Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/GeFTU20e0_cCp_QY1xvZa0HLe_o.roa
File:                     GeFTU20e0_cCp_QY1xvZa0HLe_o.roa (raw, json)
Hash identifier:          /NINQkmS7FTdz7cltmoURNxtY32MfCkE77Bo3JP604M=
Subject key identifier:   19:E1:53:53:6D:1E:D3:F7:02:A7:F4:18:D7:1B:D9:6B:41:CB:7B:FA
Certificate issuer:       /CN=74e133ea1e40fc13e074e327710a5344a960b5c0
Certificate serial:       019DB58E7B8C444BA9A3837727A8C7D8B9C7
Authority key identifier: 74:E1:33:EA:1E:40:FC:13:E0:74:E3:27:71:0A:53:44:A9:60:B5:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dOEz6h5A_BPgdOMncQpTRKlgtcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/GeFTU20e0_cCp_QY1xvZa0HLe_o.roa
Signing time:             Wed 22 Apr 2026 14:18:26 +0000
ROA not before:           Wed 22 Apr 2026 14:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46548
IP address blocks:        31.169.68.0/24 maxlen: 24
                          194.1.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/dOEz6h5A_BPgdOMncQpTRKlgtcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/dOEz6h5A_BPgdOMncQpTRKlgtcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dOEz6h5A_BPgdOMncQpTRKlgtcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b5:8e:7b:8c:44:4b:a9:a3:83:77:27:a8:c7:d8:b9:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74e133ea1e40fc13e074e327710a5344a960b5c0
        Validity
            Not Before: Apr 22 14:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=19e153536d1ed3f702a7f418d71bd96b41cb7bfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2c:4e:6c:9f:ce:df:49:26:a9:f1:ec:f1:a2:
                    6c:03:66:b0:23:4e:e9:cc:ff:75:a8:c7:a9:13:df:
                    3f:56:5d:54:7c:f9:a2:3b:27:fd:67:32:8e:92:56:
                    5b:8e:f3:fe:d8:1d:4c:9e:c0:59:22:f9:ef:d1:2c:
                    37:12:9d:fd:5c:ff:85:16:39:9b:c0:41:4c:3c:f9:
                    0b:7b:3c:d9:8b:73:d3:35:9b:e4:c8:0e:99:d1:2e:
                    f3:d0:f6:c1:b5:88:1b:99:3f:77:49:28:e1:19:5b:
                    a3:90:79:f2:c1:6e:47:04:6d:a5:8d:42:ba:ff:9e:
                    ec:36:66:ca:66:b0:2f:26:72:a7:44:d4:25:bf:7b:
                    2b:e5:ad:37:e5:be:a7:8f:8a:48:53:00:4e:7c:de:
                    6d:33:15:cf:fe:60:e0:83:e7:aa:f4:fa:a5:b6:c1:
                    91:12:c4:b8:8d:06:a7:aa:0a:1e:fb:24:36:24:1c:
                    64:68:08:e8:58:f2:a9:05:35:1e:a0:ae:06:0e:37:
                    af:ac:80:ca:a3:40:89:c0:6b:2d:dc:01:53:9d:81:
                    6f:98:65:71:e5:3a:32:dc:88:8e:83:1f:ba:05:6e:
                    50:78:7b:c3:eb:60:3f:dd:40:5b:e1:54:6b:87:f9:
                    91:cf:b0:a6:17:b7:4a:15:e3:b4:5e:03:e4:3d:78:
                    70:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:E1:53:53:6D:1E:D3:F7:02:A7:F4:18:D7:1B:D9:6B:41:CB:7B:FA
            X509v3 Authority Key Identifier:
                keyid:74:E1:33:EA:1E:40:FC:13:E0:74:E3:27:71:0A:53:44:A9:60:B5:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOEz6h5A_BPgdOMncQpTRKlgtcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/GeFTU20e0_cCp_QY1xvZa0HLe_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/1f5587-cb92-4917-8cf3-2cb9e2172f97/1/dOEz6h5A_BPgdOMncQpTRKlgtcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.68.0/24
                  194.1.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         df:3c:9b:b3:17:6f:6f:29:11:77:fc:2e:67:c6:db:22:50:80:
         35:62:4b:5b:33:fc:5b:79:ab:f7:e9:61:13:8e:25:a3:94:6d:
         17:40:47:a1:33:64:cd:7a:55:e5:a6:fd:67:bd:6c:cb:f6:d4:
         27:66:93:13:72:2d:27:e8:ea:72:b0:ef:6b:e3:47:3d:9c:27:
         20:b0:ea:60:25:54:5d:2b:20:bb:d9:c9:34:16:b6:c5:d6:1e:
         27:20:20:00:b9:10:49:a5:da:09:52:e7:ea:be:2d:96:07:df:
         77:67:43:53:d5:db:88:7d:36:97:2d:b0:c9:3f:27:1d:ff:73:
         d1:f5:11:c7:09:3f:95:bd:65:24:17:d0:67:03:ad:19:68:e9:
         15:96:ba:90:2a:32:4a:49:53:a4:c2:90:16:b4:89:a8:ec:81:
         81:95:27:56:e8:cb:17:fb:57:ee:c6:52:88:ef:35:bd:bd:f5:
         2f:94:1c:94:d6:04:d6:fd:e3:e9:81:46:9c:4a:c2:d6:46:7c:
         7c:9e:26:b5:54:b5:41:b9:e9:b8:66:51:5c:ec:f8:09:28:3a:
         75:18:cb:69:9f:6a:a1:ad:47:a9:07:90:0d:c5:fa:18:96:cd:
         cb:e7:09:6c:6e:63:d9:79:ed:00:53:ec:8d:f1:61:7a:a3:65:
         ca:3a:0b:f7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ21jnuMREupo4N3J6jH2LnHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZTEzM2VhMWU0MGZjMTNlMDc0ZTMyNzcxMGE1MzQ0YTk2
MGI1YzAwHhcNMjYwNDIyMTQxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWUxNTM1MzZkMWVkM2Y3MDJhN2Y0MThkNzFiZDk2YjQxY2I3YmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyxObJ/O30kmqfHs8aJsA2awI07p
zP91qMepE98/Vl1UfPmiOyf9ZzKOklZbjvP+2B1MnsBZIvnv0Sw3Ep39XP+FFjmb
wEFMPPkLezzZi3PTNZvkyA6Z0S7z0PbBtYgbmT93SSjhGVujkHnywW5HBG2ljUK6
/57sNmbKZrAvJnKnRNQlv3sr5a035b6nj4pIUwBOfN5tMxXP/mDgg+eq9PqltsGR
EsS4jQanqgoe+yQ2JBxkaAjoWPKpBTUeoK4GDjevrIDKo0CJwGst3AFTnYFvmGVx
5Toy3IiOgx+6BW5QeHvD62A/3UBb4VRrh/mRz7CmF7dKFeO0XgPkPXhwkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBnhU1NtHtP3Aqf0GNcb2WtBy3v6MB8GA1UdIwQY
MBaAFHThM+oeQPwT4HTjJ3EKU0SpYLXAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE9FejZoNUFfQlBnZE9NbmNRcFRSS2xndGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8xZjU1ODctY2I5Mi00OTE3LThjZjMt
MmNiOWUyMTcyZjk3LzEvR2VGVFUyMGUwX2NDcF9RWTF4dlphMEhMZV9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8xZjU1ODctY2I5Mi00OTE3LThjZjMtMmNiOWUyMTcyZjk3
LzEvZE9FejZoNUFfQlBnZE9NbmNRcFRSS2xndGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH6lEAwQA
wgHQMA0GCSqGSIb3DQEBCwUAA4IBAQDfPJuzF29vKRF3/C5nxtsiUIA1YktbM/xb
eav36WETjiWjlG0XQEehM2TNelXlpv1nvWzL9tQnZpMTci0n6OpysO9r40c9nCcg
sOpgJVRdKyC72ck0FrbF1h4nICAAuRBJpdoJUufqvi2WB993Z0NT1duIfTaXLbDJ
Pycd/3PR9RHHCT+VvWUkF9BnA60ZaOkVlrqQKjJKSVOkwpAWtImo7IGBlSdW6MsX
+1fuxlKI7zW9vfUvlByU1gTW/ePpgUacSsLWRnx8nia1VLVBuem4ZlFc7PgJKDp1
GMtpn2qhrUepB5ANxfoYls3L5wlsbmPZee0AU+yN8WF6o2XKOgv3
-----END CERTIFICATE-----