Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/CxFnlcYg39ZYyt30Rxwv9-jU18M.roa
File:                     CxFnlcYg39ZYyt30Rxwv9-jU18M.roa (raw, json)
Hash identifier:          PqEFTHTRRCUiFEUL4Hq4adx4g6udRtY758KFRZ8Fbok=
Subject key identifier:   0B:11:67:95:C6:20:DF:D6:58:CA:DD:F4:47:1C:2F:F7:E8:D4:D7:C3
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       019CD77C917914D8B35F0135F12AFEAE460B
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/CxFnlcYg39ZYyt30Rxwv9-jU18M.roa
Signing time:             Tue 10 Mar 2026 11:23:11 +0000
ROA not before:           Tue 10 Mar 2026 11:23:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50977
IP address blocks:        109.107.96.0/19 maxlen: 24
                          185.96.24.0/22 maxlen: 24
                          185.214.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 21:05:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d7:7c:91:79:14:d8:b3:5f:01:35:f1:2a:fe:ae:46:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Mar 10 11:23:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b116795c620dfd658caddf4471c2ff7e8d4d7c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f6:f7:28:b5:6c:25:66:71:f4:4b:97:c9:f7:
                    8e:37:55:20:82:2c:4a:07:78:c9:db:9a:57:b9:fc:
                    01:2b:b6:6c:cb:f7:90:b1:97:95:db:84:e8:74:a0:
                    4b:ca:ea:ab:a5:ad:3e:73:a6:c0:2f:98:e8:dc:be:
                    d0:c1:cd:c6:f0:ec:d0:ab:4c:8c:76:67:bf:a5:5d:
                    22:70:2c:5e:85:9a:a7:90:c7:63:a4:55:4c:9b:b3:
                    14:1b:f4:cf:b4:ab:cb:4b:69:c5:2e:2e:75:f5:3d:
                    aa:15:f0:80:cd:ce:17:f5:c4:9e:47:2f:64:06:0c:
                    14:82:e7:2a:d1:1a:a0:64:28:fa:8a:56:ca:3d:5e:
                    df:70:2d:ef:4a:ea:6e:ab:c6:bf:d5:79:3d:c5:0f:
                    dc:53:d4:3e:04:80:5a:1d:aa:a3:3f:28:d7:19:62:
                    e3:99:86:01:78:21:31:4c:09:5e:9f:5a:bd:4c:87:
                    e2:3d:b8:c9:33:3d:00:05:da:5c:70:9f:b0:62:3b:
                    61:e2:08:0b:6e:f7:09:cc:8d:8e:da:ce:b4:39:41:
                    0f:cb:8c:a6:3f:f7:01:b9:f0:1d:81:92:6a:31:ec:
                    72:34:ef:5c:d6:12:f1:00:17:d0:1f:f3:b2:d5:a4:
                    f4:f6:56:c5:b0:89:d4:bd:67:aa:18:1b:50:8d:82:
                    b9:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:11:67:95:C6:20:DF:D6:58:CA:DD:F4:47:1C:2F:F7:E8:D4:D7:C3
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/CxFnlcYg39ZYyt30Rxwv9-jU18M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.96.0/19
                  185.96.24.0/22
                  185.214.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:78:eb:02:b2:b3:d4:96:a8:af:62:16:7b:d3:11:d8:77:1b:
         18:33:11:8c:94:88:cf:f5:82:d4:35:fb:39:d8:89:5d:07:43:
         ea:b0:78:a1:5f:4c:0a:0e:9c:94:63:ae:19:4d:44:0f:85:70:
         c8:71:8e:20:53:59:c4:6d:68:ad:a5:63:0d:81:b4:a9:4e:1a:
         15:2b:30:22:e4:ea:20:29:02:fc:70:77:ce:3b:e3:df:da:c8:
         c1:d4:8d:0d:62:ae:99:ba:8a:78:6e:5f:15:3c:f1:4a:c7:c1:
         7c:ff:66:25:58:a6:ae:03:37:54:e8:86:8c:f3:63:cd:71:ca:
         ca:11:24:71:e3:aa:3c:60:14:1a:97:52:31:c5:fd:50:49:c4:
         6b:46:85:01:fe:7e:70:e9:a8:4a:c0:2f:f6:91:71:4a:cf:6e:
         38:e8:7d:fd:04:0f:58:71:47:75:47:51:3b:10:13:c8:51:4b:
         26:bb:a2:f3:52:07:12:03:ad:41:2f:31:95:af:de:ac:b4:94:
         59:56:b3:d8:df:73:6b:34:8b:41:5b:1a:06:9a:10:72:fe:bd:
         46:b4:9f:08:51:48:8b:da:c4:00:8c:1c:d7:fa:39:48:47:df:
         36:e3:de:72:08:c9:f5:71:31:af:aa:51:6b:6f:49:ff:4f:60:
         80:9e:f4:ed
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZzXfJF5FNizXwE18Sr+rkYLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjYwMzEwMTEyMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjExNjc5NWM2MjBkZmQ2NThjYWRkZjQ0NzFjMmZmN2U4ZDRkN2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPb3KLVsJWZx9EuXyfeON1UggixK
B3jJ25pXufwBK7Zsy/eQsZeV24TodKBLyuqrpa0+c6bAL5jo3L7Qwc3G8OzQq0yM
dme/pV0icCxehZqnkMdjpFVMm7MUG/TPtKvLS2nFLi519T2qFfCAzc4X9cSeRy9k
BgwUgucq0RqgZCj6ilbKPV7fcC3vSupuq8a/1Xk9xQ/cU9Q+BIBaHaqjPyjXGWLj
mYYBeCExTAlen1q9TIfiPbjJMz0ABdpccJ+wYjth4ggLbvcJzI2O2s60OUEPy4ym
P/cBufAdgZJqMexyNO9c1hLxABfQH/Oy1aT09lbFsInUvWeqGBtQjYK5qQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAsRZ5XGIN/WWMrd9EccL/fo1NfDMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvQ3hGbmxjWWczOVpZeXQzMFJ4d3Y5LWpVMThNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFbWtgAwQC
uWAYAwQAudYPMA0GCSqGSIb3DQEBCwUAA4IBAQBueOsCsrPUlqivYhZ70xHYdxsY
MxGMlIjP9YLUNfs52IldB0PqsHihX0wKDpyUY64ZTUQPhXDIcY4gU1nEbWitpWMN
gbSpThoVKzAi5OogKQL8cHfOO+Pf2sjB1I0NYq6Zuop4bl8VPPFKx8F8/2YlWKau
AzdU6IaM82PNccrKESRx46o8YBQal1Ixxf1QScRrRoUB/n5w6ahKwC/2kXFKz244
6H39BA9YcUd1R1E7EBPIUUsmu6LzUgcSA61BLzGVr96stJRZVrPY33NrNItBWxoG
mhBy/r1GtJ8IUUiL2sQAjBzX+jlIR982495yCMn1cTGvqlFrb0n/T2CAnvTt
-----END CERTIFICATE-----