Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/C9CUr-PFwRxBqveQc9JRexz5FUs.roa
File:                     C9CUr-PFwRxBqveQc9JRexz5FUs.roa (raw, json)
Hash identifier:          lYbCEmweFZ4ggkWxLIShDolBIH8LVCAHfTyc91SJwy0=
Subject key identifier:   0B:D0:94:AF:E3:C5:C1:1C:41:AA:F7:90:73:D2:51:7B:1C:F9:15:4B
Certificate issuer:       /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial:       019CF3F389F597F139417F34AB42C3FFE8B3
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/C9CUr-PFwRxBqveQc9JRexz5FUs.roa
Signing time:             Mon 16 Mar 2026 00:02:29 +0000
ROA not before:           Mon 16 Mar 2026 00:02:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215590
IP address blocks:        138.124.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 14:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f3:f3:89:f5:97:f1:39:41:7f:34:ab:42:c3:ff:e8:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
        Validity
            Not Before: Mar 16 00:02:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0bd094afe3c5c11c41aaf79073d2517b1cf9154b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:fa:4f:d1:13:6f:7b:8a:94:b0:eb:25:cd:d9:
                    a4:c0:a6:07:da:21:96:31:82:4b:52:36:0d:e7:c6:
                    71:39:13:13:dc:82:63:01:ed:f4:07:e3:11:9f:e5:
                    06:62:a2:89:3b:77:05:2e:f1:62:fd:32:81:19:57:
                    87:42:c1:75:c8:0b:fd:76:29:1f:a2:b4:a6:82:f0:
                    0d:c5:84:fb:a8:99:3a:f4:34:d8:ef:08:a8:33:f6:
                    c6:69:b8:46:0f:bc:01:ad:81:eb:3e:bf:4b:90:a6:
                    3b:3e:e3:1f:4d:9b:81:7c:c0:81:ef:f6:75:2b:47:
                    61:83:74:e2:11:71:d5:59:3e:d3:98:f4:e3:04:4d:
                    21:67:03:ee:f0:9c:de:a1:cb:e7:4d:87:73:5d:82:
                    2d:dc:21:f7:d8:21:f6:0b:a0:a8:32:f8:91:75:94:
                    ae:46:31:0a:74:99:6d:ac:34:22:58:0e:bf:9c:41:
                    b1:b9:b9:ca:86:35:eb:2c:ec:3b:90:62:3c:0a:54:
                    81:da:bb:50:a4:58:c7:8f:07:5b:8b:9e:a1:07:bc:
                    00:24:2c:a6:73:aa:ff:f4:76:d2:74:ca:7a:30:c9:
                    08:9b:28:1e:b9:65:c9:16:d1:ee:89:be:c1:6a:2f:
                    33:94:3d:6d:a6:72:f7:63:31:1c:04:03:17:d7:9e:
                    45:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:D0:94:AF:E3:C5:C1:1C:41:AA:F7:90:73:D2:51:7B:1C:F9:15:4B
            X509v3 Authority Key Identifier:
                keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/C9CUr-PFwRxBqveQc9JRexz5FUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.124.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:47:51:43:f1:84:42:a3:92:82:e4:9f:b6:d3:a6:47:de:e2:
         01:bd:bf:d9:ca:ab:0c:19:06:a4:1a:82:da:a8:d3:6e:bf:5f:
         bd:0f:26:5d:a4:f6:5a:83:03:d8:c1:7d:2d:6f:78:7c:2e:e2:
         79:e1:15:b2:8d:8b:fe:98:3b:03:25:cb:95:c1:49:1b:98:a5:
         f4:cf:54:00:5a:03:86:2e:89:a9:54:94:de:c5:54:49:dd:a5:
         75:a3:ba:fd:11:a9:a5:15:8d:d4:1a:a8:33:75:65:1a:a0:72:
         42:f4:7f:0e:12:45:b5:4a:d0:69:9e:45:6a:37:e9:8e:55:29:
         1f:45:e0:67:22:bc:bb:ee:97:a5:b5:ce:0f:bf:0d:e3:3d:53:
         b4:ea:d2:74:15:9e:84:61:d2:97:4a:72:ee:db:20:24:c1:51:
         60:62:e9:b1:2e:58:6a:6c:49:3e:bc:7d:49:a5:e2:45:29:cb:
         1d:96:b0:85:46:b4:7f:97:39:e7:ef:36:e2:38:f6:ea:47:c8:
         22:1f:8b:1c:59:2e:b9:f6:c4:58:43:91:ba:40:00:d1:2e:33:
         d7:90:da:2b:94:75:53:99:68:9f:9f:17:40:d1:a4:b3:46:c5:
         62:23:df:9e:10:dc:65:ff:2e:27:be:38:d6:ec:24:50:43:2f:
         ea:06:2d:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzz84n1l/E5QX80q0LD/+izMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjYwMzE2MDAwMjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmQwOTRhZmUzYzVjMTFjNDFhYWY3OTA3M2QyNTE3YjFjZjkxNTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/pP0RNve4qUsOslzdmkwKYH2iGW
MYJLUjYN58ZxORMT3IJjAe30B+MRn+UGYqKJO3cFLvFi/TKBGVeHQsF1yAv9dikf
orSmgvANxYT7qJk69DTY7wioM/bGabhGD7wBrYHrPr9LkKY7PuMfTZuBfMCB7/Z1
K0dhg3TiEXHVWT7TmPTjBE0hZwPu8JzeocvnTYdzXYIt3CH32CH2C6CoMviRdZSu
RjEKdJltrDQiWA6/nEGxubnKhjXrLOw7kGI8ClSB2rtQpFjHjwdbi56hB7wAJCym
c6r/9HbSdMp6MMkImygeuWXJFtHuib7Bai8zlD1tpnL3YzEcBAMX155FewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvQlK/jxcEcQar3kHPSUXsc+RVLMB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEvQzlDVXItUEZ3UnhCcXZlUWM5SlJleHo1RlVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAinxhMA0G
CSqGSIb3DQEBCwUAA4IBAQCYR1FD8YRCo5KC5J+206ZH3uIBvb/ZyqsMGQakGoLa
qNNuv1+9DyZdpPZagwPYwX0tb3h8LuJ54RWyjYv+mDsDJcuVwUkbmKX0z1QAWgOG
LompVJTexVRJ3aV1o7r9EamlFY3UGqgzdWUaoHJC9H8OEkW1StBpnkVqN+mOVSkf
ReBnIry77peltc4Pvw3jPVO06tJ0FZ6EYdKXSnLu2yAkwVFgYumxLlhqbEk+vH1J
peJFKcsdlrCFRrR/lznn7zbiOPbqR8giH4scWS659sRYQ5G6QADRLjPXkNorlHVT
mWifnxdA0aSzRsViI9+eENxl/y4nvjjW7CRQQy/qBi0G
-----END CERTIFICATE-----