Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/a821df-6b49-4489-8a77-d1246cc2c34e/1/FNGdELpGS2bwEGg4hvaYUE_r1O4.roa
File:                     FNGdELpGS2bwEGg4hvaYUE_r1O4.roa (raw, json)
Hash identifier:          Ei6sBNoGSjj3ahbV1+2LrTjtk8IEn6iFKEC198BdvPQ=
Subject key identifier:   14:D1:9D:10:BA:46:4B:66:F0:10:68:38:86:F6:98:50:4F:EB:D4:EE
Certificate issuer:       /CN=0e0134fafba72e06339cadc55d5f13bae482b12d
Certificate serial:       019E92BF977E3B94F663F66338896E01BF9F
Authority key identifier: 0E:01:34:FA:FB:A7:2E:06:33:9C:AD:C5:5D:5F:13:BA:E4:82:B1:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DgE0-vunLgYznK3FXV8TuuSCsS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/a821df-6b49-4489-8a77-d1246cc2c34e/1/FNGdELpGS2bwEGg4hvaYUE_r1O4.roa
Signing time:             Thu 04 Jun 2026 13:08:10 +0000
ROA not before:           Thu 04 Jun 2026 13:08:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49685
IP address blocks:        193.30.170.0/24 maxlen: 24
                          193.30.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/a821df-6b49-4489-8a77-d1246cc2c34e/1/DgE0-vunLgYznK3FXV8TuuSCsS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/a821df-6b49-4489-8a77-d1246cc2c34e/1/DgE0-vunLgYznK3FXV8TuuSCsS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DgE0-vunLgYznK3FXV8TuuSCsS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 01:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:bf:97:7e:3b:94:f6:63:f6:63:38:89:6e:01:bf:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e0134fafba72e06339cadc55d5f13bae482b12d
        Validity
            Not Before: Jun  4 13:08:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=14d19d10ba464b66f010683886f698504febd4ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:62:21:90:b8:c5:17:14:6c:16:c0:f6:59:3c:
                    bc:bb:d0:5a:53:d1:da:37:a9:d3:3d:c9:f6:4e:7c:
                    62:e5:a9:8e:14:cc:b3:18:ce:a7:8e:ec:39:05:d1:
                    82:df:36:f9:b5:6d:fa:18:36:f1:e7:4d:c1:76:47:
                    41:0a:97:fd:5f:16:1c:af:f1:b9:3a:21:2f:ae:94:
                    e1:92:42:79:ae:ba:02:d2:29:6b:32:00:a3:c6:b0:
                    a1:7a:a3:2c:c2:85:65:3b:3d:25:75:bc:b5:93:67:
                    22:76:b0:02:76:03:e5:2a:58:88:bf:0d:9d:42:5e:
                    da:32:5e:98:c3:27:78:72:02:ea:e9:50:d6:89:53:
                    11:f6:84:e8:34:51:9f:25:38:08:89:2f:0e:f5:b8:
                    1c:53:3c:d7:99:12:90:fc:d7:67:5a:a4:15:76:d1:
                    5a:27:87:b8:c0:fa:01:6c:0a:b3:8f:ff:29:4b:a5:
                    94:5d:87:a7:87:59:77:e4:c7:c4:f5:df:ea:f6:91:
                    7c:cb:d4:09:13:34:6c:c8:a4:20:ea:4a:d4:83:ba:
                    14:42:aa:10:4c:95:2d:82:4d:2f:be:bd:37:b3:8c:
                    e9:db:9d:74:16:c4:ff:eb:2e:12:05:03:ea:ae:11:
                    ca:1b:39:5b:21:5f:93:8d:14:1f:ec:32:7f:ae:5e:
                    e7:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:D1:9D:10:BA:46:4B:66:F0:10:68:38:86:F6:98:50:4F:EB:D4:EE
            X509v3 Authority Key Identifier:
                keyid:0E:01:34:FA:FB:A7:2E:06:33:9C:AD:C5:5D:5F:13:BA:E4:82:B1:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DgE0-vunLgYznK3FXV8TuuSCsS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/a821df-6b49-4489-8a77-d1246cc2c34e/1/FNGdELpGS2bwEGg4hvaYUE_r1O4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/a821df-6b49-4489-8a77-d1246cc2c34e/1/DgE0-vunLgYznK3FXV8TuuSCsS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.170.0/24
                  193.30.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:87:c8:f9:eb:4f:82:48:ed:c7:25:d2:b7:07:05:84:ad:7d:
         ec:95:32:92:9c:cc:59:a6:3d:25:47:9b:83:21:ec:e6:61:cc:
         0d:40:8b:4e:be:aa:97:c2:bb:53:18:6f:81:cd:56:be:f0:48:
         49:16:85:6b:38:e2:c5:1a:6a:38:1b:a6:89:ad:39:88:4d:c9:
         ae:0c:da:da:7c:68:62:a7:de:ed:65:c7:73:86:c5:c5:7b:e1:
         57:e5:72:fa:c6:18:ef:b9:2f:b9:04:cc:86:5c:eb:e6:ad:9e:
         62:d8:61:4d:46:66:f2:6a:1c:a5:f2:f0:35:12:cb:08:f2:18:
         7c:41:a4:52:f3:a5:ae:b9:1e:66:01:09:5c:ab:af:31:c3:8a:
         3d:ba:1b:cc:79:50:f9:e3:db:f9:be:f1:b7:fa:9c:ce:de:cb:
         d1:96:e9:4d:5a:30:a2:57:42:2f:f7:2c:06:e1:9a:42:21:46:
         1a:3d:ee:88:64:52:0d:a3:72:fe:90:45:71:98:eb:dc:3b:1d:
         f6:dc:e1:40:0a:2e:96:9f:49:74:71:35:fd:e7:3d:ce:c4:a8:
         e1:6d:99:40:67:18:e0:81:0c:38:e4:20:f7:44:e4:a0:24:74:
         50:b3:d9:97:16:6e:9c:09:f9:a3:89:28:93:df:b1:c8:90:ef:
         de:16:95:a6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6Sv5d+O5T2Y/ZjOIluAb+fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMDEzNGZhZmJhNzJlMDYzMzljYWRjNTVkNWYxM2JhZTQ4
MmIxMmQwHhcNMjYwNjA0MTMwODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGQxOWQxMGJhNDY0YjY2ZjAxMDY4Mzg4NmY2OTg1MDRmZWJkNGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2IhkLjFFxRsFsD2WTy8u9BaU9Ha
N6nTPcn2Tnxi5amOFMyzGM6njuw5BdGC3zb5tW36GDbx503BdkdBCpf9XxYcr/G5
OiEvrpThkkJ5rroC0ilrMgCjxrCheqMswoVlOz0ldby1k2cidrACdgPlKliIvw2d
Ql7aMl6Ywyd4cgLq6VDWiVMR9oToNFGfJTgIiS8O9bgcUzzXmRKQ/NdnWqQVdtFa
J4e4wPoBbAqzj/8pS6WUXYenh1l35MfE9d/q9pF8y9QJEzRsyKQg6krUg7oUQqoQ
TJUtgk0vvr03s4zp2510FsT/6y4SBQPqrhHKGzlbIV+TjRQf7DJ/rl7nawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBTRnRC6Rktm8BBoOIb2mFBP69TuMB8GA1UdIwQY
MBaAFA4BNPr7py4GM5ytxV1fE7rkgrEtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGdFMC12dW5MZ1l6bkszRlhWOFR1dVNDc1MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9hODIxZGYtNmI0OS00NDg5LThhNzct
ZDEyNDZjYzJjMzRlLzEvRk5HZEVMcEdTMmJ3RUdnNGh2YVlVRV9yMU80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9hODIxZGYtNmI0OS00NDg5LThhNzctZDEyNDZjYzJjMzRl
LzEvRGdFMC12dW5MZ1l6bkszRlhWOFR1dVNDc1MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwR6qAwQA
wR6/MA0GCSqGSIb3DQEBCwUAA4IBAQBoh8j560+CSO3HJdK3BwWErX3slTKSnMxZ
pj0lR5uDIezmYcwNQItOvqqXwrtTGG+BzVa+8EhJFoVrOOLFGmo4G6aJrTmITcmu
DNrafGhip97tZcdzhsXFe+FX5XL6xhjvuS+5BMyGXOvmrZ5i2GFNRmbyahyl8vA1
EssI8hh8QaRS86WuuR5mAQlcq68xw4o9uhvMeVD549v5vvG3+pzO3svRlulNWjCi
V0Iv9ywG4ZpCIUYaPe6IZFINo3L+kEVxmOvcOx323OFACi6Wn0l0cTX95z3OxKjh
bZlAZxjggQw45CD3ROSgJHRQs9mXFm6cCfmjiSiT37HIkO/eFpWm
-----END CERTIFICATE-----