Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/hJHifVMBaH30EqpePenT1Sqap70.roa
File:                     hJHifVMBaH30EqpePenT1Sqap70.roa (raw, json)
Hash identifier:          QomOS52IIn3hGg0bKejEi6GxR/26/6+mZUMxHEwlzCc=
Subject key identifier:   84:91:E2:7D:53:01:68:7D:F4:12:AA:5E:3D:E9:D3:D5:2A:9A:A7:BD
Certificate issuer:       /CN=d25622457a1be33a01258866a067e0447dfd8964
Certificate serial:       0199379994EDE64CEBBC57C19C7D0A7508FC
Authority key identifier: D2:56:22:45:7A:1B:E3:3A:01:25:88:66:A0:67:E0:44:7D:FD:89:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/hJHifVMBaH30EqpePenT1Sqap70.roa
Signing time:             Thu 11 Sep 2025 07:07:15 +0000
ROA not before:           Thu 11 Sep 2025 07:07:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214238
IP address blocks:        185.234.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:37:99:94:ed:e6:4c:eb:bc:57:c1:9c:7d:0a:75:08:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d25622457a1be33a01258866a067e0447dfd8964
        Validity
            Not Before: Sep 11 07:07:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8491e27d5301687df412aa5e3de9d3d52a9aa7bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:86:24:e1:9a:70:06:a8:68:26:21:da:59:a8:
                    5d:a4:39:d3:99:8e:ad:04:4d:b4:30:c7:b4:ed:e4:
                    09:a5:61:73:2f:e9:6b:c6:8d:64:14:64:08:8f:12:
                    57:06:c8:ed:13:80:bd:4e:2d:6e:02:36:73:24:03:
                    38:08:d3:33:af:25:e5:eb:14:f7:f9:af:e6:86:7b:
                    3c:f6:21:f9:0d:d1:6f:50:ac:f1:a7:1a:e2:f6:f6:
                    38:c0:21:5c:5e:c3:4c:b6:89:29:8c:7a:40:27:08:
                    99:35:e5:14:a6:ac:43:3c:7d:39:c7:3c:0d:91:36:
                    8e:d5:3e:f4:b4:5a:3f:59:75:5f:aa:9d:52:34:a2:
                    41:05:72:e0:4a:37:eb:04:c2:53:95:b2:b2:de:aa:
                    a6:4a:36:98:35:0c:76:eb:41:65:5f:4a:76:9b:53:
                    de:45:1d:12:92:a4:ee:46:0f:e7:a3:c2:74:3b:12:
                    bd:45:ce:93:70:f2:44:36:42:9d:91:24:b9:98:c5:
                    3c:df:9f:77:6b:03:e0:fa:f8:75:c8:b6:ba:a0:a1:
                    1a:ac:93:95:c2:54:59:f7:6a:f1:37:2c:e3:fd:c7:
                    f6:1c:47:cd:b5:a6:9e:fd:ac:ba:2b:07:32:2d:83:
                    62:35:1b:aa:04:b5:47:f5:61:41:af:37:83:b3:96:
                    73:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:91:E2:7D:53:01:68:7D:F4:12:AA:5E:3D:E9:D3:D5:2A:9A:A7:BD
            X509v3 Authority Key Identifier:
                keyid:D2:56:22:45:7A:1B:E3:3A:01:25:88:66:A0:67:E0:44:7D:FD:89:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/hJHifVMBaH30EqpePenT1Sqap70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:16:d2:f9:ba:2d:f7:ea:da:d2:69:68:c2:a7:ae:b0:08:5d:
         48:e5:f7:26:80:33:52:63:7f:2e:49:98:bb:cf:58:c0:a4:83:
         5d:d4:89:97:15:ca:79:15:1f:d2:25:35:9b:ca:fc:d4:74:4d:
         19:84:8a:6e:12:89:23:e6:6b:35:a4:21:40:61:5c:06:75:ac:
         9e:ef:e7:38:ab:7b:f0:e4:91:8f:ea:0f:48:a2:82:76:4e:be:
         70:cf:2b:3b:19:b5:99:c8:58:3f:5f:df:ef:fb:89:fb:6d:35:
         65:87:2e:44:f8:97:27:cd:3b:2d:e4:9f:1e:d2:9b:0f:b3:8f:
         ca:b9:7e:f6:2a:75:c7:29:7b:f9:4c:1a:a8:70:78:ff:c2:73:
         57:68:33:ac:77:bf:1e:98:c6:a4:a5:fc:5d:e6:e3:30:32:17:
         e9:48:bb:60:bb:27:67:3a:fa:5c:63:11:78:ec:20:56:e6:fc:
         f6:ac:f6:cc:b7:66:ed:a5:a1:75:bc:f3:91:32:0a:47:38:4c:
         64:ab:69:2e:e3:e9:6e:51:24:ad:ed:9e:62:d2:09:b5:bc:76:
         2a:73:20:45:b5:54:44:a5:fc:76:9a:45:b3:74:02:3d:e3:ce:
         b1:ab:60:95:35:aa:1e:0b:c9:9b:ac:56:a0:cd:0f:6d:78:f1:
         2d:38:f8:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk3mZTt5kzrvFfBnH0KdQj8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNTYyMjQ1N2ExYmUzM2EwMTI1ODg2NmEwNjdlMDQ0N2Rm
ZDg5NjQwHhcNMjUwOTExMDcwNzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDkxZTI3ZDUzMDE2ODdkZjQxMmFhNWUzZGU5ZDNkNTJhOWFhN2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYYk4ZpwBqhoJiHaWahdpDnTmY6t
BE20MMe07eQJpWFzL+lrxo1kFGQIjxJXBsjtE4C9Ti1uAjZzJAM4CNMzryXl6xT3
+a/mhns89iH5DdFvUKzxpxri9vY4wCFcXsNMtokpjHpAJwiZNeUUpqxDPH05xzwN
kTaO1T70tFo/WXVfqp1SNKJBBXLgSjfrBMJTlbKy3qqmSjaYNQx260FlX0p2m1Pe
RR0SkqTuRg/no8J0OxK9Rc6TcPJENkKdkSS5mMU83593awPg+vh1yLa6oKEarJOV
wlRZ92rxNyzj/cf2HEfNtaae/ay6KwcyLYNiNRuqBLVH9WFBrzeDs5ZziQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISR4n1TAWh99BKqXj3p09Uqmqe9MB8GA1UdIwQY
MBaAFNJWIkV6G+M6ASWIZqBn4ER9/YlkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGxZaVJYb2I0em9CSllobW9HZmdSSDM5aVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8yNmI0N2ItZjJjZS00ZjJiLTlkMzMt
NDU1NzllNDE4ZmY3LzEvaEpIaWZWTUJhSDMwRXFwZVBlblQxU3FhcDcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8yNmI0N2ItZjJjZS00ZjJiLTlkMzMtNDU1NzllNDE4ZmY3
LzEvMGxZaVJYb2I0em9CSllobW9HZmdSSDM5aVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueoJMA0G
CSqGSIb3DQEBCwUAA4IBAQA7FtL5ui336trSaWjCp66wCF1I5fcmgDNSY38uSZi7
z1jApINd1ImXFcp5FR/SJTWbyvzUdE0ZhIpuEokj5ms1pCFAYVwGdaye7+c4q3vw
5JGP6g9IooJ2Tr5wzys7GbWZyFg/X9/v+4n7bTVlhy5E+JcnzTst5J8e0psPs4/K
uX72KnXHKXv5TBqocHj/wnNXaDOsd78emMakpfxd5uMwMhfpSLtguydnOvpcYxF4
7CBW5vz2rPbMt2btpaF1vPORMgpHOExkq2ku4+luUSSt7Z5i0gm1vHYqcyBFtVRE
pfx2mkWzdAI9486xq2CVNaoeC8mbrFagzQ9tePEtOPgk
-----END CERTIFICATE-----