Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/1e3eb4-5dcf-47d9-bc46-e3fc53791490/1/FC0bdyuplJI1KGX4AfHE0Zx0LqE.roa
File:                     FC0bdyuplJI1KGX4AfHE0Zx0LqE.roa (raw, json)
Hash identifier:          ErGqRSFSyWBG0JZf35Cme2HC95smdmZ0LBiGyRvWJfo=
Subject key identifier:   14:2D:1B:77:2B:A9:94:92:35:28:65:F8:01:F1:C4:D1:9C:74:2E:A1
Certificate issuer:       /CN=dfd8641e328aa5d19c960d4891cf8677ce1289e7
Certificate serial:       019A34799434CFCF00957B53732C6A736E1F
Authority key identifier: DF:D8:64:1E:32:8A:A5:D1:9C:96:0D:48:91:CF:86:77:CE:12:89:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/39hkHjKKpdGclg1Ikc-Gd84Siec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/1e3eb4-5dcf-47d9-bc46-e3fc53791490/1/FC0bdyuplJI1KGX4AfHE0Zx0LqE.roa
Signing time:             Thu 30 Oct 2025 09:36:14 +0000
ROA not before:           Thu 30 Oct 2025 09:36:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209873
IP address blocks:        176.118.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/1e3eb4-5dcf-47d9-bc46-e3fc53791490/1/39hkHjKKpdGclg1Ikc-Gd84Siec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/1e3eb4-5dcf-47d9-bc46-e3fc53791490/1/39hkHjKKpdGclg1Ikc-Gd84Siec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/39hkHjKKpdGclg1Ikc-Gd84Siec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Oct 2025 09:37:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:34:79:94:34:cf:cf:00:95:7b:53:73:2c:6a:73:6e:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfd8641e328aa5d19c960d4891cf8677ce1289e7
        Validity
            Not Before: Oct 30 09:36:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=142d1b772ba99492352865f801f1c4d19c742ea1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:81:93:e0:bc:3b:95:05:99:53:c3:30:23:b8:
                    31:8f:a5:06:a7:29:6c:33:c5:c4:4a:9b:a4:91:9b:
                    a8:c9:1e:c3:bb:53:ea:27:a7:34:e5:f5:38:77:78:
                    75:5e:24:63:66:49:c7:1c:21:4c:e9:2a:01:bd:be:
                    ef:93:2f:ce:b3:1d:92:a0:f5:44:4b:09:41:65:81:
                    ca:80:f8:8b:a8:1c:3c:c5:4e:d6:be:be:69:5f:53:
                    e4:c1:2c:34:b6:18:32:cd:d9:d8:b2:73:33:2d:55:
                    55:04:c3:d3:cc:ef:d8:e9:7a:aa:35:67:c4:65:21:
                    d1:a1:f4:34:59:8b:ab:fa:c3:57:c2:5f:2c:e9:1c:
                    b6:12:9d:39:9d:d4:fa:a3:91:f1:25:aa:81:e2:eb:
                    10:51:c9:ac:73:a6:0f:bf:6e:bf:dd:b2:55:c4:ad:
                    2a:68:f6:fe:c3:34:93:dd:92:62:c2:ab:c2:36:e4:
                    b1:3c:8d:17:64:11:70:08:30:ce:2d:f5:59:5b:54:
                    1f:17:8b:1d:b3:93:3c:88:ac:bb:c9:12:b8:e6:53:
                    e5:7f:ac:fd:94:86:c0:2d:98:58:64:03:8f:fc:b6:
                    36:c3:8f:d7:c9:14:21:ba:29:52:0e:5d:b1:51:39:
                    ee:2e:7b:ab:52:3b:94:37:a4:23:41:0b:94:4c:10:
                    d0:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:2D:1B:77:2B:A9:94:92:35:28:65:F8:01:F1:C4:D1:9C:74:2E:A1
            X509v3 Authority Key Identifier:
                keyid:DF:D8:64:1E:32:8A:A5:D1:9C:96:0D:48:91:CF:86:77:CE:12:89:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/39hkHjKKpdGclg1Ikc-Gd84Siec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/1e3eb4-5dcf-47d9-bc46-e3fc53791490/1/FC0bdyuplJI1KGX4AfHE0Zx0LqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/1e3eb4-5dcf-47d9-bc46-e3fc53791490/1/39hkHjKKpdGclg1Ikc-Gd84Siec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.118.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:4b:1b:97:06:72:38:e0:42:a0:5e:fe:ef:71:c0:06:45:2f:
         4b:a1:f9:be:a2:0b:3f:3b:7a:9d:81:06:58:1c:04:e8:27:da:
         b4:46:5c:68:af:4a:a3:f6:43:fb:2f:fe:a0:11:b5:29:e6:e1:
         2e:0e:74:6b:19:af:30:3b:5c:17:32:20:a2:67:93:3a:46:b3:
         da:09:c2:ca:02:32:19:6f:54:68:5c:30:cd:d7:2f:67:d7:81:
         f1:75:e1:f0:59:62:71:8e:e9:b4:73:b6:13:6a:68:47:c3:42:
         13:22:66:c6:02:a6:d6:34:16:6b:aa:16:c0:28:c8:4e:e4:f7:
         36:1c:b1:45:1a:30:19:35:93:a8:7a:24:ed:1b:a4:28:01:e1:
         cd:48:8e:65:da:b2:39:dd:59:b3:e2:fa:4a:67:11:59:5e:16:
         15:e3:6d:f9:10:75:df:81:77:01:e1:a4:28:53:43:11:6c:75:
         ab:5d:d7:73:30:23:5d:af:9d:1c:d5:a8:ed:c5:45:e8:86:eb:
         89:88:0e:fd:55:6c:5b:f1:48:e0:78:ef:66:90:29:fa:d4:11:
         47:f4:34:76:67:27:59:7d:c1:f6:79:c7:68:15:62:03:f8:bf:
         c1:b6:eb:ba:b4:eb:77:77:c6:73:3c:fa:2d:53:48:32:d4:28:
         b1:e0:9b:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo0eZQ0z88AlXtTcyxqc24fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZDg2NDFlMzI4YWE1ZDE5Yzk2MGQ0ODkxY2Y4Njc3Y2Ux
Mjg5ZTcwHhcNMjUxMDMwMDkzNjE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDJkMWI3NzJiYTk5NDkyMzUyODY1ZjgwMWYxYzRkMTljNzQyZWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA34GT4Lw7lQWZU8MwI7gxj6UGpyls
M8XESpukkZuoyR7Du1PqJ6c05fU4d3h1XiRjZknHHCFM6SoBvb7vky/Osx2SoPVE
SwlBZYHKgPiLqBw8xU7Wvr5pX1PkwSw0thgyzdnYsnMzLVVVBMPTzO/Y6XqqNWfE
ZSHRofQ0WYur+sNXwl8s6Ry2Ep05ndT6o5HxJaqB4usQUcmsc6YPv26/3bJVxK0q
aPb+wzST3ZJiwqvCNuSxPI0XZBFwCDDOLfVZW1QfF4sds5M8iKy7yRK45lPlf6z9
lIbALZhYZAOP/LY2w4/XyRQhuilSDl2xUTnuLnurUjuUN6QjQQuUTBDQpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBQtG3crqZSSNShl+AHxxNGcdC6hMB8GA1UdIwQY
MBaAFN/YZB4yiqXRnJYNSJHPhnfOEonnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzloa0hqS0twZEdjbGcxSWtjLUdkODRTaWVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi8xZTNlYjQtNWRjZi00N2Q5LWJjNDYt
ZTNmYzUzNzkxNDkwLzEvRkMwYmR5dXBsSkkxS0dYNEFmSEUwWngwTHFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi8xZTNlYjQtNWRjZi00N2Q5LWJjNDYtZTNmYzUzNzkxNDkw
LzEvMzloa0hqS0twZEdjbGcxSWtjLUdkODRTaWVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHbUMA0G
CSqGSIb3DQEBCwUAA4IBAQCiSxuXBnI44EKgXv7vccAGRS9Lofm+ogs/O3qdgQZY
HAToJ9q0Rlxor0qj9kP7L/6gEbUp5uEuDnRrGa8wO1wXMiCiZ5M6RrPaCcLKAjIZ
b1RoXDDN1y9n14HxdeHwWWJxjum0c7YTamhHw0ITImbGAqbWNBZrqhbAKMhO5Pc2
HLFFGjAZNZOoeiTtG6QoAeHNSI5l2rI53Vmz4vpKZxFZXhYV4235EHXfgXcB4aQo
U0MRbHWrXddzMCNdr50c1ajtxUXohuuJiA79VWxb8UjgeO9mkCn61BFH9DR2ZydZ
fcH2ecdoFWID+L/Btuu6tOt3d8ZzPPotU0gy1Cix4JsY
-----END CERTIFICATE-----