Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/cfb251-923f-40c1-9832-e8a39dd60864/1/fU9G1xViiFBAMkydmGaiZ4wfW-4.roa
File:                     fU9G1xViiFBAMkydmGaiZ4wfW-4.roa (raw, json)
Hash identifier:          n+ycwzmY2TKhAULErTgn7mIq9lbCk2qlJBifPQNmgOY=
Subject key identifier:   7D:4F:46:D7:15:62:88:50:40:32:4C:9D:98:66:A2:67:8C:1F:5B:EE
Certificate issuer:       /CN=c1a4d967d5ccb1425b91ef4ed789a83afce4612e
Certificate serial:       019F2801A29386643BAD76786B1E10186B45
Authority key identifier: C1:A4:D9:67:D5:CC:B1:42:5B:91:EF:4E:D7:89:A8:3A:FC:E4:61:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/waTZZ9XMsUJbke9O14moOvzkYS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/cfb251-923f-40c1-9832-e8a39dd60864/1/fU9G1xViiFBAMkydmGaiZ4wfW-4.roa
Signing time:             Fri 03 Jul 2026 12:43:43 +0000
ROA not before:           Fri 03 Jul 2026 12:43:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24812
IP address blocks:        80.64.80.0/20 maxlen: 24
                          80.64.80.0/24 maxlen: 24
                          80.64.81.0/24 maxlen: 24
                          80.64.82.0/24 maxlen: 24
                          80.64.83.0/24 maxlen: 24
                          80.64.84.0/24 maxlen: 24
                          80.64.85.0/24 maxlen: 24
                          80.64.86.0/24 maxlen: 24
                          80.64.87.0/24 maxlen: 24
                          80.64.88.0/24 maxlen: 24
                          80.64.89.0/24 maxlen: 24
                          80.64.90.0/24 maxlen: 24
                          80.64.91.0/24 maxlen: 24
                          80.64.92.0/24 maxlen: 24
                          80.64.93.0/24 maxlen: 24
                          80.64.94.0/24 maxlen: 24
                          80.64.95.0/24 maxlen: 24
                          91.196.96.0/22 maxlen: 22
                          91.196.96.0/24 maxlen: 24
                          91.196.97.0/24 maxlen: 24
                          91.196.98.0/24 maxlen: 24
                          91.196.99.0/24 maxlen: 24
                          176.105.192.0/22 maxlen: 24
                          176.105.193.0/24 maxlen: 24
                          176.105.194.0/23 maxlen: 23
                          176.105.194.0/24 maxlen: 24
                          176.105.196.0/24 maxlen: 24
                          176.105.197.0/24 maxlen: 24
                          176.105.198.0/24 maxlen: 24
                          176.105.199.0/24 maxlen: 24
                          176.105.200.0/22 maxlen: 24
                          176.105.200.0/23 maxlen: 24
                          176.105.204.0/23 maxlen: 24
                          176.105.204.0/24 maxlen: 24
                          176.105.206.0/23 maxlen: 23
                          176.105.208.0/22 maxlen: 22
                          176.105.208.0/24 maxlen: 24
                          176.105.209.0/24 maxlen: 24
                          176.105.210.0/23 maxlen: 23
                          176.105.212.0/22 maxlen: 24
                          176.105.212.0/23 maxlen: 23
                          176.105.214.0/24 maxlen: 24
                          176.105.215.0/24 maxlen: 24
                          176.105.216.0/23 maxlen: 24
                          176.105.218.0/23 maxlen: 23
                          176.105.218.0/24 maxlen: 24
                          176.105.220.0/24 maxlen: 24
                          176.105.221.0/24 maxlen: 24
                          176.105.222.0/24 maxlen: 24
                          176.105.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/cfb251-923f-40c1-9832-e8a39dd60864/1/waTZZ9XMsUJbke9O14moOvzkYS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/cfb251-923f-40c1-9832-e8a39dd60864/1/waTZZ9XMsUJbke9O14moOvzkYS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/waTZZ9XMsUJbke9O14moOvzkYS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:28:01:a2:93:86:64:3b:ad:76:78:6b:1e:10:18:6b:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1a4d967d5ccb1425b91ef4ed789a83afce4612e
        Validity
            Not Before: Jul  3 12:43:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d4f46d71562885040324c9d9866a2678c1f5bee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:02:29:2c:66:32:31:68:04:42:54:c5:d0:86:
                    a4:d4:8d:e5:10:21:35:dc:19:3b:da:78:b5:6e:dc:
                    a4:cd:03:4a:53:cf:e6:90:f2:3e:20:1e:0e:f9:66:
                    36:99:57:24:82:24:51:ae:15:c3:83:9e:0c:eb:7d:
                    f2:29:47:30:f9:26:6d:10:95:0a:3f:94:be:0f:df:
                    7c:07:7b:3d:e8:b2:bf:62:58:70:72:d7:2f:dc:62:
                    e0:c0:51:6f:d8:ba:92:0d:25:10:6b:c9:cd:6f:7d:
                    66:44:6c:46:81:7a:30:fb:a0:4a:04:35:f9:9c:02:
                    e2:9a:62:2b:c7:4c:b6:e9:cd:b8:93:2b:62:98:d3:
                    ed:36:97:12:df:50:b7:de:95:d8:0c:55:de:e4:2d:
                    78:12:c0:01:8e:7f:3e:1f:9b:4b:94:9c:d5:3d:8c:
                    7c:f5:e6:15:b6:ae:7a:38:20:bc:4f:99:84:67:f1:
                    94:b7:57:df:e4:6f:dc:14:f8:9b:4f:84:c7:0d:e9:
                    cb:03:e7:ff:03:c4:a8:6c:d2:30:63:3a:eb:34:72:
                    07:d6:b4:33:0c:4e:ba:14:7f:2d:24:cc:86:16:01:
                    35:f9:47:76:b9:54:b2:75:49:b4:6a:e5:c0:6b:b5:
                    9c:04:45:de:fb:5b:64:65:57:1c:f0:70:fb:ac:21:
                    92:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:4F:46:D7:15:62:88:50:40:32:4C:9D:98:66:A2:67:8C:1F:5B:EE
            X509v3 Authority Key Identifier:
                keyid:C1:A4:D9:67:D5:CC:B1:42:5B:91:EF:4E:D7:89:A8:3A:FC:E4:61:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/waTZZ9XMsUJbke9O14moOvzkYS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/cfb251-923f-40c1-9832-e8a39dd60864/1/fU9G1xViiFBAMkydmGaiZ4wfW-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/cfb251-923f-40c1-9832-e8a39dd60864/1/waTZZ9XMsUJbke9O14moOvzkYS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.80.0/20
                  91.196.96.0/22
                  176.105.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         62:a9:fb:a6:26:73:41:66:98:35:e5:bc:c9:05:33:73:8a:04:
         08:97:07:ce:0e:db:5a:bb:b3:3d:c8:86:84:5c:72:8c:5c:13:
         25:31:a1:0a:08:53:b4:22:2d:c9:56:37:68:83:40:40:5f:ee:
         5e:8a:a4:74:72:41:ba:90:86:4a:0e:29:0a:81:52:0b:6f:8e:
         34:b9:cc:c7:44:c0:ca:ab:85:6d:4a:b6:09:86:c6:51:4b:77:
         2a:d2:da:e6:bd:77:1d:5f:dc:2f:b0:2d:9d:db:11:36:0d:81:
         89:e2:b9:13:b1:8c:ce:30:8d:99:b9:e8:d3:22:07:96:d7:d3:
         d3:37:6a:25:a0:3f:64:ad:4f:cf:73:ba:8e:3c:11:ed:68:e5:
         33:93:c1:d6:9a:6c:81:58:65:be:a6:28:00:08:23:19:da:64:
         3e:b5:a1:c7:b0:b0:ec:a2:2a:1a:e8:b3:37:57:be:64:c9:45:
         e7:1f:c1:59:c4:db:03:9d:01:1c:1d:f6:09:66:7a:53:2a:50:
         24:aa:29:37:f3:7b:d9:62:b8:70:be:3a:2c:21:96:a3:c8:35:
         91:ad:ed:8d:69:6c:31:96:65:74:dd:99:b4:20:03:1c:d1:e8:
         0f:1e:88:cd:c7:97:b4:b0:51:57:e9:23:7e:8d:ca:16:60:21:
         e0:b1:f5:f7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ8oAaKThmQ7rXZ4ax4QGGtFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYTRkOTY3ZDVjY2IxNDI1YjkxZWY0ZWQ3ODlhODNhZmNl
NDYxMmUwHhcNMjYwNzAzMTI0MzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDRmNDZkNzE1NjI4ODUwNDAzMjRjOWQ5ODY2YTI2NzhjMWY1YmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzAIpLGYyMWgEQlTF0Iak1I3lECE1
3Bk72ni1btykzQNKU8/mkPI+IB4O+WY2mVckgiRRrhXDg54M633yKUcw+SZtEJUK
P5S+D998B3s96LK/Ylhwctcv3GLgwFFv2LqSDSUQa8nNb31mRGxGgXow+6BKBDX5
nALimmIrx0y26c24kytimNPtNpcS31C33pXYDFXe5C14EsABjn8+H5tLlJzVPYx8
9eYVtq56OCC8T5mEZ/GUt1ff5G/cFPibT4THDenLA+f/A8SobNIwYzrrNHIH1rQz
DE66FH8tJMyGFgE1+Ud2uVSydUm0auXAa7WcBEXe+1tkZVcc8HD7rCGS0wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFH1PRtcVYohQQDJMnZhmomeMH1vuMB8GA1UdIwQY
MBaAFMGk2WfVzLFCW5HvTteJqDr85GEuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2FUWlo5WE1zVUpia2U5TzE0bW9PdnprWVM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9jZmIyNTEtOTIzZi00MGMxLTk4MzIt
ZThhMzlkZDYwODY0LzEvZlU5RzF4VmlpRkJBTWt5ZG1HYWlaNHdmVy00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9jZmIyNTEtOTIzZi00MGMxLTk4MzItZThhMzlkZDYwODY0
LzEvd2FUWlo5WE1zVUpia2U5TzE0bW9PdnprWVM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEUEBQAwQC
W8RgAwQFsGnAMA0GCSqGSIb3DQEBCwUAA4IBAQBiqfumJnNBZpg15bzJBTNzigQI
lwfODttau7M9yIaEXHKMXBMlMaEKCFO0Ii3JVjdog0BAX+5eiqR0ckG6kIZKDikK
gVILb440uczHRMDKq4VtSrYJhsZRS3cq0trmvXcdX9wvsC2d2xE2DYGJ4rkTsYzO
MI2ZuejTIgeW19PTN2oloD9krU/Pc7qOPBHtaOUzk8HWmmyBWGW+pigACCMZ2mQ+
taHHsLDsoioa6LM3V75kyUXnH8FZxNsDnQEcHfYJZnpTKlAkqik383vZYrhwvjos
IZajyDWRre2NaWwxlmV03Zm0IAMc0egPHojNx5e0sFFX6SN+jcoWYCHgsfX3
-----END CERTIFICATE-----
Generated at Fri Jul 3 20:52:38 2026 by rpki-client