Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/9M-CJkVBZVuqIwi3Sawh0isCz1k.roa
File:                     9M-CJkVBZVuqIwi3Sawh0isCz1k.roa (raw, json)
Hash identifier:          aFU0pADsAbTvFke0dF4U47/0s76HwBtoQCpl6QnSuNI=
Subject key identifier:   F4:CF:82:26:45:41:65:5B:AA:23:08:B7:49:AC:21:D2:2B:02:CF:59
Certificate issuer:       /CN=005ff9cc89c66a8a3a5d734a0d65c61fdc8518be
Certificate serial:       019D068D3155585D1F6220D265FBF7B82646
Authority key identifier: 00:5F:F9:CC:89:C6:6A:8A:3A:5D:73:4A:0D:65:C6:1F:DC:85:18:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AF_5zInGaoo6XXNKDWXGH9yFGL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/9M-CJkVBZVuqIwi3Sawh0isCz1k.roa
Signing time:             Thu 19 Mar 2026 14:43:29 +0000
ROA not before:           Thu 19 Mar 2026 14:43:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8422
IP address blocks:        213.160.92.0/23 maxlen: 23
                          2a03:2901::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/AF_5zInGaoo6XXNKDWXGH9yFGL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/AF_5zInGaoo6XXNKDWXGH9yFGL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AF_5zInGaoo6XXNKDWXGH9yFGL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:8d:31:55:58:5d:1f:62:20:d2:65:fb:f7:b8:26:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=005ff9cc89c66a8a3a5d734a0d65c61fdc8518be
        Validity
            Not Before: Mar 19 14:43:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f4cf82264541655baa2308b749ac21d22b02cf59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:9b:5a:74:5a:29:22:e8:8e:fd:dd:61:9b:f2:
                    df:bb:16:93:61:36:b4:6c:04:ea:b1:b9:12:dd:e7:
                    75:32:57:18:a1:98:91:d7:b6:df:3a:85:cc:55:da:
                    e8:f7:c5:61:0c:9a:93:f1:ea:bd:55:ad:12:9b:31:
                    26:f0:f3:26:f1:1e:19:01:8d:91:ec:d6:04:e2:a0:
                    f2:1f:27:ee:a2:bf:69:fe:e4:53:ca:60:2f:8c:a4:
                    a1:f7:3b:70:33:91:6f:ca:3e:e5:aa:ee:77:bb:da:
                    1d:16:b7:ef:1b:17:31:e4:cf:d5:ee:48:e8:28:f3:
                    cf:45:c5:38:6b:2e:5f:09:ff:ae:28:f4:7f:3f:19:
                    d9:85:6c:26:24:ad:92:7f:dd:52:7f:c3:c8:55:81:
                    54:88:6a:1a:28:d5:73:f0:cd:66:91:91:42:82:2c:
                    c7:8e:68:92:71:ec:77:be:4e:c8:66:11:0d:97:d6:
                    8b:b2:b4:05:3a:9a:6d:62:e1:a5:96:82:31:3c:c5:
                    f4:ae:7b:06:91:b3:75:69:49:d6:b5:56:0c:8a:8d:
                    b5:42:8f:f7:9b:1c:5b:c8:b8:68:f6:53:84:c7:3d:
                    42:67:36:51:7b:9b:82:81:82:3f:4d:ae:82:39:70:
                    7b:cb:ba:97:83:3a:10:ac:3d:9c:75:9e:81:80:95:
                    e7:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:CF:82:26:45:41:65:5B:AA:23:08:B7:49:AC:21:D2:2B:02:CF:59
            X509v3 Authority Key Identifier:
                keyid:00:5F:F9:CC:89:C6:6A:8A:3A:5D:73:4A:0D:65:C6:1F:DC:85:18:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AF_5zInGaoo6XXNKDWXGH9yFGL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/9M-CJkVBZVuqIwi3Sawh0isCz1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/d53c78-0d5b-4237-9999-0e2d697b27e3/1/AF_5zInGaoo6XXNKDWXGH9yFGL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.160.92.0/23
                IPv6:
                  2a03:2901::/32

    Signature Algorithm: sha256WithRSAEncryption
         0d:85:a5:e2:e6:a3:18:b7:91:77:7c:bc:a3:36:28:bb:5d:06:
         ef:2f:f6:9a:82:34:40:8d:e9:a5:1b:5e:0b:8a:af:7e:d2:15:
         b9:b0:ce:21:a4:cb:10:4e:30:82:f6:0e:c0:ac:29:d5:5c:69:
         36:ac:01:bb:14:c1:d3:81:cb:b8:d8:77:49:43:3e:2e:bb:cf:
         a0:37:af:23:68:2a:b6:f7:f4:49:da:ef:58:2a:83:c1:da:f0:
         30:27:bc:2a:11:2f:44:43:fa:99:42:c5:4d:fa:26:48:fb:c0:
         a8:15:aa:75:fe:ad:d1:35:78:4f:c9:b0:33:b7:ca:e1:b0:5b:
         d7:4d:dc:0d:87:0b:b5:ca:d3:d6:ed:0e:43:7a:07:05:1d:a1:
         c6:5f:4b:97:76:06:21:d6:e3:65:a7:c6:11:5c:d7:3b:4c:e5:
         92:91:dc:e2:01:f5:54:c7:1b:ad:46:55:88:a8:77:74:bc:80:
         29:a4:03:5b:d8:2e:e0:4f:fb:e5:f8:d7:c7:a4:52:4c:19:cd:
         10:32:63:f3:45:9d:50:16:d2:eb:eb:46:23:cc:bd:ca:ac:c9:
         5a:82:b6:3d:72:e1:1e:22:0b:47:4e:4e:07:35:34:2f:b3:88:
         2b:07:7f:5d:a6:4e:f4:b3:7d:8f:be:c4:48:dc:a6:81:ea:03:
         78:b1:10:bf
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ0GjTFVWF0fYiDSZfv3uCZGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNWZmOWNjODljNjZhOGEzYTVkNzM0YTBkNjVjNjFmZGM4
NTE4YmUwHhcNMjYwMzE5MTQ0MzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGNmODIyNjQ1NDE2NTViYWEyMzA4Yjc0OWFjMjFkMjJiMDJjZjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5tadFopIuiO/d1hm/LfuxaTYTa0
bATqsbkS3ed1MlcYoZiR17bfOoXMVdro98VhDJqT8eq9Va0SmzEm8PMm8R4ZAY2R
7NYE4qDyHyfuor9p/uRTymAvjKSh9ztwM5Fvyj7lqu53u9odFrfvGxcx5M/V7kjo
KPPPRcU4ay5fCf+uKPR/PxnZhWwmJK2Sf91Sf8PIVYFUiGoaKNVz8M1mkZFCgizH
jmiScex3vk7IZhENl9aLsrQFOpptYuGlloIxPMX0rnsGkbN1aUnWtVYMio21Qo/3
mxxbyLho9lOExz1CZzZRe5uCgYI/Ta6COXB7y7qXgzoQrD2cdZ6BgJXn/wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPTPgiZFQWVbqiMIt0msIdIrAs9ZMB8GA1UdIwQY
MBaAFABf+cyJxmqKOl1zSg1lxh/chRi+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUZfNXpJbkdhb282WFhOS0RXWEdIOXlGR0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9kNTNjNzgtMGQ1Yi00MjM3LTk5OTkt
MGUyZDY5N2IyN2UzLzEvOU0tQ0prVkJaVnVxSXdpM1Nhd2gwaXNDejFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9kNTNjNzgtMGQ1Yi00MjM3LTk5OTktMGUyZDY5N2IyN2Uz
LzEvQUZfNXpJbkdhb282WFhOS0RXWEdIOXlGR0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQB1aBcMA0E
AgACMAcDBQAqAykBMA0GCSqGSIb3DQEBCwUAA4IBAQANhaXi5qMYt5F3fLyjNii7
XQbvL/aagjRAjemlG14Liq9+0hW5sM4hpMsQTjCC9g7ArCnVXGk2rAG7FMHTgcu4
2HdJQz4uu8+gN68jaCq29/RJ2u9YKoPB2vAwJ7wqES9EQ/qZQsVN+iZI+8CoFap1
/q3RNXhPybAzt8rhsFvXTdwNhwu1ytPW7Q5DegcFHaHGX0uXdgYh1uNlp8YRXNc7
TOWSkdziAfVUxxutRlWIqHd0vIAppANb2C7gT/vl+NfHpFJMGc0QMmPzRZ1QFtLr
60YjzL3KrMlagrY9cuEeIgtHTk4HNTQvs4grB39dpk70s32PvsRI3KaB6gN4sRC/
-----END CERTIFICATE-----