Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/9GJllxYCYuwNzBFKMnz_oxHLdWY.roa
File:                     9GJllxYCYuwNzBFKMnz_oxHLdWY.roa (raw, json)
Hash identifier:          YYCua/crN7Zq2OAzCbcmSx0UG9y/gFrgV5F+Ua0iFZc=
Subject key identifier:   F4:62:65:97:16:02:62:EC:0D:CC:11:4A:32:7C:FF:A3:11:CB:75:66
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019EA089DD430FE3322766C7F9513016555C
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/9GJllxYCYuwNzBFKMnz_oxHLdWY.roa
Signing time:             Sun 07 Jun 2026 05:24:10 +0000
ROA not before:           Sun 07 Jun 2026 05:24:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58232
IP address blocks:        185.113.10.0/24 maxlen: 24
                          195.254.165.0/24 maxlen: 24
                          2a05:9080:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a0:89:dd:43:0f:e3:32:27:66:c7:f9:51:30:16:55:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Jun  7 05:24:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f4626597160262ec0dcc114a327cffa311cb7566
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:9e:8e:e2:13:46:76:ab:71:ce:cc:3f:46:14:
                    ad:11:4e:92:49:45:4b:cb:74:74:d9:9f:6f:02:78:
                    c1:dd:f1:13:7f:0d:b3:1d:51:93:c4:0e:7b:c3:ab:
                    e8:cd:60:17:ee:7f:a4:57:26:d4:b8:ff:97:64:8c:
                    a6:af:2a:71:a3:52:f0:8c:03:c1:b9:25:e7:dd:c3:
                    74:b6:8d:64:62:c2:69:01:7d:94:3e:a6:b0:6c:11:
                    75:00:17:a4:62:d7:7c:ea:87:c3:72:10:9b:cc:64:
                    d0:03:ea:71:07:7a:a3:8d:6f:53:1b:2c:ee:a0:f1:
                    ca:42:2f:07:e6:37:f4:34:1b:06:2d:db:17:f0:b0:
                    67:7b:1e:05:b5:23:a4:74:87:3d:2d:c4:32:fd:78:
                    16:87:89:85:0a:4f:4c:e4:4d:3d:95:b8:3c:28:05:
                    a2:92:e6:db:b6:25:bb:b7:6c:0f:99:76:f8:10:b8:
                    5b:d7:6b:f8:53:e2:7e:4b:ec:a3:52:f7:29:f0:f3:
                    57:0c:fc:71:44:78:cd:dc:1d:86:85:00:69:48:12:
                    8d:94:1e:ad:1d:bc:14:46:8d:63:4d:94:b2:ea:f9:
                    71:ac:e1:8b:fb:74:f1:13:7c:65:fa:ea:76:9d:65:
                    79:74:68:93:a6:22:f0:15:05:88:d4:ad:3e:db:fc:
                    6d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:62:65:97:16:02:62:EC:0D:CC:11:4A:32:7C:FF:A3:11:CB:75:66
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/9GJllxYCYuwNzBFKMnz_oxHLdWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.10.0/24
                  195.254.165.0/24
                IPv6:
                  2a05:9080:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:bb:d6:11:8f:46:1c:d6:3e:60:e2:75:8b:23:56:a8:03:e1:
         35:bd:4d:15:f8:8f:e0:9e:7d:b6:65:ef:f0:27:f4:fe:35:91:
         9d:0a:37:bd:76:ec:6d:df:8d:f1:50:84:db:9a:5a:26:08:1b:
         dd:de:88:e5:24:88:e4:ec:ec:e4:03:b6:3f:ec:25:e3:ed:58:
         51:4a:f5:1c:67:c0:a2:1c:67:1f:d1:70:2a:5c:76:02:f0:d0:
         c8:87:80:df:10:10:91:5d:a3:df:c1:2a:fd:11:68:7b:26:f4:
         46:69:14:57:03:15:ec:3c:90:a3:be:8e:29:5a:bf:79:1a:2f:
         5b:cf:92:68:7b:29:91:ed:f8:65:16:c1:87:e1:d6:64:0a:74:
         59:61:79:ee:e8:4a:43:e4:40:fa:24:1f:eb:76:d2:aa:8a:2e:
         34:cf:4e:ac:c6:fd:88:5b:18:3f:f2:7a:1c:86:93:ad:16:c4:
         42:4f:a4:c6:a2:c4:f6:dc:7f:5d:e9:61:b5:3c:c7:6d:cd:ba:
         c0:4a:f3:26:2d:8f:df:c5:e0:b0:e1:2e:cc:a5:1f:c2:13:5e:
         e9:a6:f7:e5:ef:93:f1:65:7b:47:03:14:a1:c4:85:12:31:1f:
         63:fa:27:d4:b9:73:63:dd:a5:df:02:f0:d8:e5:bc:c7:f7:09:
         fd:69:c0:a5
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ6gid1DD+MyJ2bH+VEwFlVcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjYwNjA3MDUyNDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDYyNjU5NzE2MDI2MmVjMGRjYzExNGEzMjdjZmZhMzExY2I3NTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv56O4hNGdqtxzsw/RhStEU6SSUVL
y3R02Z9vAnjB3fETfw2zHVGTxA57w6vozWAX7n+kVybUuP+XZIymrypxo1LwjAPB
uSXn3cN0to1kYsJpAX2UPqawbBF1ABekYtd86ofDchCbzGTQA+pxB3qjjW9TGyzu
oPHKQi8H5jf0NBsGLdsX8LBnex4FtSOkdIc9LcQy/XgWh4mFCk9M5E09lbg8KAWi
kubbtiW7t2wPmXb4ELhb12v4U+J+S+yjUvcp8PNXDPxxRHjN3B2GhQBpSBKNlB6t
HbwURo1jTZSy6vlxrOGL+3TxE3xl+up2nWV5dGiTpiLwFQWI1K0+2/xtpwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFPRiZZcWAmLsDcwRSjJ8/6MRy3VmMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvOUdKbGx4WUNZdXdOekJGS01uel9veEhMZFdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAuXEKAwQA
w/6lMA8EAgACMAkDBwAqBZCAAAUwDQYJKoZIhvcNAQELBQADggEBAJG71hGPRhzW
PmDidYsjVqgD4TW9TRX4j+CefbZl7/An9P41kZ0KN7127G3fjfFQhNuaWiYIG93e
iOUkiOTs7OQDtj/sJePtWFFK9RxnwKIcZx/RcCpcdgLw0MiHgN8QEJFdo9/BKv0R
aHsm9EZpFFcDFew8kKO+jilav3kaL1vPkmh7KZHt+GUWwYfh1mQKdFlhee7oSkPk
QPokH+t20qqKLjTPTqzG/YhbGD/yehyGk60WxEJPpMaixPbcf13pYbU8x23NusBK
8yYtj9/F4LDhLsylH8ITXumm9+Xvk/Fle0cDFKHEhRIxH2P6J9S5c2Pdpd8C8Njl
vMf3Cf1pwKU=
-----END CERTIFICATE-----