Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/9Af1qXELpieOVp7p9VNULgf8Ok8.roa
File:                     9Af1qXELpieOVp7p9VNULgf8Ok8.roa (raw, json)
Hash identifier:          HvessiHJZavGwyGuZdGij0JLwJXqSCHXDHtSEdjWVZ4=
Subject key identifier:   F4:07:F5:A9:71:0B:A6:27:8E:56:9E:E9:F5:53:54:2E:07:FC:3A:4F
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       019DE299E4BC6A04FC15340AB83296A97D7F
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/9Af1qXELpieOVp7p9VNULgf8Ok8.roa
Signing time:             Fri 01 May 2026 08:13:49 +0000
ROA not before:           Fri 01 May 2026 08:13:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214515
IP address blocks:        37.32.41.0/24 maxlen: 24
                          185.243.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e2:99:e4:bc:6a:04:fc:15:34:0a:b8:32:96:a9:7d:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: May  1 08:13:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f407f5a9710ba6278e569ee9f553542e07fc3a4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:36:29:a5:78:44:94:c6:d8:a1:e5:0c:b0:e8:
                    bd:a4:f4:fd:a5:db:f9:59:23:b3:51:3c:5a:b8:7f:
                    a4:63:7f:b0:3c:bc:88:6f:bb:5b:fe:9f:24:04:7c:
                    bd:bf:fa:90:b5:1f:61:3f:cb:32:b3:56:35:79:91:
                    01:ad:89:1d:f5:b0:ba:86:ab:83:1c:d1:97:09:b5:
                    1d:b2:14:27:54:91:55:d0:56:3e:73:cb:7c:52:20:
                    1c:ad:cc:63:91:7d:fa:72:6a:a9:09:3b:17:37:af:
                    ae:21:8b:91:c1:fe:7f:35:bf:a6:74:71:ca:6f:57:
                    4e:d0:66:82:7b:ea:48:2f:28:d3:29:7f:b1:f9:f1:
                    c1:6e:35:82:b7:ba:2b:26:7c:00:ed:92:53:94:7b:
                    8d:78:ee:81:f9:3c:e1:ae:9b:f6:fe:7f:d0:1c:aa:
                    c6:67:b7:52:ef:f0:7d:e3:ca:d6:f5:c0:c1:fc:c5:
                    90:b5:9f:8e:c2:87:22:5d:4b:b6:36:bc:44:ae:a0:
                    af:9a:9c:bc:62:ae:cc:d3:ab:ac:af:27:6b:ae:0e:
                    db:99:f9:d2:d1:29:7c:9b:d9:da:6f:00:bf:24:e2:
                    8a:ff:e0:ca:3e:9f:23:3e:13:68:82:3b:f2:36:4a:
                    64:25:5a:96:49:be:f8:d4:30:3d:d9:78:70:da:0d:
                    64:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:07:F5:A9:71:0B:A6:27:8E:56:9E:E9:F5:53:54:2E:07:FC:3A:4F
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/9Af1qXELpieOVp7p9VNULgf8Ok8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.41.0/24
                  185.243.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:02:b9:ce:2d:bf:84:4f:04:c5:97:48:e6:3b:f5:94:4d:1d:
         40:d4:bb:fc:5b:cf:ff:e0:a6:e1:2e:fe:f7:6a:78:0b:17:95:
         8a:33:b1:e6:4a:e7:20:58:4e:60:f4:00:2c:85:73:b7:cd:93:
         15:2c:d4:32:a7:dd:e8:22:06:23:d7:04:b6:02:2a:ab:ac:9f:
         5b:ca:5c:a3:6c:dc:f6:9c:88:d0:a6:d6:95:e0:71:44:95:27:
         26:e4:d8:53:f5:2a:8b:af:fa:54:bd:7c:1d:8c:11:ec:9f:57:
         aa:3e:5b:69:f1:13:49:6b:6b:29:1c:0f:05:61:e4:2f:45:fc:
         f4:63:c7:79:dd:29:b9:3b:32:10:d7:e8:4d:4d:10:24:0b:d9:
         44:06:bc:3f:36:1f:da:10:3e:50:4a:60:3e:aa:26:2e:38:4f:
         ef:43:89:8d:dd:45:bf:e1:d6:15:22:69:ef:b3:64:af:5c:41:
         f0:f3:8e:84:a3:6b:ac:5d:c0:92:16:8b:60:08:60:1f:69:fe:
         82:48:2f:eb:97:05:c3:45:a6:bb:8f:2b:ce:1e:46:c6:4b:d7:
         e1:df:4b:73:89:88:06:38:61:00:b2:c8:96:9a:a4:f2:49:26:
         09:aa:50:a1:c8:d9:7a:a4:f5:1a:68:5f:6d:4a:fc:65:28:32:
         27:d1:8b:33
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3imeS8agT8FTQKuDKWqX1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjYwNTAxMDgxMzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDA3ZjVhOTcxMGJhNjI3OGU1NjllZTlmNTUzNTQyZTA3ZmMzYTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDYppXhElMbYoeUMsOi9pPT9pdv5
WSOzUTxauH+kY3+wPLyIb7tb/p8kBHy9v/qQtR9hP8sys1Y1eZEBrYkd9bC6hquD
HNGXCbUdshQnVJFV0FY+c8t8UiAcrcxjkX36cmqpCTsXN6+uIYuRwf5/Nb+mdHHK
b1dO0GaCe+pILyjTKX+x+fHBbjWCt7orJnwA7ZJTlHuNeO6B+Tzhrpv2/n/QHKrG
Z7dS7/B948rW9cDB/MWQtZ+OwociXUu2NrxErqCvmpy8Yq7M06usrydrrg7bmfnS
0Sl8m9nabwC/JOKK/+DKPp8jPhNogjvyNkpkJVqWSb741DA92Xhw2g1kQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPQH9alxC6Ynjlae6fVTVC4H/DpPMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvOUFmMXFYRUxwaWVPVnA3cDlWTlVMZ2Y4T2s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJSApAwQA
ufMzMA0GCSqGSIb3DQEBCwUAA4IBAQDMArnOLb+ETwTFl0jmO/WUTR1A1Lv8W8//
4KbhLv73angLF5WKM7HmSucgWE5g9AAshXO3zZMVLNQyp93oIgYj1wS2AiqrrJ9b
ylyjbNz2nIjQptaV4HFElScm5NhT9SqLr/pUvXwdjBHsn1eqPltp8RNJa2spHA8F
YeQvRfz0Y8d53Sm5OzIQ1+hNTRAkC9lEBrw/Nh/aED5QSmA+qiYuOE/vQ4mN3UW/
4dYVImnvs2SvXEHw846Eo2usXcCSFotgCGAfaf6CSC/rlwXDRaa7jyvOHkbGS9fh
30tziYgGOGEAssiWmqTySSYJqlChyNl6pPUaaF9tSvxlKDIn0Ysz
-----END CERTIFICATE-----