Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/FG7fyzZuohN306xSsK2XuW27vQs.roa
File:                     FG7fyzZuohN306xSsK2XuW27vQs.roa (raw, json)
Hash identifier:          0zLeebnMKiKD7HfopOFiSG1fn+u6PLVB7uvswIo31qc=
Subject key identifier:   14:6E:DF:CB:36:6E:A2:13:77:D3:AC:52:B0:AD:97:B9:6D:BB:BD:0B
Certificate issuer:       /CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
Certificate serial:       019CD7A045B61B8442585F47F13DC2EF3E8C
Authority key identifier: AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/FG7fyzZuohN306xSsK2XuW27vQs.roa
Signing time:             Tue 10 Mar 2026 12:02:10 +0000
ROA not before:           Tue 10 Mar 2026 12:02:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51500
IP address blocks:        45.89.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d7:a0:45:b6:1b:84:42:58:5f:47:f1:3d:c2:ef:3e:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
        Validity
            Not Before: Mar 10 12:02:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=146edfcb366ea21377d3ac52b0ad97b96dbbbd0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:16:72:05:7e:44:44:87:6d:8b:89:37:2b:fa:
                    73:64:97:e0:dd:3f:01:c9:4f:68:29:fb:ab:41:61:
                    bc:a3:0a:d5:90:24:9e:28:ea:88:25:bc:fc:66:ae:
                    be:74:6b:34:00:fc:52:0f:d1:12:75:21:d1:1e:eb:
                    15:bc:7d:71:8b:ed:1f:ae:8c:bd:64:dc:25:3a:5a:
                    66:bd:6d:4e:d8:44:ec:76:b7:fd:f2:e3:2c:a5:67:
                    29:1d:86:4b:93:02:d3:ca:5b:24:f6:ac:de:ff:56:
                    65:1a:b0:41:7e:2d:79:31:f5:52:23:d1:f2:18:9e:
                    9d:fa:9e:3f:c9:30:a2:ec:de:2d:ae:47:dd:5d:af:
                    fd:e4:56:8d:1f:2a:02:6d:a2:19:b1:b4:82:f8:36:
                    1a:1e:d1:c6:27:ed:98:8d:a5:89:53:18:5d:2e:ea:
                    a8:00:a3:72:d0:4e:37:57:a8:84:be:fa:2f:5a:67:
                    7f:09:7f:34:fe:f1:fd:3d:ab:38:2b:a2:f4:46:ec:
                    12:90:ce:6f:a1:a5:8c:a6:e0:42:95:8b:2b:1b:52:
                    ab:45:f5:93:2c:b7:79:b7:e1:5e:49:fa:fd:65:40:
                    57:76:90:56:c0:f4:eb:af:29:5f:6e:6a:ae:0c:60:
                    d3:48:23:cf:3f:aa:ed:c6:6f:46:8f:6f:05:30:ef:
                    e6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:6E:DF:CB:36:6E:A2:13:77:D3:AC:52:B0:AD:97:B9:6D:BB:BD:0B
            X509v3 Authority Key Identifier:
                keyid:AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/FG7fyzZuohN306xSsK2XuW27vQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:43:98:e6:ce:e6:84:f9:91:76:cc:72:80:85:49:e3:cc:70:
         8e:fc:d4:06:47:c0:27:68:6c:d9:a1:12:73:3a:68:7d:49:8a:
         81:4b:b1:cb:a6:28:94:4f:f2:e3:68:cf:ba:2e:ec:50:7e:0a:
         95:42:d0:f5:a8:eb:e4:e4:26:99:f1:24:e4:fc:69:e5:c2:19:
         14:af:4a:10:87:93:2d:9e:5d:f7:51:98:22:8e:46:40:e3:08:
         00:52:90:a4:0d:b6:73:d1:da:e1:69:69:b8:f3:51:f0:d9:b2:
         f7:bd:72:01:a7:44:53:b0:bd:3b:b1:60:32:ef:1b:39:db:32:
         a5:cc:7b:fe:5f:3f:19:ef:27:6f:0d:39:ae:42:45:e5:f5:3a:
         71:23:a7:81:3a:48:d0:80:e6:8c:cf:1b:b3:0c:a0:88:a9:e2:
         0c:35:bd:d6:bf:f8:0d:38:b6:11:b1:1c:c2:6e:58:03:ed:47:
         66:0c:d9:ab:7d:56:21:b8:f0:c8:8b:9b:48:5e:77:c1:99:80:
         d9:6d:20:5f:a5:2d:5b:b6:2e:7b:17:c0:3d:6f:9a:f8:ed:2d:
         5a:e7:f1:6a:d0:00:4d:0d:bc:b6:58:59:fb:a2:fc:35:eb:58:
         af:5f:48:17:0b:b1:7a:6e:2a:38:0c:a0:7c:7d:0f:44:59:14:
         bf:15:c6:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzXoEW2G4RCWF9H8T3C7z6MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNWU5M2Y5MDIzNTRjZTQ4MDRiNGNiMDQ5Y2Y2OGIyMGY3
NmFlYjIwHhcNMjYwMzEwMTIwMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDZlZGZjYjM2NmVhMjEzNzdkM2FjNTJiMGFkOTdiOTZkYmJiZDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxZyBX5ERIdti4k3K/pzZJfg3T8B
yU9oKfurQWG8owrVkCSeKOqIJbz8Zq6+dGs0APxSD9ESdSHRHusVvH1xi+0froy9
ZNwlOlpmvW1O2ETsdrf98uMspWcpHYZLkwLTylsk9qze/1ZlGrBBfi15MfVSI9Hy
GJ6d+p4/yTCi7N4trkfdXa/95FaNHyoCbaIZsbSC+DYaHtHGJ+2YjaWJUxhdLuqo
AKNy0E43V6iEvvovWmd/CX80/vH9Pas4K6L0RuwSkM5voaWMpuBClYsrG1KrRfWT
LLd5t+FeSfr9ZUBXdpBWwPTrrylfbmquDGDTSCPPP6rtxm9Gj28FMO/msQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRu38s2bqITd9OsUrCtl7ltu70LMB8GA1UdIwQY
MBaAFK9ek/kCNUzkgEtMsEnPaLIPdq6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWIt
N2UwNWFkMDE5MGNlLzEvRkc3Znl6WnVvaE4zMDZ4U3NLMlh1VzI3dlFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWItN2UwNWFkMDE5MGNl
LzEvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVlZMA0G
CSqGSIb3DQEBCwUAA4IBAQB5Q5jmzuaE+ZF2zHKAhUnjzHCO/NQGR8AnaGzZoRJz
Omh9SYqBS7HLpiiUT/LjaM+6LuxQfgqVQtD1qOvk5CaZ8STk/GnlwhkUr0oQh5Mt
nl33UZgijkZA4wgAUpCkDbZz0drhaWm481Hw2bL3vXIBp0RTsL07sWAy7xs52zKl
zHv+Xz8Z7ydvDTmuQkXl9TpxI6eBOkjQgOaMzxuzDKCIqeIMNb3Wv/gNOLYRsRzC
blgD7UdmDNmrfVYhuPDIi5tIXnfBmYDZbSBfpS1bti57F8A9b5r47S1a5/Fq0ABN
Dby2WFn7ovw161ivX0gXC7F6bio4DKB8fQ9EWRS/FcYm
-----END CERTIFICATE-----