Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/SL3Y_PpDcj5A_EO8-yB5j4l_450.roa
File:                     SL3Y_PpDcj5A_EO8-yB5j4l_450.roa (raw, json)
Hash identifier:          V+XY6bDcmReJThpGKTQ7N8hjqMotaqMvVGr/3qy9MWo=
Subject key identifier:   48:BD:D8:FC:FA:43:72:3E:40:FC:43:BC:FB:20:79:8F:89:7F:E3:9D
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       019EC2D5B48DB64BC87AED6524FE0A5072B7
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/SL3Y_PpDcj5A_EO8-yB5j4l_450.roa
Signing time:             Sat 13 Jun 2026 21:14:05 +0000
ROA not before:           Sat 13 Jun 2026 21:14:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8881
IP address blocks:        9.151.48.0/20 maxlen: 20
                          9.232.32.0/19 maxlen: 19
                          9.249.32.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 22 Jun 2026 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c2:d5:b4:8d:b6:4b:c8:7a:ed:65:24:fe:0a:50:72:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Jun 13 21:14:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=48bdd8fcfa43723e40fc43bcfb20798f897fe39d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:82:dd:47:41:63:fd:87:8b:4f:cc:3f:b2:bc:
                    68:e4:3e:76:2b:bd:be:1a:03:67:e0:a4:83:92:c0:
                    99:5e:c9:dd:c6:5b:4c:a1:34:01:25:6e:b7:dc:fb:
                    c6:a3:12:d0:b8:67:77:3c:8f:68:1f:4a:33:0f:c5:
                    32:6e:e6:cd:d7:f6:fb:60:f9:f0:e7:c2:1e:86:c6:
                    5f:ae:6e:24:bb:ff:a3:9c:93:4f:ab:0f:a6:a6:71:
                    09:a8:00:c7:23:bb:af:7f:8e:b9:a1:b0:88:13:c4:
                    bf:b9:33:11:a6:f9:01:3e:86:89:8a:5a:74:08:4e:
                    81:b1:89:33:ba:a8:b4:7e:d0:1a:aa:a3:d9:6a:ee:
                    32:e6:da:e7:e0:59:05:75:38:5e:49:2a:11:38:10:
                    1e:aa:3e:9d:5c:0d:e2:aa:52:dd:e5:8e:75:17:3b:
                    1e:34:3d:c6:24:6b:cb:d4:3e:95:ef:02:b8:2a:1f:
                    6d:dc:f9:a9:8d:48:34:b4:66:91:be:98:77:4b:1c:
                    10:0f:04:37:22:ff:67:eb:82:ad:61:89:ff:15:cb:
                    eb:74:a6:4d:f8:3e:47:33:7b:ab:ac:ca:3a:bd:2a:
                    97:72:73:41:b9:cd:a0:0b:16:43:b7:67:f2:58:7c:
                    e1:e1:df:ff:07:54:79:33:c5:31:e0:af:80:4f:e1:
                    39:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:BD:D8:FC:FA:43:72:3E:40:FC:43:BC:FB:20:79:8F:89:7F:E3:9D
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/SL3Y_PpDcj5A_EO8-yB5j4l_450.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  9.151.48.0/20
                  9.232.32.0/19
                  9.249.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         ba:77:a4:8e:e7:76:b5:d7:bb:7b:ca:11:a4:5e:6f:6b:1c:d1:
         71:21:06:1f:22:41:b5:6c:9a:26:bc:b7:e6:8a:05:c3:f6:a3:
         db:22:c1:69:72:47:38:d0:19:d1:03:57:c3:a0:23:56:34:59:
         5b:8c:b6:da:72:8b:d0:f8:ea:74:5a:d0:b4:bd:39:0e:da:7b:
         4c:a2:ea:c1:12:ac:8a:9b:56:6a:9a:c9:7f:20:43:19:3e:37:
         44:47:5f:42:62:9f:75:3c:c8:5a:ca:c4:67:ce:b9:e1:24:4b:
         4e:5c:97:ef:76:81:94:f9:6f:74:bd:b9:f0:e6:f5:b3:39:2f:
         b6:60:0c:43:19:09:0b:d2:0b:b8:48:cb:c6:3b:39:03:1f:79:
         bc:6b:b7:3a:17:dd:46:51:41:e3:ae:c1:f3:66:ba:19:78:b0:
         37:ed:1a:7a:a7:29:74:60:ce:84:df:1d:0e:64:9a:14:c8:e2:
         0c:df:f6:d7:65:c9:d2:fb:94:f8:fe:08:bf:37:ba:03:41:c1:
         a7:d9:5e:a7:ac:cf:08:42:a2:5a:a1:28:b7:c8:5c:13:3a:57:
         a2:a4:8e:27:f0:c3:8c:a1:36:bd:e6:2c:e5:c7:95:d3:3b:f3:
         5a:ce:07:33:31:fa:23:47:f0:cf:0b:da:d8:d0:bf:34:ef:49:
         d5:76:61:5b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ7C1bSNtkvIeu1lJP4KUHK3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjYwNjEzMjExNDA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGJkZDhmY2ZhNDM3MjNlNDBmYzQzYmNmYjIwNzk4Zjg5N2ZlMzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4oLdR0Fj/YeLT8w/srxo5D52K72+
GgNn4KSDksCZXsndxltMoTQBJW633PvGoxLQuGd3PI9oH0ozD8UybubN1/b7YPnw
58IehsZfrm4ku/+jnJNPqw+mpnEJqADHI7uvf465obCIE8S/uTMRpvkBPoaJilp0
CE6BsYkzuqi0ftAaqqPZau4y5trn4FkFdTheSSoROBAeqj6dXA3iqlLd5Y51Fzse
ND3GJGvL1D6V7wK4Kh9t3PmpjUg0tGaRvph3SxwQDwQ3Iv9n64KtYYn/FcvrdKZN
+D5HM3urrMo6vSqXcnNBuc2gCxZDt2fyWHzh4d//B1R5M8Ux4K+AT+E5rQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEi92Pz6Q3I+QPxDvPsgeY+Jf+OdMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvU0wzWV9QcERjajVBX0VPOC15QjVqNGxfNDUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQECZcwAwQF
CeggAwQECfkgMA0GCSqGSIb3DQEBCwUAA4IBAQC6d6SO53a117t7yhGkXm9rHNFx
IQYfIkG1bJomvLfmigXD9qPbIsFpckc40BnRA1fDoCNWNFlbjLbacovQ+Op0WtC0
vTkO2ntMourBEqyKm1Zqmsl/IEMZPjdER19CYp91PMhaysRnzrnhJEtOXJfvdoGU
+W90vbnw5vWzOS+2YAxDGQkL0gu4SMvGOzkDH3m8a7c6F91GUUHjrsHzZroZeLA3
7Rp6pyl0YM6E3x0OZJoUyOIM3/bXZcnS+5T4/gi/N7oDQcGn2V6nrM8IQqJaoSi3
yFwTOleipI4n8MOMoTa95izlx5XTO/NazgczMfojR/DPC9rY0L8070nVdmFb
-----END CERTIFICATE-----