Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/x09fF6JOFSowUL2E9m359UlfoIE.roa
File:                     x09fF6JOFSowUL2E9m359UlfoIE.roa (raw, json)
Hash identifier:          XGbExiYXDOPNt9ooJ/4Wi9foh5gyJlLAYrRsSw6G7aM=
Subject key identifier:   C7:4F:5F:17:A2:4E:15:2A:30:50:BD:84:F6:6D:F9:F5:49:5F:A0:81
Certificate issuer:       /CN=632e3d037bf0507571b2a068cb90308374ce53ed
Certificate serial:       019E2B5A454E478A692D9F779F3F736CBBD6
Authority key identifier: 63:2E:3D:03:7B:F0:50:75:71:B2:A0:68:CB:90:30:83:74:CE:53:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yy49A3vwUHVxsqBoy5Awg3TOU-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/x09fF6JOFSowUL2E9m359UlfoIE.roa
Signing time:             Fri 15 May 2026 11:16:36 +0000
ROA not before:           Fri 15 May 2026 11:16:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3949
IP address blocks:        171.22.145.0/24 maxlen: 24
                          185.243.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/Yy49A3vwUHVxsqBoy5Awg3TOU-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/Yy49A3vwUHVxsqBoy5Awg3TOU-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yy49A3vwUHVxsqBoy5Awg3TOU-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2b:5a:45:4e:47:8a:69:2d:9f:77:9f:3f:73:6c:bb:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632e3d037bf0507571b2a068cb90308374ce53ed
        Validity
            Not Before: May 15 11:16:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c74f5f17a24e152a3050bd84f66df9f5495fa081
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:a4:18:d5:ec:aa:d4:74:25:5a:30:e5:a1:61:
                    13:32:88:9d:e9:3c:c1:fc:35:36:0d:21:6c:ff:50:
                    6f:df:94:07:3b:0b:74:a9:fd:e2:37:7a:b1:41:e7:
                    fe:fc:b3:59:f8:d4:4f:d6:a7:85:c6:85:11:d5:ba:
                    0e:12:ce:52:55:e3:b9:c0:b4:77:27:87:41:31:8a:
                    31:28:ed:ef:86:80:06:bc:3f:f4:bf:77:ad:82:4a:
                    22:db:d2:a2:4d:a3:91:72:29:d5:f9:2a:8e:26:da:
                    da:e4:ae:d0:85:8e:34:39:65:d9:80:6b:1e:e8:93:
                    0a:2e:f9:42:14:23:b1:ae:c4:0f:ae:9c:9c:f6:2d:
                    23:bc:b5:36:74:de:cb:bb:96:d2:6b:77:68:23:04:
                    5e:72:c9:c9:ee:ec:4e:e3:21:5b:cd:ec:a3:67:ce:
                    e4:91:f8:47:0c:97:7b:cc:70:bb:e8:3c:85:73:ec:
                    b4:63:8e:a6:7f:87:b7:48:55:24:9d:a7:c4:31:7a:
                    bf:a6:6f:ad:ee:62:3d:68:a4:e8:91:cd:97:e9:93:
                    7c:92:3c:eb:e1:3c:05:5b:54:89:eb:25:97:7f:55:
                    6c:8d:95:4c:36:83:b9:fb:d1:9a:cb:24:ba:da:0d:
                    fe:47:f3:a0:9c:56:0e:74:5b:82:ad:c2:70:87:f0:
                    fd:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:4F:5F:17:A2:4E:15:2A:30:50:BD:84:F6:6D:F9:F5:49:5F:A0:81
            X509v3 Authority Key Identifier:
                keyid:63:2E:3D:03:7B:F0:50:75:71:B2:A0:68:CB:90:30:83:74:CE:53:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yy49A3vwUHVxsqBoy5Awg3TOU-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/x09fF6JOFSowUL2E9m359UlfoIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/Yy49A3vwUHVxsqBoy5Awg3TOU-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.145.0/24
                  185.243.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:89:41:59:3c:29:69:e1:4e:be:39:76:88:67:9b:82:3c:6a:
         0e:fa:99:bb:cd:c0:af:91:81:ea:d9:65:0c:a3:79:88:1b:11:
         e8:e9:6c:22:47:76:48:d7:d7:99:a3:df:b9:9b:dd:47:bc:e7:
         2c:34:5e:09:7b:0f:d3:7d:f8:25:75:70:39:c0:f6:ed:03:cd:
         1a:2b:25:b0:20:a0:10:5e:fd:35:4c:92:0e:21:87:70:fb:33:
         be:40:c4:d7:7e:12:f4:5f:ca:9c:9c:bd:d5:b6:eb:4f:f4:fd:
         98:59:e3:e6:a1:6a:e0:3f:6c:d3:d6:8f:68:6f:f7:54:fa:fa:
         07:e2:10:a1:0e:af:ff:7d:a5:02:d3:21:37:a4:25:5b:44:eb:
         31:27:46:af:ac:5a:ac:ff:87:a0:bd:dd:2c:65:7f:a5:9e:7f:
         ff:37:81:6a:72:de:47:a8:fc:63:e5:b7:cc:d0:84:c1:53:2b:
         a8:0a:91:4e:a7:53:05:b0:20:9e:43:a4:e6:de:52:cb:55:36:
         19:08:14:fb:e1:f0:18:52:04:2a:00:56:c1:2c:6c:20:e8:82:
         16:54:ba:b1:ec:5b:10:32:7d:67:f1:a2:87:0f:fe:87:b7:ff:
         57:7f:89:e0:20:ab:3d:5f:c1:c9:bc:e6:37:bc:53:14:ab:60:
         2e:e8:57:e2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4rWkVOR4ppLZ93nz9zbLvWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmUzZDAzN2JmMDUwNzU3MWIyYTA2OGNiOTAzMDgzNzRj
ZTUzZWQwHhcNMjYwNTE1MTExNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzRmNWYxN2EyNGUxNTJhMzA1MGJkODRmNjZkZjlmNTQ5NWZhMDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qQY1eyq1HQlWjDloWETMoid6TzB
/DU2DSFs/1Bv35QHOwt0qf3iN3qxQef+/LNZ+NRP1qeFxoUR1boOEs5SVeO5wLR3
J4dBMYoxKO3vhoAGvD/0v3etgkoi29KiTaORcinV+SqOJtra5K7QhY40OWXZgGse
6JMKLvlCFCOxrsQPrpyc9i0jvLU2dN7Lu5bSa3doIwRecsnJ7uxO4yFbzeyjZ87k
kfhHDJd7zHC76DyFc+y0Y46mf4e3SFUknafEMXq/pm+t7mI9aKTokc2X6ZN8kjzr
4TwFW1SJ6yWXf1VsjZVMNoO5+9GayyS62g3+R/OgnFYOdFuCrcJwh/D9HQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMdPXxeiThUqMFC9hPZt+fVJX6CBMB8GA1UdIwQY
MBaAFGMuPQN78FB1cbKgaMuQMIN0zlPtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXk0OUEzdndVSFZ4c3FCb3k1QXdnM1RPVS0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9mOWY0YTktYTBjZC00MTA3LWFhNDEt
ZDUyYTE4OTg1OTk5LzEveDA5ZkY2Sk9GU293VUwyRTltMzU5VWxmb0lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9mOWY0YTktYTBjZC00MTA3LWFhNDEtZDUyYTE4OTg1OTk5
LzEvWXk0OUEzdndVSFZ4c3FCb3k1QXdnM1RPVS0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAqxaRAwQA
ufOBMA0GCSqGSIb3DQEBCwUAA4IBAQAciUFZPClp4U6+OXaIZ5uCPGoO+pm7zcCv
kYHq2WUMo3mIGxHo6WwiR3ZI19eZo9+5m91HvOcsNF4Jew/TffgldXA5wPbtA80a
KyWwIKAQXv01TJIOIYdw+zO+QMTXfhL0X8qcnL3VtutP9P2YWePmoWrgP2zT1o9o
b/dU+voH4hChDq//faUC0yE3pCVbROsxJ0avrFqs/4egvd0sZX+lnn//N4Fqct5H
qPxj5bfM0ITBUyuoCpFOp1MFsCCeQ6Tm3lLLVTYZCBT74fAYUgQqAFbBLGwg6IIW
VLqx7FsQMn1n8aKHD/6Ht/9Xf4ngIKs9X8HJvOY3vFMUq2Au6Ffi
-----END CERTIFICATE-----