Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/j9mJykjC2hvbsTmSMAiYvIwkiVE.roa
File:                     j9mJykjC2hvbsTmSMAiYvIwkiVE.roa (raw, json)
Hash identifier:          hDtieE0gMOSXyRTfWetqMo+2gNvc+f5L7gvNmvC7UHo=
Subject key identifier:   8F:D9:89:CA:48:C2:DA:1B:DB:B1:39:92:30:08:98:BC:8C:24:89:51
Certificate issuer:       /CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
Certificate serial:       019E068C956075E1E07FB1609231FA61B422
Authority key identifier: 12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/j9mJykjC2hvbsTmSMAiYvIwkiVE.roa
Signing time:             Fri 08 May 2026 07:45:36 +0000
ROA not before:           Fri 08 May 2026 07:45:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        176.116.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 May 2026 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:06:8c:95:60:75:e1:e0:7f:b1:60:92:31:fa:61:b4:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
        Validity
            Not Before: May  8 07:45:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8fd989ca48c2da1bdbb13992300898bc8c248951
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:cb:e7:fb:30:06:d6:8b:8c:6e:e8:5a:5f:50:
                    c5:4c:7b:7b:b5:8e:a1:25:52:86:6a:67:f6:ca:bf:
                    7e:72:cf:ea:b0:36:3b:f2:fa:1f:9c:bc:8f:98:0b:
                    9f:c1:d0:b5:cf:8c:8e:f8:3a:a9:63:00:af:ed:8c:
                    83:24:6e:78:47:e7:24:11:ca:ca:f3:9c:00:3f:1f:
                    56:4a:6e:d3:0a:c9:22:c5:44:e2:e9:1d:f9:36:ce:
                    da:78:44:77:2e:e0:ec:38:52:7c:3d:72:b9:5d:ea:
                    db:b9:fc:3c:4f:2f:e0:9a:bd:72:83:b2:a8:e9:45:
                    ec:82:0e:c9:fb:f0:cc:3b:1d:33:2e:c0:7b:8c:6b:
                    10:14:c3:3c:81:0e:03:be:ec:79:e2:62:d9:cb:5f:
                    a8:1a:d4:c7:22:04:1b:ec:3f:c3:97:08:c3:5e:63:
                    2b:92:33:2e:db:e2:33:44:d1:5a:65:25:1d:f8:e2:
                    29:c4:9e:8b:9d:7b:59:1f:7d:86:8c:6f:e3:85:61:
                    cf:eb:ec:b6:35:f8:a3:57:68:47:f3:00:e0:16:56:
                    b6:77:1c:78:ae:c3:d9:25:9f:21:df:95:1e:99:1c:
                    7c:b6:0d:f2:51:20:b7:45:fe:e3:bf:d3:e2:77:0f:
                    fc:bc:03:1f:cf:d9:a1:51:67:f5:3e:97:65:3d:15:
                    22:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:D9:89:CA:48:C2:DA:1B:DB:B1:39:92:30:08:98:BC:8C:24:89:51
            X509v3 Authority Key Identifier:
                keyid:12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/j9mJykjC2hvbsTmSMAiYvIwkiVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:4b:dd:49:21:fd:dc:c5:34:59:00:f8:8f:85:69:ed:c9:9c:
         88:c6:56:2b:2b:15:6a:90:94:7e:87:be:ae:0e:fe:a4:d3:06:
         30:06:e3:47:a2:7d:74:09:79:8d:c3:94:98:c2:99:78:79:e0:
         de:a0:98:d8:df:9a:c8:42:b8:de:15:e9:f7:f6:bd:8b:24:34:
         61:ed:81:47:95:3c:0e:6f:74:c9:7e:7c:b0:67:7d:ee:f9:1b:
         c4:36:f2:7d:b1:ee:d6:86:d7:1f:79:95:ee:aa:54:52:9e:e7:
         74:6e:fe:81:2f:eb:0b:65:31:11:f4:dc:73:d4:f4:c2:f7:96:
         9d:6c:4e:b7:07:68:8f:85:9f:b5:d7:1a:c9:7d:18:2e:51:a7:
         bc:62:92:90:34:0c:f2:36:b5:60:ab:d5:eb:3a:b0:c0:bf:2c:
         e7:5a:b5:8f:83:44:8a:4a:dd:69:06:7d:78:bc:9b:86:ea:05:
         6c:75:fc:25:69:38:db:86:ed:79:ea:19:ca:77:3f:8b:62:43:
         55:a3:7c:d3:22:f5:fc:0c:f0:6c:3c:eb:d9:ef:08:8d:49:8b:
         60:d0:dd:46:97:0a:c6:e8:5c:62:f0:63:3f:5e:83:f3:a9:39:
         9c:76:d9:a1:bc:a5:a9:fa:c4:c9:20:9f:af:d5:81:0b:5e:f6:
         ad:66:bf:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4GjJVgdeHgf7FgkjH6YbQiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmQ1NThhNjRlOTc1ODZhNDNkYzdlZTUwYThkNmIyOTIz
NjViNjAwHhcNMjYwNTA4MDc0NTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmQ5ODljYTQ4YzJkYTFiZGJiMTM5OTIzMDA4OThiYzhjMjQ4OTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMvn+zAG1ouMbuhaX1DFTHt7tY6h
JVKGamf2yr9+cs/qsDY78vofnLyPmAufwdC1z4yO+DqpYwCv7YyDJG54R+ckEcrK
85wAPx9WSm7TCskixUTi6R35Ns7aeER3LuDsOFJ8PXK5Xerbufw8Ty/gmr1yg7Ko
6UXsgg7J+/DMOx0zLsB7jGsQFMM8gQ4Dvux54mLZy1+oGtTHIgQb7D/DlwjDXmMr
kjMu2+IzRNFaZSUd+OIpxJ6LnXtZH32GjG/jhWHP6+y2NfijV2hH8wDgFla2dxx4
rsPZJZ8h35UemRx8tg3yUSC3Rf7jv9Pidw/8vAMfz9mhUWf1PpdlPRUizwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/ZicpIwtob27E5kjAImLyMJIlRMB8GA1UdIwQY
MBaAFBL9VYpk6XWGpD3H7lCo1rKSNltgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMt
MjRkOGU3NDdjMzhmLzEvajltSnlrakMyaHZic1RtU01BaVl2SXdraVZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMtMjRkOGU3NDdjMzhm
LzEvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHQGMA0G
CSqGSIb3DQEBCwUAA4IBAQCCS91JIf3cxTRZAPiPhWntyZyIxlYrKxVqkJR+h76u
Dv6k0wYwBuNHon10CXmNw5SYwpl4eeDeoJjY35rIQrjeFen39r2LJDRh7YFHlTwO
b3TJfnywZ33u+RvENvJ9se7WhtcfeZXuqlRSnud0bv6BL+sLZTER9Nxz1PTC95ad
bE63B2iPhZ+11xrJfRguUae8YpKQNAzyNrVgq9XrOrDAvyznWrWPg0SKSt1pBn14
vJuG6gVsdfwlaTjbhu156hnKdz+LYkNVo3zTIvX8DPBsPOvZ7wiNSYtg0N1GlwrG
6Fxi8GM/XoPzqTmcdtmhvKWp+sTJIJ+v1YELXvatZr+6
-----END CERTIFICATE-----