Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/9gkVLjQzq4u9eTX55rvk0NRZzEY.roa
File:                     9gkVLjQzq4u9eTX55rvk0NRZzEY.roa (raw, json)
Hash identifier:          hZcBmw4SfsEaoWkS6rx82VJEEjBl8KNeB0BbircjJCI=
Subject key identifier:   F6:09:15:2E:34:33:AB:8B:BD:79:35:F9:E6:BB:E4:D0:D4:59:CC:46
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       019DFCCCCAAA5D9B872EE69D9337CA48C470
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/9gkVLjQzq4u9eTX55rvk0NRZzEY.roa
Signing time:             Wed 06 May 2026 10:19:32 +0000
ROA not before:           Wed 06 May 2026 10:19:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9009
IP address blocks:        46.37.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 02:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fc:cc:ca:aa:5d:9b:87:2e:e6:9d:93:37:ca:48:c4:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: May  6 10:19:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f609152e3433ab8bbd7935f9e6bbe4d0d459cc46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:31:f3:ec:bd:b0:cb:6c:b2:3c:1d:22:36:e4:
                    ea:f6:e8:79:41:79:41:65:50:ba:10:6b:98:40:e0:
                    88:23:8b:50:3b:99:99:cc:79:3e:38:3c:e5:f0:da:
                    ad:05:fd:8c:00:15:9c:87:7c:65:d7:c9:c4:bf:25:
                    c4:e9:60:f9:93:6e:ce:f7:7a:08:f8:1e:9c:4a:46:
                    78:d0:f1:13:b4:a2:62:b5:a7:f7:0d:e4:d6:02:f4:
                    e7:5e:2d:6e:fa:67:64:2a:f1:72:15:37:79:9c:94:
                    6f:55:74:ad:5a:0a:98:81:3a:db:4b:ce:36:96:18:
                    ff:1d:e7:62:a7:c6:54:11:a1:2d:08:b9:0c:f5:4f:
                    83:1e:23:29:9c:57:1e:b0:8b:62:d0:ce:6f:0e:6f:
                    b3:14:62:0d:3b:f4:19:b7:0c:2e:1f:f0:6e:a7:55:
                    c2:38:46:ef:d1:d4:e6:07:2b:fb:b7:4b:bb:df:69:
                    44:19:dd:b2:0a:7a:e4:87:5b:66:f3:db:f1:69:72:
                    bf:70:77:d1:6d:60:06:57:26:ee:a8:1e:17:94:bd:
                    4c:a8:6f:d5:a8:0f:cc:c6:34:9d:51:11:6a:ec:b2:
                    f9:74:6c:bf:a6:0e:eb:14:bc:82:a8:24:1d:d7:66:
                    a0:52:62:84:65:bd:9f:b6:75:47:8e:1f:cb:a3:d1:
                    b4:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:09:15:2E:34:33:AB:8B:BD:79:35:F9:E6:BB:E4:D0:D4:59:CC:46
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/9gkVLjQzq4u9eTX55rvk0NRZzEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:36:a5:e8:06:da:4d:e7:fb:18:35:cb:5f:f6:25:45:8e:7f:
         5c:fc:91:46:52:65:af:db:84:0f:9f:b1:2f:14:b1:77:df:c0:
         ea:e5:02:46:d3:19:77:07:7d:46:b2:46:bb:9d:00:4d:80:55:
         2c:1f:b5:99:7f:27:cc:eb:8c:1b:b2:f1:e0:a5:3b:db:c1:c7:
         8b:1b:27:a1:26:35:9e:53:19:91:86:f5:e2:08:ed:37:75:0c:
         79:6e:a0:77:8f:f9:f0:cf:e4:48:ba:e0:ae:cf:41:dd:4a:90:
         ac:9a:79:1f:39:66:4e:d4:20:fd:1f:72:17:a2:57:f8:41:ac:
         5a:f6:36:4c:99:09:ac:0e:35:9d:50:75:08:46:3f:57:73:46:
         f5:61:51:03:e6:c3:3e:18:d6:69:fa:51:98:20:c0:61:ed:75:
         68:8b:7d:97:0a:5c:06:4f:91:c0:ef:8a:6d:d5:8a:0c:e8:92:
         53:40:7a:cc:bd:fa:cc:6e:1b:3a:54:95:96:5e:ba:ff:ed:53:
         14:b8:93:6c:53:2a:6a:e8:ce:8a:8d:22:49:29:63:82:d9:16:
         e1:e3:41:d3:ed:07:f7:57:23:90:61:2d:cf:01:9f:80:ff:ee:
         fb:36:73:c4:af:84:aa:4f:eb:72:6f:50:72:e3:1c:71:07:60:
         7e:67:0a:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ38zMqqXZuHLuadkzfKSMRwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjYwNTA2MTAxOTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjA5MTUyZTM0MzNhYjhiYmQ3OTM1ZjllNmJiZTRkMGQ0NTljYzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojHz7L2wy2yyPB0iNuTq9uh5QXlB
ZVC6EGuYQOCII4tQO5mZzHk+ODzl8NqtBf2MABWch3xl18nEvyXE6WD5k27O93oI
+B6cSkZ40PETtKJitaf3DeTWAvTnXi1u+mdkKvFyFTd5nJRvVXStWgqYgTrbS842
lhj/Hedip8ZUEaEtCLkM9U+DHiMpnFcesIti0M5vDm+zFGINO/QZtwwuH/Bup1XC
OEbv0dTmByv7t0u732lEGd2yCnrkh1tm89vxaXK/cHfRbWAGVybuqB4XlL1MqG/V
qA/MxjSdURFq7LL5dGy/pg7rFLyCqCQd12agUmKEZb2ftnVHjh/Lo9G0xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPYJFS40M6uLvXk1+ea75NDUWcxGMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvOWdrVkxqUXpxNHU5ZVRYNTVydmswTlJaekVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiV0MA0G
CSqGSIb3DQEBCwUAA4IBAQC1NqXoBtpN5/sYNctf9iVFjn9c/JFGUmWv24QPn7Ev
FLF338Dq5QJG0xl3B31Gska7nQBNgFUsH7WZfyfM64wbsvHgpTvbwceLGyehJjWe
UxmRhvXiCO03dQx5bqB3j/nwz+RIuuCuz0HdSpCsmnkfOWZO1CD9H3IXolf4Qaxa
9jZMmQmsDjWdUHUIRj9Xc0b1YVED5sM+GNZp+lGYIMBh7XVoi32XClwGT5HA74pt
1YoM6JJTQHrMvfrMbhs6VJWWXrr/7VMUuJNsUypq6M6KjSJJKWOC2Rbh40HT7Qf3
VyOQYS3PAZ+A/+77NnPEr4SqT+tyb1By4xxxB2B+ZwoE
-----END CERTIFICATE-----