Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/fGCv0unODUJeCNsC2dUXlwTKZbI.roa
File:                     fGCv0unODUJeCNsC2dUXlwTKZbI.roa (raw, json)
Hash identifier:          KLCphSolEnFg1hlWRSqLrJacfAK7k8SA3SMoxj8ZY5o=
Subject key identifier:   7C:60:AF:D2:E9:CE:0D:42:5E:08:DB:02:D9:D5:17:97:04:CA:65:B2
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019E87DFBE4F88210FB28166EA6CB91DFEA0
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/fGCv0unODUJeCNsC2dUXlwTKZbI.roa
Signing time:             Tue 02 Jun 2026 10:27:27 +0000
ROA not before:           Tue 02 Jun 2026 10:27:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198566
IP address blocks:        91.201.87.0/24 maxlen: 24
                          160.19.94.0/24 maxlen: 24
                          160.19.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:87:df:be:4f:88:21:0f:b2:81:66:ea:6c:b9:1d:fe:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun  2 10:27:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c60afd2e9ce0d425e08db02d9d5179704ca65b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:df:cf:25:8f:3f:de:f4:b0:14:a6:e5:f1:c1:
                    ed:44:84:88:82:15:fd:ad:7a:be:2a:c6:8c:68:51:
                    53:3e:17:29:3b:3b:6d:bd:d7:40:51:11:fc:83:93:
                    5e:42:ad:e8:0b:c5:b2:27:c4:c1:92:5c:4f:ef:01:
                    01:69:43:a3:85:f5:a0:7a:b6:38:dc:c8:13:02:07:
                    56:c1:19:09:b8:7c:f9:f2:82:49:ef:9c:65:1d:c1:
                    c6:04:9c:7e:83:d7:00:14:bc:f8:a5:d7:cc:9c:28:
                    60:40:9d:4b:6e:c9:6f:b7:be:bb:8c:18:a0:94:40:
                    e3:32:e8:c5:12:2b:58:f5:06:92:a7:d3:b9:0d:4e:
                    0f:13:ee:8d:ec:d2:aa:3f:c7:3f:6b:4a:b1:a4:1b:
                    d1:a5:ed:74:90:5d:05:fe:de:a4:32:4b:18:99:9f:
                    86:1e:f1:39:11:2d:ac:fb:65:77:4f:d6:e1:63:45:
                    4e:4c:57:53:48:4c:1b:1a:1c:f8:b4:76:42:27:a4:
                    c9:5f:3d:a2:df:8c:93:ac:55:b7:e5:86:1c:3b:c0:
                    57:e3:e3:a2:b0:fb:69:b3:4f:3c:49:cb:12:a0:a0:
                    05:08:85:bb:ae:fc:83:59:34:a9:c1:8d:94:f6:98:
                    ff:06:7f:ef:e1:6b:a3:f3:b5:57:ee:08:51:b2:32:
                    7b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:60:AF:D2:E9:CE:0D:42:5E:08:DB:02:D9:D5:17:97:04:CA:65:B2
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/fGCv0unODUJeCNsC2dUXlwTKZbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.87.0/24
                  160.19.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a0:68:85:cc:bd:8d:75:55:28:4f:9d:82:1b:3d:16:a2:60:0a:
         94:32:44:4a:75:0d:15:05:67:c1:7a:e7:db:45:e4:69:c0:c0:
         0e:89:cd:a3:e1:8c:9b:9a:d7:f5:b2:a1:ae:5c:a5:f6:13:a5:
         bc:b6:f5:fe:66:02:b4:b7:c9:37:33:3e:65:ec:79:45:8a:20:
         6b:55:b3:09:6a:3d:ab:ab:f4:d0:1b:ac:c7:55:d5:70:b5:53:
         9c:60:56:f4:2f:b8:01:a4:f7:36:2e:f7:ba:d2:e5:43:e3:61:
         9e:02:ab:e7:10:f5:8b:5c:0f:5f:bb:ab:f2:82:3e:a8:5f:66:
         59:7d:6a:e2:be:30:73:68:94:ca:97:44:62:37:64:bd:24:f3:
         76:35:d1:5d:c2:6c:97:6a:22:e6:ad:4a:43:f4:65:b3:71:71:
         dd:0f:02:58:01:29:bc:96:af:c4:2f:15:a5:61:a7:4b:69:60:
         8c:09:6e:e5:b1:e3:19:77:e5:69:03:4b:30:ee:02:7a:c9:64:
         5f:58:c8:f0:8c:8c:18:2a:7f:39:8a:88:4b:12:48:89:d1:69:
         fd:e0:6a:9d:34:ee:18:47:b5:b3:4d:d3:1d:92:c5:59:6e:e1:
         ce:0b:99:2a:12:6a:8a:3b:97:57:c0:25:46:45:6f:ea:c6:b0:
         86:f1:9a:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6H375PiCEPsoFm6my5Hf6gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNjAyMTAyNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzYwYWZkMmU5Y2UwZDQyNWUwOGRiMDJkOWQ1MTc5NzA0Y2E2NWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9/PJY8/3vSwFKbl8cHtRISIghX9
rXq+KsaMaFFTPhcpOzttvddAURH8g5NeQq3oC8WyJ8TBklxP7wEBaUOjhfWgerY4
3MgTAgdWwRkJuHz58oJJ75xlHcHGBJx+g9cAFLz4pdfMnChgQJ1Lbslvt767jBig
lEDjMujFEitY9QaSp9O5DU4PE+6N7NKqP8c/a0qxpBvRpe10kF0F/t6kMksYmZ+G
HvE5ES2s+2V3T9bhY0VOTFdTSEwbGhz4tHZCJ6TJXz2i34yTrFW35YYcO8BX4+Oi
sPtps088ScsSoKAFCIW7rvyDWTSpwY2U9pj/Bn/v4Wuj87VX7ghRsjJ7iQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHxgr9Lpzg1CXgjbAtnVF5cEymWyMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvZkdDdjB1bk9EVUplQ05zQzJkVVhsd1RLWmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8lXAwQB
oBNeMA0GCSqGSIb3DQEBCwUAA4IBAQCgaIXMvY11VShPnYIbPRaiYAqUMkRKdQ0V
BWfBeufbReRpwMAOic2j4Yybmtf1sqGuXKX2E6W8tvX+ZgK0t8k3Mz5l7HlFiiBr
VbMJaj2rq/TQG6zHVdVwtVOcYFb0L7gBpPc2Lve60uVD42GeAqvnEPWLXA9fu6vy
gj6oX2ZZfWrivjBzaJTKl0RiN2S9JPN2NdFdwmyXaiLmrUpD9GWzcXHdDwJYASm8
lq/ELxWlYadLaWCMCW7lseMZd+VpA0sw7gJ6yWRfWMjwjIwYKn85iohLEkiJ0Wn9
4GqdNO4YR7WzTdMdksVZbuHOC5kqEmqKO5dXwCVGRW/qxrCG8ZrB
-----END CERTIFICATE-----