Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/b36e69-f81b-400a-aed1-5d3efe2109aa/1/9nPlOHYAHfyq6nvNreDs-Z27tqM.roa
File:                     9nPlOHYAHfyq6nvNreDs-Z27tqM.roa (raw, json)
Hash identifier:          lVEwvYAKVlQiegB9BUjPpXT5BRTtW+2GQKgK1DFVwe0=
Subject key identifier:   F6:73:E5:38:76:00:1D:FC:AA:EA:7B:CD:AD:E0:EC:F9:9D:BB:B6:A3
Certificate issuer:       /CN=d71f1659eac9a6a3431df609f9e2e2196a045c8d
Certificate serial:       019CB267B562296F3898A7C731E818F7652A
Authority key identifier: D7:1F:16:59:EA:C9:A6:A3:43:1D:F6:09:F9:E2:E2:19:6A:04:5C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1x8WWerJpqNDHfYJ-eLiGWoEXI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/b36e69-f81b-400a-aed1-5d3efe2109aa/1/9nPlOHYAHfyq6nvNreDs-Z27tqM.roa
Signing time:             Tue 03 Mar 2026 06:34:26 +0000
ROA not before:           Tue 03 Mar 2026 06:34:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47269
IP address blocks:        93.91.240.0/20 maxlen: 22
                          2a05:d540::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/b36e69-f81b-400a-aed1-5d3efe2109aa/1/1x8WWerJpqNDHfYJ-eLiGWoEXI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/b36e69-f81b-400a-aed1-5d3efe2109aa/1/1x8WWerJpqNDHfYJ-eLiGWoEXI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1x8WWerJpqNDHfYJ-eLiGWoEXI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b2:67:b5:62:29:6f:38:98:a7:c7:31:e8:18:f7:65:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d71f1659eac9a6a3431df609f9e2e2196a045c8d
        Validity
            Not Before: Mar  3 06:34:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f673e53876001dfcaaea7bcdade0ecf99dbbb6a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:48:e1:ff:92:a9:b0:ad:74:cb:64:5b:4d:76:
                    0b:99:a2:a7:fb:d4:00:03:89:da:8f:35:e7:38:01:
                    bd:af:6c:17:b0:0e:a5:58:04:4e:07:fa:ee:26:b0:
                    7c:bb:7e:aa:da:fa:4a:fa:c2:d7:4a:9c:f7:22:27:
                    53:c3:b8:69:04:ee:40:02:ba:24:11:2b:43:df:91:
                    45:b7:a8:94:6a:b5:60:b8:6d:d5:de:f6:6a:de:d5:
                    d0:10:01:2b:cf:fb:67:dd:ec:84:27:17:85:94:71:
                    84:c3:29:b0:b5:2a:db:b9:43:c2:f8:32:47:13:f3:
                    8d:a9:00:0c:1b:d8:8e:57:51:51:13:0e:da:d9:ff:
                    4c:34:46:c1:69:a1:cc:b2:a1:b5:9e:f1:00:91:71:
                    5d:81:7f:17:93:5b:fc:44:5e:f5:e8:37:ea:50:98:
                    c4:22:2d:fe:d4:3f:84:1b:ef:6e:b7:11:12:51:f0:
                    b4:f1:39:01:10:c0:0e:63:f6:e0:be:ec:0e:1b:a5:
                    5f:49:8d:80:4c:48:78:5d:b1:10:bb:6f:8f:14:68:
                    28:13:4a:ec:2d:99:38:53:49:c9:3c:1e:31:c3:a5:
                    a0:a1:0c:6d:45:f2:2d:c0:9b:c1:cf:79:38:2a:44:
                    b3:70:6a:64:c3:39:92:e8:55:51:9d:0c:78:e5:16:
                    27:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:73:E5:38:76:00:1D:FC:AA:EA:7B:CD:AD:E0:EC:F9:9D:BB:B6:A3
            X509v3 Authority Key Identifier:
                keyid:D7:1F:16:59:EA:C9:A6:A3:43:1D:F6:09:F9:E2:E2:19:6A:04:5C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1x8WWerJpqNDHfYJ-eLiGWoEXI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/b36e69-f81b-400a-aed1-5d3efe2109aa/1/9nPlOHYAHfyq6nvNreDs-Z27tqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/b36e69-f81b-400a-aed1-5d3efe2109aa/1/1x8WWerJpqNDHfYJ-eLiGWoEXI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.91.240.0/20
                IPv6:
                  2a05:d540::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:c4:e5:24:26:56:34:1d:e9:9b:38:83:c8:08:31:a2:6a:ec:
         71:fb:88:38:ce:ba:c4:43:64:f4:29:8e:6c:06:6a:bd:e1:a1:
         84:5a:67:93:72:2a:14:be:5e:75:ad:7f:89:8c:41:61:d8:b1:
         57:f2:66:22:58:f9:4f:58:45:11:ca:07:43:9d:bd:c3:44:cb:
         fe:e1:b5:b2:37:89:e3:1b:79:95:51:76:af:90:ba:c7:c4:d6:
         6a:00:46:7d:07:ed:24:6c:0a:13:12:e6:42:57:d4:5a:1e:23:
         4f:2f:cc:e4:5c:80:52:57:d3:2c:be:a5:9c:ad:05:cb:c1:23:
         74:12:68:a5:8f:ae:69:75:f2:eb:2a:e5:0b:ff:0a:d7:3d:a0:
         b6:73:98:01:fd:5f:eb:53:93:b3:54:a6:6a:e5:a5:db:e3:6e:
         d9:fe:3a:9b:d3:90:c8:db:b8:87:a1:41:9c:72:be:67:a3:94:
         db:02:53:40:78:d0:5e:5f:5c:c1:0e:5d:e8:c2:2b:16:f2:01:
         30:59:11:f7:61:ee:81:be:84:9b:0e:5b:0a:e9:ef:fb:7b:cc:
         81:f8:08:9f:f3:e3:f7:7d:14:a7:70:88:f7:3d:5f:46:c8:d5:
         8e:2c:42:65:a8:76:6e:af:3a:63:80:73:9e:84:a4:7f:9c:f3:
         00:51:c3:18
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZyyZ7ViKW84mKfHMegY92UqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MWYxNjU5ZWFjOWE2YTM0MzFkZjYwOWY5ZTJlMjE5NmEw
NDVjOGQwHhcNMjYwMzAzMDYzNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjczZTUzODc2MDAxZGZjYWFlYTdiY2RhZGUwZWNmOTlkYmJiNmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEjh/5KpsK10y2RbTXYLmaKn+9QA
A4najzXnOAG9r2wXsA6lWAROB/ruJrB8u36q2vpK+sLXSpz3IidTw7hpBO5AArok
EStD35FFt6iUarVguG3V3vZq3tXQEAErz/tn3eyEJxeFlHGEwymwtSrbuUPC+DJH
E/ONqQAMG9iOV1FREw7a2f9MNEbBaaHMsqG1nvEAkXFdgX8Xk1v8RF716DfqUJjE
Ii3+1D+EG+9utxESUfC08TkBEMAOY/bgvuwOG6VfSY2ATEh4XbEQu2+PFGgoE0rs
LZk4U0nJPB4xw6WgoQxtRfItwJvBz3k4KkSzcGpkwzmS6FVRnQx45RYnZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPZz5Th2AB38qup7za3g7Pmdu7ajMB8GA1UdIwQY
MBaAFNcfFlnqyaajQx32Cfni4hlqBFyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXg4V1dlckpwcU5ESGZZSi1lTGlHV29FWEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9iMzZlNjktZjgxYi00MDBhLWFlZDEt
NWQzZWZlMjEwOWFhLzEvOW5QbE9IWUFIZnlxNm52TnJlRHMtWjI3dHFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9iMzZlNjktZjgxYi00MDBhLWFlZDEtNWQzZWZlMjEwOWFh
LzEvMXg4V1dlckpwcU5ESGZZSi1lTGlHV29FWEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEXVvwMA0E
AgACMAcDBQMqBdVAMA0GCSqGSIb3DQEBCwUAA4IBAQBFxOUkJlY0HembOIPICDGi
auxx+4g4zrrEQ2T0KY5sBmq94aGEWmeTcioUvl51rX+JjEFh2LFX8mYiWPlPWEUR
ygdDnb3DRMv+4bWyN4njG3mVUXavkLrHxNZqAEZ9B+0kbAoTEuZCV9RaHiNPL8zk
XIBSV9MsvqWcrQXLwSN0Emilj65pdfLrKuUL/wrXPaC2c5gB/V/rU5OzVKZq5aXb
427Z/jqb05DI27iHoUGccr5no5TbAlNAeNBeX1zBDl3owisW8gEwWRH3Ye6BvoSb
DlsK6e/7e8yB+Aif8+P3fRSncIj3PV9GyNWOLEJlqHZurzpjgHOehKR/nPMAUcMY
-----END CERTIFICATE-----