Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/cfdd72-ac43-47f2-a88d-515a0ef686ab/1/Fe7zjbjsSkfSmHcOcKTsjCvLSrw.roa
File:                     Fe7zjbjsSkfSmHcOcKTsjCvLSrw.roa (raw, json)
Hash identifier:          ilUtJi4tRjp7bb2QTirkNRC/xpGUx1kSM2twyjBIiuQ=
Subject key identifier:   15:EE:F3:8D:B8:EC:4A:47:D2:98:77:0E:70:A4:EC:8C:2B:CB:4A:BC
Certificate issuer:       /CN=c1fb492f0a188f0014278e0df6bbb029cebadbaf
Certificate serial:       019A2F58B49926F73EF16EC56454EDE53E73
Authority key identifier: C1:FB:49:2F:0A:18:8F:00:14:27:8E:0D:F6:BB:B0:29:CE:BA:DB:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wftJLwoYjwAUJ44N9ruwKc66268.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/cfdd72-ac43-47f2-a88d-515a0ef686ab/1/Fe7zjbjsSkfSmHcOcKTsjCvLSrw.roa
Signing time:             Wed 29 Oct 2025 09:42:13 +0000
ROA not before:           Wed 29 Oct 2025 09:42:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216265
IP address blocks:        91.239.55.0/24 maxlen: 24
                          2001:678:1104::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/cfdd72-ac43-47f2-a88d-515a0ef686ab/1/wftJLwoYjwAUJ44N9ruwKc66268.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/cfdd72-ac43-47f2-a88d-515a0ef686ab/1/wftJLwoYjwAUJ44N9ruwKc66268.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wftJLwoYjwAUJ44N9ruwKc66268.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 03:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2f:58:b4:99:26:f7:3e:f1:6e:c5:64:54:ed:e5:3e:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1fb492f0a188f0014278e0df6bbb029cebadbaf
        Validity
            Not Before: Oct 29 09:42:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15eef38db8ec4a47d298770e70a4ec8c2bcb4abc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4e:fb:8a:0f:57:2a:94:82:7c:ec:b2:38:2b:
                    3e:25:c1:ca:57:3c:27:4c:88:a8:a2:20:5b:66:ca:
                    43:80:69:03:34:c9:60:e5:c9:f6:7b:8b:00:ab:dc:
                    96:d1:13:e1:e5:fa:3d:50:d4:5d:6a:28:3d:33:15:
                    70:0f:f1:00:d1:89:a7:3e:34:be:0d:8e:8e:cc:33:
                    f3:9c:e7:c7:09:a8:79:9d:be:74:b6:08:a8:0a:30:
                    74:99:d7:25:71:61:29:93:58:5f:73:8a:01:ed:64:
                    30:5e:f0:0b:f8:45:db:ff:93:e6:15:b3:32:f3:34:
                    7d:f4:73:21:eb:90:2e:d6:5b:c8:da:4d:f5:43:b1:
                    9e:43:bc:41:e7:c5:2b:f2:fa:aa:7f:f2:05:4f:15:
                    a6:a1:8f:28:6c:87:f8:25:50:64:b2:eb:c6:72:6a:
                    4e:13:e7:65:40:44:07:13:b0:ae:11:6b:9f:29:d8:
                    af:ad:a9:b4:ed:ad:df:3e:aa:73:de:f2:91:ae:49:
                    c2:59:74:2b:de:d9:17:1a:ed:c6:5f:da:cc:d6:9f:
                    c6:96:83:d9:47:64:26:f9:72:4f:cd:c3:df:be:64:
                    df:55:75:81:e5:9d:c4:d9:48:1b:73:a4:10:6d:a4:
                    ed:5b:e3:c5:51:94:0b:a4:d6:fb:40:1a:85:12:88:
                    18:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:EE:F3:8D:B8:EC:4A:47:D2:98:77:0E:70:A4:EC:8C:2B:CB:4A:BC
            X509v3 Authority Key Identifier:
                keyid:C1:FB:49:2F:0A:18:8F:00:14:27:8E:0D:F6:BB:B0:29:CE:BA:DB:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wftJLwoYjwAUJ44N9ruwKc66268.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/cfdd72-ac43-47f2-a88d-515a0ef686ab/1/Fe7zjbjsSkfSmHcOcKTsjCvLSrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/cfdd72-ac43-47f2-a88d-515a0ef686ab/1/wftJLwoYjwAUJ44N9ruwKc66268.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.55.0/24
                IPv6:
                  2001:678:1104::/48

    Signature Algorithm: sha256WithRSAEncryption
         9f:a0:e9:4d:c6:ca:0f:ce:81:4d:19:a9:34:47:70:b3:c2:74:
         a8:99:c6:e8:fd:87:f1:b9:c2:6c:bf:b1:d0:08:42:95:3e:30:
         55:a2:82:89:a5:b7:f5:45:88:bb:59:db:c2:25:e4:41:c9:bb:
         67:de:80:2c:69:a4:7f:53:00:e1:52:89:7d:d7:9b:e0:20:35:
         df:09:fa:fa:fc:b3:83:e7:38:1f:34:b1:79:8d:71:c5:3e:3e:
         a1:40:43:2b:cc:b6:e1:27:bd:17:b2:35:c9:ee:16:2e:07:e8:
         82:d7:ce:44:6d:f5:78:2f:25:1d:a1:d2:01:25:48:4b:da:de:
         df:98:bf:d5:fe:d3:da:55:b5:26:7d:0a:8f:e1:56:75:72:e8:
         e6:f2:ca:02:ea:e4:7d:6a:72:dc:54:57:6a:4f:23:d5:6d:66:
         c3:db:2d:66:73:aa:58:5f:6b:50:9f:50:e0:a3:91:42:5c:21:
         44:b0:d9:a4:18:ea:54:dc:11:5b:3e:0f:5c:b9:c7:44:63:18:
         93:0c:b1:0a:86:12:c4:90:e0:fa:bb:29:f7:a6:17:42:27:8f:
         75:7e:d2:75:48:ef:9b:65:21:aa:13:f9:c8:12:2b:a7:fa:ad:
         bc:36:62:91:5a:67:d1:f4:2c:18:54:69:30:61:58:a2:2a:74:
         6f:1a:eb:5c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZovWLSZJvc+8W7FZFTt5T5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZmI0OTJmMGExODhmMDAxNDI3OGUwZGY2YmJiMDI5Y2Vi
YWRiYWYwHhcNMjUxMDI5MDk0MjEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWVlZjM4ZGI4ZWM0YTQ3ZDI5ODc3MGU3MGE0ZWM4YzJiY2I0YWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsU77ig9XKpSCfOyyOCs+JcHKVzwn
TIiooiBbZspDgGkDNMlg5cn2e4sAq9yW0RPh5fo9UNRdaig9MxVwD/EA0YmnPjS+
DY6OzDPznOfHCah5nb50tgioCjB0mdclcWEpk1hfc4oB7WQwXvAL+EXb/5PmFbMy
8zR99HMh65Au1lvI2k31Q7GeQ7xB58Ur8vqqf/IFTxWmoY8obIf4JVBksuvGcmpO
E+dlQEQHE7CuEWufKdivram07a3fPqpz3vKRrknCWXQr3tkXGu3GX9rM1p/GloPZ
R2Qm+XJPzcPfvmTfVXWB5Z3E2Ugbc6QQbaTtW+PFUZQLpNb7QBqFEogYQQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBXu84247EpH0ph3DnCk7Iwry0q8MB8GA1UdIwQY
MBaAFMH7SS8KGI8AFCeODfa7sCnOutuvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2Z0Skx3b1lqd0FVSjQ0TjlydXdLYzY2MjY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9jZmRkNzItYWM0My00N2YyLWE4OGQt
NTE1YTBlZjY4NmFiLzEvRmU3empianNTa2ZTbUhjT2NLVHNqQ3ZMU3J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9jZmRkNzItYWM0My00N2YyLWE4OGQtNTE1YTBlZjY4NmFi
LzEvd2Z0Skx3b1lqd0FVSjQ0TjlydXdLYzY2MjY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+83MA8E
AgACMAkDBwAgAQZ4EQQwDQYJKoZIhvcNAQELBQADggEBAJ+g6U3Gyg/OgU0ZqTRH
cLPCdKiZxuj9h/G5wmy/sdAIQpU+MFWigomlt/VFiLtZ28Il5EHJu2fegCxppH9T
AOFSiX3Xm+AgNd8J+vr8s4PnOB80sXmNccU+PqFAQyvMtuEnvReyNcnuFi4H6ILX
zkRt9XgvJR2h0gElSEva3t+Yv9X+09pVtSZ9Co/hVnVy6ObyygLq5H1qctxUV2pP
I9VtZsPbLWZzqlhfa1CfUOCjkUJcIUSw2aQY6lTcEVs+D1y5x0RjGJMMsQqGEsSQ
4Pq7KfemF0Inj3V+0nVI75tlIaoT+cgSK6f6rbw2YpFaZ9H0LBhUaTBhWKIqdG8a
61w=
-----END CERTIFICATE-----