Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/z9oIwLOrykWZmEssb3HH9bKNIhM.roa
File:                     z9oIwLOrykWZmEssb3HH9bKNIhM.roa (raw, json)
Hash identifier:          O9iYnW9d697b/skAbGM77gK2fBX555W4IqsGAkiCCjU=
Subject key identifier:   CF:DA:08:C0:B3:AB:CA:45:99:98:4B:2C:6F:71:C7:F5:B2:8D:22:13
Certificate issuer:       /CN=d0b61d1f1d9ccdab6b6d8e1450c2c936d397e670
Certificate serial:       019E693E3D7C4676434BB9CFA54D23CD1C0C
Authority key identifier: D0:B6:1D:1F:1D:9C:CD:AB:6B:6D:8E:14:50:C2:C9:36:D3:97:E6:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/z9oIwLOrykWZmEssb3HH9bKNIhM.roa
Signing time:             Wed 27 May 2026 11:42:27 +0000
ROA not before:           Wed 27 May 2026 11:42:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43754
IP address blocks:        195.24.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:69:3e:3d:7c:46:76:43:4b:b9:cf:a5:4d:23:cd:1c:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0b61d1f1d9ccdab6b6d8e1450c2c936d397e670
        Validity
            Not Before: May 27 11:42:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cfda08c0b3abca4599984b2c6f71c7f5b28d2213
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:fc:3b:7a:3d:c4:99:7e:11:51:06:97:fc:80:
                    ae:0f:c6:ec:a2:b8:0d:0c:c5:2f:8f:4e:53:a2:36:
                    d5:b1:8f:de:59:ff:1d:65:3d:aa:d2:2a:d1:5d:6c:
                    f2:81:9b:85:7f:7b:11:53:fb:cd:13:79:d3:65:0b:
                    56:a5:5f:8a:51:49:7b:a0:47:c3:ca:dd:aa:65:88:
                    29:77:91:bc:5d:76:a8:7c:0c:61:61:d2:51:f3:2a:
                    7f:5c:7d:f2:1e:c6:78:22:8d:cc:14:1a:98:f6:52:
                    ab:8d:62:20:c3:48:97:65:e8:55:f5:6d:6b:5a:73:
                    b8:2f:42:aa:3d:ed:0c:a8:b2:70:01:9c:69:fd:c3:
                    ee:b6:0e:7e:16:fb:e7:83:90:50:d9:d2:ce:94:d7:
                    ee:9a:69:98:b0:95:a6:24:88:14:82:34:42:e5:eb:
                    ce:6d:14:f4:ac:6f:2f:a6:3c:19:8e:f4:6b:00:f2:
                    02:f2:5f:f1:22:8d:83:dd:78:7d:43:2f:5b:5c:9a:
                    67:e0:78:31:41:dc:f3:3c:79:4e:49:3b:13:b0:0e:
                    4d:c3:44:30:7c:88:0c:2f:ab:30:ac:f5:ca:e7:10:
                    45:db:2a:a1:bc:0b:e5:ef:5a:3d:0b:de:76:6f:5d:
                    b6:fe:c6:5d:e8:7c:9a:00:5e:c2:82:8c:ac:f6:66:
                    2b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:DA:08:C0:B3:AB:CA:45:99:98:4B:2C:6F:71:C7:F5:B2:8D:22:13
            X509v3 Authority Key Identifier:
                keyid:D0:B6:1D:1F:1D:9C:CD:AB:6B:6D:8E:14:50:C2:C9:36:D3:97:E6:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/z9oIwLOrykWZmEssb3HH9bKNIhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:db:be:13:c2:b9:e0:5c:f4:12:a2:d8:3c:c0:1f:01:0d:7b:
         24:fb:ad:61:58:f0:ed:ab:b6:ee:80:a2:1d:b1:3a:5a:30:3c:
         94:a3:1b:d1:28:26:42:06:ca:2f:8b:2d:c8:5c:6f:f7:66:b3:
         1f:68:5c:0d:10:87:05:84:ef:84:1d:04:54:59:67:20:4a:2a:
         37:cf:4f:61:e2:42:fa:19:49:c9:ce:55:6e:8b:81:df:92:c3:
         64:f3:06:1b:d9:ea:d9:61:41:1b:06:e9:03:34:0b:cd:83:3f:
         80:a4:fe:52:9e:27:b8:eb:28:d9:cc:0d:53:42:ec:f2:18:ff:
         70:3c:52:76:4a:ca:2c:eb:02:ed:b4:ef:e7:31:dd:c2:be:ae:
         8c:10:a3:52:07:b9:82:47:2e:a0:be:95:d0:7e:ed:cc:28:2c:
         ab:02:a9:f7:63:4a:1c:14:a6:44:90:6b:f0:47:23:2d:2f:08:
         2c:ae:2b:8a:f8:3c:85:45:57:f9:4b:f9:79:c6:8f:ff:ec:6a:
         48:12:4f:1a:fb:28:20:d9:b2:87:a8:a9:e8:79:ba:f2:21:61:
         9f:8a:8a:69:1f:67:1a:09:37:fb:07:b1:20:1c:9a:bf:58:14:
         7c:6a:e6:69:38:1e:30:71:98:4c:c1:c6:15:11:7e:66:0d:0a:
         f8:5b:c4:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5pPj18RnZDS7nPpU0jzRwMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYjYxZDFmMWQ5Y2NkYWI2YjZkOGUxNDUwYzJjOTM2ZDM5
N2U2NzAwHhcNMjYwNTI3MTE0MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmRhMDhjMGIzYWJjYTQ1OTk5ODRiMmM2ZjcxYzdmNWIyOGQyMjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vw7ej3EmX4RUQaX/ICuD8bsorgN
DMUvj05TojbVsY/eWf8dZT2q0irRXWzygZuFf3sRU/vNE3nTZQtWpV+KUUl7oEfD
yt2qZYgpd5G8XXaofAxhYdJR8yp/XH3yHsZ4Io3MFBqY9lKrjWIgw0iXZehV9W1r
WnO4L0KqPe0MqLJwAZxp/cPutg5+Fvvng5BQ2dLOlNfummmYsJWmJIgUgjRC5evO
bRT0rG8vpjwZjvRrAPIC8l/xIo2D3Xh9Qy9bXJpn4HgxQdzzPHlOSTsTsA5Nw0Qw
fIgML6swrPXK5xBF2yqhvAvl71o9C952b122/sZd6HyaAF7Cgoys9mYrmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/aCMCzq8pFmZhLLG9xx/WyjSITMB8GA1UdIwQY
MBaAFNC2HR8dnM2ra22OFFDCyTbTl+ZwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMExZZEh4MmN6YXRyYlk0VVVNTEpOdE9YNW5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8zMTc2MzUtYTkwYS00NzA0LTk2NzIt
MTVmNjJjODkwYWY4LzEvejlvSXdMT3J5a1dabUVzc2IzSEg5YktOSWhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8zMTc2MzUtYTkwYS00NzA0LTk2NzItMTVmNjJjODkwYWY4
LzEvMExZZEh4MmN6YXRyYlk0VVVNTEpOdE9YNW5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxjtMA0G
CSqGSIb3DQEBCwUAA4IBAQBq274TwrngXPQSotg8wB8BDXsk+61hWPDtq7bugKId
sTpaMDyUoxvRKCZCBsoviy3IXG/3ZrMfaFwNEIcFhO+EHQRUWWcgSio3z09h4kL6
GUnJzlVui4HfksNk8wYb2erZYUEbBukDNAvNgz+ApP5Snie46yjZzA1TQuzyGP9w
PFJ2Ssos6wLttO/nMd3Cvq6MEKNSB7mCRy6gvpXQfu3MKCyrAqn3Y0ocFKZEkGvw
RyMtLwgsriuK+DyFRVf5S/l5xo//7GpIEk8a+ygg2bKHqKnoebryIWGfioppH2ca
CTf7B7EgHJq/WBR8auZpOB4wcZhMwcYVEX5mDQr4W8QD
-----END CERTIFICATE-----