Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/fn4zzf2P7WlF_T3nuMRC7T2bgIM.roa
File:                     fn4zzf2P7WlF_T3nuMRC7T2bgIM.roa (raw, json)
Hash identifier:          7qSjgY4PIPvMkUzYF/SCHnCfOJSbqzIxeuFxHsWJbOo=
Subject key identifier:   7E:7E:33:CD:FD:8F:ED:69:45:FD:3D:E7:B8:C4:42:ED:3D:9B:80:83
Certificate issuer:       /CN=1d25d0c8845b79886c199345b890f5e8acd516d8
Certificate serial:       019EEE6FA2230FA2AD02EF95E2F4E352FD87
Authority key identifier: 1D:25:D0:C8:84:5B:79:88:6C:19:93:45:B8:90:F5:E8:AC:D5:16:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HSXQyIRbeYhsGZNFuJD16KzVFtg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/fn4zzf2P7WlF_T3nuMRC7T2bgIM.roa
Signing time:             Mon 22 Jun 2026 08:25:53 +0000
ROA not before:           Mon 22 Jun 2026 08:25:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9100
IP address blocks:        213.188.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/HSXQyIRbeYhsGZNFuJD16KzVFtg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/HSXQyIRbeYhsGZNFuJD16KzVFtg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HSXQyIRbeYhsGZNFuJD16KzVFtg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 20:12:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ee:6f:a2:23:0f:a2:ad:02:ef:95:e2:f4:e3:52:fd:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d25d0c8845b79886c199345b890f5e8acd516d8
        Validity
            Not Before: Jun 22 08:25:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7e7e33cdfd8fed6945fd3de7b8c442ed3d9b8083
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:4f:5f:05:e1:bf:50:c2:e1:45:90:a9:9a:26:
                    35:7d:08:9e:b4:0b:34:b0:17:5a:5c:e9:65:5b:ce:
                    8e:3a:a2:09:93:19:50:d4:b0:40:69:2e:a9:ec:71:
                    27:c0:0c:d1:b5:70:c2:5c:35:e7:78:d9:66:81:34:
                    ed:fc:13:81:cd:84:ce:da:f1:8a:68:fd:84:5a:4d:
                    f3:61:a6:40:ef:06:9b:59:4d:d8:90:78:e2:20:cf:
                    8b:3a:fa:15:7c:51:69:5b:a5:bd:1f:70:d4:fc:a4:
                    5e:5a:52:fd:6e:93:bf:ba:cd:b1:d7:78:2b:e9:1f:
                    4a:57:b1:f2:06:59:a6:47:e5:58:e7:18:55:f0:ac:
                    96:75:22:36:06:a0:36:53:da:46:fe:6b:dd:61:9d:
                    14:27:81:3b:2e:83:0e:1a:62:5a:d1:4e:aa:da:b6:
                    3d:9a:17:5e:29:d9:45:77:fa:ed:88:6f:49:2d:d5:
                    b1:a5:75:a0:56:56:b0:70:64:e4:16:b5:7f:92:29:
                    f9:0f:23:4f:28:e3:c8:bb:83:1b:15:8a:f5:0e:68:
                    8a:a1:aa:d4:14:e9:9a:dc:9f:6a:4b:09:41:5b:8c:
                    41:98:29:ce:b6:3c:e9:84:a9:bf:bf:30:b3:ab:cd:
                    08:be:fb:11:a7:18:32:9e:80:77:4b:d5:64:74:67:
                    51:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:7E:33:CD:FD:8F:ED:69:45:FD:3D:E7:B8:C4:42:ED:3D:9B:80:83
            X509v3 Authority Key Identifier:
                keyid:1D:25:D0:C8:84:5B:79:88:6C:19:93:45:B8:90:F5:E8:AC:D5:16:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HSXQyIRbeYhsGZNFuJD16KzVFtg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/fn4zzf2P7WlF_T3nuMRC7T2bgIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/HSXQyIRbeYhsGZNFuJD16KzVFtg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.188.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:d8:29:ec:01:48:25:ef:fc:b8:e2:96:6d:3c:bb:37:f6:42:
         c6:3f:b7:60:7f:96:cd:bb:b7:4a:53:78:41:37:3b:ac:15:86:
         ee:ca:92:31:02:43:9d:ee:91:e6:27:2c:31:d0:f6:b6:41:8b:
         22:28:1a:fc:2d:72:bf:e8:1b:9c:44:8e:df:75:5e:89:66:cf:
         6d:73:23:e1:ae:c3:29:10:0e:be:98:74:2b:a7:9c:82:bd:3b:
         91:ed:d1:a1:23:56:bf:fa:06:9e:b6:29:fb:5b:4b:21:9f:dc:
         a5:d9:6b:67:93:af:22:45:f6:f2:9b:78:e3:d5:2e:40:49:e2:
         e5:49:a7:ab:91:a3:ae:b4:62:b4:6c:08:88:e7:93:b1:fc:3e:
         bd:82:ee:66:58:e2:99:49:c3:f4:16:25:30:9a:15:83:4a:90:
         a4:cc:fe:d4:38:ea:02:c5:c3:11:7b:63:92:7a:56:21:a0:d5:
         c0:bd:5b:61:a4:75:3b:f1:d9:1e:cc:c5:40:0c:06:e9:ec:6b:
         33:ca:18:95:bb:0a:6e:73:35:51:9f:a9:5e:30:10:b0:3f:44:
         27:e9:b8:6b:f0:38:3b:e0:77:45:98:df:f3:dc:04:9b:ab:5e:
         32:11:d6:02:a8:57:6a:20:5f:f8:41:68:01:94:c1:81:e5:88:
         ac:3f:c0:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7ub6IjD6KtAu+V4vTjUv2HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMjVkMGM4ODQ1Yjc5ODg2YzE5OTM0NWI4OTBmNWU4YWNk
NTE2ZDgwHhcNMjYwNjIyMDgyNTUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTdlMzNjZGZkOGZlZDY5NDVmZDNkZTdiOGM0NDJlZDNkOWI4MDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyU9fBeG/UMLhRZCpmiY1fQietAs0
sBdaXOllW86OOqIJkxlQ1LBAaS6p7HEnwAzRtXDCXDXneNlmgTTt/BOBzYTO2vGK
aP2EWk3zYaZA7wabWU3YkHjiIM+LOvoVfFFpW6W9H3DU/KReWlL9bpO/us2x13gr
6R9KV7HyBlmmR+VY5xhV8KyWdSI2BqA2U9pG/mvdYZ0UJ4E7LoMOGmJa0U6q2rY9
mhdeKdlFd/rtiG9JLdWxpXWgVlawcGTkFrV/kin5DyNPKOPIu4MbFYr1DmiKoarU
FOma3J9qSwlBW4xBmCnOtjzphKm/vzCzq80IvvsRpxgynoB3S9VkdGdROQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH5+M839j+1pRf0957jEQu09m4CDMB8GA1UdIwQY
MBaAFB0l0MiEW3mIbBmTRbiQ9eis1RbYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFNYUXlJUmJlWWhzR1pORnVKRDE2S3pWRnRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy81NTc1MjQtMjk3ZC00ODQ5LWI0YmUt
YzUyZWI1NmJmYTViLzEvZm40enpmMlA3V2xGX1QzbnVNUkM3VDJiZ0lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy81NTc1MjQtMjk3ZC00ODQ5LWI0YmUtYzUyZWI1NmJmYTVi
LzEvSFNYUXlJUmJlWWhzR1pORnVKRDE2S3pWRnRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bz8MA0G
CSqGSIb3DQEBCwUAA4IBAQBS2CnsAUgl7/y44pZtPLs39kLGP7dgf5bNu7dKU3hB
NzusFYbuypIxAkOd7pHmJywx0Pa2QYsiKBr8LXK/6BucRI7fdV6JZs9tcyPhrsMp
EA6+mHQrp5yCvTuR7dGhI1a/+gaetin7W0shn9yl2Wtnk68iRfbym3jj1S5ASeLl
SaerkaOutGK0bAiI55Ox/D69gu5mWOKZScP0FiUwmhWDSpCkzP7UOOoCxcMRe2OS
elYhoNXAvVthpHU78dkezMVADAbp7GszyhiVuwpuczVRn6leMBCwP0Qn6bhr8Dg7
4HdFmN/z3ASbq14yEdYCqFdqIF/4QWgBlMGB5YisP8Bp
-----END CERTIFICATE-----