Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/FkErPbDIeaRtvt2mbo2Rn3cHaTE.roa
File:                     FkErPbDIeaRtvt2mbo2Rn3cHaTE.roa (raw, json)
Hash identifier:          Udc4j3pbjPbQNDOUkwyNVr+rebw3Mlt0Hcd+vSG/cyg=
Subject key identifier:   16:41:2B:3D:B0:C8:79:A4:6D:BE:DD:A6:6E:8D:91:9F:77:07:69:31
Certificate issuer:       /CN=844969780141824cd0acbfa5a784611eeb0a7ddb
Certificate serial:       019E92B04ABEBEB6249D14CD45D972FDF0C0
Authority key identifier: 84:49:69:78:01:41:82:4C:D0:AC:BF:A5:A7:84:61:1E:EB:0A:7D:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/FkErPbDIeaRtvt2mbo2Rn3cHaTE.roa
Signing time:             Thu 04 Jun 2026 12:51:27 +0000
ROA not before:           Thu 04 Jun 2026 12:51:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213588
IP address blocks:        188.125.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:b0:4a:be:be:b6:24:9d:14:cd:45:d9:72:fd:f0:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=844969780141824cd0acbfa5a784611eeb0a7ddb
        Validity
            Not Before: Jun  4 12:51:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=16412b3db0c879a46dbedda66e8d919f77076931
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b2:ad:33:c1:f8:13:7d:ac:0e:1a:e6:9f:3a:
                    07:51:4a:04:7a:b6:9f:50:88:9f:a5:ab:05:af:14:
                    b3:e3:08:97:5b:46:b5:cd:99:3e:01:aa:9f:66:4e:
                    a8:9f:51:73:3a:ea:64:ac:33:1b:e6:e9:08:8d:ca:
                    3c:c6:b9:68:aa:0b:c7:47:e1:d6:b0:34:bd:80:97:
                    6e:e0:66:54:21:9d:d1:a4:87:61:b1:77:e0:71:19:
                    f2:11:a7:4e:b4:4b:46:a3:60:c1:59:84:a6:34:40:
                    09:a1:33:48:30:80:17:8e:e4:aa:9e:24:64:b7:c1:
                    08:94:86:e7:b0:ee:be:80:41:96:2e:e4:6b:a0:20:
                    78:59:76:af:74:5f:c2:bd:aa:67:4b:ed:9e:51:d0:
                    d3:31:81:a8:3a:7d:aa:fa:33:eb:7c:c5:19:11:1a:
                    89:28:d8:93:d9:3c:d1:4d:5a:e1:f1:2f:b1:e2:1e:
                    15:f9:36:c8:cf:3e:92:4c:25:7b:1c:2b:8b:96:00:
                    20:a7:19:ee:cf:87:6c:35:0d:e6:06:f2:ed:fb:cd:
                    58:5d:22:0c:80:61:45:c3:80:85:15:e8:74:59:bb:
                    8c:83:e3:98:95:68:07:78:15:10:dd:55:ba:39:25:
                    c5:15:7d:2c:67:a7:0e:34:d7:17:b4:33:77:3f:38:
                    8f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:41:2B:3D:B0:C8:79:A4:6D:BE:DD:A6:6E:8D:91:9F:77:07:69:31
            X509v3 Authority Key Identifier:
                keyid:84:49:69:78:01:41:82:4C:D0:AC:BF:A5:A7:84:61:1E:EB:0A:7D:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/FkErPbDIeaRtvt2mbo2Rn3cHaTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.125.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:94:0e:1c:46:af:4b:89:f3:28:b2:75:dd:e5:d8:5c:37:5b:
         b3:ca:1d:33:8d:a3:be:f5:91:bb:ec:5c:ad:46:fa:43:7c:28:
         bd:dd:95:70:b9:fc:c6:f5:d7:d3:e7:7d:d0:76:19:37:35:47:
         ff:c9:b0:fd:02:0f:d3:1a:54:29:4e:f7:67:0c:84:79:97:4c:
         36:73:ee:34:74:62:b6:71:bb:ca:50:fc:5c:c5:95:af:2c:14:
         8e:dd:cb:12:5b:d1:66:54:ed:d9:2f:a9:f1:ab:0c:5f:a0:40:
         08:1a:b7:ac:1b:da:e0:39:82:9b:c4:f6:c9:e0:8a:db:f5:e6:
         40:c7:20:cd:24:75:3b:11:af:94:b3:d5:0d:30:6d:8d:35:3a:
         cc:fc:f0:de:e2:87:df:40:0e:9b:fc:32:ba:84:ba:66:90:a3:
         73:92:6b:77:92:5b:aa:d7:75:b2:7c:c0:9f:1a:36:cc:d0:39:
         c4:d8:b9:bc:33:fa:40:30:8f:e0:96:31:ec:7f:36:c3:2a:f0:
         58:86:ee:80:a6:60:f1:0d:62:eb:63:b1:91:e4:b1:6b:f0:25:
         19:8f:d4:cd:a4:57:e7:47:9a:b8:78:31:fa:41:0b:04:8e:78:
         38:4c:35:6f:6c:9a:2b:74:0d:19:58:99:37:b4:eb:3f:81:1e:
         4a:41:3d:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6SsEq+vrYknRTNRdly/fDAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDk2OTc4MDE0MTgyNGNkMGFjYmZhNWE3ODQ2MTFlZWIw
YTdkZGIwHhcNMjYwNjA0MTI1MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjQxMmIzZGIwYzg3OWE0NmRiZWRkYTY2ZThkOTE5Zjc3MDc2OTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLKtM8H4E32sDhrmnzoHUUoEeraf
UIifpasFrxSz4wiXW0a1zZk+AaqfZk6on1FzOupkrDMb5ukIjco8xrloqgvHR+HW
sDS9gJdu4GZUIZ3RpIdhsXfgcRnyEadOtEtGo2DBWYSmNEAJoTNIMIAXjuSqniRk
t8EIlIbnsO6+gEGWLuRroCB4WXavdF/CvapnS+2eUdDTMYGoOn2q+jPrfMUZERqJ
KNiT2TzRTVrh8S+x4h4V+TbIzz6STCV7HCuLlgAgpxnuz4dsNQ3mBvLt+81YXSIM
gGFFw4CFFeh0WbuMg+OYlWgHeBUQ3VW6OSXFFX0sZ6cONNcXtDN3PziPmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZBKz2wyHmkbb7dpm6NkZ93B2kxMB8GA1UdIwQY
MBaAFIRJaXgBQYJM0Ky/paeEYR7rCn3bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVscGVBRkJna3pRckwtbHA0UmhIdXNLZmRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9lNjJmOTUtYWJiZC00MzBkLTgxNjAt
MDRhYzE3ODgxYWE5LzEvRmtFclBiREllYVJ0dnQybWJvMlJuM2NIYVRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9lNjJmOTUtYWJiZC00MzBkLTgxNjAtMDRhYzE3ODgxYWE5
LzEvaEVscGVBRkJna3pRckwtbHA0UmhIdXNLZmRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvH2hMA0G
CSqGSIb3DQEBCwUAA4IBAQB3lA4cRq9LifMosnXd5dhcN1uzyh0zjaO+9ZG77Fyt
RvpDfCi93ZVwufzG9dfT533Qdhk3NUf/ybD9Ag/TGlQpTvdnDIR5l0w2c+40dGK2
cbvKUPxcxZWvLBSO3csSW9FmVO3ZL6nxqwxfoEAIGresG9rgOYKbxPbJ4Irb9eZA
xyDNJHU7Ea+Us9UNMG2NNTrM/PDe4offQA6b/DK6hLpmkKNzkmt3kluq13WyfMCf
GjbM0DnE2Lm8M/pAMI/gljHsfzbDKvBYhu6ApmDxDWLrY7GR5LFr8CUZj9TNpFfn
R5q4eDH6QQsEjng4TDVvbJordA0ZWJk3tOs/gR5KQT0B
-----END CERTIFICATE-----