Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/staIgaNBCfGwXzlkjUO0p9RMsoA.roa
File:                     staIgaNBCfGwXzlkjUO0p9RMsoA.roa (raw, json)
Hash identifier:          H/W95iy+jwLHlEPU4DUHGctsr9ImiAncq5rcWCzt2m4=
Subject key identifier:   B2:D6:88:81:A3:41:09:F1:B0:5F:39:64:8D:43:B4:A7:D4:4C:B2:80
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       019DD319A6BAF36965755539684917F7F5E3
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/staIgaNBCfGwXzlkjUO0p9RMsoA.roa
Signing time:             Tue 28 Apr 2026 07:59:26 +0000
ROA not before:           Tue 28 Apr 2026 07:59:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8881
IP address blocks:        9.232.32.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 21:44:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:19:a6:ba:f3:69:65:75:55:39:68:49:17:f7:f5:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Apr 28 07:59:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b2d68881a34109f1b05f39648d43b4a7d44cb280
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:7f:26:45:2c:49:e3:cd:38:2a:f6:0c:b2:1f:
                    d5:84:ca:6b:f8:fd:d6:72:94:2f:f6:c2:ed:11:38:
                    dc:cf:31:7f:d9:da:f3:63:ca:9b:0e:99:9c:23:f3:
                    7f:2c:20:52:42:87:b1:93:75:82:c7:5c:53:e0:0d:
                    75:e4:dd:8f:37:36:9f:77:1f:9f:64:b7:0a:0b:dc:
                    df:56:a2:67:ce:b0:1f:fc:d3:8b:ac:e0:2d:35:2a:
                    89:ba:6d:cd:33:81:74:83:94:53:5a:a2:04:15:84:
                    e3:21:b2:2b:78:1d:62:d9:fe:8e:d6:21:66:2a:14:
                    b3:44:55:97:6e:8f:3c:8d:d7:b6:fe:35:46:f2:f4:
                    08:45:6e:c9:77:fc:13:d2:77:67:2f:83:ed:39:84:
                    6e:27:e5:83:21:c9:a8:1b:78:0e:d3:ac:19:f9:c1:
                    83:0e:76:8b:73:6d:92:24:a7:8c:15:5c:78:d9:61:
                    75:69:ea:79:b6:b0:98:f0:6f:a6:06:ac:a4:e1:eb:
                    9c:41:60:6e:a4:49:f9:9e:32:ef:3a:78:a1:92:cb:
                    71:90:38:55:16:61:f5:27:a0:5c:89:0d:fa:5a:51:
                    ae:ec:89:78:0f:b4:dc:f7:82:32:ff:17:a2:7e:3a:
                    e1:ce:6d:34:21:d5:03:73:b0:c4:de:a7:8e:c3:87:
                    bf:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:D6:88:81:A3:41:09:F1:B0:5F:39:64:8D:43:B4:A7:D4:4C:B2:80
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/staIgaNBCfGwXzlkjUO0p9RMsoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  9.232.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         14:d2:c5:08:bf:7e:3d:27:b0:23:7b:82:2f:48:f6:0f:82:be:
         76:42:b1:f5:d9:fc:53:4a:25:93:5a:5b:21:ec:ce:3d:14:4f:
         2c:3a:53:5f:4f:16:7b:02:f0:43:86:fa:b3:6f:76:3e:ea:b3:
         55:f4:1e:f8:7e:d8:a5:f9:c0:63:6e:d6:ee:f5:fa:97:4d:32:
         a8:a1:83:54:ad:bb:b6:5e:b3:90:92:29:cc:87:5b:c9:1d:77:
         eb:2d:8d:5c:39:8e:58:2f:e2:39:06:66:4c:a8:ee:a6:e4:99:
         bd:ab:44:10:f7:ea:8e:da:fe:47:9c:7f:27:e2:25:2e:64:c7:
         d4:d5:15:77:7e:7b:a8:8b:df:7a:89:c5:fd:85:b2:d7:d3:01:
         18:ed:3e:1d:3f:53:8d:2b:83:7e:69:fa:94:cd:3a:cb:74:a1:
         d2:e6:42:37:a9:a3:50:db:7e:8c:32:e9:87:78:b8:4c:5c:4f:
         0c:45:80:a7:bc:9b:7b:70:b1:40:b6:7b:5e:3c:1f:d5:e3:92:
         0f:78:c7:d9:ef:2f:2d:a8:05:d1:44:39:28:f6:67:80:85:d4:
         74:1f:9f:9c:bb:a4:09:bf:8b:e7:3f:f9:8b:3f:dd:b9:ed:c4:
         9b:78:30:09:9a:82:32:2b:34:af:20:18:b0:30:45:cf:2d:7d:
         2b:ff:3a:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3TGaa682lldVU5aEkX9/XjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjYwNDI4MDc1OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmQ2ODg4MWEzNDEwOWYxYjA1ZjM5NjQ4ZDQzYjRhN2Q0NGNiMjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA138mRSxJ4804KvYMsh/VhMpr+P3W
cpQv9sLtETjczzF/2drzY8qbDpmcI/N/LCBSQoexk3WCx1xT4A115N2PNzafdx+f
ZLcKC9zfVqJnzrAf/NOLrOAtNSqJum3NM4F0g5RTWqIEFYTjIbIreB1i2f6O1iFm
KhSzRFWXbo88jde2/jVG8vQIRW7Jd/wT0ndnL4PtOYRuJ+WDIcmoG3gO06wZ+cGD
DnaLc22SJKeMFVx42WF1aep5trCY8G+mBqyk4eucQWBupEn5njLvOnihkstxkDhV
FmH1J6BciQ36WlGu7Il4D7Tc94Iy/xeifjrhzm00IdUDc7DE3qeOw4e/ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLLWiIGjQQnxsF85ZI1DtKfUTLKAMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvc3RhSWdhTkJDZkd3WHpsa2pVTzBwOVJNc29BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFCeggMA0G
CSqGSIb3DQEBCwUAA4IBAQAU0sUIv349J7Aje4IvSPYPgr52QrH12fxTSiWTWlsh
7M49FE8sOlNfTxZ7AvBDhvqzb3Y+6rNV9B74ftil+cBjbtbu9fqXTTKooYNUrbu2
XrOQkinMh1vJHXfrLY1cOY5YL+I5BmZMqO6m5Jm9q0QQ9+qO2v5HnH8n4iUuZMfU
1RV3fnuoi996icX9hbLX0wEY7T4dP1ONK4N+afqUzTrLdKHS5kI3qaNQ236MMumH
eLhMXE8MRYCnvJt7cLFAtntePB/V45IPeMfZ7y8tqAXRRDko9meAhdR0H5+cu6QJ
v4vnP/mLP9257cSbeDAJmoIyKzSvIBiwMEXPLX0r/zq9
-----END CERTIFICATE-----