Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/R9E_qtj1VUjv3jJ8H84LoeWhd-Y.roa
File:                     R9E_qtj1VUjv3jJ8H84LoeWhd-Y.roa (raw, json)
Hash identifier:          e3y1w4/pEQBqLE2b/SIgYWYr4YtTdvlqNQkpHYOPhyQ=
Subject key identifier:   47:D1:3F:AA:D8:F5:55:48:EF:DE:32:7C:1F:CE:0B:A1:E5:A1:77:E6
Certificate issuer:       /CN=c1eb076d16702c7dbea972e2972ef576a1f2c873
Certificate serial:       01993DF38D678364F189532225F9228D4DB5
Authority key identifier: C1:EB:07:6D:16:70:2C:7D:BE:A9:72:E2:97:2E:F5:76:A1:F2:C8:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wesHbRZwLH2-qXLily71dqHyyHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/R9E_qtj1VUjv3jJ8H84LoeWhd-Y.roa
Signing time:             Fri 12 Sep 2025 12:43:15 +0000
ROA not before:           Fri 12 Sep 2025 12:43:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61236
IP address blocks:        91.238.72.0/23 maxlen: 24
                          185.14.104.0/22 maxlen: 24
                          2a03:acc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/wesHbRZwLH2-qXLily71dqHyyHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/wesHbRZwLH2-qXLily71dqHyyHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wesHbRZwLH2-qXLily71dqHyyHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3d:f3:8d:67:83:64:f1:89:53:22:25:f9:22:8d:4d:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1eb076d16702c7dbea972e2972ef576a1f2c873
        Validity
            Not Before: Sep 12 12:43:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47d13faad8f55548efde327c1fce0ba1e5a177e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:d1:f1:23:98:66:d9:af:a8:f5:0a:2f:35:37:
                    de:29:7c:04:dd:08:af:da:43:a9:34:d2:1e:12:59:
                    c2:fb:ed:a7:67:68:1e:f7:e9:55:c5:8b:67:4f:ea:
                    25:19:88:90:8e:75:2e:7d:5c:3e:97:9c:14:3c:58:
                    94:2d:4a:f0:6b:f9:a9:50:03:34:b2:92:23:63:fd:
                    78:05:2b:e6:81:da:bf:78:55:e6:99:8b:d4:72:d7:
                    4b:fd:eb:4a:d6:bc:18:b6:a7:00:93:9c:dd:ec:7c:
                    46:49:74:87:87:8e:5b:29:b8:cf:f9:84:db:a5:eb:
                    55:58:b3:c6:8a:20:f4:92:59:1e:5b:fb:65:3b:50:
                    db:59:c3:b0:c6:fd:73:0c:de:1c:67:61:44:e7:7e:
                    63:9f:e1:aa:ea:42:77:38:78:d7:88:f8:13:10:28:
                    e3:ce:80:36:f7:55:b6:8f:b7:c2:b9:96:fa:cc:c3:
                    ca:3f:de:ca:9c:30:07:a2:a8:43:2c:b9:5b:7b:b9:
                    60:89:1a:7e:e2:d7:e2:bc:25:de:18:a5:dc:65:2a:
                    76:9b:bc:0f:ee:83:42:49:1f:b6:59:2d:84:2e:6c:
                    7f:7b:d7:7c:8d:d7:f4:d1:03:3a:bd:98:c2:02:c4:
                    96:41:5b:b5:cd:1c:95:6c:92:80:a4:b6:6a:7e:09:
                    43:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:D1:3F:AA:D8:F5:55:48:EF:DE:32:7C:1F:CE:0B:A1:E5:A1:77:E6
            X509v3 Authority Key Identifier:
                keyid:C1:EB:07:6D:16:70:2C:7D:BE:A9:72:E2:97:2E:F5:76:A1:F2:C8:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wesHbRZwLH2-qXLily71dqHyyHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/R9E_qtj1VUjv3jJ8H84LoeWhd-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/wesHbRZwLH2-qXLily71dqHyyHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.72.0/23
                  185.14.104.0/22
                IPv6:
                  2a03:acc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:f7:e5:18:a2:70:3d:e1:f5:5c:a2:18:ba:61:bc:ed:77:05:
         50:e0:50:4c:68:3a:ba:46:f9:3c:52:fd:d6:32:dc:bf:6c:6a:
         68:48:8d:32:2c:c8:41:82:e6:a0:ef:70:72:57:b3:a5:f0:b0:
         46:b7:6e:67:16:af:32:99:d7:49:b9:2c:99:54:19:ee:a3:9e:
         fb:64:27:f7:55:9c:1d:23:ec:07:f5:cc:2d:4a:c4:12:98:d8:
         44:30:29:61:ca:1a:99:2b:28:2e:66:5f:2d:b0:31:ba:de:aa:
         13:b8:a1:88:fa:ca:10:c5:dc:c3:f4:e9:88:b4:d5:c3:80:bd:
         fe:14:19:2b:b2:13:cb:13:c9:4d:11:63:f6:25:d0:bb:8c:39:
         8b:ee:89:b7:28:e6:dc:3d:6c:a4:45:7e:61:72:e6:19:e1:a7:
         f6:a8:f9:f8:46:7b:b7:78:c6:a8:d8:3d:3e:50:2d:1b:2e:a1:
         06:2c:2b:ca:b4:11:fa:4b:91:79:05:e2:11:15:a0:29:bd:42:
         0a:04:9d:b7:c6:2a:a8:a1:04:bb:45:3f:df:bc:97:7b:a0:b7:
         59:2f:0b:d0:7c:1a:7e:4a:f6:a6:83:df:c9:44:99:3b:bc:0b:
         79:85:ad:64:06:dd:57:f3:62:38:c6:3d:06:85:7b:8f:dc:e6:
         75:43:10:ed
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZk9841ng2TxiVMiJfkijU21MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZWIwNzZkMTY3MDJjN2RiZWE5NzJlMjk3MmVmNTc2YTFm
MmM4NzMwHhcNMjUwOTEyMTI0MzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2QxM2ZhYWQ4ZjU1NTQ4ZWZkZTMyN2MxZmNlMGJhMWU1YTE3N2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3tHxI5hm2a+o9QovNTfeKXwE3Qiv
2kOpNNIeElnC++2nZ2ge9+lVxYtnT+olGYiQjnUufVw+l5wUPFiULUrwa/mpUAM0
spIjY/14BSvmgdq/eFXmmYvUctdL/etK1rwYtqcAk5zd7HxGSXSHh45bKbjP+YTb
petVWLPGiiD0klkeW/tlO1DbWcOwxv1zDN4cZ2FE535jn+Gq6kJ3OHjXiPgTECjj
zoA291W2j7fCuZb6zMPKP97KnDAHoqhDLLlbe7lgiRp+4tfivCXeGKXcZSp2m7wP
7oNCSR+2WS2ELmx/e9d8jdf00QM6vZjCAsSWQVu1zRyVbJKApLZqfglDkQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEfRP6rY9VVI794yfB/OC6HloXfmMB8GA1UdIwQY
MBaAFMHrB20WcCx9vqly4pcu9Xah8shzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2VzSGJSWndMSDItcVhMaWx5NzFkcUh5eUhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9hNDNjNmUtMzQ5Yy00OTE0LThkYTMt
NmMzMmE2YWIxZWYyLzEvUjlFX3F0ajFWVWp2M2pKOEg4NExvZVdoZC1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9hNDNjNmUtMzQ5Yy00OTE0LThkYTMtNmMzMmE2YWIxZWYy
LzEvd2VzSGJSWndMSDItcVhMaWx5NzFkcUh5eUhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBW+5IAwQC
uQ5oMA0EAgACMAcDBQAqA6zAMA0GCSqGSIb3DQEBCwUAA4IBAQBn9+UYonA94fVc
ohi6YbztdwVQ4FBMaDq6Rvk8Uv3WMty/bGpoSI0yLMhBguag73ByV7Ol8LBGt25n
Fq8ymddJuSyZVBnuo577ZCf3VZwdI+wH9cwtSsQSmNhEMClhyhqZKyguZl8tsDG6
3qoTuKGI+soQxdzD9OmItNXDgL3+FBkrshPLE8lNEWP2JdC7jDmL7om3KObcPWyk
RX5hcuYZ4af2qPn4Rnu3eMao2D0+UC0bLqEGLCvKtBH6S5F5BeIRFaApvUIKBJ23
xiqooQS7RT/fvJd7oLdZLwvQfBp+Svamg9/JRJk7vAt5ha1kBt1X82I4xj0GhXuP
3OZ1QxDt
-----END CERTIFICATE-----