Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FoKIUiy0AKtYfAR5ZwqwqfMLwcU.roa
File:                     FoKIUiy0AKtYfAR5ZwqwqfMLwcU.roa (raw, json)
Hash identifier:          0kPHJl2TmhxpaVp20xfi9aUgtn64bMnC+Nhv0juovOk=
Subject key identifier:   16:82:88:52:2C:B4:00:AB:58:7C:04:79:67:0A:B0:A9:F3:0B:C1:C5
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019D9FA4F68B992E1C4FAA6D4BAF6645CEA9
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FoKIUiy0AKtYfAR5ZwqwqfMLwcU.roa
Signing time:             Sat 18 Apr 2026 08:11:21 +0000
ROA not before:           Sat 18 Apr 2026 08:11:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48090
IP address blocks:        93.123.109.0/24 maxlen: 24
                          195.178.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 21:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9f:a4:f6:8b:99:2e:1c:4f:aa:6d:4b:af:66:45:ce:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 18 08:11:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=168288522cb400ab587c0479670ab0a9f30bc1c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:a6:50:19:b2:4d:e7:ee:71:78:2f:51:0a:b8:
                    ed:ae:26:9c:7a:62:1e:21:18:a3:ff:97:1e:a7:91:
                    3e:f0:c3:c2:b7:7a:ad:d2:1d:72:13:69:7f:27:8b:
                    27:0e:f7:ef:32:f8:c1:71:20:a5:45:45:20:26:08:
                    54:c9:54:45:ff:87:8b:59:39:81:c7:cd:cd:89:64:
                    c6:32:e9:65:81:9d:d9:be:11:89:87:42:1e:c0:5b:
                    05:7a:01:89:7f:46:16:15:a8:0e:85:ef:03:9f:5d:
                    33:24:a8:5d:b7:cb:7a:98:af:0e:e1:b7:c7:63:e8:
                    fb:34:5c:02:f4:2a:cf:21:ed:fd:1c:60:14:f8:5f:
                    3d:ae:af:46:16:bc:d7:7a:56:e5:45:af:5a:f2:fa:
                    2f:9e:9e:d4:c5:ba:ba:59:fb:e8:c5:5a:36:64:ed:
                    66:e0:44:04:ee:02:ae:54:a0:7d:e5:14:26:d6:a6:
                    83:5e:7e:a6:a8:af:da:77:30:cb:a4:1d:6b:34:a5:
                    d7:b8:1d:95:59:04:38:96:84:ca:ce:a8:2c:a9:1b:
                    6b:59:32:fd:a1:85:86:04:b3:9c:f0:ce:58:54:27:
                    32:d7:c4:c1:bf:77:9f:71:f4:d9:2a:8a:ba:16:47:
                    93:82:f7:fb:69:a4:11:f3:84:18:22:d5:68:99:31:
                    4f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:82:88:52:2C:B4:00:AB:58:7C:04:79:67:0A:B0:A9:F3:0B:C1:C5
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FoKIUiy0AKtYfAR5ZwqwqfMLwcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.123.109.0/24
                  195.178.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:e7:00:ae:0b:ce:f3:d7:c3:3d:7b:0b:30:25:0e:91:af:f2:
         1d:9f:10:10:06:bb:1f:b0:32:27:70:fc:d3:08:db:12:f0:e7:
         c1:81:fa:99:82:9e:b7:c0:ba:e0:22:9b:2c:7b:fe:a8:09:1f:
         b0:11:9d:19:a7:f9:2b:c7:6c:53:38:84:a4:d8:8b:e2:94:b5:
         3e:fc:b0:d8:67:6a:36:59:44:ed:33:1d:03:fa:f7:61:5c:72:
         a0:88:d2:5f:0e:c0:42:25:07:dc:b3:b2:6f:57:e5:70:ea:97:
         67:6d:5d:09:64:5c:ab:fb:22:6a:4b:bc:69:c1:ad:6c:98:7f:
         05:85:ba:2d:46:5c:a1:ed:42:2a:9a:58:5c:34:0c:e0:5d:6e:
         b7:7f:f5:58:57:33:cf:40:70:ce:6b:9f:8e:13:13:1a:46:0c:
         18:04:0b:a9:81:55:95:84:12:f2:ef:05:af:70:a2:95:c4:10:
         c7:c3:9f:61:27:33:2f:9c:94:0b:d4:7f:6a:66:50:18:7c:2b:
         eb:b1:92:61:f0:0c:68:89:34:93:15:80:2f:fb:88:38:39:81:
         a4:04:d2:9a:c6:72:92:c0:b0:2d:0b:fc:51:79:cd:41:aa:ac:
         16:4b:77:ce:f7:a2:ed:fc:e3:47:6d:d3:0b:63:3a:3f:01:37:
         39:48:9d:fc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2fpPaLmS4cT6ptS69mRc6pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwNDE4MDgxMTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjgyODg1MjJjYjQwMGFiNTg3YzA0Nzk2NzBhYjBhOWYzMGJjMWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5aZQGbJN5+5xeC9RCrjtriacemIe
IRij/5cep5E+8MPCt3qt0h1yE2l/J4snDvfvMvjBcSClRUUgJghUyVRF/4eLWTmB
x83NiWTGMullgZ3ZvhGJh0IewFsFegGJf0YWFagOhe8Dn10zJKhdt8t6mK8O4bfH
Y+j7NFwC9CrPIe39HGAU+F89rq9GFrzXelblRa9a8vovnp7Uxbq6WfvoxVo2ZO1m
4EQE7gKuVKB95RQm1qaDXn6mqK/adzDLpB1rNKXXuB2VWQQ4loTKzqgsqRtrWTL9
oYWGBLOc8M5YVCcy18TBv3efcfTZKoq6FkeTgvf7aaQR84QYItVomTFPjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBaCiFIstACrWHwEeWcKsKnzC8HFMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRm9LSVVpeTBBS3RZZkFSNVp3cXdxZk1Md2NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXXttAwQA
w7JuMA0GCSqGSIb3DQEBCwUAA4IBAQAL5wCuC87z18M9ewswJQ6Rr/IdnxAQBrsf
sDIncPzTCNsS8OfBgfqZgp63wLrgIpsse/6oCR+wEZ0Zp/krx2xTOISk2IvilLU+
/LDYZ2o2WUTtMx0D+vdhXHKgiNJfDsBCJQfcs7JvV+Vw6pdnbV0JZFyr+yJqS7xp
wa1smH8FhbotRlyh7UIqmlhcNAzgXW63f/VYVzPPQHDOa5+OExMaRgwYBAupgVWV
hBLy7wWvcKKVxBDHw59hJzMvnJQL1H9qZlAYfCvrsZJh8AxoiTSTFYAv+4g4OYGk
BNKaxnKSwLAtC/xRec1BqqwWS3fO96Lt/ONHbdMLYzo/ATc5SJ38
-----END CERTIFICATE-----