Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/S-qA9-nsT_74A0PxMdu9MD1fVzE.roa
File:                     S-qA9-nsT_74A0PxMdu9MD1fVzE.roa (raw, json)
Hash identifier:          Wen8UtWVVMVXMhV1GUrx8/4Tw9qB9gvB3JFZi7kWILc=
Subject key identifier:   4B:EA:80:F7:E9:EC:4F:FE:F8:03:43:F1:31:DB:BD:30:3D:5F:57:31
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       019CC5576D18CBA2DF9C5E49FF7FC7B63680
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/S-qA9-nsT_74A0PxMdu9MD1fVzE.roa
Signing time:             Fri 06 Mar 2026 22:49:26 +0000
ROA not before:           Fri 06 Mar 2026 22:49:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29491
IP address blocks:        95.111.151.0/24 maxlen: 24
                          95.111.154.0/23 maxlen: 24
                          95.111.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c5:57:6d:18:cb:a2:df:9c:5e:49:ff:7f:c7:b6:36:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Mar  6 22:49:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4bea80f7e9ec4ffef80343f131dbbd303d5f5731
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:12:0b:74:68:95:8f:2a:ef:f4:38:11:75:9a:
                    eb:54:87:3a:4a:bd:03:1b:95:cc:5b:c4:92:f4:52:
                    86:63:c1:e4:aa:d2:ae:6d:d7:15:02:8d:b4:9e:bc:
                    4f:ca:a7:aa:5c:02:c4:31:23:c3:12:0b:d5:18:8d:
                    7a:1c:0b:e6:52:21:32:69:ee:10:65:54:a3:c9:64:
                    a5:de:9c:04:7e:71:36:1f:f0:1a:5e:1c:44:cc:21:
                    8c:56:a0:92:ef:cc:f5:57:81:cb:40:29:a3:99:0a:
                    dc:f0:b0:e1:48:e2:d4:0c:ea:d4:d2:1a:83:8d:7f:
                    43:cf:69:3a:72:df:bd:fb:7e:12:d7:d3:1e:47:63:
                    8a:f6:3e:4d:54:da:f6:45:ee:4e:99:30:87:d5:11:
                    b0:8e:d4:25:e6:06:44:70:9e:b0:9a:01:bc:90:52:
                    81:5f:d9:37:95:55:f6:f9:c6:32:2c:a5:67:ae:5c:
                    4c:18:ab:b6:6a:4d:2d:9a:39:bd:75:d0:44:a1:ce:
                    6c:eb:7a:c3:b2:4a:fb:6a:6f:1d:5f:2a:82:5a:4e:
                    8f:56:89:9b:fc:42:57:94:0e:ee:b0:92:6f:6a:96:
                    e5:5c:f0:1f:40:ba:8d:a3:34:e6:9d:eb:37:d0:e6:
                    c2:6c:11:ff:47:a2:38:d2:79:c2:55:52:07:01:84:
                    7f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:EA:80:F7:E9:EC:4F:FE:F8:03:43:F1:31:DB:BD:30:3D:5F:57:31
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/S-qA9-nsT_74A0PxMdu9MD1fVzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.111.151.0/24
                  95.111.154.0/23
                  95.111.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:c6:ac:48:ba:13:b6:46:95:1c:ed:b4:0c:ae:d5:7a:8b:05:
         eb:97:17:e8:7a:f2:34:9a:24:ca:8b:a7:d1:6c:c1:44:bd:a3:
         24:97:f9:a7:60:1f:6c:b3:60:b2:dc:73:89:20:48:f3:64:4c:
         47:f7:c9:46:8b:59:84:dd:39:d0:60:e4:00:6f:ff:fb:a6:96:
         17:52:04:2e:ea:8a:ca:9c:3e:e4:4d:eb:e1:c8:e5:01:cd:0c:
         7e:a0:f9:28:17:d6:9f:07:b4:fa:57:94:ce:d9:c9:0c:7d:94:
         a0:80:bc:2d:e5:ef:52:06:44:ad:b2:63:d5:3d:07:0b:f1:6e:
         26:b0:f8:1b:41:d5:38:21:8a:3a:d9:b7:47:be:12:5e:21:37:
         14:f6:8b:9b:af:c5:4a:5a:47:e3:61:1a:8b:90:c9:de:50:98:
         69:36:86:30:77:3b:68:fa:6a:a3:78:12:f8:f5:43:f1:8f:e9:
         65:bc:d3:a7:96:de:a5:20:43:12:4a:19:86:84:c1:34:b5:89:
         56:8a:d3:cf:a1:93:d7:ac:dc:0b:7a:41:e5:af:1a:9d:ca:b0:
         25:cf:0e:0e:dc:49:7e:04:22:df:9e:fe:c1:76:a0:28:ae:e9:
         70:45:8d:61:33:48:ea:cf:27:60:ab:f3:bf:4e:20:db:54:e6:
         b0:a2:ab:83
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZzFV20Yy6LfnF5J/3/HtjaAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjYwMzA2MjI0OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmVhODBmN2U5ZWM0ZmZlZjgwMzQzZjEzMWRiYmQzMDNkNWY1NzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBILdGiVjyrv9DgRdZrrVIc6Sr0D
G5XMW8SS9FKGY8HkqtKubdcVAo20nrxPyqeqXALEMSPDEgvVGI16HAvmUiEyae4Q
ZVSjyWSl3pwEfnE2H/AaXhxEzCGMVqCS78z1V4HLQCmjmQrc8LDhSOLUDOrU0hqD
jX9Dz2k6ct+9+34S19MeR2OK9j5NVNr2Re5OmTCH1RGwjtQl5gZEcJ6wmgG8kFKB
X9k3lVX2+cYyLKVnrlxMGKu2ak0tmjm9ddBEoc5s63rDskr7am8dXyqCWk6PVomb
/EJXlA7usJJvapblXPAfQLqNozTmnes30ObCbBH/R6I40nnCVVIHAYR//wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEvqgPfp7E/++AND8THbvTA9X1cxMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvUy1xQTktbnNUXzc0QTBQeE1kdTlNRDFmVnpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAX2+XAwQB
X2+aAwQAX2+dMA0GCSqGSIb3DQEBCwUAA4IBAQASxqxIuhO2RpUc7bQMrtV6iwXr
lxfoevI0miTKi6fRbMFEvaMkl/mnYB9ss2Cy3HOJIEjzZExH98lGi1mE3TnQYOQA
b//7ppYXUgQu6orKnD7kTevhyOUBzQx+oPkoF9afB7T6V5TO2ckMfZSggLwt5e9S
BkStsmPVPQcL8W4msPgbQdU4IYo62bdHvhJeITcU9oubr8VKWkfjYRqLkMneUJhp
NoYwdzto+mqjeBL49UPxj+llvNOnlt6lIEMSShmGhME0tYlWitPPoZPXrNwLekHl
rxqdyrAlzw4O3El+BCLfnv7BdqAorulwRY1hM0jqzydgq/O/TiDbVOawoquD
-----END CERTIFICATE-----