Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/f1DF_TlI1-KeDAjS9_oQH6dh_4c.roa
File:                     f1DF_TlI1-KeDAjS9_oQH6dh_4c.roa (raw, json)
Hash identifier:          4PWhWNZlx/4cGeaCZJmwM6wmn2d/cHyUzd008SIoFTc=
Subject key identifier:   7F:50:C5:FD:39:48:D7:E2:9E:0C:08:D2:F7:FA:10:1F:A7:61:FF:87
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019EB27CEB3177FF2AC0D62D325E8EFED0AB
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/f1DF_TlI1-KeDAjS9_oQH6dh_4c.roa
Signing time:             Wed 10 Jun 2026 17:03:11 +0000
ROA not before:           Wed 10 Jun 2026 17:03:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47193
IP address blocks:        5.188.192.0/22 maxlen: 23
                          5.188.192.0/23 maxlen: 23
                          46.161.56.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b2:7c:eb:31:77:ff:2a:c0:d6:2d:32:5e:8e:fe:d0:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jun 10 17:03:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f50c5fd3948d7e29e0c08d2f7fa101fa761ff87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:74:68:5c:5d:93:5a:2b:60:27:ba:4a:da:a2:
                    46:a5:11:02:ee:a3:9d:13:eb:96:0b:3b:96:3a:17:
                    45:ed:54:2e:14:e1:5b:57:6b:ac:53:44:d3:0d:25:
                    b7:94:69:8e:3f:c6:4d:d7:6f:1a:7d:33:c0:8b:4e:
                    cc:fa:31:a8:49:b1:bb:6b:21:85:98:5f:0f:3c:c3:
                    d2:ab:69:3c:c8:cb:30:21:94:18:34:54:74:be:4c:
                    05:9d:ea:1e:15:47:80:e7:d3:70:3e:9a:f3:46:1b:
                    7d:70:11:3b:f4:18:53:75:b5:58:b0:11:68:30:f9:
                    d7:95:be:bc:d5:07:16:e8:eb:9e:04:e4:db:a8:e6:
                    ee:02:44:90:ed:c3:be:c7:96:2e:bf:ea:fc:52:68:
                    20:99:18:1c:cf:5f:56:8f:bf:de:50:a1:cd:9f:b7:
                    de:32:f5:10:50:06:ba:bd:41:44:0c:a9:a3:62:aa:
                    21:fb:a9:e3:e9:1c:ae:ed:3b:ab:8d:70:72:39:10:
                    58:15:d0:ed:ab:ad:ac:cc:b5:8b:ef:aa:44:9d:f3:
                    2c:47:a2:4f:a3:bf:65:f7:fd:4d:e2:9d:f1:23:2f:
                    3e:25:35:43:d7:74:bc:40:e5:dd:82:5e:f4:19:44:
                    ab:c2:35:41:f4:c4:6c:d5:e2:2c:bc:60:93:d1:99:
                    d4:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:50:C5:FD:39:48:D7:E2:9E:0C:08:D2:F7:FA:10:1F:A7:61:FF:87
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/f1DF_TlI1-KeDAjS9_oQH6dh_4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.192.0/22
                  46.161.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         40:bf:17:89:93:8a:d2:9b:a4:74:aa:23:44:0d:ac:01:99:69:
         a9:c5:5d:e6:fc:7f:11:91:67:34:d6:ba:f4:e8:22:75:ea:f5:
         28:bb:29:46:a8:9e:5a:f4:3f:c7:cc:df:32:bb:12:ea:26:af:
         99:e1:ca:9b:79:85:96:d8:e7:04:2f:a4:a7:ce:bd:e0:38:93:
         65:93:df:6a:76:29:85:9a:5d:f0:14:70:68:24:d2:3d:be:13:
         04:43:5b:34:3d:eb:53:55:a2:62:65:74:bd:d4:8d:c7:fa:6a:
         d5:58:c1:f5:29:a4:95:cf:d3:0c:91:34:43:64:fd:d6:06:a7:
         42:c0:7a:24:f2:25:a2:4b:f5:48:9b:46:eb:05:56:5e:d6:fa:
         1e:0d:82:f0:fd:b7:3f:42:0f:4b:cf:99:c8:25:38:4d:4a:a6:
         fb:03:85:84:ed:91:bb:8e:b3:8e:03:d1:a1:27:6c:5a:88:d3:
         c6:4e:e6:b4:ec:5c:74:2e:d9:4d:95:7e:f2:f6:4c:e8:db:d5:
         ca:06:70:cf:1c:03:7a:ba:ac:da:85:c0:8f:59:5d:e5:ef:17:
         16:c8:7f:fa:46:c3:5c:02:d9:f7:7c:c2:5f:69:72:a1:7d:82:
         86:85:d1:db:5e:07:c1:05:4a:43:66:71:51:ec:07:ff:fc:6b:
         42:7c:87:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6yfOsxd/8qwNYtMl6O/tCrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjYwNjEwMTcwMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjUwYzVmZDM5NDhkN2UyOWUwYzA4ZDJmN2ZhMTAxZmE3NjFmZjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXRoXF2TWitgJ7pK2qJGpREC7qOd
E+uWCzuWOhdF7VQuFOFbV2usU0TTDSW3lGmOP8ZN128afTPAi07M+jGoSbG7ayGF
mF8PPMPSq2k8yMswIZQYNFR0vkwFneoeFUeA59NwPprzRht9cBE79BhTdbVYsBFo
MPnXlb681QcW6OueBOTbqObuAkSQ7cO+x5Yuv+r8UmggmRgcz19Wj7/eUKHNn7fe
MvUQUAa6vUFEDKmjYqoh+6nj6Ryu7TurjXByORBYFdDtq62szLWL76pEnfMsR6JP
o79l9/1N4p3xIy8+JTVD13S8QOXdgl70GUSrwjVB9MRs1eIsvGCT0ZnUDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH9Qxf05SNfingwI0vf6EB+nYf+HMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvZjFERl9UbEkxLUtlREFqUzlfb1FINmRoXzRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBbzAAwQD
LqE4MA0GCSqGSIb3DQEBCwUAA4IBAQBAvxeJk4rSm6R0qiNEDawBmWmpxV3m/H8R
kWc01rr06CJ16vUouylGqJ5a9D/HzN8yuxLqJq+Z4cqbeYWW2OcEL6Snzr3gOJNl
k99qdimFml3wFHBoJNI9vhMEQ1s0PetTVaJiZXS91I3H+mrVWMH1KaSVz9MMkTRD
ZP3WBqdCwHok8iWiS/VIm0brBVZe1voeDYLw/bc/Qg9Lz5nIJThNSqb7A4WE7ZG7
jrOOA9GhJ2xaiNPGTua07Fx0LtlNlX7y9kzo29XKBnDPHAN6uqzahcCPWV3l7xcW
yH/6RsNcAtn3fMJfaXKhfYKGhdHbXgfBBUpDZnFR7Af//GtCfIfg
-----END CERTIFICATE-----