Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/9QLofWBXVC7R3PGVThvNOVE9b90.roa
File:                     9QLofWBXVC7R3PGVThvNOVE9b90.roa (raw, json)
Hash identifier:          8q2PTehDaT3hGi/AO3gfkCERrwpDuk8iVLdkhe1JooQ=
Subject key identifier:   F5:02:E8:7D:60:57:54:2E:D1:DC:F1:95:4E:1B:CD:39:51:3D:6F:DD
Certificate issuer:       /CN=af734108705a95796e8577125dd300c751dfd9a8
Certificate serial:       019DC390992E5A5204B2FB74D1157834339B
Authority key identifier: AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/9QLofWBXVC7R3PGVThvNOVE9b90.roa
Signing time:             Sat 25 Apr 2026 07:35:26 +0000
ROA not before:           Sat 25 Apr 2026 07:35:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47308
IP address blocks:        195.238.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c3:90:99:2e:5a:52:04:b2:fb:74:d1:15:78:34:33:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af734108705a95796e8577125dd300c751dfd9a8
        Validity
            Not Before: Apr 25 07:35:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f502e87d6057542ed1dcf1954e1bcd39513d6fdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:58:25:94:81:ea:fb:3e:f6:ab:ac:23:85:0d:
                    15:fe:47:de:40:c1:1a:ae:48:c0:61:d6:cc:89:b1:
                    d3:42:4d:9f:59:be:ab:52:7a:1b:58:57:27:cf:1b:
                    cd:ad:98:15:6e:e0:fc:29:64:e3:0f:2a:17:82:e1:
                    7c:10:a2:b6:fe:8b:58:23:9f:3d:ab:33:ab:dc:3a:
                    00:c1:a0:71:00:99:6e:95:59:cb:29:c3:39:92:5d:
                    07:c5:4a:83:41:9f:74:a0:97:42:50:5c:30:25:e9:
                    29:e4:42:af:81:6b:ad:73:d8:bd:b3:26:15:3b:bb:
                    67:f7:16:0e:61:91:9a:7b:3e:0e:2c:85:8e:37:47:
                    7f:47:d4:9b:93:c5:08:05:71:74:b6:28:9d:69:b1:
                    2d:f8:c9:43:cd:bb:59:6d:b3:43:f1:2b:96:07:aa:
                    0b:95:df:48:05:d3:6b:13:68:a8:71:dd:72:50:2c:
                    2e:7b:4c:67:65:7e:e4:d0:06:6d:ed:e4:c8:f1:61:
                    a3:d9:57:54:dc:48:ab:3c:eb:d0:db:e2:7e:cf:8e:
                    4f:81:45:7b:14:35:24:ea:07:57:b2:e8:af:eb:fe:
                    64:14:cc:4c:b9:d7:0d:74:82:a7:00:dd:93:f7:c5:
                    22:27:34:ba:d7:d5:df:93:30:01:0f:2a:cc:83:c6:
                    c1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:02:E8:7D:60:57:54:2E:D1:DC:F1:95:4E:1B:CD:39:51:3D:6F:DD
            X509v3 Authority Key Identifier:
                keyid:AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/9QLofWBXVC7R3PGVThvNOVE9b90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:ba:b3:b2:cd:87:3f:86:68:92:1f:b2:96:f9:72:84:d1:d4:
         13:32:f4:49:fd:94:55:da:46:b5:d7:76:93:f3:0c:35:50:e8:
         36:9c:6b:c0:83:92:fe:19:6f:0c:56:f7:7b:a4:00:62:d4:4e:
         bb:d8:83:cb:8f:e1:c9:37:b6:62:fc:e5:e4:cf:0f:e7:bf:ff:
         80:44:9f:7c:1d:fd:53:54:d6:b4:06:e1:d7:93:46:a1:57:0f:
         4f:75:43:57:91:5e:c9:48:51:27:fb:49:1d:98:6d:8a:d5:8f:
         c6:c9:30:80:d4:f8:f9:65:01:de:99:07:8b:f9:a6:d5:af:10:
         4a:0e:5e:e1:b0:5a:84:fa:fb:aa:19:4f:86:66:4b:1d:f0:eb:
         d6:4a:7d:5b:01:02:19:cc:e1:54:ee:d0:17:43:d5:f2:0d:a4:
         a6:29:33:f3:c7:80:06:4e:cc:c9:e2:5d:30:c7:9f:52:8c:eb:
         70:4f:1c:40:38:20:34:25:c8:16:70:55:8d:66:de:04:45:7a:
         f1:69:1d:7b:e3:63:9e:e6:3c:75:1f:e4:d6:6f:bd:2e:2a:a3:
         b0:dc:cc:ca:14:ec:06:a7:35:d1:62:c9:0a:27:92:33:8f:36:
         2b:6d:e8:41:a3:57:11:d0:86:81:ff:f3:3d:d7:76:0c:0e:48:
         2d:de:4f:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3DkJkuWlIEsvt00RV4NDObMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzM0MTA4NzA1YTk1Nzk2ZTg1NzcxMjVkZDMwMGM3NTFk
ZmQ5YTgwHhcNMjYwNDI1MDczNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTAyZTg3ZDYwNTc1NDJlZDFkY2YxOTU0ZTFiY2QzOTUxM2Q2ZmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFgllIHq+z72q6wjhQ0V/kfeQMEa
rkjAYdbMibHTQk2fWb6rUnobWFcnzxvNrZgVbuD8KWTjDyoXguF8EKK2/otYI589
qzOr3DoAwaBxAJlulVnLKcM5kl0HxUqDQZ90oJdCUFwwJekp5EKvgWutc9i9syYV
O7tn9xYOYZGaez4OLIWON0d/R9Sbk8UIBXF0tiidabEt+MlDzbtZbbND8SuWB6oL
ld9IBdNrE2iocd1yUCwue0xnZX7k0AZt7eTI8WGj2VdU3EirPOvQ2+J+z45PgUV7
FDUk6gdXsuiv6/5kFMxMudcNdIKnAN2T98UiJzS619XfkzABDyrMg8bBkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUC6H1gV1Qu0dzxlU4bzTlRPW/dMB8GA1UdIwQY
MBaAFK9zQQhwWpV5boV3El3TAMdR39moMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUt
MThkMWE0MDZhYWVkLzEvOVFMb2ZXQlhWQzdSM1BHVlRodk5PVkU5YjkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUtMThkMWE0MDZhYWVk
LzEvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+73MA0G
CSqGSIb3DQEBCwUAA4IBAQApurOyzYc/hmiSH7KW+XKE0dQTMvRJ/ZRV2ka113aT
8ww1UOg2nGvAg5L+GW8MVvd7pABi1E672IPLj+HJN7Zi/OXkzw/nv/+ARJ98Hf1T
VNa0BuHXk0ahVw9PdUNXkV7JSFEn+0kdmG2K1Y/GyTCA1Pj5ZQHemQeL+abVrxBK
Dl7hsFqE+vuqGU+GZksd8OvWSn1bAQIZzOFU7tAXQ9XyDaSmKTPzx4AGTszJ4l0w
x59SjOtwTxxAOCA0JcgWcFWNZt4ERXrxaR1742Oe5jx1H+TWb70uKqOw3MzKFOwG
pzXRYskKJ5IzjzYrbehBo1cR0IaB//M913YMDkgt3k81
-----END CERTIFICATE-----