Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/g9q3GFPumavcChZUtxEOftPS8QU.roa
File:                     g9q3GFPumavcChZUtxEOftPS8QU.roa (raw, json)
Hash identifier:          TAigC+UWM3HhkXyge9tXmftt5GAxORctKzVlBZ+Na4s=
Subject key identifier:   83:DA:B7:18:53:EE:99:AB:DC:0A:16:54:B7:11:0E:7E:D3:D2:F1:05
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019DFE55B5D542E2B20D6905670AE943DA12
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/g9q3GFPumavcChZUtxEOftPS8QU.roa
Signing time:             Wed 06 May 2026 17:28:43 +0000
ROA not before:           Wed 06 May 2026 17:28:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        87.232.97.0/24 maxlen: 24
                          109.122.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fe:55:b5:d5:42:e2:b2:0d:69:05:67:0a:e9:43:da:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: May  6 17:28:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=83dab71853ee99abdc0a1654b7110e7ed3d2f105
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:09:ee:72:6c:10:1f:7e:bf:9e:16:53:63:9c:
                    01:85:2e:b2:5c:27:ea:f4:d1:eb:f8:c4:6f:74:28:
                    c9:6c:c1:d9:43:00:d8:74:f8:16:2a:69:1a:0a:ce:
                    c1:18:25:40:2a:cb:34:f7:7b:21:41:25:6b:fa:cf:
                    28:f7:95:c0:2f:a3:90:d3:b6:b9:4b:d1:e7:6c:8d:
                    11:43:ba:2b:69:36:60:94:1e:5f:56:60:99:dc:43:
                    f3:d0:e9:3a:ce:e3:15:86:f8:d0:02:8e:6b:42:21:
                    60:38:d9:38:18:15:9a:3e:14:9b:1d:43:c3:05:51:
                    5b:72:c5:50:aa:d5:18:d9:71:45:54:c2:b9:1e:81:
                    b6:e3:36:44:ea:86:60:8d:5c:c5:50:c2:fe:09:c0:
                    3d:9b:a1:d5:fe:51:62:f2:db:d2:47:b8:5a:d9:85:
                    17:55:2e:a5:e5:7b:57:cd:b3:81:07:b4:6f:2d:68:
                    31:d1:07:e8:a8:47:5f:73:21:a2:fd:ab:b0:64:da:
                    a5:07:67:84:a8:fb:71:b0:92:bd:bd:7e:d4:cd:5f:
                    22:10:7c:e5:ac:e3:38:13:29:fe:73:c1:85:3f:b5:
                    e3:ba:4a:44:4d:43:e9:e9:4d:15:e4:a6:58:2e:15:
                    34:85:1d:24:d8:29:3d:44:92:41:8e:a5:f1:71:4c:
                    3a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:DA:B7:18:53:EE:99:AB:DC:0A:16:54:B7:11:0E:7E:D3:D2:F1:05
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/g9q3GFPumavcChZUtxEOftPS8QU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.232.97.0/24
                  109.122.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:2d:0e:58:81:fb:2f:0d:95:83:21:b6:46:5e:62:3c:1d:5b:
         a2:44:d0:c6:51:98:7b:26:72:8e:82:27:26:f1:fe:49:b8:a2:
         f8:e4:31:65:b0:f7:68:1c:cf:90:6e:bd:af:ad:98:71:07:f8:
         1b:89:6f:47:cc:ec:56:03:d0:fb:3a:68:32:da:24:93:6c:21:
         ba:51:5e:24:62:31:73:0f:50:3b:84:06:ec:a2:05:92:2c:b0:
         94:65:70:a2:da:1b:47:ce:23:21:26:03:cb:6e:55:4e:6f:bf:
         c6:11:e6:b0:c0:83:02:0a:f9:49:52:c6:3d:f9:e6:9e:d8:94:
         71:08:2f:1f:73:bd:d0:c4:31:1d:1f:ba:58:c8:d9:a1:21:27:
         2e:a1:77:c0:1b:4a:58:97:85:48:bb:76:50:1f:aa:c7:3c:ab:
         91:bc:a7:3d:b0:f4:51:97:b4:e9:0d:ae:3c:44:64:40:e9:a3:
         69:e7:27:ef:6c:48:f2:1f:93:64:9a:77:0b:06:95:e0:d5:a8:
         b5:01:ef:ca:a0:9d:04:b4:58:f6:5c:61:51:30:48:e0:aa:c6:
         98:08:49:b4:96:de:78:3d:de:7e:62:37:d0:b5:9c:ed:2d:7b:
         ab:e5:c2:e9:9b:31:56:07:d9:b3:13:8b:89:62:cb:18:0a:a6:
         b1:5a:0d:8e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3+VbXVQuKyDWkFZwrpQ9oSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNTA2MTcyODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2RhYjcxODUzZWU5OWFiZGMwYTE2NTRiNzExMGU3ZWQzZDJmMTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgnucmwQH36/nhZTY5wBhS6yXCfq
9NHr+MRvdCjJbMHZQwDYdPgWKmkaCs7BGCVAKss093shQSVr+s8o95XAL6OQ07a5
S9HnbI0RQ7oraTZglB5fVmCZ3EPz0Ok6zuMVhvjQAo5rQiFgONk4GBWaPhSbHUPD
BVFbcsVQqtUY2XFFVMK5HoG24zZE6oZgjVzFUML+CcA9m6HV/lFi8tvSR7ha2YUX
VS6l5XtXzbOBB7RvLWgx0QfoqEdfcyGi/auwZNqlB2eEqPtxsJK9vX7UzV8iEHzl
rOM4Eyn+c8GFP7XjukpETUPp6U0V5KZYLhU0hR0k2Ck9RJJBjqXxcUw60QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIPatxhT7pmr3AoWVLcRDn7T0vEFMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvZzlxM0dGUHVtYXZjQ2haVXR4RU9mdFBTOFFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV+hhAwQA
bXoKMA0GCSqGSIb3DQEBCwUAA4IBAQC0LQ5YgfsvDZWDIbZGXmI8HVuiRNDGUZh7
JnKOgicm8f5JuKL45DFlsPdoHM+Qbr2vrZhxB/gbiW9HzOxWA9D7Omgy2iSTbCG6
UV4kYjFzD1A7hAbsogWSLLCUZXCi2htHziMhJgPLblVOb7/GEeawwIMCCvlJUsY9
+eae2JRxCC8fc73QxDEdH7pYyNmhIScuoXfAG0pYl4VIu3ZQH6rHPKuRvKc9sPRR
l7TpDa48RGRA6aNp5yfvbEjyH5NkmncLBpXg1ai1Ae/KoJ0EtFj2XGFRMEjgqsaY
CEm0lt54Pd5+YjfQtZztLXur5cLpmzFWB9mzE4uJYssYCqaxWg2O
-----END CERTIFICATE-----