Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/59d5e8-5c4d-4f67-af7f-ab29242ab933/1/n9a58dsjj-11JZXVNwGgDE0aR6o.roa
File:                     n9a58dsjj-11JZXVNwGgDE0aR6o.roa (raw, json)
Hash identifier:          /VwFrdihL0ZGB+9qxlSnirlGLekorqZnI5OlzYbZQaM=
Subject key identifier:   9F:D6:B9:F1:DB:23:8F:ED:75:25:95:D5:37:01:A0:0C:4D:1A:47:AA
Certificate issuer:       /CN=42f66800e3e4eea0b17aa7ce1be6a71085bb0bb5
Certificate serial:       019B7CEE14C8E6F7A58741A0D438A0E84DB9
Authority key identifier: 42:F6:68:00:E3:E4:EE:A0:B1:7A:A7:CE:1B:E6:A7:10:85:BB:0B:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvZoAOPk7qCxeqfOG-anEIW7C7U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/59d5e8-5c4d-4f67-af7f-ab29242ab933/1/n9a58dsjj-11JZXVNwGgDE0aR6o.roa
Signing time:             Fri 02 Jan 2026 04:18:56 +0000
ROA not before:           Fri 02 Jan 2026 04:18:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212841
IP address blocks:        185.21.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/59d5e8-5c4d-4f67-af7f-ab29242ab933/1/QvZoAOPk7qCxeqfOG-anEIW7C7U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/59d5e8-5c4d-4f67-af7f-ab29242ab933/1/QvZoAOPk7qCxeqfOG-anEIW7C7U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvZoAOPk7qCxeqfOG-anEIW7C7U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:14:c8:e6:f7:a5:87:41:a0:d4:38:a0:e8:4d:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f66800e3e4eea0b17aa7ce1be6a71085bb0bb5
        Validity
            Not Before: Jan  2 04:18:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9fd6b9f1db238fed752595d53701a00c4d1a47aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:68:f4:2b:18:c2:34:c6:55:59:ed:09:3d:22:
                    a8:65:a0:57:22:78:23:80:cd:71:60:65:ee:9a:f9:
                    57:a0:ba:09:d1:c5:e3:1d:82:62:5e:d8:aa:37:f9:
                    47:2c:82:00:02:39:3e:81:fb:37:30:1b:74:7d:35:
                    ae:b4:6a:30:36:90:41:c6:c7:a8:89:e1:c2:bd:76:
                    b6:5c:59:c5:1b:35:25:fb:d4:e3:32:ed:72:6c:e0:
                    c5:de:59:95:ad:56:a6:c9:07:e9:01:ec:f4:c5:07:
                    44:74:0e:4c:ab:57:73:79:f0:20:67:a8:42:d3:21:
                    5d:bb:b4:f7:fb:10:21:11:e4:e3:c0:2e:f8:f5:44:
                    8a:b2:e8:84:a2:89:e3:4d:fd:5b:1d:51:05:8e:e5:
                    ba:f3:99:ae:f6:bf:2b:3e:71:63:ee:36:87:a2:85:
                    58:65:42:41:fb:56:e2:32:ec:31:3d:9e:6d:e8:d3:
                    03:ec:ee:39:66:08:b6:c8:25:23:36:38:db:7e:8b:
                    e8:db:38:4b:6a:ab:09:88:4f:78:1f:19:6f:4b:54:
                    33:2c:eb:41:0c:dd:69:b8:0a:76:26:d2:f8:18:c2:
                    4d:b2:fe:b8:6d:7a:1e:cf:c2:91:1f:9a:57:ce:ec:
                    7a:a6:84:a7:70:ee:65:28:54:bb:7a:5c:30:d5:63:
                    94:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:D6:B9:F1:DB:23:8F:ED:75:25:95:D5:37:01:A0:0C:4D:1A:47:AA
            X509v3 Authority Key Identifier:
                keyid:42:F6:68:00:E3:E4:EE:A0:B1:7A:A7:CE:1B:E6:A7:10:85:BB:0B:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvZoAOPk7qCxeqfOG-anEIW7C7U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/59d5e8-5c4d-4f67-af7f-ab29242ab933/1/n9a58dsjj-11JZXVNwGgDE0aR6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/59d5e8-5c4d-4f67-af7f-ab29242ab933/1/QvZoAOPk7qCxeqfOG-anEIW7C7U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:e9:18:b1:dd:75:a1:24:4a:63:22:07:78:25:67:34:f7:aa:
         55:e8:9e:54:4e:ce:94:43:37:a6:fc:4a:6d:33:3d:c7:fa:46:
         b0:3a:df:38:7e:e9:86:90:f2:25:54:d5:7a:7a:d9:1c:e7:13:
         d8:17:ec:44:e8:82:46:22:1f:71:6c:35:88:90:8c:de:2d:45:
         87:a2:5b:e1:8a:6b:06:4a:85:0a:4a:37:30:4b:dc:41:f5:a1:
         9f:7e:17:70:9b:34:dc:b8:74:9e:b5:8b:25:12:fd:1f:59:6e:
         54:02:09:a1:af:65:6d:d0:8a:56:e6:97:10:be:e9:63:d8:62:
         70:5a:5a:99:c5:d1:a5:a1:8d:7d:4c:0d:d0:55:82:8c:f5:0d:
         83:12:15:a5:07:7d:a7:63:a2:1c:2d:1b:f9:10:af:58:1d:3e:
         9c:ae:3d:cd:c0:8f:e0:2e:ee:3d:67:e9:26:a2:b8:c1:8c:95:
         ee:3e:ba:19:40:47:83:ba:37:15:d4:dc:24:68:ca:39:55:5d:
         f6:83:6c:2f:43:27:7e:96:ab:14:a0:64:d2:23:77:45:11:5e:
         39:70:82:12:16:75:62:9c:df:54:b3:4a:ec:7f:41:69:b0:13:
         1c:c4:00:19:37:2b:c8:2b:89:d3:53:6e:24:8a:d3:d6:f7:45:
         01:3b:44:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87hTI5velh0Gg1Dig6E25MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjY2ODAwZTNlNGVlYTBiMTdhYTdjZTFiZTZhNzEwODVi
YjBiYjUwHhcNMjYwMTAyMDQxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmQ2YjlmMWRiMjM4ZmVkNzUyNTk1ZDUzNzAxYTAwYzRkMWE0N2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWj0KxjCNMZVWe0JPSKoZaBXIngj
gM1xYGXumvlXoLoJ0cXjHYJiXtiqN/lHLIIAAjk+gfs3MBt0fTWutGowNpBBxseo
ieHCvXa2XFnFGzUl+9TjMu1ybODF3lmVrVamyQfpAez0xQdEdA5Mq1dzefAgZ6hC
0yFdu7T3+xAhEeTjwC749USKsuiEoonjTf1bHVEFjuW685mu9r8rPnFj7jaHooVY
ZUJB+1biMuwxPZ5t6NMD7O45Zgi2yCUjNjjbfovo2zhLaqsJiE94HxlvS1QzLOtB
DN1puAp2JtL4GMJNsv64bXoez8KRH5pXzux6poSncO5lKFS7elww1WOUHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ/WufHbI4/tdSWV1TcBoAxNGkeqMB8GA1UdIwQY
MBaAFEL2aADj5O6gsXqnzhvmpxCFuwu1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZab0FPUGs3cUN4ZXFmT0ctYW5FSVc3QzdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi81OWQ1ZTgtNWM0ZC00ZjY3LWFmN2Yt
YWIyOTI0MmFiOTMzLzEvbjlhNThkc2pqLTExSlpYVk53R2dERTBhUjZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi81OWQ1ZTgtNWM0ZC00ZjY3LWFmN2YtYWIyOTI0MmFiOTMz
LzEvUXZab0FPUGs3cUN4ZXFmT0ctYW5FSVc3QzdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRWEMA0G
CSqGSIb3DQEBCwUAA4IBAQAE6Rix3XWhJEpjIgd4JWc096pV6J5UTs6UQzem/Ept
Mz3H+kawOt84fumGkPIlVNV6etkc5xPYF+xE6IJGIh9xbDWIkIzeLUWHolvhimsG
SoUKSjcwS9xB9aGffhdwmzTcuHSetYslEv0fWW5UAgmhr2Vt0IpW5pcQvulj2GJw
WlqZxdGloY19TA3QVYKM9Q2DEhWlB32nY6IcLRv5EK9YHT6crj3NwI/gLu49Z+km
orjBjJXuProZQEeDujcV1NwkaMo5VV32g2wvQyd+lqsUoGTSI3dFEV45cIISFnVi
nN9Us0rsf0FpsBMcxAAZNyvIK4nTU24kitPW90UBO0Rz
-----END CERTIFICATE-----