Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/F4hF9CP1SBRuff5KIXPB_fiIicU.roa
File:                     F4hF9CP1SBRuff5KIXPB_fiIicU.roa (raw, json)
Hash identifier:          H951/GRArRlrpHlbN+ZkkGfHvxDoHtPJ8AxNrjC2rDk=
Subject key identifier:   17:88:45:F4:23:F5:48:14:6E:7D:FE:4A:21:73:C1:FD:F8:88:89:C5
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019E8A26EC6B97F9EB7B9D32458795739460
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/F4hF9CP1SBRuff5KIXPB_fiIicU.roa
Signing time:             Tue 02 Jun 2026 21:04:27 +0000
ROA not before:           Tue 02 Jun 2026 21:04:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43641
IP address blocks:        2a0d:d940:160::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8a:26:ec:6b:97:f9:eb:7b:9d:32:45:87:95:73:94:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Jun  2 21:04:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=178845f423f548146e7dfe4a2173c1fdf88889c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c8:84:f8:87:b0:0d:dc:ec:90:0f:54:f5:f1:
                    fd:15:4b:f4:27:b1:f0:23:d3:93:f9:c5:25:5e:69:
                    ab:3f:5f:d0:f0:05:b5:63:78:f4:00:a9:f8:0a:48:
                    6c:ec:88:00:3e:46:71:60:aa:7c:cd:e6:01:64:e4:
                    7c:90:eb:7d:dc:1c:46:26:46:91:b1:42:5d:94:2f:
                    af:cd:c4:c9:57:12:ef:a4:16:3e:bb:f6:d1:9e:3d:
                    72:ba:40:d6:0d:72:3e:34:3f:66:8a:d7:3f:5a:93:
                    24:8f:91:25:c3:8c:c1:4c:60:20:5b:63:62:48:66:
                    c2:38:84:87:fa:a3:f5:90:73:f8:60:01:24:fc:b7:
                    b3:7c:ed:2a:5b:33:36:3c:b2:e7:85:db:17:a7:5a:
                    54:5f:6f:76:b0:d7:7d:df:1c:f5:39:61:29:0f:ef:
                    69:30:99:73:67:9f:b4:02:2b:dc:84:69:dc:39:6a:
                    87:22:b1:c4:45:25:b5:93:00:f3:94:4e:df:c1:1d:
                    69:7e:6e:d9:3e:6b:a5:87:f0:c5:ee:8a:07:c1:49:
                    0b:86:7e:21:f1:ff:8d:08:7b:d3:60:3e:38:2c:fa:
                    f2:97:80:df:1f:74:c4:dd:d5:f9:ae:c1:9e:cb:54:
                    14:cd:29:3e:63:c2:13:63:47:cb:bf:77:75:0a:0c:
                    07:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:88:45:F4:23:F5:48:14:6E:7D:FE:4A:21:73:C1:FD:F8:88:89:C5
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/F4hF9CP1SBRuff5KIXPB_fiIicU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:160::/44

    Signature Algorithm: sha256WithRSAEncryption
         81:68:26:b6:48:6c:b5:55:68:92:4e:f8:08:3a:19:a8:1f:0a:
         58:4f:25:76:cc:f3:58:33:c4:5c:4c:73:3f:6d:cb:0d:72:e0:
         6e:1b:59:b8:9d:b8:5c:6e:48:9e:9a:e7:e0:c2:9b:a5:9b:74:
         02:51:cc:b2:aa:66:67:20:92:40:e0:d8:a3:1c:fe:05:60:29:
         c2:ee:aa:97:01:c4:b4:dc:0b:71:56:e1:e4:31:28:52:55:b1:
         9a:be:ba:97:d5:7f:58:21:0c:b2:9d:a1:07:6c:f6:ea:a6:cf:
         7f:c2:aa:02:0b:b6:4d:16:68:59:cd:ca:78:fc:df:06:41:62:
         94:9b:b1:48:46:87:44:ec:34:94:c4:50:46:35:51:83:c2:7d:
         c9:42:56:81:0c:c4:f3:48:c0:1d:84:3b:c7:a0:09:34:e1:d1:
         70:ae:e7:cb:f8:b3:5a:82:36:da:cd:a2:33:31:44:69:c3:59:
         e4:4c:bc:76:1c:70:58:7b:2e:cb:75:88:70:0a:e2:7e:91:ec:
         67:0c:4b:70:00:a8:52:42:01:75:d3:a2:23:7f:ff:d9:49:3b:
         e9:2f:b8:75:d0:ac:aa:1f:03:ec:89:f3:94:07:30:6b:9b:01:
         7e:f9:4e:c4:cc:aa:43:a0:7e:41:93:03:d7:33:08:a0:7f:ed:
         e9:aa:4b:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6KJuxrl/nre50yRYeVc5RgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwNjAyMjEwNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzg4NDVmNDIzZjU0ODE0NmU3ZGZlNGEyMTczYzFmZGY4ODg4OWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsiE+IewDdzskA9U9fH9FUv0J7Hw
I9OT+cUlXmmrP1/Q8AW1Y3j0AKn4Ckhs7IgAPkZxYKp8zeYBZOR8kOt93BxGJkaR
sUJdlC+vzcTJVxLvpBY+u/bRnj1yukDWDXI+ND9mitc/WpMkj5Elw4zBTGAgW2Ni
SGbCOISH+qP1kHP4YAEk/LezfO0qWzM2PLLnhdsXp1pUX292sNd93xz1OWEpD+9p
MJlzZ5+0AivchGncOWqHIrHERSW1kwDzlE7fwR1pfm7ZPmulh/DF7ooHwUkLhn4h
8f+NCHvTYD44LPryl4DfH3TE3dX5rsGey1QUzSk+Y8ITY0fLv3d1CgwHfQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBeIRfQj9UgUbn3+SiFzwf34iInFMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvRjRoRjlDUDFTQlJ1ZmY1S0lYUEJfZmlJaWNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg3ZQAFg
MA0GCSqGSIb3DQEBCwUAA4IBAQCBaCa2SGy1VWiSTvgIOhmoHwpYTyV2zPNYM8Rc
THM/bcsNcuBuG1m4nbhcbkiemufgwpulm3QCUcyyqmZnIJJA4NijHP4FYCnC7qqX
AcS03AtxVuHkMShSVbGavrqX1X9YIQyynaEHbPbqps9/wqoCC7ZNFmhZzcp4/N8G
QWKUm7FIRodE7DSUxFBGNVGDwn3JQlaBDMTzSMAdhDvHoAk04dFwrufL+LNagjba
zaIzMURpw1nkTLx2HHBYey7LdYhwCuJ+kexnDEtwAKhSQgF106Ijf//ZSTvpL7h1
0KyqHwPsifOUBzBrmwF++U7EzKpDoH5BkwPXMwigf+3pqks+
-----END CERTIFICATE-----