Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/FUNd3J3jGNkL1bhepptoxLuws5g.roa
File:                     FUNd3J3jGNkL1bhepptoxLuws5g.roa (raw, json)
Hash identifier:          63Tr+CGndchW/6WwI48KC12WlHse5iUN8Ha4sdZypxE=
Subject key identifier:   15:43:5D:DC:9D:E3:18:D9:0B:D5:B8:5E:A6:9B:68:C4:BB:B0:B3:98
Certificate issuer:       /CN=2a1e65f8083c859bcd0d2c52a1e061eb5131f5f1
Certificate serial:       019D44F5E24A23DC0B3381A7F23BA070D07D
Authority key identifier: 2A:1E:65:F8:08:3C:85:9B:CD:0D:2C:52:A1:E0:61:EB:51:31:F5:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/FUNd3J3jGNkL1bhepptoxLuws5g.roa
Signing time:             Tue 31 Mar 2026 17:34:17 +0000
ROA not before:           Tue 31 Mar 2026 17:34:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207934
IP address blocks:        185.156.96.0/22 maxlen: 32
                          2a03:300::/29 maxlen: 48
                          2a03:302::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 05:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:44:f5:e2:4a:23:dc:0b:33:81:a7:f2:3b:a0:70:d0:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a1e65f8083c859bcd0d2c52a1e061eb5131f5f1
        Validity
            Not Before: Mar 31 17:34:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=15435ddc9de318d90bd5b85ea69b68c4bbb0b398
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2a:ea:db:4c:22:c4:6f:66:5e:c4:83:2e:f9:
                    bc:62:ff:b9:37:5c:0b:47:b4:4c:9b:df:cf:c8:21:
                    49:f2:d9:37:c2:81:99:ad:12:08:5d:45:a9:25:37:
                    65:40:a5:10:ee:aa:94:14:25:8a:ce:5e:9f:87:42:
                    24:1d:c8:cd:c1:09:34:2d:a3:34:da:f6:fa:06:55:
                    da:a2:63:12:9b:13:a1:d6:bd:bb:10:4e:a6:9f:44:
                    03:5e:fc:ea:89:67:ee:aa:0f:a2:0e:25:54:4c:0f:
                    0e:de:d1:ae:7f:e0:08:cc:77:1d:5b:e9:76:53:60:
                    b2:64:4d:41:82:1b:68:cb:26:89:ea:ae:38:3a:1f:
                    c9:fa:74:32:c0:aa:22:5d:13:fb:ea:72:c5:e0:a4:
                    22:77:a8:6c:cd:2d:82:2a:24:28:e0:37:07:f5:d6:
                    25:6e:6b:39:9d:5d:13:62:5e:53:4b:63:86:2b:cf:
                    e6:35:cc:76:d3:d4:cb:6a:fd:f7:15:0d:da:47:5c:
                    1b:c3:08:a0:ce:0a:57:0d:49:2d:19:31:26:44:0a:
                    18:08:a9:8f:42:a9:d7:7f:ec:55:8e:2b:f5:fb:44:
                    e6:4b:76:98:ae:41:b6:fb:da:6b:09:c5:bc:fc:0f:
                    e8:95:35:39:95:a1:5e:41:18:09:9b:e9:76:04:b7:
                    26:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:43:5D:DC:9D:E3:18:D9:0B:D5:B8:5E:A6:9B:68:C4:BB:B0:B3:98
            X509v3 Authority Key Identifier:
                keyid:2A:1E:65:F8:08:3C:85:9B:CD:0D:2C:52:A1:E0:61:EB:51:31:F5:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/FUNd3J3jGNkL1bhepptoxLuws5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.96.0/22
                IPv6:
                  2a03:300::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:c2:bb:28:a3:ec:c1:2a:86:8d:ae:3a:c9:00:38:2d:19:7e:
         98:77:47:ea:a2:42:78:13:47:5d:37:4d:a7:76:25:82:2e:e7:
         1a:31:87:d9:f1:40:91:8e:0c:1e:de:a1:48:c8:c7:d0:41:7e:
         eb:b7:4b:c0:f3:04:bd:24:d3:bd:5b:51:3c:fc:a5:16:35:21:
         41:86:57:d1:76:57:0d:be:fe:af:2d:58:ef:41:0e:e9:ed:5f:
         15:67:ca:a6:be:ea:87:d1:99:61:eb:dc:dc:f9:fc:3b:ce:ad:
         dd:28:42:3b:92:11:b2:33:81:4d:be:97:9d:d9:2f:bd:13:b8:
         90:f1:79:15:d1:57:f3:76:f6:0f:9b:b0:d7:33:7a:5d:9d:86:
         4f:57:5a:05:c2:dd:7d:4e:99:f1:44:2b:6b:64:a9:c7:42:ef:
         24:5b:0a:2d:71:a6:2c:32:2e:09:67:ba:dd:c4:84:50:1e:58:
         83:96:f0:d7:ee:be:0c:8c:fa:28:c3:87:1e:71:af:5a:52:ac:
         4f:3e:33:4c:1b:b7:24:62:c9:d2:ea:26:d7:45:eb:9b:36:48:
         ef:29:79:51:4d:f8:61:2b:09:65:07:4e:bf:45:6f:8e:19:be:
         ff:7e:82:62:25:f6:92:c5:48:2e:82:cd:25:bb:bc:26:02:e3:
         aa:14:e6:5b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ1E9eJKI9wLM4Gn8jugcNB9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhMWU2NWY4MDgzYzg1OWJjZDBkMmM1MmExZTA2MWViNTEz
MWY1ZjEwHhcNMjYwMzMxMTczNDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTQzNWRkYzlkZTMxOGQ5MGJkNWI4NWVhNjliNjhjNGJiYjBiMzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSrq20wixG9mXsSDLvm8Yv+5N1wL
R7RMm9/PyCFJ8tk3woGZrRIIXUWpJTdlQKUQ7qqUFCWKzl6fh0IkHcjNwQk0LaM0
2vb6BlXaomMSmxOh1r27EE6mn0QDXvzqiWfuqg+iDiVUTA8O3tGuf+AIzHcdW+l2
U2CyZE1BghtoyyaJ6q44Oh/J+nQywKoiXRP76nLF4KQid6hszS2CKiQo4DcH9dYl
bms5nV0TYl5TS2OGK8/mNcx209TLav33FQ3aR1wbwwigzgpXDUktGTEmRAoYCKmP
QqnXf+xVjiv1+0TmS3aYrkG2+9prCcW8/A/olTU5laFeQRgJm+l2BLcmoQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBVDXdyd4xjZC9W4XqabaMS7sLOYMB8GA1UdIwQY
MBaAFCoeZfgIPIWbzQ0sUqHgYetRMfXxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2g1bC1BZzhoWnZORFN4U29lQmg2MUV4OWZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9kMDk3YmYtYjBmNS00M2UxLTg2YTIt
Y2ZiOGRhNTQ5MDY3LzEvRlVOZDNKM2pHTmtMMWJoZXBwdG94THV3czVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9kMDk3YmYtYjBmNS00M2UxLTg2YTItY2ZiOGRhNTQ5MDY3
LzEvS2g1bC1BZzhoWnZORFN4U29lQmg2MUV4OWZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZxgMA0E
AgACMAcDBQMqAwMAMA0GCSqGSIb3DQEBCwUAA4IBAQBBwrsoo+zBKoaNrjrJADgt
GX6Yd0fqokJ4E0ddN02ndiWCLucaMYfZ8UCRjgwe3qFIyMfQQX7rt0vA8wS9JNO9
W1E8/KUWNSFBhlfRdlcNvv6vLVjvQQ7p7V8VZ8qmvuqH0Zlh69zc+fw7zq3dKEI7
khGyM4FNvped2S+9E7iQ8XkV0VfzdvYPm7DXM3pdnYZPV1oFwt19TpnxRCtrZKnH
Qu8kWwotcaYsMi4JZ7rdxIRQHliDlvDX7r4MjPoow4ceca9aUqxPPjNMG7ckYsnS
6ibXReubNkjvKXlRTfhhKwllB06/RW+OGb7/foJiJfaSxUgugs0lu7wmAuOqFOZb
-----END CERTIFICATE-----