Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/rIgqpAYglrIaA3V1I42fBko-DNI.roa
File:                     rIgqpAYglrIaA3V1I42fBko-DNI.roa (raw, json)
Hash identifier:          jg1alXBj9VMFT3lN1gk2yDhV8xp8j9aUebJ327iU0gA=
Subject key identifier:   AC:88:2A:A4:06:20:96:B2:1A:03:75:75:23:8D:9F:06:4A:3E:0C:D2
Certificate issuer:       /CN=9e459aa4602bffa2d2650ba66818458c89fc4582
Certificate serial:       019EAB9E318913C3C5D381FAC4A97FD18D7C
Authority key identifier: 9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/rIgqpAYglrIaA3V1I42fBko-DNI.roa
Signing time:             Tue 09 Jun 2026 09:02:11 +0000
ROA not before:           Tue 09 Jun 2026 09:02:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51082
IP address blocks:        89.149.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ab:9e:31:89:13:c3:c5:d3:81:fa:c4:a9:7f:d1:8d:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e459aa4602bffa2d2650ba66818458c89fc4582
        Validity
            Not Before: Jun  9 09:02:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac882aa4062096b21a037575238d9f064a3e0cd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:2d:14:89:79:e0:6c:8d:6f:3d:85:7d:0a:7f:
                    bd:ba:3f:50:69:36:c6:44:45:27:75:38:e3:b0:39:
                    b9:5a:87:4f:2b:c3:72:8c:bc:5b:10:c3:12:34:0a:
                    f1:00:01:f3:d3:a7:e3:31:fa:ef:7c:06:e7:a4:54:
                    06:76:35:67:b9:4e:93:40:12:fc:d0:a3:87:8b:28:
                    11:1d:8d:83:0a:97:8b:31:4f:7b:35:1d:8b:ca:5f:
                    20:b4:7e:e3:c5:44:1e:ee:52:1a:79:e3:bb:54:23:
                    99:6b:91:61:9b:ee:ef:4a:76:39:c6:33:ad:52:b9:
                    2f:0e:c9:cc:97:c2:5a:27:97:6f:ff:da:25:6d:50:
                    bb:fb:db:08:21:b3:16:2f:cb:8b:83:6f:12:7f:cf:
                    5b:ab:63:77:cf:84:d3:db:7a:8b:68:1f:bc:00:13:
                    3c:2c:fd:cf:bd:ab:cd:95:f0:5f:30:8e:34:53:4f:
                    1a:38:ce:5e:3e:9a:66:4b:88:c1:42:cc:92:0b:36:
                    89:ff:0b:e1:9c:ca:b3:15:8b:e7:be:c0:23:72:a6:
                    12:6a:5f:60:f4:e3:aa:0b:0e:13:39:b5:71:62:43:
                    c4:a6:4b:27:39:78:de:ba:bb:ab:a1:c7:81:b3:0a:
                    32:79:0a:0d:6a:88:5c:8a:25:14:4a:f4:eb:0f:01:
                    c0:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:88:2A:A4:06:20:96:B2:1A:03:75:75:23:8D:9F:06:4A:3E:0C:D2
            X509v3 Authority Key Identifier:
                keyid:9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/rIgqpAYglrIaA3V1I42fBko-DNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.149.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:9c:36:0d:64:13:70:f0:e6:2a:b5:44:20:df:7f:ee:80:aa:
         3a:a2:1f:5d:1a:18:d7:36:be:da:53:56:55:25:8b:ea:c3:11:
         60:59:b6:86:f1:07:11:7a:54:d0:72:e6:21:f7:5f:c8:38:8e:
         ff:38:0c:5f:32:ef:03:e7:b3:fa:79:07:9d:47:d0:61:fc:c4:
         fb:40:cd:31:ef:17:94:9a:75:49:95:e9:32:72:dd:7b:a6:77:
         72:13:d6:0c:55:c1:ea:c4:79:66:45:5d:77:19:27:a6:44:a2:
         90:0a:86:39:29:c5:6f:72:8e:24:e0:de:ae:a5:39:23:27:7b:
         59:96:19:8d:b2:3a:e2:ee:fd:ef:3c:82:df:6e:bb:63:9b:76:
         c5:1e:5e:68:d2:d2:46:f1:3f:36:08:98:79:00:0d:9c:25:62:
         c3:05:2a:9c:33:d6:31:32:5e:22:e3:e8:df:ab:ff:2b:8e:1b:
         48:c1:92:9a:13:8a:87:12:70:52:a8:0d:62:33:01:b5:14:3e:
         54:7f:e9:76:54:96:63:e8:3f:00:6e:59:bc:3b:2e:a8:28:19:
         f9:ca:34:33:f1:60:d1:f3:82:fc:6e:1a:8e:4e:8d:33:79:a7:
         45:1c:01:4c:08:a3:2c:22:17:0d:d5:8c:7c:4e:a9:75:3d:d6:
         9c:ab:2b:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6rnjGJE8PF04H6xKl/0Y18MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDU5YWE0NjAyYmZmYTJkMjY1MGJhNjY4MTg0NThjODlm
YzQ1ODIwHhcNMjYwNjA5MDkwMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzg4MmFhNDA2MjA5NmIyMWEwMzc1NzUyMzhkOWYwNjRhM2UwY2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArS0UiXngbI1vPYV9Cn+9uj9QaTbG
REUndTjjsDm5WodPK8NyjLxbEMMSNArxAAHz06fjMfrvfAbnpFQGdjVnuU6TQBL8
0KOHiygRHY2DCpeLMU97NR2Lyl8gtH7jxUQe7lIaeeO7VCOZa5Fhm+7vSnY5xjOt
UrkvDsnMl8JaJ5dv/9olbVC7+9sIIbMWL8uLg28Sf89bq2N3z4TT23qLaB+8ABM8
LP3PvavNlfBfMI40U08aOM5ePppmS4jBQsySCzaJ/wvhnMqzFYvnvsAjcqYSal9g
9OOqCw4TObVxYkPEpksnOXjeururoceBswoyeQoNaohciiUUSvTrDwHAXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyIKqQGIJayGgN1dSONnwZKPgzSMB8GA1UdIwQY
MBaAFJ5FmqRgK/+i0mULpmgYRYyJ/EWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWIt
MjhhODQxZGEwYmZkLzEvcklncXBBWWdscklhQTNWMUk0MmZCa28tRE5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWItMjhhODQxZGEwYmZk
LzEvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZU/MA0G
CSqGSIb3DQEBCwUAA4IBAQBtnDYNZBNw8OYqtUQg33/ugKo6oh9dGhjXNr7aU1ZV
JYvqwxFgWbaG8QcRelTQcuYh91/IOI7/OAxfMu8D57P6eQedR9Bh/MT7QM0x7xeU
mnVJlekyct17pndyE9YMVcHqxHlmRV13GSemRKKQCoY5KcVvco4k4N6upTkjJ3tZ
lhmNsjri7v3vPILfbrtjm3bFHl5o0tJG8T82CJh5AA2cJWLDBSqcM9YxMl4i4+jf
q/8rjhtIwZKaE4qHEnBSqA1iMwG1FD5Uf+l2VJZj6D8Ablm8Oy6oKBn5yjQz8WDR
84L8bhqOTo0zeadFHAFMCKMsIhcN1Yx8Tql1Pdacqyuu
-----END CERTIFICATE-----