Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/9GIcachBDcZvwwYqNgHNSQLvQ5s.roa
File:                     9GIcachBDcZvwwYqNgHNSQLvQ5s.roa (raw, json)
Hash identifier:          wi2M3C61jsUda8VoSUZ7nSH+cBmsMpvzQrEGc3StX2g=
Subject key identifier:   F4:62:1C:69:C8:41:0D:C6:6F:C3:06:2A:36:01:CD:49:02:EF:43:9B
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       019E40BA60FC066E0B0991B498A12BD7F2A5
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/9GIcachBDcZvwwYqNgHNSQLvQ5s.roa
Signing time:             Tue 19 May 2026 14:53:36 +0000
ROA not before:           Tue 19 May 2026 14:53:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25145
IP address blocks:        213.238.160.0/24 maxlen: 24
                          213.238.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:40:ba:60:fc:06:6e:0b:09:91:b4:98:a1:2b:d7:f2:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: May 19 14:53:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f4621c69c8410dc66fc3062a3601cd4902ef439b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1c:e2:25:dd:4d:4d:99:1b:26:a5:0d:b8:22:
                    85:ec:db:b0:34:a9:2e:4c:0a:37:fb:09:4b:ef:05:
                    01:e4:30:4c:f0:7c:ac:1f:df:d6:f0:91:1b:aa:e9:
                    16:be:d3:52:1b:61:18:3c:20:f4:17:63:75:72:f4:
                    39:27:d4:01:bc:0a:65:0a:85:b3:8b:08:80:b4:6f:
                    cf:05:5b:9b:2b:06:58:88:ad:df:78:de:a4:50:9a:
                    53:f1:43:6b:7d:6b:da:17:94:e9:72:5b:d6:6e:07:
                    e5:34:30:e6:71:29:5a:99:55:01:e6:0a:bb:b9:1e:
                    b8:2a:46:52:a8:13:b8:09:69:17:5b:ca:04:04:31:
                    e7:09:d6:77:c0:86:dd:99:e8:32:13:8d:bb:dd:b6:
                    44:c4:70:b5:bc:8e:d1:eb:fe:ba:9f:d8:55:90:32:
                    4c:fb:7e:42:df:92:4c:60:49:3f:96:0d:8e:ae:2e:
                    59:a6:26:a3:77:89:ea:f0:2e:81:d2:b3:7b:e3:16:
                    a3:9f:08:c1:25:80:fb:d4:80:3a:fc:95:c8:48:61:
                    a7:77:76:04:8d:5d:94:20:7c:5b:c4:58:c4:a2:fb:
                    b0:98:93:e7:5d:d6:c1:78:0d:2a:ea:05:b1:f0:da:
                    14:a5:bc:c7:2d:df:23:ec:7c:33:f9:c6:1d:7a:f8:
                    3c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:62:1C:69:C8:41:0D:C6:6F:C3:06:2A:36:01:CD:49:02:EF:43:9B
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/9GIcachBDcZvwwYqNgHNSQLvQ5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.160.0/24
                  213.238.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:40:d2:05:87:45:c0:91:4d:40:32:ec:d7:ae:24:d9:c2:1d:
         5b:ff:1d:96:41:6e:48:42:5a:8f:de:36:02:ac:cc:c8:12:56:
         6d:57:86:b7:df:41:88:1c:05:99:74:ac:69:31:6f:b3:bb:99:
         42:5b:28:33:95:cb:9e:d7:4d:2d:32:8b:76:d5:e9:4b:ed:58:
         de:d6:c7:d5:a7:84:b3:b1:ec:51:99:22:37:c8:45:60:89:be:
         11:1b:b2:fc:29:45:e2:bf:fd:a4:f3:b8:a7:eb:a3:60:26:7b:
         2b:2a:97:ae:ef:99:d4:f2:d9:80:bd:8c:1c:f8:f3:51:a0:86:
         d3:ef:a0:c2:69:f0:86:e3:55:ee:d8:bc:dc:e1:c7:2f:5d:16:
         ac:b9:46:bc:22:80:a3:38:a0:a4:9e:5d:fc:91:6b:c1:4a:47:
         86:d9:ea:bc:db:29:93:6d:27:7e:df:dd:1b:e4:21:2b:22:31:
         49:6c:05:41:b2:44:7e:99:0e:64:6d:35:6e:be:d9:3d:5e:b2:
         e3:ab:d4:f1:ee:0f:ca:14:61:55:c9:62:6e:a7:fa:e5:53:c4:
         c4:74:e2:94:68:d3:33:21:23:cf:e6:af:41:ad:9c:5a:b9:d0:
         42:1e:64:2f:e5:4a:b6:dc:40:dc:e9:2b:ee:bd:87:a1:8c:e3:
         14:ba:20:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5AumD8Bm4LCZG0mKEr1/KlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjYwNTE5MTQ1MzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDYyMWM2OWM4NDEwZGM2NmZjMzA2MmEzNjAxY2Q0OTAyZWY0MzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohziJd1NTZkbJqUNuCKF7NuwNKku
TAo3+wlL7wUB5DBM8HysH9/W8JEbqukWvtNSG2EYPCD0F2N1cvQ5J9QBvAplCoWz
iwiAtG/PBVubKwZYiK3feN6kUJpT8UNrfWvaF5TpclvWbgflNDDmcSlamVUB5gq7
uR64KkZSqBO4CWkXW8oEBDHnCdZ3wIbdmegyE4273bZExHC1vI7R6/66n9hVkDJM
+35C35JMYEk/lg2Ori5Zpiajd4nq8C6B0rN74xajnwjBJYD71IA6/JXISGGnd3YE
jV2UIHxbxFjEovuwmJPnXdbBeA0q6gWx8NoUpbzHLd8j7Hwz+cYdevg82QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPRiHGnIQQ3Gb8MGKjYBzUkC70ObMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvOUdJY2FjaEJEY1p2d3dZcU5nSE5TUUx2UTVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1e6gAwQA
1e6oMA0GCSqGSIb3DQEBCwUAA4IBAQCIQNIFh0XAkU1AMuzXriTZwh1b/x2WQW5I
QlqP3jYCrMzIElZtV4a330GIHAWZdKxpMW+zu5lCWygzlcue100tMot21elL7Vje
1sfVp4SzsexRmSI3yEVgib4RG7L8KUXiv/2k87in66NgJnsrKpeu75nU8tmAvYwc
+PNRoIbT76DCafCG41Xu2Lzc4ccvXRasuUa8IoCjOKCknl38kWvBSkeG2eq82ymT
bSd+390b5CErIjFJbAVBskR+mQ5kbTVuvtk9XrLjq9Tx7g/KFGFVyWJup/rlU8TE
dOKUaNMzISPP5q9BrZxaudBCHmQv5Uq23EDc6SvuvYehjOMUuiBD
-----END CERTIFICATE-----