Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/9RXrdD1qJMf_8xNn3HnZaLopyak.roa
File:                     9RXrdD1qJMf_8xNn3HnZaLopyak.roa (raw, json)
Hash identifier:          KfZruuWMflD9yqrnDRJtXO3IL4kig+hFeQaQ1JiQO/w=
Subject key identifier:   F5:15:EB:74:3D:6A:24:C7:FF:F3:13:67:DC:79:D9:68:BA:29:C9:A9
Certificate issuer:       /CN=c0e549fdceeb02912c8a8741c816806bbe19c448
Certificate serial:       019CB8A2D026C79C62646166A9D32E23E265
Authority key identifier: C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/9RXrdD1qJMf_8xNn3HnZaLopyak.roa
Signing time:             Wed 04 Mar 2026 11:36:43 +0000
ROA not before:           Wed 04 Mar 2026 11:36:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     273944
IP address blocks:        185.240.90.0/23 maxlen: 23
                          185.240.90.0/24 maxlen: 24
                          185.240.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 20:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b8:a2:d0:26:c7:9c:62:64:61:66:a9:d3:2e:23:e2:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0e549fdceeb02912c8a8741c816806bbe19c448
        Validity
            Not Before: Mar  4 11:36:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f515eb743d6a24c7fff31367dc79d968ba29c9a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:dd:12:15:dd:5a:de:f1:4c:b4:ad:ae:58:63:
                    78:be:e9:62:75:ff:bc:91:8b:f7:9b:bf:f5:b5:59:
                    3a:f3:54:bc:2d:d9:17:61:45:22:37:4e:b2:fb:ce:
                    af:25:45:76:4f:75:f3:61:bb:ef:d3:bd:8f:22:1a:
                    d9:c7:4b:c1:bd:77:b4:d9:bc:0c:17:4a:bb:e5:02:
                    5b:5b:ba:f0:bc:5a:de:01:8e:41:d4:47:9b:59:62:
                    3c:9e:b1:d4:71:d9:37:31:26:81:a9:49:24:82:14:
                    f5:02:76:f2:ef:c1:c8:4d:dd:7c:5c:23:3a:c8:fe:
                    69:07:85:2a:85:32:58:c6:bc:ec:e6:ae:b9:9c:1f:
                    a1:fe:2e:37:27:f3:6c:50:7b:ec:87:9e:fe:79:a0:
                    0f:8a:2d:0d:b1:e7:99:71:d5:45:cf:96:8e:00:d6:
                    e6:c0:36:6b:58:5f:38:2b:d8:bc:b3:67:b5:e2:7c:
                    b4:2a:1d:2e:30:ca:ee:f3:70:a5:8d:2a:4d:2e:91:
                    a2:e3:a0:90:ad:0a:6c:f8:d6:da:93:46:15:00:60:
                    08:f4:98:0b:5e:d3:ed:f8:81:5d:75:3f:9d:8f:57:
                    3a:89:54:9e:86:c7:70:b0:69:b9:42:3b:ea:85:49:
                    b8:4b:d0:de:7c:18:aa:ec:c9:a3:47:e6:1d:55:08:
                    49:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:15:EB:74:3D:6A:24:C7:FF:F3:13:67:DC:79:D9:68:BA:29:C9:A9
            X509v3 Authority Key Identifier:
                keyid:C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/9RXrdD1qJMf_8xNn3HnZaLopyak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6f:b8:f6:d3:89:3b:d3:db:64:4f:bb:a6:12:03:3a:8d:14:ee:
         30:ab:ec:89:67:50:31:bb:1b:45:36:96:b9:96:18:9d:2d:17:
         3b:fe:6c:7c:d9:06:4c:c8:f1:b5:ba:b5:76:80:5f:a6:90:fa:
         0d:84:06:f2:89:6b:46:22:ff:df:15:4a:85:7c:64:60:9e:e0:
         30:95:8a:dc:d5:b1:93:20:b4:e0:9e:ad:58:db:85:73:b0:68:
         e1:87:c2:46:00:34:28:18:20:2b:b1:c6:26:28:aa:59:5e:68:
         ba:f3:e1:86:05:b8:d0:42:bb:c7:45:4b:7c:dc:40:aa:08:8c:
         97:37:33:9e:79:d7:17:30:b1:60:19:09:2b:35:19:c0:bb:d3:
         3a:1d:18:02:1a:9f:23:1d:5e:1c:7d:97:fa:1e:b4:f6:dd:56:
         57:06:04:85:fe:51:43:70:22:e3:c4:d3:3b:56:40:a8:bd:db:
         57:67:15:c7:c2:de:a5:4b:ed:66:65:37:cf:48:40:60:8d:df:
         dc:c6:2c:1f:57:87:75:5c:f8:ad:b9:e3:8e:84:2c:40:87:1e:
         d6:ce:6e:22:28:86:4b:ef:25:e1:68:69:ea:67:d3:a1:0b:de:
         cc:61:4a:5a:63:f0:c3:4e:57:be:3a:f1:8f:86:fe:a8:13:7a:
         bb:ac:05:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy4otAmx5xiZGFmqdMuI+JlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZTU0OWZkY2VlYjAyOTEyYzhhODc0MWM4MTY4MDZiYmUx
OWM0NDgwHhcNMjYwMzA0MTEzNjQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTE1ZWI3NDNkNmEyNGM3ZmZmMzEzNjdkYzc5ZDk2OGJhMjljOWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArN0SFd1a3vFMtK2uWGN4vulidf+8
kYv3m7/1tVk681S8LdkXYUUiN06y+86vJUV2T3XzYbvv072PIhrZx0vBvXe02bwM
F0q75QJbW7rwvFreAY5B1EebWWI8nrHUcdk3MSaBqUkkghT1Anby78HITd18XCM6
yP5pB4UqhTJYxrzs5q65nB+h/i43J/NsUHvsh57+eaAPii0NseeZcdVFz5aOANbm
wDZrWF84K9i8s2e14ny0Kh0uMMru83CljSpNLpGi46CQrQps+Nbak0YVAGAI9JgL
XtPt+IFddT+dj1c6iVSehsdwsGm5QjvqhUm4S9DefBiq7MmjR+YdVQhJtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUV63Q9aiTH//MTZ9x52Wi6KcmpMB8GA1UdIwQY
MBaAFMDlSf3O6wKRLIqHQcgWgGu+GcRIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMt
YWQyZmRhNDc5ODhlLzEvOVJYcmREMXFKTWZfOHhObjNIblphTG9weWFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMtYWQyZmRhNDc5ODhl
LzEvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufBaMA0G
CSqGSIb3DQEBCwUAA4IBAQBvuPbTiTvT22RPu6YSAzqNFO4wq+yJZ1AxuxtFNpa5
lhidLRc7/mx82QZMyPG1urV2gF+mkPoNhAbyiWtGIv/fFUqFfGRgnuAwlYrc1bGT
ILTgnq1Y24VzsGjhh8JGADQoGCArscYmKKpZXmi68+GGBbjQQrvHRUt83ECqCIyX
NzOeedcXMLFgGQkrNRnAu9M6HRgCGp8jHV4cfZf6HrT23VZXBgSF/lFDcCLjxNM7
VkCovdtXZxXHwt6lS+1mZTfPSEBgjd/cxiwfV4d1XPitueOOhCxAhx7Wzm4iKIZL
7yXhaGnqZ9OhC97MYUpaY/DDTle+OvGPhv6oE3q7rAVI
-----END CERTIFICATE-----