Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/D7ShHAHZU9Q1RPi-PZsNQEvMtsA.roa
File:                     D7ShHAHZU9Q1RPi-PZsNQEvMtsA.roa (raw, json)
Hash identifier:          yb8JwTCokjpyT12p4uvxEpN6nrRF5qKq5j9OSf7cQ4M=
Subject key identifier:   0F:B4:A1:1C:01:D9:53:D4:35:44:F8:BE:3D:9B:0D:40:4B:CC:B6:C0
Certificate issuer:       /CN=1e9a2f083f471dfb9507b4c973cb5c3acd49759d
Certificate serial:       019EBAE293B4F0532783BEC00A000FE0438A
Authority key identifier: 1E:9A:2F:08:3F:47:1D:FB:95:07:B4:C9:73:CB:5C:3A:CD:49:75:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpovCD9HHfuVB7TJc8tcOs1JdZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/D7ShHAHZU9Q1RPi-PZsNQEvMtsA.roa
Signing time:             Fri 12 Jun 2026 08:11:11 +0000
ROA not before:           Fri 12 Jun 2026 08:11:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        109.232.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/HpovCD9HHfuVB7TJc8tcOs1JdZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/HpovCD9HHfuVB7TJc8tcOs1JdZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HpovCD9HHfuVB7TJc8tcOs1JdZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 16:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ba:e2:93:b4:f0:53:27:83:be:c0:0a:00:0f:e0:43:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9a2f083f471dfb9507b4c973cb5c3acd49759d
        Validity
            Not Before: Jun 12 08:11:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0fb4a11c01d953d43544f8be3d9b0d404bccb6c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:c9:23:40:1f:79:ca:11:ab:70:58:a4:ef:8e:
                    b6:cd:c4:ea:89:3f:d9:62:6f:a0:d8:cb:a6:a3:89:
                    09:c1:33:1a:fa:9b:56:15:10:b4:7b:7c:41:39:f9:
                    ca:b4:15:20:05:2e:23:15:fe:a7:d7:2e:b8:d7:e0:
                    08:90:42:16:fa:ab:9a:42:d8:09:50:45:19:6a:fd:
                    c6:f1:94:b3:0c:93:26:de:5e:af:2f:11:40:ec:99:
                    53:81:f6:91:b4:35:28:6b:1f:ff:a4:f2:2d:24:2b:
                    2d:3f:65:cb:75:56:79:86:29:a1:41:66:28:b1:ac:
                    b0:11:93:29:9f:09:40:dc:23:79:83:0b:bd:16:4d:
                    19:db:a7:ff:97:2d:f8:2d:35:4c:eb:19:4e:4b:91:
                    8d:56:20:58:64:d1:4e:7a:12:3d:9d:3f:4e:b6:14:
                    88:a9:5e:30:44:11:25:0b:80:0a:89:1f:2e:42:a7:
                    14:c5:13:47:1b:9e:81:6f:81:36:3a:96:d7:00:9d:
                    60:25:af:ec:e8:ce:79:fb:b0:32:05:31:d3:c6:44:
                    19:11:e7:12:c0:58:71:93:73:4b:9c:44:33:e8:e6:
                    e0:d3:24:9b:0c:15:e5:2f:ec:23:51:28:ac:2d:2e:
                    9d:6a:42:40:ae:a2:bf:1e:27:d5:48:77:dd:56:ba:
                    e9:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:B4:A1:1C:01:D9:53:D4:35:44:F8:BE:3D:9B:0D:40:4B:CC:B6:C0
            X509v3 Authority Key Identifier:
                keyid:1E:9A:2F:08:3F:47:1D:FB:95:07:B4:C9:73:CB:5C:3A:CD:49:75:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpovCD9HHfuVB7TJc8tcOs1JdZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/D7ShHAHZU9Q1RPi-PZsNQEvMtsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/HpovCD9HHfuVB7TJc8tcOs1JdZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.232.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:af:3f:c5:83:fa:27:52:b4:54:e7:b6:89:db:50:fb:a1:0a:
         bd:89:f8:06:c6:fd:27:18:d8:93:1b:a0:44:3e:2d:20:ef:02:
         85:b8:d5:56:73:01:53:0f:03:16:51:bb:7c:06:74:14:47:2c:
         b1:cd:d1:f7:75:d7:a9:2c:70:83:17:40:ca:40:a2:c9:be:b3:
         d5:66:6b:1e:b5:a5:fa:50:8e:7c:16:0a:22:93:f2:5f:47:35:
         38:17:fc:5e:14:18:f1:db:33:18:7a:41:08:f7:34:f6:b2:ed:
         10:09:58:ed:24:6b:f2:76:c5:b5:d9:59:60:7f:1c:5c:d1:41:
         50:0e:d7:99:be:e4:52:01:cc:e6:63:f6:9e:c0:09:f3:8d:3b:
         b8:64:1c:b3:c5:f9:47:0f:b5:96:47:3a:cf:39:e3:b9:9c:d9:
         ff:77:cb:2f:51:d0:de:a7:ff:f7:ef:16:76:d5:88:25:c3:3a:
         06:03:60:74:a9:64:1c:b0:c4:6c:6c:c2:66:13:16:ec:44:4d:
         ee:0a:ee:da:59:e3:5f:12:75:18:86:aa:14:10:c1:6e:15:ce:
         91:aa:09:2b:56:35:54:70:18:71:39:63:24:5f:e3:e0:34:28:
         72:73:5c:19:f8:75:af:e0:20:08:c9:b0:2c:a9:6f:0e:c3:64:
         c8:ef:85:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ664pO08FMng77ACgAP4EOKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWEyZjA4M2Y0NzFkZmI5NTA3YjRjOTczY2I1YzNhY2Q0
OTc1OWQwHhcNMjYwNjEyMDgxMTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmI0YTExYzAxZDk1M2Q0MzU0NGY4YmUzZDliMGQ0MDRiY2NiNmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2MkjQB95yhGrcFik7462zcTqiT/Z
Ym+g2Mumo4kJwTMa+ptWFRC0e3xBOfnKtBUgBS4jFf6n1y641+AIkEIW+quaQtgJ
UEUZav3G8ZSzDJMm3l6vLxFA7JlTgfaRtDUoax//pPItJCstP2XLdVZ5himhQWYo
saywEZMpnwlA3CN5gwu9Fk0Z26f/ly34LTVM6xlOS5GNViBYZNFOehI9nT9OthSI
qV4wRBElC4AKiR8uQqcUxRNHG56Bb4E2OpbXAJ1gJa/s6M55+7AyBTHTxkQZEecS
wFhxk3NLnEQz6Obg0ySbDBXlL+wjUSisLS6dakJArqK/HifVSHfdVrrppwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+0oRwB2VPUNUT4vj2bDUBLzLbAMB8GA1UdIwQY
MBaAFB6aLwg/Rx37lQe0yXPLXDrNSXWdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBvdkNEOUhIZnVWQjdUSmM4dGNPczFKZFowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC82Mjc3YTctMjkwZi00OTk0LWIyODYt
MjVkNmU4NjEzZGM0LzEvRDdTaEhBSFpVOVExUlBpLVBac05RRXZNdHNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC82Mjc3YTctMjkwZi00OTk0LWIyODYtMjVkNmU4NjEzZGM0
LzEvSHBvdkNEOUhIZnVWQjdUSmM4dGNPczFKZFowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbehZMA0G
CSqGSIb3DQEBCwUAA4IBAQB3rz/Fg/onUrRU57aJ21D7oQq9ifgGxv0nGNiTG6BE
Pi0g7wKFuNVWcwFTDwMWUbt8BnQURyyxzdH3ddepLHCDF0DKQKLJvrPVZmsetaX6
UI58Fgoik/JfRzU4F/xeFBjx2zMYekEI9zT2su0QCVjtJGvydsW12Vlgfxxc0UFQ
DteZvuRSAczmY/aewAnzjTu4ZByzxflHD7WWRzrPOeO5nNn/d8svUdDep//37xZ2
1YglwzoGA2B0qWQcsMRsbMJmExbsRE3uCu7aWeNfEnUYhqoUEMFuFc6RqgkrVjVU
cBhxOWMkX+PgNChyc1wZ+HWv4CAIybAsqW8Ow2TI74U4
-----END CERTIFICATE-----