Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/FiydaSLG4tnZmkHTDpddmAw-FeQ.roa
File:                     FiydaSLG4tnZmkHTDpddmAw-FeQ.roa (raw, json)
Hash identifier:          +0/Eg8k/DvoEPneCASftKpumMooxlrKT+C7hoS7wKcY=
Subject key identifier:   16:2C:9D:69:22:C6:E2:D9:D9:9A:41:D3:0E:97:5D:98:0C:3E:15:E4
Certificate issuer:       /CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
Certificate serial:       019E72AAA9BB3E8B306534553FCBE6B28A75
Authority key identifier: 11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/FiydaSLG4tnZmkHTDpddmAw-FeQ.roa
Signing time:             Fri 29 May 2026 07:37:27 +0000
ROA not before:           Fri 29 May 2026 07:37:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216127
IP address blocks:        94.228.161.0/24 maxlen: 24
                          178.236.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:72:aa:a9:bb:3e:8b:30:65:34:55:3f:cb:e6:b2:8a:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
        Validity
            Not Before: May 29 07:37:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=162c9d6922c6e2d9d99a41d30e975d980c3e15e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:4c:06:47:44:94:d0:39:48:1b:47:ad:ff:d8:
                    a5:0f:a9:9e:20:f8:6b:a3:36:f3:81:7f:34:f6:54:
                    be:19:02:6d:5f:9c:4f:09:76:db:a1:be:ae:25:5d:
                    4d:0b:53:e6:2a:17:c9:c5:43:7e:8a:c8:54:f4:da:
                    ef:86:ae:7e:f8:84:b7:e3:e9:e1:6a:b2:fb:53:9d:
                    74:37:6a:a5:0b:2e:49:0d:08:e3:73:18:20:09:f1:
                    0e:80:0c:c5:de:19:08:df:14:75:b5:4a:d3:13:40:
                    54:73:39:36:09:1d:ee:71:a3:59:f1:7f:eb:2d:96:
                    18:4a:43:24:bd:3c:20:46:d0:96:36:f2:66:26:77:
                    3c:67:68:e0:cf:6b:19:55:94:ce:c1:0a:67:5b:9d:
                    77:55:64:28:d5:65:17:69:28:1e:a1:25:78:04:2e:
                    b7:77:2e:b9:cc:77:65:fe:04:2f:45:24:08:de:58:
                    dd:74:06:2d:f6:c3:14:f1:f6:12:62:9e:dd:93:89:
                    7c:6a:6b:e1:71:2f:6e:3a:76:41:34:25:98:d9:5b:
                    cd:90:9d:59:ba:8b:26:45:ff:8a:b8:67:fe:a3:8a:
                    b1:18:4c:5b:eb:37:6c:3c:6c:0b:23:00:9b:9f:4d:
                    1c:d8:46:03:7f:1a:4b:02:bb:c4:5c:1c:ea:71:0d:
                    13:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:2C:9D:69:22:C6:E2:D9:D9:9A:41:D3:0E:97:5D:98:0C:3E:15:E4
            X509v3 Authority Key Identifier:
                keyid:11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/FiydaSLG4tnZmkHTDpddmAw-FeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.228.161.0/24
                  178.236.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:29:6a:71:bc:fa:1a:c4:a6:b5:d9:fa:b4:ce:7d:d1:ae:0f:
         bb:78:bd:f1:b4:59:18:0e:61:7c:94:49:00:9d:c4:57:1f:36:
         0d:87:51:63:6a:f9:fe:a8:ec:7b:28:f1:43:0a:c8:c3:c6:d9:
         58:e3:06:f5:f0:98:6d:05:c7:16:38:a8:c1:04:e1:6a:34:39:
         2c:c1:a6:12:50:31:e4:e4:67:fd:08:29:6e:f8:ad:72:7f:68:
         26:ae:4b:39:a3:a8:33:b8:47:df:ec:dd:b0:e3:78:cf:0a:e2:
         19:27:a3:ae:9e:9a:24:a7:81:67:4c:4a:cb:fe:1b:13:e3:75:
         2e:2f:1a:ab:01:77:05:40:2c:1d:f8:4a:b5:33:c7:3a:1e:c2:
         36:97:b8:24:0a:d2:1b:b7:3e:dd:b9:55:ce:df:de:be:18:9c:
         60:2c:64:88:b2:c7:f3:2c:7f:0d:a6:d3:b4:bd:e4:d2:1e:75:
         f3:84:f5:15:60:84:6e:0d:8e:fe:82:a3:c6:cf:5c:d5:d5:25:
         cd:c8:05:f3:12:ec:bf:86:86:f8:30:55:52:03:13:09:a0:c0:
         73:6c:43:58:6c:81:d7:f3:2e:45:de:6c:e0:e3:6a:c8:78:f2:
         3e:24:c9:8a:31:3e:a3:ab:b1:f6:d8:f3:cd:83:23:b6:50:b6:
         3a:ca:cf:37
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5yqqm7PoswZTRVP8vmsop1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExN2Y5ZDU1ODI2YjQyNDg2ZGZjODRkMzVjMWE2M2E1Y2U4
NzUwN2MwHhcNMjYwNTI5MDczNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjJjOWQ2OTIyYzZlMmQ5ZDk5YTQxZDMwZTk3NWQ5ODBjM2UxNWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0wGR0SU0DlIG0et/9ilD6meIPhr
ozbzgX809lS+GQJtX5xPCXbbob6uJV1NC1PmKhfJxUN+ishU9Nrvhq5++IS34+nh
arL7U510N2qlCy5JDQjjcxggCfEOgAzF3hkI3xR1tUrTE0BUczk2CR3ucaNZ8X/r
LZYYSkMkvTwgRtCWNvJmJnc8Z2jgz2sZVZTOwQpnW513VWQo1WUXaSgeoSV4BC63
dy65zHdl/gQvRSQI3ljddAYt9sMU8fYSYp7dk4l8amvhcS9uOnZBNCWY2VvNkJ1Z
uosmRf+KuGf+o4qxGExb6zdsPGwLIwCbn00c2EYDfxpLArvEXBzqcQ0TswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBYsnWkixuLZ2ZpB0w6XXZgMPhXkMB8GA1UdIwQY
MBaAFBF/nVWCa0JIbfyE01waY6XOh1B8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMt
M2ZiYmJhOTI0OWNkLzEvRml5ZGFTTEc0dG5abWtIVERwZGRtQXctRmVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMtM2ZiYmJhOTI0OWNk
LzEvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXuShAwQA
suz9MA0GCSqGSIb3DQEBCwUAA4IBAQARKWpxvPoaxKa12fq0zn3Rrg+7eL3xtFkY
DmF8lEkAncRXHzYNh1Fjavn+qOx7KPFDCsjDxtlY4wb18JhtBccWOKjBBOFqNDks
waYSUDHk5Gf9CClu+K1yf2gmrks5o6gzuEff7N2w43jPCuIZJ6Ounpokp4FnTErL
/hsT43UuLxqrAXcFQCwd+Eq1M8c6HsI2l7gkCtIbtz7duVXO396+GJxgLGSIssfz
LH8NptO0veTSHnXzhPUVYIRuDY7+gqPGz1zV1SXNyAXzEuy/hob4MFVSAxMJoMBz
bENYbIHX8y5F3mzg42rIePI+JMmKMT6jq7H22PPNgyO2ULY6ys83
-----END CERTIFICATE-----