Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/9WMnRhwxmaWjhaIGOozpZRYZltw.roa
File:                     9WMnRhwxmaWjhaIGOozpZRYZltw.roa (raw, json)
Hash identifier:          QD3cuQohLz0lEHzSSUOtWYhtITar6eRov+ovxAca73o=
Subject key identifier:   F5:63:27:46:1C:31:99:A5:A3:85:A2:06:3A:8C:E9:65:16:19:96:DC
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019D2A33E8BAB738170E4FA3612885308EFC
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/9WMnRhwxmaWjhaIGOozpZRYZltw.roa
Signing time:             Thu 26 Mar 2026 12:52:17 +0000
ROA not before:           Thu 26 Mar 2026 12:52:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48207
IP address blocks:        80.71.152.0/24 maxlen: 24
                          80.71.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 08:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:33:e8:ba:b7:38:17:0e:4f:a3:61:28:85:30:8e:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Mar 26 12:52:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f56327461c3199a5a385a2063a8ce965161996dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:cf:b2:98:53:a9:81:30:53:6f:0a:98:a5:29:
                    4d:03:ee:73:49:e1:08:50:49:29:15:79:f9:f7:3b:
                    3e:ac:80:a6:d5:8f:82:28:48:b7:cf:af:5e:23:98:
                    50:44:b5:f3:70:6b:06:e6:1a:bb:7f:6d:e9:5b:6b:
                    06:3c:44:11:50:17:4d:5d:e1:b6:79:dd:85:e9:e8:
                    a4:53:01:72:6c:71:a3:fd:d0:93:1f:b6:9b:a6:c8:
                    76:1c:11:44:21:6d:66:71:3d:c5:3e:bb:4b:d2:a4:
                    97:2f:34:26:e4:1a:6c:22:87:ff:6d:f1:42:19:4d:
                    56:ae:09:0f:f9:a4:69:24:3b:a0:81:c4:d1:15:48:
                    66:74:ed:4f:ec:79:48:f1:d6:03:29:ea:e0:a3:12:
                    4f:4c:20:43:07:57:29:62:8f:ad:6a:78:e6:2d:f9:
                    e7:8e:30:be:ce:cd:7d:18:ef:ba:fa:5f:7a:18:7e:
                    85:9e:c9:4f:74:81:61:17:7d:c6:4a:6b:94:e7:74:
                    fa:84:7d:0b:e4:42:fb:81:7a:45:9b:6f:db:88:35:
                    eb:f1:6a:36:ec:bc:bc:cb:aa:5b:30:63:19:da:4d:
                    2a:cd:87:36:8d:85:30:3e:6d:b8:c7:13:3f:90:d9:
                    bd:7d:49:ad:6c:a7:03:62:b4:f9:a7:85:9c:3e:28:
                    42:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:63:27:46:1C:31:99:A5:A3:85:A2:06:3A:8C:E9:65:16:19:96:DC
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/9WMnRhwxmaWjhaIGOozpZRYZltw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.152.0/24
                  80.71.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:2d:86:9d:98:be:98:2c:8b:d5:7b:19:a8:66:05:59:ac:2c:
         79:96:ad:f4:80:44:c9:b5:30:af:ac:2b:27:40:9b:61:67:77:
         39:5e:16:22:4f:37:dd:1f:2f:d5:cb:44:1d:f4:bd:09:eb:2a:
         05:56:01:c7:8d:50:e6:8a:5c:04:6d:6c:1c:0a:95:d0:23:72:
         5d:b9:5c:f0:30:6a:8e:2f:34:89:da:25:f1:53:4d:5b:1c:47:
         0c:86:8f:3e:3b:eb:e6:78:17:ac:52:ce:9d:df:50:bf:13:19:
         17:58:df:e5:f4:7d:1c:8d:59:92:b4:49:0d:46:6a:7c:9d:c8:
         21:5a:ee:97:07:fa:8e:36:54:41:39:95:9e:6a:18:7f:e0:fa:
         35:af:70:a0:81:8c:43:2f:4d:66:cf:08:ee:72:c9:19:52:27:
         c9:48:41:61:f4:d3:41:06:42:c6:03:14:0f:2e:ae:30:22:1b:
         bf:77:49:92:6c:44:3b:10:29:74:a3:5d:d0:70:0c:f8:4d:b4:
         78:88:b4:7b:6f:2b:d2:95:32:41:46:98:af:f1:46:c7:5e:89:
         4a:80:2d:3d:b7:43:8f:1a:41:e2:f8:3c:4f:5b:43:70:34:67:
         7b:ee:fa:d6:c9:0e:76:10:ca:5f:c9:d6:fb:4a:7b:b0:05:fc:
         da:ee:ac:09
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0qM+i6tzgXDk+jYSiFMI78MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwMzI2MTI1MjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTYzMjc0NjFjMzE5OWE1YTM4NWEyMDYzYThjZTk2NTE2MTk5NmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAks+ymFOpgTBTbwqYpSlNA+5zSeEI
UEkpFXn59zs+rICm1Y+CKEi3z69eI5hQRLXzcGsG5hq7f23pW2sGPEQRUBdNXeG2
ed2F6eikUwFybHGj/dCTH7abpsh2HBFEIW1mcT3FPrtL0qSXLzQm5BpsIof/bfFC
GU1WrgkP+aRpJDuggcTRFUhmdO1P7HlI8dYDKergoxJPTCBDB1cpYo+tanjmLfnn
jjC+zs19GO+6+l96GH6FnslPdIFhF33GSmuU53T6hH0L5EL7gXpFm2/biDXr8Wo2
7Ly8y6pbMGMZ2k0qzYc2jYUwPm24xxM/kNm9fUmtbKcDYrT5p4WcPihCbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPVjJ0YcMZmlo4WiBjqM6WUWGZbcMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvOVdNblJod3htYVdqaGFJR09venBaUllabHR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUEeYAwQA
UEefMA0GCSqGSIb3DQEBCwUAA4IBAQAQLYadmL6YLIvVexmoZgVZrCx5lq30gETJ
tTCvrCsnQJthZ3c5XhYiTzfdHy/Vy0Qd9L0J6yoFVgHHjVDmilwEbWwcCpXQI3Jd
uVzwMGqOLzSJ2iXxU01bHEcMho8+O+vmeBesUs6d31C/ExkXWN/l9H0cjVmStEkN
Rmp8ncghWu6XB/qONlRBOZWeahh/4Po1r3CggYxDL01mzwjucskZUifJSEFh9NNB
BkLGAxQPLq4wIhu/d0mSbEQ7ECl0o13QcAz4TbR4iLR7byvSlTJBRpiv8UbHXolK
gC09t0OPGkHi+DxPW0NwNGd77vrWyQ52EMpfydb7SnuwBfza7qwJ
-----END CERTIFICATE-----