Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/c0F1tCgxfTqqtecEpLhL2Yzgotc.roa
File:                     c0F1tCgxfTqqtecEpLhL2Yzgotc.roa (raw, json)
Hash identifier:          kcc7SOAkVdEZqliKSy982SiY2cxq/54ffuzbxdOylbI=
Subject key identifier:   73:41:75:B4:28:31:7D:3A:AA:B5:E7:04:A4:B8:4B:D9:8C:E0:A2:D7
Certificate issuer:       /CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Certificate serial:       019C09B48224B7C20E0071E800B4458C9079
Authority key identifier: 2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/c0F1tCgxfTqqtecEpLhL2Yzgotc.roa
Signing time:             Thu 29 Jan 2026 12:22:30 +0000
ROA not before:           Thu 29 Jan 2026 12:22:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204898
IP address blocks:        31.130.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:09:b4:82:24:b7:c2:0e:00:71:e8:00:b4:45:8c:90:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
        Validity
            Not Before: Jan 29 12:22:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=734175b428317d3aaab5e704a4b84bd98ce0a2d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c6:f3:d0:9b:95:92:89:9f:03:2d:ba:06:56:
                    92:91:8a:9f:8d:62:d1:0f:fe:58:17:15:f7:de:1f:
                    d5:4d:61:41:44:b4:5b:b5:8b:50:44:cc:cc:81:5e:
                    fe:c1:c9:52:27:d0:7c:ef:5b:65:81:13:30:60:c3:
                    8a:48:0f:a0:5d:44:cc:3a:8c:de:fe:72:e6:4c:96:
                    fa:d9:a9:bf:1b:c8:e4:4c:d6:c6:bc:29:63:5b:7b:
                    5b:cf:8f:1b:51:19:d8:b9:43:3b:eb:25:8c:c0:1e:
                    5d:97:36:dc:7a:ba:88:b6:29:b1:ae:d4:65:72:11:
                    a3:26:e0:5e:b1:44:67:ba:77:d9:d2:3e:cf:14:c9:
                    13:5f:15:8c:77:35:88:4a:82:69:fd:a5:88:39:53:
                    75:47:31:a0:8a:5a:92:6d:31:2e:e9:64:02:91:2b:
                    fa:cb:17:33:93:62:0a:f3:c1:83:8c:be:d9:01:62:
                    65:58:8f:87:a4:ff:d5:d1:bf:21:a5:fe:fc:1c:d8:
                    2e:77:ac:7b:53:ec:a7:01:ad:e7:a4:73:0d:1b:0e:
                    80:a5:1d:b3:a2:e0:c0:87:0d:f2:7b:0d:45:3b:b4:
                    cd:72:da:11:bf:2a:5a:8c:77:0c:b8:17:60:50:0a:
                    13:93:8b:fb:83:5f:f7:c9:7e:67:92:5e:97:12:12:
                    e9:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:41:75:B4:28:31:7D:3A:AA:B5:E7:04:A4:B8:4B:D9:8C:E0:A2:D7
            X509v3 Authority Key Identifier:
                keyid:2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/c0F1tCgxfTqqtecEpLhL2Yzgotc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.130.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:8a:44:8a:49:67:90:7d:be:9f:6b:76:79:54:06:d4:7b:93:
         9d:ef:9b:c1:45:b0:84:10:4c:f7:d0:99:05:8e:12:c8:88:23:
         f9:56:a0:8e:a3:44:f6:70:b6:69:43:45:ca:d6:f5:43:60:5b:
         5a:cf:e3:a3:b2:d1:c1:db:e8:59:18:e9:15:40:7a:6b:ed:3b:
         fe:72:a7:64:9e:c2:56:2c:f4:53:11:45:90:67:b8:0c:49:e2:
         cf:a9:3c:dd:99:26:0a:1f:2c:6b:14:70:d8:ce:05:6b:4d:d7:
         66:5c:4b:67:de:9b:71:3d:44:ea:05:39:26:13:47:66:c7:db:
         d2:98:88:4e:41:e7:e1:ec:c4:4b:9c:17:ad:20:85:e7:ce:9c:
         66:56:39:dd:db:5f:a2:86:3b:d8:a9:04:e4:04:d3:49:c5:68:
         2b:23:0d:77:6b:e3:a1:35:1b:7f:16:71:80:0b:78:bd:e9:ff:
         2f:bc:aa:66:6c:a0:23:8c:43:67:45:d2:e8:f0:c8:3a:d0:37:
         d5:57:3e:4c:92:2d:4f:63:d1:a7:c4:e4:98:eb:78:7a:39:cf:
         e1:b0:4c:31:0c:9b:36:82:eb:61:b4:42:a5:cb:ae:90:94:56:
         cd:8f:70:78:57:5b:db:78:82:36:08:1c:41:e2:20:bb:55:e5:
         c1:6f:a6:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwJtIIkt8IOAHHoALRFjJB5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzFjOTYwMDVlMTNhODRhM2YzMWVmMWQ5OTE3NzdmNGI2
ZTMxYTcwHhcNMjYwMTI5MTIyMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzQxNzViNDI4MzE3ZDNhYWFiNWU3MDRhNGI4NGJkOThjZTBhMmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncbz0JuVkomfAy26BlaSkYqfjWLR
D/5YFxX33h/VTWFBRLRbtYtQRMzMgV7+wclSJ9B871tlgRMwYMOKSA+gXUTMOoze
/nLmTJb62am/G8jkTNbGvCljW3tbz48bURnYuUM76yWMwB5dlzbcerqItimxrtRl
chGjJuBesURnunfZ0j7PFMkTXxWMdzWISoJp/aWIOVN1RzGgilqSbTEu6WQCkSv6
yxczk2IK88GDjL7ZAWJlWI+HpP/V0b8hpf78HNgud6x7U+ynAa3npHMNGw6ApR2z
ouDAhw3yew1FO7TNctoRvypajHcMuBdgUAoTk4v7g1/3yX5nkl6XEhLp7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHNBdbQoMX06qrXnBKS4S9mM4KLXMB8GA1UdIwQY
MBaAFCxxyWAF4TqEo/Me8dmRd39LbjGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUt
N2EyOGFmMjljZGMyLzEvYzBGMXRDZ3hmVHFxdGVjRXBMaEwyWXpnb3RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUtN2EyOGFmMjljZGMy
LzEvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH4KeMA0G
CSqGSIb3DQEBCwUAA4IBAQCcikSKSWeQfb6fa3Z5VAbUe5Od75vBRbCEEEz30JkF
jhLIiCP5VqCOo0T2cLZpQ0XK1vVDYFtaz+OjstHB2+hZGOkVQHpr7Tv+cqdknsJW
LPRTEUWQZ7gMSeLPqTzdmSYKHyxrFHDYzgVrTddmXEtn3ptxPUTqBTkmE0dmx9vS
mIhOQefh7MRLnBetIIXnzpxmVjnd21+ihjvYqQTkBNNJxWgrIw13a+OhNRt/FnGA
C3i96f8vvKpmbKAjjENnRdLo8Mg60DfVVz5Mki1PY9GnxOSY63h6Oc/hsEwxDJs2
guthtEKly66QlFbNj3B4V1vbeII2CBxB4iC7VeXBb6YF
-----END CERTIFICATE-----