Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/ni4mPYuoaTogEfEJMt8yjWc5Tf0.roa
File:                     ni4mPYuoaTogEfEJMt8yjWc5Tf0.roa (raw, json)
Hash identifier:          Q6g49JAZW87R0XAWR4NV0IhoFs9MZeADZgnGT94oHSc=
Subject key identifier:   9E:2E:26:3D:8B:A8:69:3A:20:11:F1:09:32:DF:32:8D:67:39:4D:FD
Certificate issuer:       /CN=8bdac18a7ad501ba7ea13567909f17e4f7327413
Certificate serial:       019F126E90DC8F2F537EA5EF0D5D29849623
Authority key identifier: 8B:DA:C1:8A:7A:D5:01:BA:7E:A1:35:67:90:9F:17:E4:F7:32:74:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/ni4mPYuoaTogEfEJMt8yjWc5Tf0.roa
Signing time:             Mon 29 Jun 2026 08:11:03 +0000
ROA not before:           Mon 29 Jun 2026 08:11:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9100
IP address blocks:        185.151.164.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 17:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:12:6e:90:dc:8f:2f:53:7e:a5:ef:0d:5d:29:84:96:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdac18a7ad501ba7ea13567909f17e4f7327413
        Validity
            Not Before: Jun 29 08:11:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e2e263d8ba8693a2011f10932df328d67394dfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:1d:7c:fe:af:3c:66:ed:89:b5:da:15:45:1a:
                    09:4a:f9:19:ac:70:63:cc:e0:f1:98:1f:0b:d8:55:
                    f0:fc:59:9b:06:66:96:9e:a4:ed:7e:81:08:d9:39:
                    a0:68:da:9e:0e:92:e8:74:ed:14:6a:7c:8f:4f:bb:
                    79:3e:02:1c:a3:0e:07:df:07:27:a8:d6:0f:90:d5:
                    4d:d7:51:94:68:49:36:77:a4:60:26:6f:ff:09:52:
                    c8:c8:96:db:2c:87:06:4d:4e:33:8e:c4:f0:50:5c:
                    c8:02:33:ca:d4:f2:b0:d3:5d:90:e6:a0:20:b8:87:
                    f5:58:4d:ef:b8:81:c3:1b:90:e5:03:1e:19:0c:27:
                    c1:6c:59:ca:3d:04:af:5c:de:e4:df:3a:1b:a9:3b:
                    e3:1a:23:18:f3:ed:e4:63:37:cb:98:7b:72:fd:3f:
                    35:88:2b:ad:0e:d9:36:7e:49:09:8c:ec:57:13:b9:
                    09:a1:86:a2:f3:62:b4:3d:61:7a:0a:a7:bb:bd:d4:
                    4b:02:a8:fb:44:b0:b7:cf:a4:9f:9c:74:c8:f3:4b:
                    54:28:f6:6e:54:6a:be:60:b7:b1:44:11:67:34:50:
                    93:f5:42:28:42:97:67:24:9c:53:3b:9c:21:c9:f9:
                    f1:fe:9e:51:ac:de:fe:47:d7:06:36:67:76:42:24:
                    e8:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:2E:26:3D:8B:A8:69:3A:20:11:F1:09:32:DF:32:8D:67:39:4D:FD
            X509v3 Authority Key Identifier:
                keyid:8B:DA:C1:8A:7A:D5:01:BA:7E:A1:35:67:90:9F:17:E4:F7:32:74:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i9rBinrVAbp-oTVnkJ8X5PcydBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/ni4mPYuoaTogEfEJMt8yjWc5Tf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/374fd1-02c2-4671-bdc9-c3cc5de1ece9/1/i9rBinrVAbp-oTVnkJ8X5PcydBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:2b:8b:b0:b4:cf:17:19:9a:ce:88:10:85:e2:e0:9f:c7:f4:
         32:56:e2:9a:96:89:bc:bb:e0:3e:d1:96:3b:f8:d3:f4:a7:24:
         8f:c6:72:35:33:8b:74:f0:6b:a5:56:6e:0b:73:ca:d1:f5:c4:
         bc:97:77:7a:ef:3b:4b:a7:55:c0:82:f0:60:b7:31:7d:fb:c4:
         76:2e:ea:70:04:1b:76:14:c4:42:90:f0:da:63:91:67:ff:f3:
         03:37:06:cc:6d:01:ff:14:44:a7:bb:a7:e6:1e:20:97:7b:4a:
         74:54:67:6d:89:c8:27:ad:53:5f:b4:25:40:dd:0f:30:04:69:
         d8:c5:8e:f1:a4:22:2f:df:9a:0a:61:d0:81:c7:de:f7:12:df:
         04:2c:db:6b:ad:2c:bf:7a:00:8b:cc:f3:d4:0c:97:33:72:b2:
         5a:04:c1:80:00:ef:0a:5b:14:85:84:7e:d3:8a:a7:68:3b:5f:
         e3:fe:bc:31:a2:31:ee:1f:30:17:25:ed:53:ae:5b:87:05:21:
         f9:10:87:ff:42:23:b1:1f:70:98:3c:72:6a:5d:17:57:98:ec:
         00:af:10:4b:9f:2c:95:83:72:26:72:fb:8e:c3:7a:9e:6f:22:
         ad:fc:ac:23:11:e6:c3:ba:16:02:de:ce:db:97:9b:b0:db:b8:
         ff:3e:73:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8SbpDcjy9TfqXvDV0phJYjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGFjMThhN2FkNTAxYmE3ZWExMzU2NzkwOWYxN2U0Zjcz
Mjc0MTMwHhcNMjYwNjI5MDgxMTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTJlMjYzZDhiYTg2OTNhMjAxMWYxMDkzMmRmMzI4ZDY3Mzk0ZGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApR18/q88Zu2JtdoVRRoJSvkZrHBj
zODxmB8L2FXw/FmbBmaWnqTtfoEI2TmgaNqeDpLodO0UanyPT7t5PgIcow4H3wcn
qNYPkNVN11GUaEk2d6RgJm//CVLIyJbbLIcGTU4zjsTwUFzIAjPK1PKw012Q5qAg
uIf1WE3vuIHDG5DlAx4ZDCfBbFnKPQSvXN7k3zobqTvjGiMY8+3kYzfLmHty/T81
iCutDtk2fkkJjOxXE7kJoYai82K0PWF6Cqe7vdRLAqj7RLC3z6SfnHTI80tUKPZu
VGq+YLexRBFnNFCT9UIoQpdnJJxTO5whyfnx/p5RrN7+R9cGNmd2QiToIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4uJj2LqGk6IBHxCTLfMo1nOU39MB8GA1UdIwQY
MBaAFIvawYp61QG6fqE1Z5CfF+T3MnQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTlyQmluclZBYnAtb1RWbmtKOFg1UGN5ZEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8zNzRmZDEtMDJjMi00NjcxLWJkYzkt
YzNjYzVkZTFlY2U5LzEvbmk0bVBZdW9hVG9nRWZFSk10OHlqV2M1VGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8zNzRmZDEtMDJjMi00NjcxLWJkYzktYzNjYzVkZTFlY2U5
LzEvaTlyQmluclZBYnAtb1RWbmtKOFg1UGN5ZEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZekMA0G
CSqGSIb3DQEBCwUAA4IBAQCoK4uwtM8XGZrOiBCF4uCfx/QyVuKalom8u+A+0ZY7
+NP0pySPxnI1M4t08GulVm4Lc8rR9cS8l3d67ztLp1XAgvBgtzF9+8R2LupwBBt2
FMRCkPDaY5Fn//MDNwbMbQH/FESnu6fmHiCXe0p0VGdticgnrVNftCVA3Q8wBGnY
xY7xpCIv35oKYdCBx973Et8ELNtrrSy/egCLzPPUDJczcrJaBMGAAO8KWxSFhH7T
iqdoO1/j/rwxojHuHzAXJe1TrluHBSH5EIf/QiOxH3CYPHJqXRdXmOwArxBLnyyV
g3ImcvuOw3qebyKt/KwjEebDuhYC3s7bl5uw27j/PnND
-----END CERTIFICATE-----