Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/9DNM9PMqieKS14TaRfxOrQyg9hc.roa
File:                     9DNM9PMqieKS14TaRfxOrQyg9hc.roa (raw, json)
Hash identifier:          vZ+uEQXeB+m5jTDtG/nL5KoK3X/ROFtoOEZFZJc3CtY=
Subject key identifier:   F4:33:4C:F4:F3:2A:89:E2:92:D7:84:DA:45:FC:4E:AD:0C:A0:F6:17
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019D077A51E87E5731FCE6003F4973C07EAF
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/9DNM9PMqieKS14TaRfxOrQyg9hc.roa
Signing time:             Thu 19 Mar 2026 19:02:30 +0000
ROA not before:           Thu 19 Mar 2026 19:02:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26548
IP address blocks:        91.240.71.0/24 maxlen: 24
                          194.105.158.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:07:7a:51:e8:7e:57:31:fc:e6:00:3f:49:73:c0:7e:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Mar 19 19:02:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f4334cf4f32a89e292d784da45fc4ead0ca0f617
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:63:57:1e:07:19:00:c6:a8:e3:0a:b7:e3:a5:
                    dd:5d:48:a2:41:f3:82:5f:63:77:a0:7a:11:1d:d2:
                    8c:8e:b4:2d:38:9d:fe:48:05:53:00:b0:3a:88:e0:
                    5f:30:a8:0f:7f:f1:a0:b4:59:0b:92:0c:86:51:27:
                    38:ac:1d:fb:84:4a:07:39:de:d3:13:40:fa:b1:05:
                    ee:cd:20:bc:dc:cc:5f:2d:fd:c8:1e:5e:35:10:d4:
                    e9:24:85:a3:5e:ab:b6:1b:d8:c8:09:67:40:94:7a:
                    ea:02:a7:5b:f4:64:e9:73:47:09:ec:98:32:76:d5:
                    0e:d6:df:db:10:1b:61:22:ec:c6:9f:59:7d:fd:9c:
                    59:a2:7f:73:da:3f:10:64:10:93:e5:4f:14:1b:3d:
                    84:45:01:89:3f:d1:fa:7a:b3:35:a5:4a:e3:fb:f1:
                    28:f6:c5:15:63:9c:a4:68:f3:f6:79:fb:e7:d3:82:
                    fc:87:0a:e7:e3:20:0b:53:47:0b:0c:61:94:1f:51:
                    f2:ac:1b:e5:fe:11:88:8f:94:9a:ce:f4:ca:1a:8c:
                    92:ba:ac:e7:f4:18:13:1e:a4:93:78:1b:73:15:e6:
                    00:9d:3e:0f:da:79:82:b6:8a:ea:7e:8c:a3:00:90:
                    9b:6c:14:b2:3e:b1:b4:9c:78:16:1b:cb:be:cc:d1:
                    89:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:33:4C:F4:F3:2A:89:E2:92:D7:84:DA:45:FC:4E:AD:0C:A0:F6:17
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/9DNM9PMqieKS14TaRfxOrQyg9hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.71.0/24
                  194.105.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:a0:ab:77:3a:d8:36:24:f5:54:45:de:23:df:96:3a:dd:80:
         e7:19:76:c5:c2:53:24:6a:75:91:48:2b:47:f1:90:0f:34:59:
         25:1f:5d:2c:57:11:6b:22:2c:38:90:7a:59:67:37:1d:11:8f:
         a5:58:f5:30:e0:2e:4b:45:f4:cd:0e:52:76:fc:94:60:72:fe:
         89:a4:a6:84:d3:ad:e9:fa:8a:fc:78:c5:b2:fa:53:3f:56:9b:
         e5:2f:be:e8:1c:25:8f:f9:24:a8:2d:0e:5a:dd:35:33:ba:43:
         bc:7d:80:5d:3c:78:2e:f6:ef:7b:32:8e:17:bd:cf:3e:b7:93:
         48:83:fc:ee:6b:22:73:98:89:97:36:bd:f7:15:c8:a5:bb:7e:
         0f:14:88:4d:b3:8b:4b:ff:46:2a:c0:ee:b7:1f:7e:0d:76:8d:
         51:6b:70:7e:2d:62:c4:fd:c1:3f:5d:ab:ef:b1:82:e7:7e:29:
         90:38:f0:19:9d:77:40:0e:83:93:3f:ce:5e:c7:5d:11:c0:af:
         8a:31:e7:78:4c:8f:cf:42:02:4a:82:48:9c:da:fc:8f:81:a5:
         c4:4f:5e:9d:f2:88:2b:b4:c9:e5:d6:48:1c:68:2f:08:fa:6d:
         ae:64:34:82:20:8d:73:23:ab:d0:b1:60:79:6f:42:ff:37:3c:
         46:11:88:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0HelHoflcx/OYAP0lzwH6vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwMzE5MTkwMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDMzNGNmNGYzMmE4OWUyOTJkNzg0ZGE0NWZjNGVhZDBjYTBmNjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWNXHgcZAMao4wq346XdXUiiQfOC
X2N3oHoRHdKMjrQtOJ3+SAVTALA6iOBfMKgPf/GgtFkLkgyGUSc4rB37hEoHOd7T
E0D6sQXuzSC83MxfLf3IHl41ENTpJIWjXqu2G9jICWdAlHrqAqdb9GTpc0cJ7Jgy
dtUO1t/bEBthIuzGn1l9/ZxZon9z2j8QZBCT5U8UGz2ERQGJP9H6erM1pUrj+/Eo
9sUVY5ykaPP2efvn04L8hwrn4yALU0cLDGGUH1HyrBvl/hGIj5SazvTKGoySuqzn
9BgTHqSTeBtzFeYAnT4P2nmCtorqfoyjAJCbbBSyPrG0nHgWG8u+zNGJrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPQzTPTzKonikteE2kX8Tq0MoPYXMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvOUROTTlQTXFpZUtTMTRUYVJmeE9yUXlnOWhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/BHAwQB
wmmeMA0GCSqGSIb3DQEBCwUAA4IBAQBXoKt3Otg2JPVURd4j35Y63YDnGXbFwlMk
anWRSCtH8ZAPNFklH10sVxFrIiw4kHpZZzcdEY+lWPUw4C5LRfTNDlJ2/JRgcv6J
pKaE063p+or8eMWy+lM/VpvlL77oHCWP+SSoLQ5a3TUzukO8fYBdPHgu9u97Mo4X
vc8+t5NIg/zuayJzmImXNr33Fcilu34PFIhNs4tL/0YqwO63H34Ndo1Ra3B+LWLE
/cE/XavvsYLnfimQOPAZnXdADoOTP85ex10RwK+KMed4TI/PQgJKgkic2vyPgaXE
T16d8ogrtMnl1kgcaC8I+m2uZDSCII1zI6vQsWB5b0L/NzxGEYjB
-----END CERTIFICATE-----