Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/9tETZMcIzo9LOi__1LlnYrUMPSk.roa
File:                     9tETZMcIzo9LOi__1LlnYrUMPSk.roa (raw, json)
Hash identifier:          pNVhL14ZMT4UKnI0rE21rqoVAorhtXRqfiCHOQQUYgQ=
Subject key identifier:   F6:D1:13:64:C7:08:CE:8F:4B:3A:2F:FF:D4:B9:67:62:B5:0C:3D:29
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019D7871DAD6E666621ACE0D6C48685931D6
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/9tETZMcIzo9LOi__1LlnYrUMPSk.roa
Signing time:             Fri 10 Apr 2026 17:30:20 +0000
ROA not before:           Fri 10 Apr 2026 17:30:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34529
IP address blocks:        109.205.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:78:71:da:d6:e6:66:62:1a:ce:0d:6c:48:68:59:31:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Apr 10 17:30:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f6d11364c708ce8f4b3a2fffd4b96762b50c3d29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e2:9e:dd:2d:d9:71:d8:a6:69:28:1c:a6:2b:
                    7d:27:62:01:f0:41:e2:b6:a0:f5:4d:73:63:84:a5:
                    0c:1d:0a:19:58:0b:9f:e3:60:bf:b2:b4:cd:da:06:
                    a6:71:cb:c5:0e:fa:e0:e6:92:9a:a4:ba:72:00:88:
                    c6:d7:66:ae:e6:4b:3f:05:97:06:c4:13:d0:38:2c:
                    e6:28:8c:65:67:19:b4:3d:e7:3f:35:fb:5b:04:38:
                    9f:1e:fd:4e:45:4d:21:88:ce:a8:01:92:4e:0b:45:
                    8c:47:81:e8:c7:41:f1:bb:b7:18:ec:23:ff:71:dc:
                    ad:4f:c7:50:62:13:97:81:40:1d:56:c7:0f:86:ce:
                    e4:6c:7f:7c:2e:d5:f5:da:8a:d4:a8:a6:78:d7:42:
                    92:cc:b1:5e:eb:f8:e7:97:01:05:76:ba:7e:64:8f:
                    7f:96:43:c2:74:a9:9c:d3:3a:42:65:37:ff:38:da:
                    71:1c:5f:30:1b:53:71:ef:dc:e6:b0:c6:54:af:be:
                    f2:b6:77:0c:13:99:f4:e7:d0:14:9b:26:d7:93:f1:
                    ab:87:df:ba:8f:fd:8e:74:a3:3f:37:a5:2c:ef:11:
                    3a:7b:02:5e:ac:79:b1:fe:19:ad:73:9f:0e:d4:04:
                    75:00:bc:76:24:30:7d:66:fb:56:bc:c0:3f:b9:d9:
                    ed:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:D1:13:64:C7:08:CE:8F:4B:3A:2F:FF:D4:B9:67:62:B5:0C:3D:29
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/9tETZMcIzo9LOi__1LlnYrUMPSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:6f:15:1b:7f:87:d9:1f:ca:07:0d:45:2b:72:8f:f9:5c:80:
         d0:97:f8:03:d7:8c:3d:60:42:c3:c0:59:e3:7a:d7:87:a8:77:
         35:be:9f:27:89:b0:96:0a:c1:64:60:56:21:b8:cd:10:b1:19:
         32:7a:31:d1:da:97:bf:ea:2e:5b:90:9d:45:f4:f6:00:9d:1b:
         88:09:f8:6a:c2:8a:8f:50:f6:b0:f2:a5:4f:90:40:ff:0a:67:
         12:35:78:f6:59:6c:b4:e1:a6:8a:af:a5:03:6c:e6:d6:48:81:
         28:df:c1:77:d0:b3:e2:05:55:23:80:f6:da:da:b7:f6:f6:8a:
         23:88:d5:9e:16:54:30:72:e4:03:a9:b9:b7:c7:f7:30:7d:5e:
         0d:80:87:64:18:c4:9e:a7:8d:e8:e3:bc:dd:c2:d1:af:d9:fc:
         2c:3d:1e:32:94:f1:3d:8f:b1:5c:01:19:73:8c:ff:9f:13:bc:
         d4:52:0d:e1:43:b7:ca:4a:c9:c7:ab:c9:b0:b4:61:27:da:7d:
         7f:a3:04:52:08:e8:60:00:9e:39:a9:be:a6:18:e1:e5:d4:f8:
         a9:ab:02:5f:36:d7:1e:7b:41:8d:9e:62:31:d2:48:30:8f:a8:
         bc:3f:ea:f5:b1:35:24:8e:62:a4:d2:28:46:66:a3:62:bd:0f:
         c7:25:15:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ14cdrW5mZiGs4NbEhoWTHWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjYwNDEwMTczMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmQxMTM2NGM3MDhjZThmNGIzYTJmZmZkNGI5Njc2MmI1MGMzZDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+Ke3S3ZcdimaSgcpit9J2IB8EHi
tqD1TXNjhKUMHQoZWAuf42C/srTN2gamccvFDvrg5pKapLpyAIjG12au5ks/BZcG
xBPQOCzmKIxlZxm0Pec/NftbBDifHv1ORU0hiM6oAZJOC0WMR4Hox0Hxu7cY7CP/
cdytT8dQYhOXgUAdVscPhs7kbH98LtX12orUqKZ410KSzLFe6/jnlwEFdrp+ZI9/
lkPCdKmc0zpCZTf/ONpxHF8wG1Nx79zmsMZUr77ytncME5n059AUmybXk/Grh9+6
j/2OdKM/N6Us7xE6ewJerHmx/hmtc58O1AR1ALx2JDB9ZvtWvMA/udntJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPbRE2THCM6PSzov/9S5Z2K1DD0pMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvOXRFVFpNY0l6bzlMT2lfXzFMbG5ZclVNUFNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc2/MA0G
CSqGSIb3DQEBCwUAA4IBAQBkbxUbf4fZH8oHDUUrco/5XIDQl/gD14w9YELDwFnj
eteHqHc1vp8nibCWCsFkYFYhuM0QsRkyejHR2pe/6i5bkJ1F9PYAnRuICfhqwoqP
UPaw8qVPkED/CmcSNXj2WWy04aaKr6UDbObWSIEo38F30LPiBVUjgPba2rf29ooj
iNWeFlQwcuQDqbm3x/cwfV4NgIdkGMSep43o47zdwtGv2fwsPR4ylPE9j7FcARlz
jP+fE7zUUg3hQ7fKSsnHq8mwtGEn2n1/owRSCOhgAJ45qb6mGOHl1PipqwJfNtce
e0GNnmIx0kgwj6i8P+r1sTUkjmKk0ihGZqNivQ/HJRU6
-----END CERTIFICATE-----