Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/9hQpwIm1DZAst51hiEl_2tmCsXI.roa
File:                     9hQpwIm1DZAst51hiEl_2tmCsXI.roa (raw, json)
Hash identifier:          +NIpZnYNyfdjDsWB36dEl0YRtLioEvnM5GHzLPvZkhI=
Subject key identifier:   F6:14:29:C0:89:B5:0D:90:2C:B7:9D:61:88:49:7F:DA:D9:82:B1:72
Certificate issuer:       /CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
Certificate serial:       019DF2FEAA581D21CC1C2F11F76889887202
Authority key identifier: 30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/9hQpwIm1DZAst51hiEl_2tmCsXI.roa
Signing time:             Mon 04 May 2026 12:37:49 +0000
ROA not before:           Mon 04 May 2026 12:37:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198588
IP address blocks:        188.246.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 21:44:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f2:fe:aa:58:1d:21:cc:1c:2f:11:f7:68:89:88:72:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
        Validity
            Not Before: May  4 12:37:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f61429c089b50d902cb79d6188497fdad982b172
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:7d:a0:c8:18:be:c4:78:6d:0e:a4:64:32:3c:
                    16:51:17:95:23:12:74:08:d3:f0:a5:20:49:c5:5b:
                    77:ff:2a:64:99:57:f4:b3:ac:8c:e6:dc:bf:6e:98:
                    bd:9f:b1:e4:5f:b6:d4:43:af:4b:6e:5b:3b:c9:a0:
                    b4:aa:85:03:22:0e:66:de:70:6b:b6:ae:88:36:0b:
                    e6:5a:83:d2:51:66:a3:31:bd:c0:39:0f:b7:df:c0:
                    51:3f:40:00:fc:aa:30:bf:d2:79:71:48:15:10:3d:
                    e9:00:ad:62:09:62:04:25:a7:60:3b:92:44:ef:60:
                    31:1f:b7:e6:6e:90:68:a4:ed:de:d8:f2:32:c8:c3:
                    cd:fc:d8:ae:85:f2:f3:35:ae:4e:63:23:cd:aa:77:
                    13:01:d2:f2:ee:4e:c9:aa:f4:20:0d:b8:db:73:5f:
                    94:e1:6f:28:af:17:7a:9d:d9:d1:f9:3a:c4:78:04:
                    c1:23:8e:f4:40:f1:c8:c5:1d:3c:d6:37:76:9c:2c:
                    40:2c:d4:34:ab:de:ba:8d:8e:e3:13:69:bf:30:e5:
                    c3:ff:42:16:cf:db:57:81:0b:84:97:9e:3a:1b:ee:
                    03:c3:8a:b5:1b:2f:42:76:07:d6:76:57:a9:04:f6:
                    a2:d9:ee:63:99:99:c9:75:05:08:c1:59:3e:6a:0c:
                    43:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:14:29:C0:89:B5:0D:90:2C:B7:9D:61:88:49:7F:DA:D9:82:B1:72
            X509v3 Authority Key Identifier:
                keyid:30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/9hQpwIm1DZAst51hiEl_2tmCsXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.246.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:ff:1a:e6:a4:93:64:76:0d:48:0c:69:cf:bd:71:7a:af:fa:
         68:d8:74:18:3a:8e:21:da:9f:ff:60:d9:7c:e5:65:02:a7:2f:
         bc:18:b3:3b:59:8f:41:8e:62:b8:d8:19:1f:5d:29:a6:94:2f:
         0d:aa:8f:a0:b6:4f:ab:45:70:e7:36:f2:6f:7e:d7:ca:61:c3:
         7d:e3:05:2e:6a:2b:44:16:fd:68:80:1c:39:6c:0a:3b:9e:96:
         57:cd:7c:02:60:9a:a0:65:5f:07:56:f6:7a:a4:a6:06:04:f5:
         a6:bf:14:b6:23:e4:21:a0:30:de:36:9f:a7:a5:da:ad:0c:3a:
         12:90:c4:62:3e:ee:6b:0e:fc:d6:e6:ab:1a:49:1e:9d:a9:e7:
         de:1b:5f:b8:70:92:e0:b9:b7:0a:a0:bd:f4:f6:1c:ca:9e:5a:
         15:11:f6:1b:f3:28:44:e7:0e:a7:9e:b8:b4:52:6c:62:9d:02:
         66:4c:ee:8a:38:ba:2f:cb:40:a1:ae:98:01:66:0f:04:a3:13:
         86:3d:9c:ce:af:d8:32:91:a6:a3:2c:c3:8b:33:d2:22:1f:9b:
         3c:e5:e5:f3:e3:a6:26:40:5c:b7:8b:37:f0:ab:1f:b6:2b:de:
         41:d2:a7:3a:47:28:92:77:5e:62:42:6b:7a:16:e1:1d:1b:a6:
         ed:eb:f7:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3y/qpYHSHMHC8R92iJiHICMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjdhNjMxYmI2NzM4ZWI2OGJiNmVhNmM0MjRlZjRhN2Qx
NGMzY2IwHhcNMjYwNTA0MTIzNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjE0MjljMDg5YjUwZDkwMmNiNzlkNjE4ODQ5N2ZkYWQ5ODJiMTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1X2gyBi+xHhtDqRkMjwWUReVIxJ0
CNPwpSBJxVt3/ypkmVf0s6yM5ty/bpi9n7HkX7bUQ69Lbls7yaC0qoUDIg5m3nBr
tq6INgvmWoPSUWajMb3AOQ+338BRP0AA/Kowv9J5cUgVED3pAK1iCWIEJadgO5JE
72AxH7fmbpBopO3e2PIyyMPN/NiuhfLzNa5OYyPNqncTAdLy7k7JqvQgDbjbc1+U
4W8orxd6ndnR+TrEeATBI470QPHIxR081jd2nCxALNQ0q966jY7jE2m/MOXD/0IW
z9tXgQuEl546G+4Dw4q1Gy9CdgfWdlepBPai2e5jmZnJdQUIwVk+agxDwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPYUKcCJtQ2QLLedYYhJf9rZgrFyMB8GA1UdIwQY
MBaAFDAnpjG7ZzjraLtupsQk70p9FMPLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYt
MWRkNmQyODFjODhhLzEvOWhRcHdJbTFEWkFzdDUxaGlFbF8ydG1Dc1hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYtMWRkNmQyODFjODhh
LzEvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPbWMA0G
CSqGSIb3DQEBCwUAA4IBAQA8/xrmpJNkdg1IDGnPvXF6r/po2HQYOo4h2p//YNl8
5WUCpy+8GLM7WY9BjmK42BkfXSmmlC8Nqo+gtk+rRXDnNvJvftfKYcN94wUuaitE
Fv1ogBw5bAo7npZXzXwCYJqgZV8HVvZ6pKYGBPWmvxS2I+QhoDDeNp+npdqtDDoS
kMRiPu5rDvzW5qsaSR6dqefeG1+4cJLgubcKoL309hzKnloVEfYb8yhE5w6nnri0
UmxinQJmTO6KOLovy0ChrpgBZg8EoxOGPZzOr9gykaajLMOLM9IiH5s85eXz46Ym
QFy3izfwqx+2K95B0qc6RyiSd15iQmt6FuEdG6bt6/d6
-----END CERTIFICATE-----