Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/9BaoQltNov-9UjxbqzQKjBwAcAM.roa
File:                     9BaoQltNov-9UjxbqzQKjBwAcAM.roa (raw, json)
Hash identifier:          XSC8hESWPCo/smN0cRLjJfa/BpLuA8vW5Ti//bY/3P4=
Subject key identifier:   F4:16:A8:42:5B:4D:A2:FF:BD:52:3C:5B:AB:34:0A:8C:1C:00:70:03
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019EC9E165270DD263ACCD4EFFAFD05FB319
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/9BaoQltNov-9UjxbqzQKjBwAcAM.roa
Signing time:             Mon 15 Jun 2026 06:04:12 +0000
ROA not before:           Mon 15 Jun 2026 06:04:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48974
IP address blocks:        194.242.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 08:33:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c9:e1:65:27:0d:d2:63:ac:cd:4e:ff:af:d0:5f:b3:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun 15 06:04:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f416a8425b4da2ffbd523c5bab340a8c1c007003
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:7b:d2:04:ed:37:d8:06:56:48:35:ff:18:f2:
                    6b:77:3b:25:0d:04:d9:e9:45:b0:3d:6a:a4:30:d1:
                    02:53:b8:33:70:05:7b:69:ae:8c:b5:70:00:54:62:
                    be:5e:1b:d2:ca:c7:be:6d:fc:41:71:3b:b1:c2:0c:
                    97:b8:fb:dc:21:04:4b:3f:2f:5d:a2:42:68:8a:5d:
                    30:1f:3d:bd:3e:0f:bf:3c:98:51:0a:cc:b5:a3:64:
                    6f:d3:44:8d:52:1c:2c:e5:8e:99:6c:6a:35:85:a3:
                    82:63:ed:31:77:44:63:44:35:ee:5e:6d:4c:d1:80:
                    d4:cd:6d:34:a2:6e:bf:8c:ec:6c:8f:78:61:07:95:
                    08:18:af:57:06:64:82:e3:ec:1a:f0:1f:ac:98:53:
                    40:23:bc:a5:a2:f4:6c:7b:a5:92:7e:1d:c0:4b:4a:
                    f1:dc:c3:10:62:8c:21:15:aa:c9:99:74:7d:4e:7f:
                    f6:b1:e1:67:d9:bf:25:ca:58:9c:21:71:a0:c8:76:
                    17:68:73:37:fb:d6:9e:65:0f:7a:76:4d:93:b9:f1:
                    d4:0c:04:77:f7:7e:4a:43:f9:37:a1:15:f8:c5:27:
                    95:cd:ed:fd:1d:6a:d5:b3:e0:27:83:31:e0:1e:65:
                    90:c0:22:70:6e:14:b9:1a:2f:cd:6a:bd:4b:68:47:
                    58:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:16:A8:42:5B:4D:A2:FF:BD:52:3C:5B:AB:34:0A:8C:1C:00:70:03
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/9BaoQltNov-9UjxbqzQKjBwAcAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:cd:b5:4e:e2:9f:a0:32:cd:99:10:25:70:f3:30:39:f1:1e:
         88:a7:8a:58:e2:d1:f8:36:a3:9f:e0:38:35:02:7d:4a:18:a8:
         96:8a:71:e3:2a:9a:f4:3b:71:52:1d:74:2a:6d:fc:dc:71:c2:
         e4:ba:8a:a5:71:70:3c:fb:00:f8:62:de:1f:88:49:b8:11:4b:
         95:3e:cb:16:48:5e:5e:76:68:63:8a:63:e8:06:ff:b6:0b:ad:
         cc:81:a2:1b:c0:fc:16:ed:32:1c:dc:2d:43:f9:5b:06:b1:f0:
         98:98:1f:1e:34:3d:47:c3:b1:77:2e:36:f6:75:ef:1b:05:5a:
         81:cf:46:2a:9d:ba:f0:08:4f:1a:9e:0a:c3:d3:0a:49:54:d4:
         0b:2f:9f:a2:a6:d0:cc:74:05:c4:40:d7:72:d9:50:6b:9f:fa:
         97:f5:44:c8:79:32:71:f6:dc:8f:7d:6a:ca:1f:f2:4a:9e:f3:
         61:bb:e2:c9:c6:75:a9:d9:d2:23:86:6a:3d:97:57:9c:28:2f:
         c1:59:e3:b1:ff:7b:72:17:1c:83:48:bc:e8:0e:6a:6c:4e:06:
         bf:e6:aa:2c:ca:b0:23:d8:44:c0:fb:d6:64:6d:c7:26:cd:80:
         ec:6b:cc:7d:41:18:96:bd:28:fe:2a:c8:b2:3b:ae:12:85:cd:
         e4:c4:20:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7J4WUnDdJjrM1O/6/QX7MZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjE1MDYwNDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDE2YTg0MjViNGRhMmZmYmQ1MjNjNWJhYjM0MGE4YzFjMDA3MDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXvSBO032AZWSDX/GPJrdzslDQTZ
6UWwPWqkMNECU7gzcAV7aa6MtXAAVGK+XhvSyse+bfxBcTuxwgyXuPvcIQRLPy9d
okJoil0wHz29Pg+/PJhRCsy1o2Rv00SNUhws5Y6ZbGo1haOCY+0xd0RjRDXuXm1M
0YDUzW00om6/jOxsj3hhB5UIGK9XBmSC4+wa8B+smFNAI7ylovRse6WSfh3AS0rx
3MMQYowhFarJmXR9Tn/2seFn2b8lylicIXGgyHYXaHM3+9aeZQ96dk2TufHUDAR3
935KQ/k3oRX4xSeVze39HWrVs+AngzHgHmWQwCJwbhS5Gi/Nar1LaEdY7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQWqEJbTaL/vVI8W6s0CowcAHADMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvOUJhb1FsdE5vdi05VWp4YnF6UUtqQndBY0FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvKBMA0G
CSqGSIb3DQEBCwUAA4IBAQAvzbVO4p+gMs2ZECVw8zA58R6Ip4pY4tH4NqOf4Dg1
An1KGKiWinHjKpr0O3FSHXQqbfzcccLkuoqlcXA8+wD4Yt4fiEm4EUuVPssWSF5e
dmhjimPoBv+2C63MgaIbwPwW7TIc3C1D+VsGsfCYmB8eND1Hw7F3Ljb2de8bBVqB
z0YqnbrwCE8angrD0wpJVNQLL5+iptDMdAXEQNdy2VBrn/qX9UTIeTJx9tyPfWrK
H/JKnvNhu+LJxnWp2dIjhmo9l1ecKC/BWeOx/3tyFxyDSLzoDmpsTga/5qosyrAj
2ETA+9ZkbccmzYDsa8x9QRiWvSj+KsiyO64Shc3kxCAV
-----END CERTIFICATE-----