Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/CR9Jw-Qo-LNNx6KfCiNYHGDGdtA.roa
File:                     CR9Jw-Qo-LNNx6KfCiNYHGDGdtA.roa (raw, json)
Hash identifier:          Z7FFUigKmdZlNCLBCKiHY/E04fRO5eGcZVLAxrZxiaY=
Subject key identifier:   09:1F:49:C3:E4:28:F8:B3:4D:C7:A2:9F:0A:23:58:1C:60:C6:76:D0
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019D8673F9310533E3150BF7479DA7AD7F6E
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/CR9Jw-Qo-LNNx6KfCiNYHGDGdtA.roa
Signing time:             Mon 13 Apr 2026 10:47:20 +0000
ROA not before:           Mon 13 Apr 2026 10:47:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211211
IP address blocks:        193.42.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:86:73:f9:31:05:33:e3:15:0b:f7:47:9d:a7:ad:7f:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Apr 13 10:47:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=091f49c3e428f8b34dc7a29f0a23581c60c676d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:81:f9:22:47:7e:0d:12:a2:cf:1c:87:e5:b9:
                    cf:72:c9:82:03:1f:0b:71:6d:d2:f9:61:55:40:c6:
                    71:ea:ae:51:13:ab:6d:cd:fa:0f:c5:c0:fd:65:a2:
                    b4:03:3d:75:ac:40:43:04:50:ca:93:5b:12:46:29:
                    2f:77:03:9a:5b:8e:8f:c8:ba:52:30:15:06:c1:ff:
                    a0:c3:be:93:7e:4c:05:1c:ee:94:6c:ed:58:5f:a3:
                    50:cd:09:6d:13:de:6f:44:9b:fa:a8:59:9e:cf:77:
                    23:42:71:97:46:59:71:3d:61:e8:d3:5e:e6:2f:fe:
                    8b:a8:d5:49:95:17:3f:38:15:4a:44:fd:59:f6:cb:
                    af:04:40:6d:e9:ef:bf:a1:51:d9:b3:1b:31:17:65:
                    0a:1c:cf:a8:99:af:5c:3b:c0:eb:89:aa:a0:ed:7a:
                    97:1a:cd:df:10:03:34:1f:6f:bc:b9:9f:f9:d0:bc:
                    68:46:27:7e:21:49:26:ab:70:4a:10:0b:b6:24:f8:
                    db:6b:bf:c1:ac:61:95:0a:df:b4:60:95:da:2f:dc:
                    47:ec:ad:17:8d:10:25:c8:e4:59:1b:23:11:5a:9c:
                    48:4a:81:52:3b:21:9e:73:08:ed:bb:05:6a:e4:1d:
                    09:5a:ac:0e:29:80:f2:ec:06:90:39:dd:a8:82:85:
                    dc:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:1F:49:C3:E4:28:F8:B3:4D:C7:A2:9F:0A:23:58:1C:60:C6:76:D0
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/CR9Jw-Qo-LNNx6KfCiNYHGDGdtA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:34:7c:2b:46:1e:cb:72:06:d4:20:0c:78:78:60:59:a2:b2:
         8d:cb:be:79:d4:d3:b8:88:12:82:78:0a:fc:10:68:01:e4:69:
         bb:48:2e:d2:31:b7:ed:00:66:6d:54:74:e3:ee:49:0d:97:c3:
         2d:69:9c:4e:07:cb:32:ad:2c:0d:32:2f:3d:42:72:33:e5:7b:
         07:f7:f1:79:fd:ca:5f:75:22:f9:1a:51:a8:6e:16:a5:f9:3f:
         78:85:ed:89:23:dd:0e:2e:bf:84:46:6f:61:1a:88:57:40:f8:
         26:2f:16:41:49:de:84:84:90:4f:44:38:d0:a6:d2:30:aa:26:
         75:76:db:e0:cc:55:5e:ef:37:db:a8:2c:ef:3f:28:58:dd:38:
         ae:17:e7:6c:69:5c:70:1c:4d:28:46:cc:48:21:c8:f3:e9:f7:
         ee:ef:be:a1:39:e7:16:a6:25:d6:ac:92:3a:a0:3a:10:36:25:
         59:a7:0e:f5:40:fb:45:78:ee:9f:05:39:25:0a:11:3d:53:27:
         42:ed:cc:f8:c1:af:c5:90:9e:b9:a3:3e:6b:e8:ef:a0:d4:32:
         5d:2c:9a:0e:d3:4a:52:f9:8b:8a:08:59:6f:da:00:d7:20:02:
         93:ec:a8:50:c6:bb:a9:32:6e:40:0a:eb:bc:d6:22:9b:f0:3b:
         3a:e8:96:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Gc/kxBTPjFQv3R52nrX9uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwNDEzMTA0NzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTFmNDljM2U0MjhmOGIzNGRjN2EyOWYwYTIzNTgxYzYwYzY3NmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYH5Ikd+DRKizxyH5bnPcsmCAx8L
cW3S+WFVQMZx6q5RE6ttzfoPxcD9ZaK0Az11rEBDBFDKk1sSRikvdwOaW46PyLpS
MBUGwf+gw76TfkwFHO6UbO1YX6NQzQltE95vRJv6qFmez3cjQnGXRllxPWHo017m
L/6LqNVJlRc/OBVKRP1Z9suvBEBt6e+/oVHZsxsxF2UKHM+oma9cO8Driaqg7XqX
Gs3fEAM0H2+8uZ/50LxoRid+IUkmq3BKEAu2JPjba7/BrGGVCt+0YJXaL9xH7K0X
jRAlyORZGyMRWpxISoFSOyGecwjtuwVq5B0JWqwOKYDy7AaQOd2ogoXcYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkfScPkKPizTceinwojWBxgxnbQMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvQ1I5SnctUW8tTE5OeDZLZkNpTllIR0RHZHRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSpwMA0G
CSqGSIb3DQEBCwUAA4IBAQBKNHwrRh7LcgbUIAx4eGBZorKNy7551NO4iBKCeAr8
EGgB5Gm7SC7SMbftAGZtVHTj7kkNl8MtaZxOB8syrSwNMi89QnIz5XsH9/F5/cpf
dSL5GlGobhal+T94he2JI90OLr+ERm9hGohXQPgmLxZBSd6EhJBPRDjQptIwqiZ1
dtvgzFVe7zfbqCzvPyhY3TiuF+dsaVxwHE0oRsxIIcjz6ffu776hOecWpiXWrJI6
oDoQNiVZpw71QPtFeO6fBTklChE9UydC7cz4wa/FkJ65oz5r6O+g1DJdLJoO00pS
+YuKCFlv2gDXIAKT7KhQxrupMm5ACuu81iKb8Ds66JY0
-----END CERTIFICATE-----