Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/9x6A_44DmhjUdmZc-91SVblIzzU.roa
File:                     9x6A_44DmhjUdmZc-91SVblIzzU.roa (raw, json)
Hash identifier:          Zq9yaBpaZ+aBziMJ1/+yrfN4aq9wlL9Vb/3S/E0e94s=
Subject key identifier:   F7:1E:80:FF:8E:03:9A:18:D4:76:66:5C:FB:DD:52:55:B9:48:CF:35
Certificate issuer:       /CN=8f4669216a2078cb024231f4632eab4da7ee4bc1
Certificate serial:       019CFCFEE6F3FB8C305792D81881894537D4
Authority key identifier: 8F:46:69:21:6A:20:78:CB:02:42:31:F4:63:2E:AB:4D:A7:EE:4B:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/9x6A_44DmhjUdmZc-91SVblIzzU.roa
Signing time:             Tue 17 Mar 2026 18:11:29 +0000
ROA not before:           Tue 17 Mar 2026 18:11:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        185.46.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fc:fe:e6:f3:fb:8c:30:57:92:d8:18:81:89:45:37:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4669216a2078cb024231f4632eab4da7ee4bc1
        Validity
            Not Before: Mar 17 18:11:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f71e80ff8e039a18d476665cfbdd5255b948cf35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ee:28:cc:b5:5c:24:ee:26:5c:e4:bc:dd:91:
                    af:cc:94:40:b0:4c:f5:df:24:38:b4:bd:cb:b4:e2:
                    5a:1b:d1:c5:82:0a:40:58:51:e2:16:67:8d:fb:02:
                    7c:fc:4d:80:58:d5:d6:38:6a:b2:85:5f:8c:e2:92:
                    12:d0:e6:06:ec:c6:2c:99:64:c7:31:18:d8:1f:8b:
                    e1:06:a4:5d:87:d4:fe:66:25:6a:fc:84:d1:82:ec:
                    77:55:1e:68:0b:b0:16:ff:14:c4:82:85:3e:e8:f9:
                    3b:58:5c:6c:36:40:e7:59:c8:d9:6b:6d:ff:73:2f:
                    15:66:c2:a7:f4:da:8d:4a:63:79:e5:3d:a8:f6:36:
                    5d:84:a4:91:85:c2:28:b1:c0:90:4d:08:0d:09:1c:
                    a5:b0:8b:08:06:5a:d2:de:79:3d:23:9e:e6:1f:4e:
                    a9:3e:6d:f3:e2:67:9d:60:b4:bc:96:50:4a:2c:51:
                    7e:ab:5f:6b:1c:ad:fc:97:97:2f:46:10:79:c7:8a:
                    e2:69:5c:30:02:32:1d:e3:2f:54:e7:8b:a4:a6:16:
                    98:04:41:a9:1a:02:13:c3:95:7c:e5:09:e5:bb:88:
                    39:dd:42:cd:c9:c7:82:d8:8b:ec:60:a0:37:84:7f:
                    bd:bf:ee:87:5e:57:ef:3f:a0:ba:4a:65:42:fc:4b:
                    39:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:1E:80:FF:8E:03:9A:18:D4:76:66:5C:FB:DD:52:55:B9:48:CF:35
            X509v3 Authority Key Identifier:
                keyid:8F:46:69:21:6A:20:78:CB:02:42:31:F4:63:2E:AB:4D:A7:EE:4B:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/9x6A_44DmhjUdmZc-91SVblIzzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:00:44:cc:ea:35:dc:e1:96:da:8f:26:25:3d:31:02:ec:c1:
         1f:c7:37:03:11:8f:0d:88:b5:c1:f9:11:f1:4b:ad:2c:31:00:
         e8:cc:aa:cf:1e:c1:e8:5d:99:b3:6a:8f:d3:eb:f5:ed:fe:00:
         ad:7e:3e:41:d6:da:f4:a0:74:e9:60:79:ee:20:95:97:7c:fb:
         db:cf:86:b8:fa:5a:f7:58:61:82:75:b4:83:95:9c:de:4c:4f:
         4f:1d:ad:5a:87:09:84:92:92:e7:18:6d:ab:f1:09:ca:2f:d4:
         d4:8f:ae:64:93:e6:d7:e7:37:e0:37:d3:3c:05:ce:27:96:02:
         03:02:21:55:ae:6f:c9:bd:32:9d:00:b1:67:db:99:90:a5:1b:
         82:b7:bd:f0:34:a3:e2:4d:e6:f5:8a:52:48:ce:d8:14:36:34:
         d4:de:1b:a6:32:7e:47:be:5c:73:c4:2f:1e:4c:d2:e5:b3:41:
         2c:c8:0e:3c:fb:21:c0:6f:45:c7:3a:c0:3c:ad:45:d5:0d:ab:
         03:47:5e:52:da:58:1b:24:cc:5c:ea:ac:1e:f8:41:00:f5:96:
         2c:61:52:73:44:6d:71:62:07:6a:1a:96:5f:a0:81:52:46:c4:
         07:3b:8e:39:d3:fd:ab:73:69:22:da:95:51:a5:2e:46:fc:e6:
         7a:8b:fe:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz8/ubz+4wwV5LYGIGJRTfUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNDY2OTIxNmEyMDc4Y2IwMjQyMzFmNDYzMmVhYjRkYTdl
ZTRiYzEwHhcNMjYwMzE3MTgxMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzFlODBmZjhlMDM5YTE4ZDQ3NjY2NWNmYmRkNTI1NWI5NDhjZjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0e4ozLVcJO4mXOS83ZGvzJRAsEz1
3yQ4tL3LtOJaG9HFggpAWFHiFmeN+wJ8/E2AWNXWOGqyhV+M4pIS0OYG7MYsmWTH
MRjYH4vhBqRdh9T+ZiVq/ITRgux3VR5oC7AW/xTEgoU+6Pk7WFxsNkDnWcjZa23/
cy8VZsKn9NqNSmN55T2o9jZdhKSRhcIoscCQTQgNCRylsIsIBlrS3nk9I57mH06p
Pm3z4medYLS8llBKLFF+q19rHK38l5cvRhB5x4riaVwwAjId4y9U54ukphaYBEGp
GgITw5V85Qnlu4g53ULNyceC2IvsYKA3hH+9v+6HXlfvP6C6SmVC/Es5LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPcegP+OA5oY1HZmXPvdUlW5SM81MB8GA1UdIwQY
MBaAFI9GaSFqIHjLAkIx9GMuq02n7kvBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajBacElXb2dlTXNDUWpIMFl5NnJUYWZ1UzhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kYTQ4ZTItZmY2My00YmNkLTgyYTIt
ZDdiOGViNDYwOGUyLzEvOXg2QV80NERtaGpVZG1aYy05MVNWYmxJenpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kYTQ4ZTItZmY2My00YmNkLTgyYTItZDdiOGViNDYwOGUy
LzEvajBacElXb2dlTXNDUWpIMFl5NnJUYWZ1UzhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS5yMA0G
CSqGSIb3DQEBCwUAA4IBAQBLAETM6jXc4ZbajyYlPTEC7MEfxzcDEY8NiLXB+RHx
S60sMQDozKrPHsHoXZmzao/T6/Xt/gCtfj5B1tr0oHTpYHnuIJWXfPvbz4a4+lr3
WGGCdbSDlZzeTE9PHa1ahwmEkpLnGG2r8QnKL9TUj65kk+bX5zfgN9M8Bc4nlgID
AiFVrm/JvTKdALFn25mQpRuCt73wNKPiTeb1ilJIztgUNjTU3humMn5HvlxzxC8e
TNLls0EsyA48+yHAb0XHOsA8rUXVDasDR15S2lgbJMxc6qwe+EEA9ZYsYVJzRG1x
YgdqGpZfoIFSRsQHO4450/2rc2ki2pVRpS5G/OZ6i/5d
-----END CERTIFICATE-----