdIwQY
MBaAFBwje2iDaXkSlX+NM3NwK8kG0mRFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSENON2FJTnBlUktWZjQwemMzQXJ5UWJTWkVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9kN2JlNWUtODU0Ni00YWNhLThiNmUt
YTMzZThlYjVhNTM4LzEvRk1ITXM1dTZucUlyNnowOXlEc2p6WXhma3M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9kN2JlNWUtODU0Ni00YWNhLThiNmUtYTMzZThlYjVhNTM4
LzEvSENON2FJTnBlUktWZjQwemMzQXJ5UWJTWkVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAHBOpYD
BAHBOpgwDQYJKoZIhvcNAQELBQADggEBADYPLlxd+OE8kj54DN6VTqSZKWuEZmbI
6QC29y0/ogihxGtd6xtM94igtoXGv53WUrRTk0lNyZ25l01hrHg+3ezGIMxegcx3
wyoiDXKzZwu4bPoygnV1AdcVvQnqEc0s244sGwsGVQ7hzfZp0VNBMWHZKHLHda/A
4VQVKzNboyAz5LuSWBnHCtDFbjivijOezVi1v5Yhb4WS4SHYmPiqnucuMBhEaV2N
kbLdV3qNPZH/d1dvSRGK2vivpqPkzGc7rta8VoFZAqQNYR2YQLKRiM0rr7FUR6hE
WJ+4B5yx6cdtbU34qz0VIe2bdAHX11w333sFJI7qbAAQo4CD4olyxms=
-----END CERTIFICATE-----