Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/_qJbebTlrOvrXIQLM28_mZtacRY.roa
File:                     _qJbebTlrOvrXIQLM28_mZtacRY.roa (raw, json)
Hash identifier:          BqUn6UdSWnNCo8IEu4itHIeonT1vIDue6NclshrDycA=
Subject key identifier:   FE:A2:5B:79:B4:E5:AC:EB:EB:5C:84:0B:33:6F:3F:99:9B:5A:71:16
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       019E456B8D8AFB065C71B5C8E03A5AE09FDD
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/_qJbebTlrOvrXIQLM28_mZtacRY.roa
Signing time:             Wed 20 May 2026 12:45:36 +0000
ROA not before:           Wed 20 May 2026 12:45:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208226
IP address blocks:        194.59.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:45:6b:8d:8a:fb:06:5c:71:b5:c8:e0:3a:5a:e0:9f:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: May 20 12:45:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fea25b79b4e5acebeb5c840b336f3f999b5a7116
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:4d:35:54:87:45:26:50:59:1b:94:c4:10:13:
                    cf:0a:2c:b5:0b:da:aa:cb:63:09:48:36:62:6a:28:
                    14:e2:20:9c:4c:0b:02:c5:6e:ea:e4:3e:53:32:62:
                    6f:cf:e4:19:a7:7b:52:38:cd:e6:b6:be:27:93:7b:
                    f1:d2:12:94:ab:73:fc:1d:eb:f2:51:9d:0c:44:90:
                    34:dd:42:b1:a4:ba:ea:90:32:1e:0f:7d:56:0c:3f:
                    a3:e2:36:54:e1:41:ed:96:f6:51:16:56:fb:4d:ee:
                    f2:a6:11:7d:9f:2c:a2:0d:08:1f:30:27:47:b0:2a:
                    ca:36:00:52:04:7e:2d:63:e0:36:85:ae:04:3d:ff:
                    6a:02:36:32:aa:99:a9:dd:49:c7:b5:bd:ed:8c:71:
                    41:5e:8d:fb:b2:ea:86:1f:35:96:38:6c:db:15:92:
                    73:39:b4:0d:d2:f8:1b:66:f6:05:03:09:3a:18:f5:
                    35:31:09:09:2e:d7:bc:28:d9:65:4f:3f:d4:28:98:
                    10:43:6e:34:8c:1f:08:33:d4:64:02:4e:a0:2f:c0:
                    66:0a:60:be:41:9e:6b:e7:96:b1:bf:3d:16:c3:e8:
                    ca:28:58:cf:28:54:5c:b2:19:07:0e:2d:c2:9e:cd:
                    9c:62:93:ad:fb:7a:93:78:f8:12:2a:78:e4:49:02:
                    ca:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:A2:5B:79:B4:E5:AC:EB:EB:5C:84:0B:33:6F:3F:99:9B:5A:71:16
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/_qJbebTlrOvrXIQLM28_mZtacRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:03:43:fc:61:b1:54:c7:d3:be:ff:ef:7c:82:ed:76:ad:56:
         e7:2c:7f:73:4a:26:b9:22:90:6f:9b:5c:84:64:ab:0c:69:69:
         ae:10:38:29:2c:34:77:cd:d1:5e:68:09:72:42:e4:21:68:26:
         c4:64:64:48:e2:cd:eb:69:9d:1e:a6:bf:64:22:95:be:42:59:
         cf:e6:45:a3:f3:c3:6c:ed:bf:96:25:f1:f8:02:54:7f:01:db:
         2e:8c:bc:bd:9f:20:5a:75:a8:dc:55:42:62:f6:94:f5:4f:be:
         a2:02:25:44:87:5d:5e:da:c5:12:a8:09:07:a2:4f:b3:d2:d4:
         6a:fd:b6:74:a6:c2:da:06:2e:e5:bf:ee:7c:a8:5d:82:01:dd:
         11:72:ba:4f:c4:ef:78:c1:fc:c3:57:92:5c:c1:25:24:d6:6d:
         18:9a:5b:af:a8:ee:38:3d:f9:4d:24:5d:2e:a1:05:48:67:86:
         3a:f4:ea:48:40:36:70:fb:ef:46:a9:fd:dc:77:46:53:1b:70:
         eb:1b:61:49:98:2c:6a:63:81:bf:fc:ca:8d:08:e3:a8:82:cf:
         8c:78:5f:a5:8b:ed:21:02:66:a8:d5:37:4d:8f:0b:5e:04:88:
         f3:ae:b1:c3:4b:df:86:91:8f:0d:3a:ae:7a:a4:3a:ec:7a:6e:
         8b:68:af:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5Fa42K+wZccbXI4Dpa4J/dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjYwNTIwMTI0NTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWEyNWI3OWI0ZTVhY2ViZWI1Yzg0MGIzMzZmM2Y5OTliNWE3MTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtk01VIdFJlBZG5TEEBPPCiy1C9qq
y2MJSDZiaigU4iCcTAsCxW7q5D5TMmJvz+QZp3tSOM3mtr4nk3vx0hKUq3P8Hevy
UZ0MRJA03UKxpLrqkDIeD31WDD+j4jZU4UHtlvZRFlb7Te7yphF9nyyiDQgfMCdH
sCrKNgBSBH4tY+A2ha4EPf9qAjYyqpmp3UnHtb3tjHFBXo37suqGHzWWOGzbFZJz
ObQN0vgbZvYFAwk6GPU1MQkJLte8KNllTz/UKJgQQ240jB8IM9RkAk6gL8BmCmC+
QZ5r55axvz0Ww+jKKFjPKFRcshkHDi3Cns2cYpOt+3qTePgSKnjkSQLKYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6iW3m05azr61yECzNvP5mbWnEWMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvX3FKYmViVGxyT3ZyWElRTE0yOF9tWnRhY1JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjsJMA0G
CSqGSIb3DQEBCwUAA4IBAQAJA0P8YbFUx9O+/+98gu12rVbnLH9zSia5IpBvm1yE
ZKsMaWmuEDgpLDR3zdFeaAlyQuQhaCbEZGRI4s3raZ0epr9kIpW+QlnP5kWj88Ns
7b+WJfH4AlR/AdsujLy9nyBadajcVUJi9pT1T76iAiVEh11e2sUSqAkHok+z0tRq
/bZ0psLaBi7lv+58qF2CAd0RcrpPxO94wfzDV5JcwSUk1m0YmluvqO44PflNJF0u
oQVIZ4Y69OpIQDZw++9Gqf3cd0ZTG3DrG2FJmCxqY4G//MqNCOOogs+MeF+li+0h
Amao1TdNjwteBIjzrrHDS9+GkY8NOq56pDrsem6LaK/0
-----END CERTIFICATE-----