Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/H4sGg8vyZcexogvw33D1AD0SfHU.roa
File:                     H4sGg8vyZcexogvw33D1AD0SfHU.roa (raw, json)
Hash identifier:          lJg7B5V1oDUmx+qUj6BrcCWVR3gQKZ5JMqx4+VQkmko=
Subject key identifier:   1F:8B:06:83:CB:F2:65:C7:B1:A2:0B:F0:DF:70:F5:00:3D:12:7C:75
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       019DB88832643A9BD4A768B395E4B695AE00
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/H4sGg8vyZcexogvw33D1AD0SfHU.roa
Signing time:             Thu 23 Apr 2026 04:10:26 +0000
ROA not before:           Thu 23 Apr 2026 04:10:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5650
IP address blocks:        9.249.64.0/21 maxlen: 21
                          9.249.76.0/22 maxlen: 22
                          9.249.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b8:88:32:64:3a:9b:d4:a7:68:b3:95:e4:b6:95:ae:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Apr 23 04:10:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f8b0683cbf265c7b1a20bf0df70f5003d127c75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:7d:77:50:08:77:5e:d0:02:01:a0:f0:b5:a9:
                    f0:97:ef:e4:b7:dd:d0:1c:be:b2:69:b8:06:11:54:
                    f9:9e:e5:ac:8d:00:04:33:6a:ac:42:8d:64:96:16:
                    5e:57:0a:1b:af:ed:b7:0d:15:43:00:b3:b5:35:92:
                    53:6e:95:84:5a:1e:64:4b:8b:c0:b2:47:b5:b3:6d:
                    4b:83:d2:a9:5b:8d:73:12:bf:79:00:e8:b9:5b:5c:
                    9f:ce:4b:e9:d2:ac:e6:9e:46:45:74:0e:c2:f4:cd:
                    e6:b7:35:c7:d6:ee:e2:d8:d3:eb:72:64:d5:69:55:
                    9e:57:b2:fa:d5:7f:20:c4:86:5e:a9:62:85:db:b5:
                    d1:ef:04:55:84:b9:39:fd:65:d9:30:83:3c:ec:21:
                    a9:5d:8c:b6:a9:cd:40:f4:ae:32:42:11:ab:61:f7:
                    6d:0a:4b:e9:f7:63:ec:2d:b6:c8:1c:7c:b4:4e:01:
                    2f:a8:99:29:15:f7:af:b5:3f:f7:99:de:8d:52:9a:
                    12:f4:9a:65:a0:86:11:b8:5c:ad:4e:42:eb:d8:59:
                    4c:94:b5:ec:7f:0e:5f:79:40:f9:c2:53:23:ac:7d:
                    c2:4e:e7:c1:4a:40:b9:1a:ec:7b:34:23:73:4b:7a:
                    6d:47:ea:a1:cd:67:2c:1c:23:04:19:0c:5a:69:a0:
                    7d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:8B:06:83:CB:F2:65:C7:B1:A2:0B:F0:DF:70:F5:00:3D:12:7C:75
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/H4sGg8vyZcexogvw33D1AD0SfHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  9.249.64.0/21
                  9.249.76.0/22
                  9.249.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9c:b9:18:96:5b:f0:56:28:c8:e5:87:af:1a:5c:45:e6:a5:98:
         5c:8a:90:cd:70:59:94:64:c6:98:e9:85:92:8b:25:66:55:b6:
         5b:ee:41:b0:51:5a:90:02:a9:94:09:3b:74:f8:93:d0:ff:49:
         3c:54:26:db:cb:d6:66:26:bf:dc:ac:5b:fe:47:e4:9f:77:0b:
         31:c1:90:81:c1:b0:06:f6:d9:53:33:64:e3:32:5b:1a:ef:e4:
         6c:45:e5:2f:bf:47:30:0f:b0:9f:72:73:00:cc:30:8b:17:3b:
         e5:90:b1:aa:71:ef:cc:70:36:3a:44:9f:66:6d:84:f0:b9:09:
         ab:9e:20:f1:1d:b8:bf:03:7e:7f:db:d4:81:bd:f6:4e:9a:95:
         59:ef:13:3c:dc:b8:c9:56:b5:f3:ee:47:c5:ab:60:11:bc:c9:
         a0:53:56:49:25:2a:a2:3e:4b:e5:3e:d8:cd:75:a1:a3:24:43:
         39:a3:be:4d:14:76:94:cf:4a:83:d5:26:c3:d9:fc:c2:89:3c:
         95:50:89:34:da:e4:0c:00:69:e4:ac:40:a5:76:76:57:68:ba:
         12:69:f5:f8:9c:86:db:f5:dc:92:e2:43:15:13:18:68:35:a5:
         0f:f9:5e:9e:54:68:6d:0d:2e:8a:2c:ff:07:43:39:db:69:e3:
         b1:46:20:87
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ24iDJkOpvUp2izleS2la4AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjYwNDIzMDQxMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjhiMDY4M2NiZjI2NWM3YjFhMjBiZjBkZjcwZjUwMDNkMTI3Yzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5X13UAh3XtACAaDwtanwl+/kt93Q
HL6yabgGEVT5nuWsjQAEM2qsQo1klhZeVwobr+23DRVDALO1NZJTbpWEWh5kS4vA
ske1s21Lg9KpW41zEr95AOi5W1yfzkvp0qzmnkZFdA7C9M3mtzXH1u7i2NPrcmTV
aVWeV7L61X8gxIZeqWKF27XR7wRVhLk5/WXZMIM87CGpXYy2qc1A9K4yQhGrYfdt
Ckvp92PsLbbIHHy0TgEvqJkpFfevtT/3md6NUpoS9JploIYRuFytTkLr2FlMlLXs
fw5feUD5wlMjrH3CTufBSkC5Gux7NCNzS3ptR+qhzWcsHCMEGQxaaaB9RwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB+LBoPL8mXHsaIL8N9w9QA9Enx1MB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvSDRzR2c4dnlaY2V4b2d2dzMzRDFBRDBTZkhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDCflAAwQC
CflMAwQCCfloMA0GCSqGSIb3DQEBCwUAA4IBAQCcuRiWW/BWKMjlh68aXEXmpZhc
ipDNcFmUZMaY6YWSiyVmVbZb7kGwUVqQAqmUCTt0+JPQ/0k8VCbby9ZmJr/crFv+
R+SfdwsxwZCBwbAG9tlTM2TjMlsa7+RsReUvv0cwD7CfcnMAzDCLFzvlkLGqce/M
cDY6RJ9mbYTwuQmrniDxHbi/A35/29SBvfZOmpVZ7xM83LjJVrXz7kfFq2ARvMmg
U1ZJJSqiPkvlPtjNdaGjJEM5o75NFHaUz0qD1SbD2fzCiTyVUIk02uQMAGnkrECl
dnZXaLoSafX4nIbb9dyS4kMVExhoNaUP+V6eVGhtDS6KLP8HQznbaeOxRiCH
-----END CERTIFICATE-----