Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/F-WF_eIpHYReBOMhX06jjFj1FS0.roa
File:                     F-WF_eIpHYReBOMhX06jjFj1FS0.roa (raw, json)
Hash identifier:          BAvVbr1wXgd6696wbRb9gM+rxSNYTDOpWUN3Pk36+Js=
Subject key identifier:   17:E5:85:FD:E2:29:1D:84:5E:04:E3:21:5F:4E:A3:8C:58:F5:15:2D
Certificate issuer:       /CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
Certificate serial:       019E8D7971F43E8FC454AEF0C59C8D0BE9DF
Authority key identifier: 4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/F-WF_eIpHYReBOMhX06jjFj1FS0.roa
Signing time:             Wed 03 Jun 2026 12:33:26 +0000
ROA not before:           Wed 03 Jun 2026 12:33:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204203
IP address blocks:        94.139.179.0/24 maxlen: 24
                          109.162.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 18:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8d:79:71:f4:3e:8f:c4:54:ae:f0:c5:9c:8d:0b:e9:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd74fbbbae58dd0876d99e80ec82a11a4477f7e
        Validity
            Not Before: Jun  3 12:33:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=17e585fde2291d845e04e3215f4ea38c58f5152d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d3:dd:32:bc:03:c2:43:07:af:1a:8d:12:09:
                    1d:bf:c2:22:6e:81:61:aa:2f:dc:eb:66:71:8e:98:
                    7b:3a:87:6b:0e:41:01:0f:dd:9d:80:90:9f:86:c5:
                    1e:4e:5b:54:9a:68:ab:7c:ad:75:3d:4a:86:07:de:
                    80:72:db:a0:64:c9:6c:6f:98:7e:13:9c:5a:5c:ad:
                    22:c7:ae:62:35:16:2e:c9:81:7a:80:b4:4e:37:13:
                    e6:a0:a3:d1:34:92:2a:81:8e:85:63:28:74:38:20:
                    00:5e:e7:1c:0f:67:1b:1d:df:a9:ef:d0:e3:66:7f:
                    05:a1:28:f4:37:22:f5:d0:16:75:dc:10:f6:10:4e:
                    c3:49:a0:95:c9:8e:4d:94:f5:c5:07:3a:e2:3d:44:
                    e6:49:1a:fb:a9:e8:49:ae:8d:26:6b:d5:f9:99:98:
                    0f:82:0d:7e:65:df:0b:65:67:58:33:69:81:86:0a:
                    10:9b:1d:66:55:31:5e:fc:01:1f:31:b8:a1:dc:df:
                    1f:91:be:20:66:d8:44:2e:8f:f9:fb:16:36:93:15:
                    7e:c5:0e:c1:e8:90:91:0d:6a:a4:3d:69:76:45:ab:
                    c4:19:de:c6:62:70:45:95:31:ff:b8:a7:85:66:4f:
                    bb:c7:36:aa:84:b9:39:e8:4d:3b:e2:5f:42:c1:ff:
                    e6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:E5:85:FD:E2:29:1D:84:5E:04:E3:21:5F:4E:A3:8C:58:F5:15:2D
            X509v3 Authority Key Identifier:
                keyid:4D:D7:4F:BB:BA:E5:8D:D0:87:6D:99:E8:0E:C8:2A:11:A4:47:7F:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TddPu7rljdCHbZnoDsgqEaRHf34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/F-WF_eIpHYReBOMhX06jjFj1FS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f5f57-e828-4bcf-8d2b-8eab7f4fe77e/1/TddPu7rljdCHbZnoDsgqEaRHf34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.139.179.0/24
                  109.162.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:a4:be:a2:40:e1:89:4e:2c:c6:49:6a:39:af:27:54:7b:f6:
         c5:3c:54:29:2c:94:04:75:e4:22:95:66:fc:84:e3:79:62:9c:
         34:6e:f5:66:64:be:9b:a1:a0:42:5d:81:0c:6c:17:e9:10:03:
         f5:eb:be:bf:0c:75:bf:52:d3:d1:ac:e6:32:32:74:98:84:df:
         24:30:3a:d0:cf:f1:70:d6:3a:df:02:5d:94:80:47:e9:44:1c:
         8a:e2:d5:ee:d6:5a:50:27:b1:0c:e6:18:c4:9c:bf:5f:c1:97:
         3f:8e:82:db:a3:01:f1:41:97:e9:b4:0d:7b:bd:7c:84:88:73:
         48:5f:37:4d:c9:4e:57:fc:49:29:52:83:22:28:cb:97:db:d5:
         2f:0d:f1:4a:96:84:1c:1e:db:64:a9:38:fe:99:4c:e5:dc:8f:
         22:1a:54:bd:81:95:b3:74:7a:10:36:b0:3c:7c:ea:af:4b:af:
         f1:7e:da:f4:a7:8c:c6:d7:82:ef:f4:47:f8:8b:f5:40:f2:d6:
         37:a5:ed:35:f0:fc:cd:03:43:e7:c5:3d:f2:ab:6d:f5:47:d7:
         50:c0:14:46:cb:85:cb:93:93:c5:50:2d:d8:97:8b:3c:71:e0:
         38:61:50:88:9f:69:4f:d7:e5:11:05:db:75:eb:bf:79:f1:9c:
         9a:09:bf:96
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6NeXH0Po/EVK7wxZyNC+nfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDc0ZmJiYmFlNThkZDA4NzZkOTllODBlYzgyYTExYTQ0
NzdmN2UwHhcNMjYwNjAzMTIzMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2U1ODVmZGUyMjkxZDg0NWUwNGUzMjE1ZjRlYTM4YzU4ZjUxNTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNPdMrwDwkMHrxqNEgkdv8IiboFh
qi/c62Zxjph7OodrDkEBD92dgJCfhsUeTltUmmirfK11PUqGB96ActugZMlsb5h+
E5xaXK0ix65iNRYuyYF6gLRONxPmoKPRNJIqgY6FYyh0OCAAXuccD2cbHd+p79Dj
Zn8FoSj0NyL10BZ13BD2EE7DSaCVyY5NlPXFBzriPUTmSRr7qehJro0ma9X5mZgP
gg1+Zd8LZWdYM2mBhgoQmx1mVTFe/AEfMbih3N8fkb4gZthELo/5+xY2kxV+xQ7B
6JCRDWqkPWl2RavEGd7GYnBFlTH/uKeFZk+7xzaqhLk56E074l9Cwf/mcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBflhf3iKR2EXgTjIV9Oo4xY9RUtMB8GA1UdIwQY
MBaAFE3XT7u65Y3Qh22Z6A7IKhGkR39+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmIt
OGVhYjdmNGZlNzdlLzEvRi1XRl9lSXBIWVJlQk9NaFgwNmpqRmoxRlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZjVmNTctZTgyOC00YmNmLThkMmItOGVhYjdmNGZlNzdl
LzEvVGRkUHU3cmxqZENIYlpub0RzZ3FFYVJIZjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXouzAwQA
baL5MA0GCSqGSIb3DQEBCwUAA4IBAQAapL6iQOGJTizGSWo5rydUe/bFPFQpLJQE
deQilWb8hON5Ypw0bvVmZL6boaBCXYEMbBfpEAP1676/DHW/UtPRrOYyMnSYhN8k
MDrQz/Fw1jrfAl2UgEfpRByK4tXu1lpQJ7EM5hjEnL9fwZc/joLbowHxQZfptA17
vXyEiHNIXzdNyU5X/EkpUoMiKMuX29UvDfFKloQcHttkqTj+mUzl3I8iGlS9gZWz
dHoQNrA8fOqvS6/xftr0p4zG14Lv9Ef4i/VA8tY3pe018PzNA0PnxT3yq231R9dQ
wBRGy4XLk5PFUC3Yl4s8ceA4YVCIn2lP1+URBdt167958ZyaCb+W
-----END CERTIFICATE-----