Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/8Jtz1k-aBFN_3eueNbWN2Oh4EPY.roa
File:                     8Jtz1k-aBFN_3eueNbWN2Oh4EPY.roa (raw, json)
Hash identifier:          fkmGxni8pzpt7FS2NVHazJRzS5r259m4KHbWlWkAsNs=
Subject key identifier:   F0:9B:73:D6:4F:9A:04:53:7F:DD:EB:9E:35:B5:8D:D8:E8:78:10:F6
Certificate issuer:       /CN=d25622457a1be33a01258866a067e0447dfd8964
Certificate serial:       01993D0B01970A5D78D64A91C8D9AFF5EFF4
Authority key identifier: D2:56:22:45:7A:1B:E3:3A:01:25:88:66:A0:67:E0:44:7D:FD:89:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/8Jtz1k-aBFN_3eueNbWN2Oh4EPY.roa
Signing time:             Fri 12 Sep 2025 08:29:15 +0000
ROA not before:           Fri 12 Sep 2025 08:29:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44477
IP address blocks:        185.234.9.0/24 maxlen: 24
                          193.178.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 17:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3d:0b:01:97:0a:5d:78:d6:4a:91:c8:d9:af:f5:ef:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d25622457a1be33a01258866a067e0447dfd8964
        Validity
            Not Before: Sep 12 08:29:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f09b73d64f9a04537fddeb9e35b58dd8e87810f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:94:96:ba:46:0e:fb:04:eb:ee:21:91:86:0e:
                    01:28:25:75:fb:14:ea:9d:61:cb:ab:a9:7f:c0:ed:
                    fb:bb:f8:ad:03:b5:76:d4:d3:a2:ac:7c:d7:82:5b:
                    41:8f:76:31:ee:04:41:7c:d3:1e:04:db:ea:38:63:
                    fa:a7:ca:5f:78:b2:3a:d6:fb:3c:b4:f5:47:85:1c:
                    51:87:71:7d:86:b3:c7:c6:56:37:17:57:f8:f9:4a:
                    56:23:1b:9b:2e:7a:f3:b7:4f:52:01:b2:9c:ca:f0:
                    6b:b5:ec:a7:46:4f:ea:e6:ee:4b:79:1c:c0:99:f1:
                    e3:de:9b:64:02:6e:cd:6e:7d:52:0e:b8:6b:ad:f4:
                    dc:ca:b5:e1:9c:e7:67:1d:8a:a6:11:8d:cd:6e:c3:
                    88:ea:fa:f1:80:e1:18:b3:5b:25:b2:bc:51:ed:31:
                    ec:26:1d:da:a1:27:0c:34:8f:47:31:46:c8:7c:14:
                    55:b5:18:5a:69:82:3b:6b:ad:55:fc:5e:70:22:4a:
                    1d:37:9d:89:35:1e:00:b8:31:cf:a2:44:c0:51:e4:
                    11:d1:9b:f7:2f:33:d7:ed:a5:82:f5:11:36:04:d4:
                    79:8f:73:5f:79:0e:7f:0f:cb:30:e2:36:63:65:66:
                    6f:de:0c:7f:94:7a:a4:43:1b:04:ba:ff:b8:a0:2b:
                    69:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:9B:73:D6:4F:9A:04:53:7F:DD:EB:9E:35:B5:8D:D8:E8:78:10:F6
            X509v3 Authority Key Identifier:
                keyid:D2:56:22:45:7A:1B:E3:3A:01:25:88:66:A0:67:E0:44:7D:FD:89:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/8Jtz1k-aBFN_3eueNbWN2Oh4EPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.9.0/24
                  193.178.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:9c:c0:c9:34:92:a5:36:b6:65:3d:71:1e:3a:38:ab:de:7d:
         c2:3f:e6:5b:fb:eb:20:fc:7b:88:59:9f:53:08:24:a8:99:a8:
         2e:1a:97:e8:33:ad:aa:92:e0:22:cd:d0:ea:aa:6d:c5:34:24:
         68:25:de:13:cc:1b:da:17:4c:38:6c:53:28:7a:00:57:d1:5d:
         16:d0:cf:5e:fa:86:f6:89:ea:90:7a:8f:bd:da:3f:34:48:1e:
         82:df:27:cb:7c:e6:2c:97:50:64:a0:17:06:20:92:2f:99:35:
         a4:54:5b:b1:ca:a1:ce:05:bd:f1:70:82:16:60:ff:d2:c7:93:
         80:88:5a:47:98:1a:0a:81:07:45:16:a8:35:89:a5:9f:75:ec:
         bf:01:3d:75:ba:14:33:80:b2:93:86:1b:c7:c3:b9:8a:08:1b:
         88:1d:7c:d5:78:c8:d6:9c:a4:1e:68:32:ab:21:b3:6b:c7:44:
         25:ff:ca:a4:36:62:c2:de:fe:fa:4b:08:89:85:30:b6:54:2d:
         56:71:44:73:80:31:55:a7:90:ff:81:f2:16:23:40:4d:00:6e:
         0f:44:ea:af:ed:d9:37:10:2b:0e:91:ed:4b:cb:90:d7:4d:8e:
         ca:3b:2e:e2:12:a1:7b:0c:24:07:a5:37:92:d0:22:27:e4:9b:
         7f:57:a6:16
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZk9CwGXCl141kqRyNmv9e/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNTYyMjQ1N2ExYmUzM2EwMTI1ODg2NmEwNjdlMDQ0N2Rm
ZDg5NjQwHhcNMjUwOTEyMDgyOTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDliNzNkNjRmOWEwNDUzN2ZkZGViOWUzNWI1OGRkOGU4NzgxMGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5SWukYO+wTr7iGRhg4BKCV1+xTq
nWHLq6l/wO37u/itA7V21NOirHzXgltBj3Yx7gRBfNMeBNvqOGP6p8pfeLI61vs8
tPVHhRxRh3F9hrPHxlY3F1f4+UpWIxubLnrzt09SAbKcyvBrteynRk/q5u5LeRzA
mfHj3ptkAm7Nbn1SDrhrrfTcyrXhnOdnHYqmEY3NbsOI6vrxgOEYs1slsrxR7THs
Jh3aoScMNI9HMUbIfBRVtRhaaYI7a61V/F5wIkodN52JNR4AuDHPokTAUeQR0Zv3
LzPX7aWC9RE2BNR5j3NfeQ5/D8sw4jZjZWZv3gx/lHqkQxsEuv+4oCtpMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPCbc9ZPmgRTf93rnjW1jdjoeBD2MB8GA1UdIwQY
MBaAFNJWIkV6G+M6ASWIZqBn4ER9/YlkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGxZaVJYb2I0em9CSllobW9HZmdSSDM5aVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8yNmI0N2ItZjJjZS00ZjJiLTlkMzMt
NDU1NzllNDE4ZmY3LzEvOEp0ejFrLWFCRk5fM2V1ZU5iV04yT2g0RVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8yNmI0N2ItZjJjZS00ZjJiLTlkMzMtNDU1NzllNDE4ZmY3
LzEvMGxZaVJYb2I0em9CSllobW9HZmdSSDM5aVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAueoJAwQA
wbLSMA0GCSqGSIb3DQEBCwUAA4IBAQBcnMDJNJKlNrZlPXEeOjir3n3CP+Zb++sg
/HuIWZ9TCCSomaguGpfoM62qkuAizdDqqm3FNCRoJd4TzBvaF0w4bFMoegBX0V0W
0M9e+ob2ieqQeo+92j80SB6C3yfLfOYsl1BkoBcGIJIvmTWkVFuxyqHOBb3xcIIW
YP/Sx5OAiFpHmBoKgQdFFqg1iaWfdey/AT11uhQzgLKThhvHw7mKCBuIHXzVeMjW
nKQeaDKrIbNrx0Ql/8qkNmLC3v76SwiJhTC2VC1WcURzgDFVp5D/gfIWI0BNAG4P
ROqv7dk3ECsOke1Ly5DXTY7KOy7iEqF7DCQHpTeS0CIn5Jt/V6YW
-----END CERTIFICATE-----