Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/fcPE3FmFIPJkdgDFk_HjDTDu9qI.roa
File:                     fcPE3FmFIPJkdgDFk_HjDTDu9qI.roa (raw, json)
Hash identifier:          14Y+PCdLeByLL/GRyxZdTiF21mS17E4r4fWTjIJJ+gs=
Subject key identifier:   7D:C3:C4:DC:59:85:20:F2:64:76:00:C5:93:F1:E3:0D:30:EE:F6:A2
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019CD1B33E329BF63CEF400E1C108C4EDA1C
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/fcPE3FmFIPJkdgDFk_HjDTDu9qI.roa
Signing time:             Mon 09 Mar 2026 08:25:10 +0000
ROA not before:           Mon 09 Mar 2026 08:25:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        89.44.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 17:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d1:b3:3e:32:9b:f6:3c:ef:40:0e:1c:10:8c:4e:da:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Mar  9 08:25:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7dc3c4dc598520f2647600c593f1e30d30eef6a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:dd:43:45:b0:3c:cc:88:8e:4b:4b:53:d2:db:
                    78:0b:34:37:36:33:fd:db:18:af:b1:eb:77:78:68:
                    1b:e6:77:28:d4:59:76:ca:86:63:8a:67:a4:8e:f2:
                    90:31:82:d1:b7:61:ae:67:f3:db:72:37:46:cb:6a:
                    5e:dd:84:00:32:b3:ce:21:44:e1:66:81:e9:5e:c7:
                    dc:8c:f7:52:47:48:ed:c5:9c:00:53:c4:5f:e7:d8:
                    fd:37:51:21:f7:2e:cc:b8:96:61:c0:02:81:3e:8e:
                    1f:9c:9c:50:d8:61:34:f0:5c:95:fa:dd:8d:64:f2:
                    61:2d:1c:f7:7c:57:bf:7f:93:82:1e:a9:93:a2:b9:
                    3c:3f:cf:58:5a:53:81:03:69:d2:a7:fd:29:82:1e:
                    91:01:86:0e:2a:7c:c2:fa:25:d2:25:9e:17:3e:06:
                    cf:c1:c5:0f:c6:7a:72:89:e6:9d:f9:6d:b1:b1:7e:
                    d1:5a:58:86:b7:bd:1c:68:4a:6b:d0:0b:83:9e:f8:
                    9b:66:e7:16:0c:e2:15:6e:d4:9d:98:7e:66:cb:80:
                    3e:56:eb:e9:75:82:11:b0:f5:61:b9:33:98:8e:d4:
                    05:de:94:04:5c:f2:0f:03:6e:9b:6a:77:6d:be:fa:
                    b5:81:14:2a:12:e0:63:bc:f8:d0:a7:92:62:d0:85:
                    1b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:C3:C4:DC:59:85:20:F2:64:76:00:C5:93:F1:E3:0D:30:EE:F6:A2
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/fcPE3FmFIPJkdgDFk_HjDTDu9qI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:b9:bb:fd:bd:23:f4:77:d5:ba:d9:b5:45:78:d4:cf:d9:08:
         64:9e:ad:19:67:61:d5:1d:ec:6a:3c:90:a6:71:5a:cf:79:3d:
         b5:55:92:bd:dd:50:3e:97:77:3e:dc:69:15:e7:4c:23:df:be:
         25:69:b8:4a:fd:39:55:58:35:43:43:fe:39:a7:98:09:f2:72:
         e1:e1:d3:43:0c:62:b0:e8:96:14:ad:6f:02:96:d6:0c:fa:4a:
         c5:dc:eb:95:06:39:24:bf:9a:b0:f0:af:b0:5b:5b:b2:76:01:
         18:0d:77:47:ac:87:73:0b:95:f9:5e:ab:93:ce:b9:18:92:13:
         9f:e2:70:50:3d:47:11:d2:ea:67:5e:a4:48:e7:1d:94:c8:33:
         d2:bf:5b:65:ef:f1:82:32:45:1b:76:5f:62:24:da:0c:e0:8e:
         56:c1:d6:1e:f3:fa:b4:14:9d:79:4c:70:94:3a:53:79:2e:03:
         bd:9b:c3:47:bc:eb:95:ba:9a:5d:51:24:57:98:00:c2:63:8e:
         ce:4a:3b:28:3f:1e:2f:0f:a4:6b:cd:30:7e:1b:27:3f:e8:5c:
         79:d4:a7:30:6e:13:67:a8:70:8b:d7:77:24:0b:f4:80:0a:9c:
         61:bd:a2:5a:26:d8:94:e5:1f:0f:c2:21:37:fa:e5:23:cc:15:
         e0:75:6e:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzRsz4ym/Y870AOHBCMTtocMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwMzA5MDgyNTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGMzYzRkYzU5ODUyMGYyNjQ3NjAwYzU5M2YxZTMwZDMwZWVmNmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApN1DRbA8zIiOS0tT0tt4CzQ3NjP9
2xivset3eGgb5nco1Fl2yoZjimekjvKQMYLRt2GuZ/PbcjdGy2pe3YQAMrPOIUTh
ZoHpXsfcjPdSR0jtxZwAU8Rf59j9N1Eh9y7MuJZhwAKBPo4fnJxQ2GE08FyV+t2N
ZPJhLRz3fFe/f5OCHqmTork8P89YWlOBA2nSp/0pgh6RAYYOKnzC+iXSJZ4XPgbP
wcUPxnpyiead+W2xsX7RWliGt70caEpr0AuDnvibZucWDOIVbtSdmH5my4A+Vuvp
dYIRsPVhuTOYjtQF3pQEXPIPA26bandtvvq1gRQqEuBjvPjQp5Ji0IUb+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3DxNxZhSDyZHYAxZPx4w0w7vaiMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvZmNQRTNGbUZJUEprZGdERmtfSGpEVER1OXFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSzzMA0G
CSqGSIb3DQEBCwUAA4IBAQCBubv9vSP0d9W62bVFeNTP2Qhknq0ZZ2HVHexqPJCm
cVrPeT21VZK93VA+l3c+3GkV50wj374labhK/TlVWDVDQ/45p5gJ8nLh4dNDDGKw
6JYUrW8CltYM+krF3OuVBjkkv5qw8K+wW1uydgEYDXdHrIdzC5X5XquTzrkYkhOf
4nBQPUcR0upnXqRI5x2UyDPSv1tl7/GCMkUbdl9iJNoM4I5WwdYe8/q0FJ15THCU
OlN5LgO9m8NHvOuVuppdUSRXmADCY47OSjsoPx4vD6RrzTB+Gyc/6Fx51KcwbhNn
qHCL13ckC/SACpxhvaJaJtiU5R8PwiE3+uUjzBXgdW5C
-----END CERTIFICATE-----