Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/FgNKNW5B9puTce7TwiHPk7LKkM8.roa
File:                     FgNKNW5B9puTce7TwiHPk7LKkM8.roa (raw, json)
Hash identifier:          vwSEzoXOmoqMUtBgzMgDVlO/tkSbCfgKY6cTiF3Xr7o=
Subject key identifier:   16:03:4A:35:6E:41:F6:9B:93:71:EE:D3:C2:21:CF:93:B2:CA:90:CF
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019C24B4BC86A45E50AD5CD7A3EC15068081
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/FgNKNW5B9puTce7TwiHPk7LKkM8.roa
Signing time:             Tue 03 Feb 2026 18:12:30 +0000
ROA not before:           Tue 03 Feb 2026 18:12:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     134972
IP address blocks:        212.42.208.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Feb 2026 10:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:24:b4:bc:86:a4:5e:50:ad:5c:d7:a3:ec:15:06:80:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Feb  3 18:12:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=16034a356e41f69b9371eed3c221cf93b2ca90cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:34:03:74:65:2c:32:e1:ad:fe:56:f9:ba:85:
                    48:a8:19:46:e3:18:a5:b4:ee:fa:3b:ff:37:34:f1:
                    1a:a0:65:81:ef:2b:af:d3:25:51:a0:ba:ae:b1:73:
                    bd:4e:46:43:00:a0:6c:ea:54:10:f9:26:30:6e:f5:
                    5b:3d:a0:50:df:eb:ce:b4:e8:87:39:1d:46:89:59:
                    17:18:6c:94:f5:f8:03:1f:4e:d3:8c:bd:60:31:0b:
                    00:e9:ee:d5:29:a2:d8:59:80:b9:b1:79:5d:d9:ff:
                    c9:66:d7:3a:a4:23:1e:b6:31:9f:97:81:81:be:59:
                    89:62:fa:ea:b6:67:fa:55:65:41:a2:d2:18:ec:e5:
                    f8:0d:2f:8f:b1:7b:71:3d:6c:37:f4:aa:16:e5:3d:
                    74:5e:af:96:bc:65:ac:cf:14:d0:01:db:6e:e6:81:
                    66:7f:dc:b0:30:93:fd:51:44:2e:db:ce:a6:2f:ec:
                    39:01:69:87:36:b8:4a:1c:2b:30:a9:c3:dd:09:b5:
                    50:33:ff:5e:4e:88:a5:ca:ab:31:d4:29:2d:67:e9:
                    82:6c:20:3b:6d:cb:80:bb:89:9e:2b:c1:86:d6:ea:
                    0f:3b:e3:d1:16:a5:f0:6a:6c:87:fc:55:e9:98:e2:
                    6f:76:16:5f:42:b9:66:2f:6e:2c:c9:96:09:a7:9a:
                    e4:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:03:4A:35:6E:41:F6:9B:93:71:EE:D3:C2:21:CF:93:B2:CA:90:CF
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/FgNKNW5B9puTce7TwiHPk7LKkM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.42.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         16:67:e1:3d:96:ad:a3:25:01:f4:91:15:9a:d4:43:54:43:0f:
         13:2a:3f:b0:ff:37:2d:8c:5a:08:86:05:75:10:3d:a2:50:12:
         67:d5:c3:13:33:c2:78:c7:9b:5c:d2:da:7b:b6:0d:2f:19:d0:
         8d:56:a5:3f:b4:1e:0b:2c:7d:05:e4:58:35:39:10:89:5d:16:
         fc:30:ca:4f:5d:02:14:63:96:a9:6c:f6:d8:f2:b6:47:c4:af:
         1a:e3:47:4b:79:a9:c5:14:11:18:66:9d:ec:69:13:9b:93:0b:
         25:83:e4:4e:81:35:73:f7:f6:28:ed:65:d2:c1:84:0a:07:35:
         1f:5e:c2:1d:7c:a7:4a:da:d7:c0:c4:dc:70:49:01:5e:2c:f0:
         a0:08:da:45:0e:53:2c:bf:4d:55:94:8c:e9:d3:4c:4c:69:e7:
         7f:6d:96:f7:87:5d:8b:54:31:d3:46:95:a1:34:12:27:db:84:
         b5:5f:d8:e7:2e:e3:d5:29:02:f3:74:c2:d7:87:4c:02:c6:28:
         22:bb:e7:a5:8f:d0:89:d8:0c:cd:b6:8f:99:10:32:f7:65:71:
         4c:15:88:4c:67:c7:86:8d:05:a3:5a:7e:65:23:6e:9c:a9:fb:
         d8:82:0d:2f:d0:11:6a:f7:46:a8:ce:3b:e8:c3:9a:98:50:37:
         44:bc:69:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwktLyGpF5QrVzXo+wVBoCBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjYwMjAzMTgxMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjAzNGEzNTZlNDFmNjliOTM3MWVlZDNjMjIxY2Y5M2IyY2E5MGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DQDdGUsMuGt/lb5uoVIqBlG4xil
tO76O/83NPEaoGWB7yuv0yVRoLqusXO9TkZDAKBs6lQQ+SYwbvVbPaBQ3+vOtOiH
OR1GiVkXGGyU9fgDH07TjL1gMQsA6e7VKaLYWYC5sXld2f/JZtc6pCMetjGfl4GB
vlmJYvrqtmf6VWVBotIY7OX4DS+PsXtxPWw39KoW5T10Xq+WvGWszxTQAdtu5oFm
f9ywMJP9UUQu286mL+w5AWmHNrhKHCswqcPdCbVQM/9eToilyqsx1CktZ+mCbCA7
bcuAu4meK8GG1uoPO+PRFqXwamyH/FXpmOJvdhZfQrlmL24syZYJp5rk5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYDSjVuQfabk3Hu08Ihz5OyypDPMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvRmdOS05XNUI5cHVUY2U3VHdpSFBrN0xLa004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE1CrQMA0G
CSqGSIb3DQEBCwUAA4IBAQAWZ+E9lq2jJQH0kRWa1ENUQw8TKj+w/zctjFoIhgV1
ED2iUBJn1cMTM8J4x5tc0tp7tg0vGdCNVqU/tB4LLH0F5Fg1ORCJXRb8MMpPXQIU
Y5apbPbY8rZHxK8a40dLeanFFBEYZp3saRObkwslg+ROgTVz9/Yo7WXSwYQKBzUf
XsIdfKdK2tfAxNxwSQFeLPCgCNpFDlMsv01VlIzp00xMaed/bZb3h12LVDHTRpWh
NBIn24S1X9jnLuPVKQLzdMLXh0wCxigiu+elj9CJ2AzNto+ZEDL3ZXFMFYhMZ8eG
jQWjWn5lI26cqfvYgg0v0BFq90aozjvow5qYUDdEvGkv
-----END CERTIFICATE-----