Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/FUkJHIVrFrlOWEZn3NYUiH6k_bc.roa
File:                     FUkJHIVrFrlOWEZn3NYUiH6k_bc.roa (raw, json)
Hash identifier:          vGaTybYdhyeaOAPwcCS7Uix9cUhClZLn4jQWoTrNwYQ=
Subject key identifier:   15:49:09:1C:85:6B:16:B9:4E:58:46:67:DC:D6:14:88:7E:A4:FD:B7
Certificate issuer:       /CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
Certificate serial:       019F23687C823969D982BEC4749EE29FA1C7
Authority key identifier: C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/FUkJHIVrFrlOWEZn3NYUiH6k_bc.roa
Signing time:             Thu 02 Jul 2026 15:17:57 +0000
ROA not before:           Thu 02 Jul 2026 15:17:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214143
IP address blocks:        213.220.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 Jul 2026 15:19:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:23:68:7c:82:39:69:d9:82:be:c4:74:9e:e2:9f:a1:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c060d46d1d8046b4d74e4d815818c8e3659edbe9
        Validity
            Not Before: Jul  2 15:17:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1549091c856b16b94e584667dcd614887ea4fdb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:83:73:06:17:94:1e:76:0b:4f:fc:00:99:23:
                    fa:fa:56:61:ab:6c:5d:d0:be:4e:5d:a7:e3:f6:d1:
                    82:0d:94:3f:03:6e:43:12:b3:67:29:d1:9a:52:62:
                    58:c1:08:f8:81:b4:3f:89:0d:9d:da:11:05:d5:e6:
                    08:06:bf:81:83:66:90:bf:81:d7:17:36:d5:b1:ac:
                    60:a8:c7:8d:ea:10:75:59:f2:c7:c7:00:6a:fd:86:
                    76:5d:8d:ab:e5:4b:86:0b:2f:cd:3c:3f:26:b7:0a:
                    f0:8f:72:52:ee:00:7b:21:ec:20:75:6d:25:27:21:
                    35:57:90:19:04:78:e6:d8:39:9e:c2:5e:a9:db:b5:
                    bf:b8:69:13:c3:0a:a0:72:49:8b:37:8c:62:8e:c9:
                    29:e8:e0:95:eb:9c:94:62:14:35:c6:b1:26:40:3f:
                    e2:b9:c1:f6:63:52:4c:51:f5:e4:37:f5:5a:d8:b1:
                    eb:c1:a1:bd:fa:5f:92:38:69:7d:ea:0e:d7:40:66:
                    57:4e:2c:bb:2a:c2:43:69:12:47:85:0c:7b:a8:0f:
                    7b:45:c4:b8:0b:96:e1:cf:b4:f4:3f:59:36:13:76:
                    39:46:45:be:3c:1a:45:5f:f1:3f:de:5f:d2:2d:32:
                    42:99:0b:2a:b0:0d:06:58:1f:bd:fe:d5:84:88:10:
                    6c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:49:09:1C:85:6B:16:B9:4E:58:46:67:DC:D6:14:88:7E:A4:FD:B7
            X509v3 Authority Key Identifier:
                keyid:C0:60:D4:6D:1D:80:46:B4:D7:4E:4D:81:58:18:C8:E3:65:9E:DB:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wGDUbR2ARrTXTk2BWBjI42We2-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/FUkJHIVrFrlOWEZn3NYUiH6k_bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/wGDUbR2ARrTXTk2BWBjI42We2-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.220.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:f3:9d:72:e1:f0:b2:54:54:99:25:3e:5a:13:93:4c:84:ff:
         85:3f:40:0f:14:45:5a:76:3a:41:6c:9a:2f:33:83:e3:61:43:
         a1:2c:14:da:b9:56:9e:92:5c:41:0b:d6:3a:1b:a7:57:b3:28:
         aa:53:3f:6f:bb:c7:a8:61:4b:21:f7:7f:98:25:d9:01:d1:53:
         05:02:18:66:9d:d7:c7:cf:6e:e0:08:9e:e2:f4:6b:c2:57:75:
         7c:71:98:10:c3:15:75:f2:9f:88:d4:e9:36:15:3e:07:89:14:
         40:61:05:aa:b9:01:eb:c5:87:35:ff:fd:fd:f7:aa:fa:81:9b:
         67:e4:db:a3:9e:2d:87:6d:73:8c:1e:c1:de:fc:30:0c:25:9a:
         f5:ba:53:03:8e:cd:b4:9c:34:cc:7e:0d:dc:e3:20:f6:30:df:
         83:ad:ac:55:b7:6c:a4:49:5b:9c:56:03:6f:ac:df:b1:5a:2e:
         86:2c:62:cd:6e:03:1d:7b:2d:b5:d9:7d:a4:aa:bc:15:97:2f:
         b4:47:88:1c:d6:f5:75:6f:88:00:2e:0d:a8:67:51:e7:e9:c8:
         03:ff:ca:91:27:93:31:1b:9b:50:7d:6e:be:ab:aa:ee:72:9b:
         90:ac:ae:15:2a:24:3c:40:48:d2:ba:b6:4f:3d:72:8c:0f:f2:
         54:03:d2:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8jaHyCOWnZgr7EdJ7in6HHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNjBkNDZkMWQ4MDQ2YjRkNzRlNGQ4MTU4MThjOGUzNjU5
ZWRiZTkwHhcNMjYwNzAyMTUxNzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTQ5MDkxYzg1NmIxNmI5NGU1ODQ2NjdkY2Q2MTQ4ODdlYTRmZGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/INzBheUHnYLT/wAmSP6+lZhq2xd
0L5OXafj9tGCDZQ/A25DErNnKdGaUmJYwQj4gbQ/iQ2d2hEF1eYIBr+Bg2aQv4HX
FzbVsaxgqMeN6hB1WfLHxwBq/YZ2XY2r5UuGCy/NPD8mtwrwj3JS7gB7IewgdW0l
JyE1V5AZBHjm2Dmewl6p27W/uGkTwwqgckmLN4xijskp6OCV65yUYhQ1xrEmQD/i
ucH2Y1JMUfXkN/Va2LHrwaG9+l+SOGl96g7XQGZXTiy7KsJDaRJHhQx7qA97RcS4
C5bhz7T0P1k2E3Y5RkW+PBpFX/E/3l/SLTJCmQsqsA0GWB+9/tWEiBBsYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVJCRyFaxa5TlhGZ9zWFIh+pP23MB8GA1UdIwQY
MBaAFMBg1G0dgEa0105NgVgYyONlntvpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvRlVrSkhJVnJGcmxPV0VabjNOWVVpSDZrX2JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvd0dEVWJSMkFSclRYVGsyQldCakk0MldlMi1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dwJMA0G
CSqGSIb3DQEBCwUAA4IBAQCo851y4fCyVFSZJT5aE5NMhP+FP0APFEVadjpBbJov
M4PjYUOhLBTauVaeklxBC9Y6G6dXsyiqUz9vu8eoYUsh93+YJdkB0VMFAhhmndfH
z27gCJ7i9GvCV3V8cZgQwxV18p+I1Ok2FT4HiRRAYQWquQHrxYc1//3996r6gZtn
5Nujni2HbXOMHsHe/DAMJZr1ulMDjs20nDTMfg3c4yD2MN+DraxVt2ykSVucVgNv
rN+xWi6GLGLNbgMdey212X2kqrwVly+0R4gc1vV1b4gALg2oZ1Hn6cgD/8qRJ5Mx
G5tQfW6+q6rucpuQrK4VKiQ8QEjSurZPPXKMD/JUA9Iw
-----END CERTIFICATE-----
Generated at Thu Jul 2 23:46:59 2026 by rpki-client