Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/f1N16QXRJT8TgFLllTTErx8gnfo.roa
File:                     f1N16QXRJT8TgFLllTTErx8gnfo.roa (raw, json)
Hash identifier:          TD+xMAhcYnFkrXWt+TasxmBdsfj33/ku6bIMGWKWGU4=
Subject key identifier:   7F:53:75:E9:05:D1:25:3F:13:80:52:E5:95:34:C4:AF:1F:20:9D:FA
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019DDF15063DACBD4BA6718BE94DEB959677
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/f1N16QXRJT8TgFLllTTErx8gnfo.roa
Signing time:             Thu 30 Apr 2026 15:49:50 +0000
ROA not before:           Thu 30 Apr 2026 15:49:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215294
IP address blocks:        94.177.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 May 2026 07:53:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:df:15:06:3d:ac:bd:4b:a6:71:8b:e9:4d:eb:95:96:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr 30 15:49:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f5375e905d1253f138052e59534c4af1f209dfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b5:fe:79:55:a1:52:22:a8:c6:31:c1:24:c6:
                    39:b1:26:f5:5a:61:db:82:d0:5c:c0:f2:11:4c:aa:
                    f0:df:94:4f:cb:95:fe:f5:9b:a9:82:4a:21:a9:a1:
                    a6:ed:e5:a3:01:79:00:df:36:fa:81:b1:23:ac:39:
                    9b:02:54:84:14:f7:0d:17:19:c3:cf:89:04:d6:0e:
                    45:b3:d1:93:50:e1:d9:10:16:6e:97:c4:3e:f4:a4:
                    f3:c1:d8:fc:34:1b:4a:08:c3:b8:8a:e2:df:99:a1:
                    29:80:d8:18:bd:62:fe:4c:7f:29:83:82:10:33:32:
                    e7:0d:6a:ca:0c:61:de:31:d7:01:61:27:d9:34:9e:
                    98:64:fb:07:ac:0d:2f:93:54:c6:f0:b4:12:a3:6d:
                    74:f4:94:97:49:25:a9:64:9a:01:18:a7:04:34:72:
                    25:40:61:15:d1:48:a7:b5:33:8f:50:56:d5:57:d3:
                    7f:83:b5:59:43:ad:13:84:f7:7e:36:a0:03:cf:78:
                    f6:b6:00:39:58:88:86:40:d7:0b:fe:e1:30:98:9d:
                    1a:84:6f:35:79:38:8c:4d:bf:16:a0:9b:16:19:1e:
                    54:75:18:4e:de:65:85:c4:7c:8a:c5:48:6c:43:73:
                    44:91:6e:7b:a1:16:7c:07:f7:a1:cd:26:01:51:04:
                    26:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:53:75:E9:05:D1:25:3F:13:80:52:E5:95:34:C4:AF:1F:20:9D:FA
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/f1N16QXRJT8TgFLllTTErx8gnfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.177.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:32:e7:a9:8f:44:55:39:6f:b3:39:c1:13:0b:f5:22:d5:7c:
         41:a1:87:82:e2:d2:48:c7:d3:01:e0:53:6c:8c:44:81:c5:4c:
         8d:60:5c:ac:e8:4e:10:ed:c9:76:5f:57:20:c8:9b:f1:79:31:
         43:2a:1a:b0:51:6f:33:40:c7:2c:e6:70:ee:a6:40:88:64:eb:
         6d:9e:28:ab:cf:f8:9c:a8:57:e3:41:4b:02:75:40:80:86:66:
         5e:f9:dc:fb:20:52:3b:83:be:22:8b:16:7a:fe:16:15:b9:3a:
         24:b3:ab:e3:af:8d:43:d5:1c:e6:7c:f3:d6:8a:a6:b8:ce:9d:
         e4:3c:e3:fe:31:90:de:95:68:38:c5:6f:29:3a:06:e1:dc:c2:
         9d:2e:78:63:9e:d9:80:40:ae:bb:88:55:98:39:da:e2:2a:55:
         2f:22:23:f0:43:00:bd:c0:c2:e4:96:f1:bc:85:d4:82:2b:a3:
         7c:3e:a8:b2:31:aa:5f:5d:69:1d:59:2d:b3:ab:20:c6:72:24:
         58:0f:09:52:d8:73:5c:85:68:1e:0b:27:38:7b:52:6c:bf:93:
         d7:61:43:0b:f2:18:a3:23:bd:c2:85:1b:2a:e5:c1:39:3b:7e:
         cf:a4:b8:93:37:b1:1e:42:70:70:5d:54:f5:f2:8d:2c:a2:86:
         b8:91:4b:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3fFQY9rL1LpnGL6U3rlZZ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwNDMwMTU0OTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjUzNzVlOTA1ZDEyNTNmMTM4MDUyZTU5NTM0YzRhZjFmMjA5ZGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrX+eVWhUiKoxjHBJMY5sSb1WmHb
gtBcwPIRTKrw35RPy5X+9ZupgkohqaGm7eWjAXkA3zb6gbEjrDmbAlSEFPcNFxnD
z4kE1g5Fs9GTUOHZEBZul8Q+9KTzwdj8NBtKCMO4iuLfmaEpgNgYvWL+TH8pg4IQ
MzLnDWrKDGHeMdcBYSfZNJ6YZPsHrA0vk1TG8LQSo2109JSXSSWpZJoBGKcENHIl
QGEV0UintTOPUFbVV9N/g7VZQ60ThPd+NqADz3j2tgA5WIiGQNcL/uEwmJ0ahG81
eTiMTb8WoJsWGR5UdRhO3mWFxHyKxUhsQ3NEkW57oRZ8B/ehzSYBUQQmmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH9TdekF0SU/E4BS5ZU0xK8fIJ36MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvZjFOMTZRWFJKVDhUZ0ZMbGxUVEVyeDhnbmZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrGWMA0G
CSqGSIb3DQEBCwUAA4IBAQAgMuepj0RVOW+zOcETC/Ui1XxBoYeC4tJIx9MB4FNs
jESBxUyNYFys6E4Q7cl2X1cgyJvxeTFDKhqwUW8zQMcs5nDupkCIZOttniirz/ic
qFfjQUsCdUCAhmZe+dz7IFI7g74iixZ6/hYVuToks6vjr41D1RzmfPPWiqa4zp3k
POP+MZDelWg4xW8pOgbh3MKdLnhjntmAQK67iFWYOdriKlUvIiPwQwC9wMLklvG8
hdSCK6N8PqiyMapfXWkdWS2zqyDGciRYDwlS2HNchWgeCyc4e1Jsv5PXYUML8hij
I73ChRsq5cE5O37PpLiTN7EeQnBwXVT18o0sooa4kUtF
-----END CERTIFICATE-----