Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/9CWv34Hlk5BtQHCWFV9HfDCjRIE.roa
File:                     9CWv34Hlk5BtQHCWFV9HfDCjRIE.roa (raw, json)
Hash identifier:          iB3mJNj1XXlzZYcQ3iIXPGhJD3LLE726f/hGPrAHgbg=
Subject key identifier:   F4:25:AF:DF:81:E5:93:90:6D:40:70:96:15:5F:47:7C:30:A3:44:81
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       019E2B3ECF3C6A36B72C0764824ECD01671F
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/9CWv34Hlk5BtQHCWFV9HfDCjRIE.roa
Signing time:             Fri 15 May 2026 10:46:36 +0000
ROA not before:           Fri 15 May 2026 10:46:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        109.111.32.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2b:3e:cf:3c:6a:36:b7:2c:07:64:82:4e:cd:01:67:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: May 15 10:46:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f425afdf81e593906d407096155f477c30a34481
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:9c:c1:84:4f:52:8f:b1:17:20:9b:7e:ad:13:
                    26:11:15:b5:3b:0e:73:bc:cd:40:96:36:2a:32:3d:
                    0b:f5:f6:57:bd:7c:87:ae:bb:89:d9:02:6b:ab:8d:
                    a0:e6:e2:c7:bc:e8:ee:db:40:b5:e6:67:53:5b:3c:
                    2c:cf:95:49:d8:8b:70:f1:47:8b:6a:2c:42:95:4a:
                    63:6c:c7:ca:f4:be:b1:4a:99:ff:ea:f1:3c:4a:87:
                    6a:85:1b:11:95:a8:c5:b6:52:52:04:eb:40:96:10:
                    28:ea:9a:3c:dd:85:d7:9c:15:14:dc:5d:8c:5a:a4:
                    3e:e8:82:f7:0c:9e:5d:55:ee:db:4c:d7:e2:1e:59:
                    39:f9:93:58:15:41:e5:a8:da:56:98:18:7b:4c:c2:
                    8f:38:63:9a:ab:4c:e5:50:f7:4f:8d:af:9b:6b:f8:
                    5c:8d:18:74:18:86:b4:55:ee:7e:25:3d:1a:6d:7b:
                    f6:30:95:32:70:a8:03:62:17:5d:c4:4c:c2:86:ac:
                    f3:78:b1:a7:40:f9:48:cf:62:f4:e1:f5:4d:70:45:
                    fa:7c:a9:53:fe:98:2d:e1:9f:c0:93:f5:f5:ff:49:
                    93:12:e0:dc:b8:74:51:b2:02:48:d4:b8:8f:fa:93:
                    85:e4:74:c5:84:b3:ae:64:6b:ea:d5:3f:b2:1c:bb:
                    59:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:25:AF:DF:81:E5:93:90:6D:40:70:96:15:5F:47:7C:30:A3:44:81
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/9CWv34Hlk5BtQHCWFV9HfDCjRIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:b9:b3:e7:36:22:9d:39:81:29:49:32:f3:f2:2c:53:18:52:
         82:7a:71:6f:34:5a:90:d0:b0:c6:18:7e:53:d7:d0:ce:e3:a3:
         14:46:cd:7a:a3:12:22:fb:2e:1a:ba:30:c5:8e:e8:41:92:c6:
         5c:ae:37:df:95:a6:96:26:fa:23:da:a2:a1:b0:5a:df:78:e0:
         01:a7:35:fb:a8:27:3a:81:7d:17:f1:af:71:85:4b:54:e4:aa:
         e3:a2:eb:07:00:c2:f1:ef:97:8c:eb:34:6a:bb:68:aa:78:b6:
         50:9f:a3:98:49:fc:69:4e:6e:9a:0f:dd:ce:f4:c5:e8:18:a1:
         bf:04:fe:25:5a:1e:3f:76:a5:33:05:95:9d:6e:1e:16:f1:52:
         83:1a:50:89:12:84:a8:ff:6c:a1:9c:a3:4e:73:95:fd:b5:6e:
         6f:4a:52:87:97:66:f4:5d:d9:39:c6:67:e1:9b:13:37:b1:2e:
         89:c7:ba:89:c5:f5:23:da:30:65:e9:66:f3:d8:e4:21:13:0f:
         b4:4a:e5:f8:c6:50:0b:cd:ac:61:05:91:1f:af:bd:4a:11:84:
         56:55:17:1b:a0:32:ae:9c:ec:f0:24:79:b3:94:5b:ac:77:b8:
         70:54:94:69:34:b9:76:2b:2b:62:4b:86:1f:0f:f4:91:b6:90:
         31:ae:bd:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4rPs88aja3LAdkgk7NAWcfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjYwNTE1MTA0NjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDI1YWZkZjgxZTU5MzkwNmQ0MDcwOTYxNTVmNDc3YzMwYTM0NDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJzBhE9Sj7EXIJt+rRMmERW1Ow5z
vM1AljYqMj0L9fZXvXyHrruJ2QJrq42g5uLHvOju20C15mdTWzwsz5VJ2Itw8UeL
aixClUpjbMfK9L6xSpn/6vE8SodqhRsRlajFtlJSBOtAlhAo6po83YXXnBUU3F2M
WqQ+6IL3DJ5dVe7bTNfiHlk5+ZNYFUHlqNpWmBh7TMKPOGOaq0zlUPdPja+ba/hc
jRh0GIa0Ve5+JT0abXv2MJUycKgDYhddxEzChqzzeLGnQPlIz2L04fVNcEX6fKlT
/pgt4Z/Ak/X1/0mTEuDcuHRRsgJI1LiP+pOF5HTFhLOuZGvq1T+yHLtZ+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQlr9+B5ZOQbUBwlhVfR3wwo0SBMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvOUNXdjM0SGxrNUJ0UUhDV0ZWOUhmRENqUklFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbW8gMA0G
CSqGSIb3DQEBCwUAA4IBAQCaubPnNiKdOYEpSTLz8ixTGFKCenFvNFqQ0LDGGH5T
19DO46MURs16oxIi+y4aujDFjuhBksZcrjfflaaWJvoj2qKhsFrfeOABpzX7qCc6
gX0X8a9xhUtU5KrjousHAMLx75eM6zRqu2iqeLZQn6OYSfxpTm6aD93O9MXoGKG/
BP4lWh4/dqUzBZWdbh4W8VKDGlCJEoSo/2yhnKNOc5X9tW5vSlKHl2b0Xdk5xmfh
mxM3sS6Jx7qJxfUj2jBl6Wbz2OQhEw+0SuX4xlALzaxhBZEfr71KEYRWVRcboDKu
nOzwJHmzlFusd7hwVJRpNLl2KytiS4YfD/SRtpAxrr3g
-----END CERTIFICATE-----