Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/FzDe35P_1786_Z9mhPnSfvAow5U.roa
File:                     FzDe35P_1786_Z9mhPnSfvAow5U.roa (raw, json)
Hash identifier:          pkphi0Wx6xvA20tkpX3Eyg4spakSnIra5DuBM8yW28I=
Subject key identifier:   17:30:DE:DF:93:FF:D7:BF:3A:FD:9F:66:84:F9:D2:7E:F0:28:C3:95
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019D3BB9FD70916FCD5F2F7BF7FDDBB7B8AA
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/FzDe35P_1786_Z9mhPnSfvAow5U.roa
Signing time:             Sun 29 Mar 2026 22:32:17 +0000
ROA not before:           Sun 29 Mar 2026 22:32:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214854
IP address blocks:        45.43.152.0/24 maxlen: 24
                          45.43.154.0/24 maxlen: 24
                          104.249.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 Apr 2026 19:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3b:b9:fd:70:91:6f:cd:5f:2f:7b:f7:fd:db:b7:b8:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Mar 29 22:32:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1730dedf93ffd7bf3afd9f6684f9d27ef028c395
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b4:ae:bc:29:b9:63:ce:cd:d4:51:d9:dd:b0:
                    35:59:a1:01:b0:57:8d:39:f3:fe:c9:b6:4a:d6:dd:
                    44:4b:67:69:e5:1a:33:87:fa:16:1f:c0:a7:73:0c:
                    e6:e3:d8:a8:cc:3a:a7:7d:f5:ad:78:0b:e1:1d:9f:
                    50:b3:e2:5b:f6:ac:5c:37:7a:a6:65:91:7a:87:38:
                    75:dc:31:81:f8:7a:3b:0f:70:34:ed:85:0d:51:6e:
                    b9:17:61:3a:80:f2:34:24:32:39:54:c5:61:b7:b2:
                    aa:2c:46:00:36:d9:c9:38:cd:07:a0:de:6e:07:05:
                    7a:a5:81:08:4a:3a:0f:ce:c8:ff:7a:72:f7:89:62:
                    ba:5c:25:6e:1f:02:d6:d7:2f:68:e8:35:c6:2a:21:
                    65:56:d8:c3:fa:74:ba:15:fd:32:9f:92:b8:94:96:
                    5d:21:17:58:b3:81:13:2f:ea:15:3a:b9:20:47:db:
                    a4:e6:cc:6b:95:b2:d2:5b:b5:61:c6:eb:84:e8:eb:
                    80:51:63:4a:df:b1:7b:93:80:4a:b0:7f:77:ff:b2:
                    17:90:72:87:97:29:1c:98:f7:c7:62:69:88:e9:ac:
                    87:5b:f9:48:40:6d:8a:5a:30:b3:68:6b:28:d6:7b:
                    f9:c8:69:bf:85:6b:49:79:bd:34:52:34:9a:60:77:
                    bc:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:30:DE:DF:93:FF:D7:BF:3A:FD:9F:66:84:F9:D2:7E:F0:28:C3:95
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/FzDe35P_1786_Z9mhPnSfvAow5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.152.0/24
                  45.43.154.0/24
                  104.249.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:db:fa:f0:52:fe:20:53:6d:4d:5c:25:6a:e7:c5:e7:d4:28:
         f9:e6:a4:34:ed:a6:14:e4:b6:ab:9c:78:51:15:7e:b3:ab:67:
         3b:8a:c5:de:3e:61:64:fa:8e:3b:22:c5:e1:67:56:d8:9b:ee:
         2b:08:45:76:f8:6b:62:ef:bf:0e:e1:e0:6d:74:34:15:d5:c3:
         9e:e2:8b:60:81:3f:ac:64:15:97:f2:cd:14:83:6d:01:42:c4:
         cf:12:e4:af:e7:f2:02:ce:d0:ac:6c:37:00:7f:ec:01:d0:80:
         7d:3e:4c:05:cc:e7:22:61:cf:fd:aa:2e:e8:5a:5f:33:94:d0:
         72:b4:c3:34:69:e0:9c:9b:cb:18:4a:d9:2d:c6:0b:76:b8:c5:
         0c:2c:51:0d:6f:75:35:49:64:6a:9e:0b:85:21:25:29:ea:29:
         08:38:96:ac:12:78:21:17:34:81:f2:45:8a:cd:1d:68:2e:62:
         20:a1:42:d2:b6:80:f6:f4:41:28:c2:39:1f:df:a4:73:d4:65:
         7b:51:cb:69:42:7d:f7:74:74:54:82:c7:a9:22:3d:2c:14:31:
         94:f3:31:32:0a:51:ba:15:48:f9:aa:43:29:2c:b2:28:d2:52:
         29:c8:a8:76:90:25:54:26:ec:62:d9:5f:78:5b:0f:0d:08:5f:
         5b:65:35:12
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ07uf1wkW/NXy979/3bt7iqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwMzI5MjIzMjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzMwZGVkZjkzZmZkN2JmM2FmZDlmNjY4NGY5ZDI3ZWYwMjhjMzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbSuvCm5Y87N1FHZ3bA1WaEBsFeN
OfP+ybZK1t1ES2dp5Rozh/oWH8Cncwzm49iozDqnffWteAvhHZ9Qs+Jb9qxcN3qm
ZZF6hzh13DGB+Ho7D3A07YUNUW65F2E6gPI0JDI5VMVht7KqLEYANtnJOM0HoN5u
BwV6pYEISjoPzsj/enL3iWK6XCVuHwLW1y9o6DXGKiFlVtjD+nS6Ff0yn5K4lJZd
IRdYs4ETL+oVOrkgR9uk5sxrlbLSW7VhxuuE6OuAUWNK37F7k4BKsH93/7IXkHKH
lykcmPfHYmmI6ayHW/lIQG2KWjCzaGso1nv5yGm/hWtJeb00UjSaYHe8hQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBcw3t+T/9e/Ov2fZoT50n7wKMOVMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvRnpEZTM1UF8xNzg2X1o5bWhQblNmdkFvdzVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALSuYAwQA
LSuaAwQAaPkTMA0GCSqGSIb3DQEBCwUAA4IBAQBF2/rwUv4gU21NXCVq58Xn1Cj5
5qQ07aYU5LarnHhRFX6zq2c7isXePmFk+o47IsXhZ1bYm+4rCEV2+Gti778O4eBt
dDQV1cOe4otggT+sZBWX8s0Ug20BQsTPEuSv5/ICztCsbDcAf+wB0IB9PkwFzOci
Yc/9qi7oWl8zlNBytMM0aeCcm8sYStktxgt2uMUMLFENb3U1SWRqnguFISUp6ikI
OJasEnghFzSB8kWKzR1oLmIgoULStoD29EEowjkf36Rz1GV7UctpQn33dHRUgsep
Ij0sFDGU8zEyClG6FUj5qkMpLLIo0lIpyKh2kCVUJuxi2V94Ww8NCF9bZTUS
-----END CERTIFICATE-----