Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/R9WernX7UVwGU37ZWDoZyahYViU.roa
File:                     R9WernX7UVwGU37ZWDoZyahYViU.roa (raw, json)
Hash identifier:          M4Xu/XDwwZsrIHwo3G84jY9UxQinhgv0xIjY4pSs+Yo=
Subject key identifier:   47:D5:9E:AE:75:FB:51:5C:06:53:7E:D9:58:3A:19:C9:A8:58:56:25
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019D875D7E51F38F87C6C4707C1EF01B77EF
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/R9WernX7UVwGU37ZWDoZyahYViU.roa
Signing time:             Mon 13 Apr 2026 15:02:24 +0000
ROA not before:           Mon 13 Apr 2026 15:02:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199423
IP address blocks:        151.242.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 00:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:87:5d:7e:51:f3:8f:87:c6:c4:70:7c:1e:f0:1b:77:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Apr 13 15:02:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=47d59eae75fb515c06537ed9583a19c9a8585625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5d:2d:8c:98:69:5c:63:78:84:82:40:fa:99:
                    c6:23:24:41:f2:c6:56:6f:f3:1b:0d:f4:bf:c8:9b:
                    bb:47:df:61:fa:a4:20:ff:9f:57:18:eb:9a:d9:c3:
                    96:8b:5c:d5:1c:24:60:13:1e:22:9c:c9:5d:59:f1:
                    4a:6c:c2:82:af:6d:f4:5f:f2:c3:c7:1f:9c:4a:bc:
                    b4:2b:4d:7a:97:5f:27:e4:12:34:c7:43:90:03:b8:
                    fe:96:a7:79:15:39:e1:08:5a:c8:80:9f:60:16:98:
                    3e:24:08:96:fc:98:f1:2e:10:f3:ec:0c:01:40:04:
                    72:34:42:42:d6:b6:d0:4e:f4:25:13:70:ce:28:48:
                    f4:13:f3:28:77:33:b0:93:95:05:97:95:a3:08:3b:
                    9d:ac:d5:cf:03:91:d0:07:ee:f5:d1:b0:b4:dc:04:
                    df:7c:9e:24:59:de:ad:c3:e3:d4:d4:5c:5c:bc:f3:
                    4c:90:62:95:7b:3f:b9:4e:bd:68:03:81:ce:0b:78:
                    72:c7:66:79:98:8c:67:d2:a0:87:23:f6:b1:cd:ef:
                    0b:e7:1e:8f:f8:20:28:15:bd:d2:89:d0:bc:c6:6b:
                    39:0e:4c:b9:23:cc:27:e4:e9:48:f5:6e:3c:f9:8c:
                    d9:66:c8:aa:98:4a:da:45:40:e0:61:c5:e9:d7:0c:
                    62:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:D5:9E:AE:75:FB:51:5C:06:53:7E:D9:58:3A:19:C9:A8:58:56:25
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/R9WernX7UVwGU37ZWDoZyahYViU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:43:e0:32:af:4a:06:0a:68:da:94:0e:84:16:01:18:b5:9d:
         79:9c:d8:2b:0b:47:1c:36:de:bd:a6:59:6e:df:56:37:56:ae:
         ff:97:3c:bf:6e:36:7f:c7:7b:3f:57:63:3e:fb:d6:ae:a5:a9:
         99:2f:7f:c0:48:ed:28:2d:39:89:4a:c6:07:4e:7a:fa:08:11:
         39:7b:ab:44:7b:59:26:b9:93:a1:e5:67:d8:af:99:95:05:c0:
         18:29:b9:e9:c1:bd:1d:a2:3f:41:47:b4:af:3e:da:54:cd:62:
         45:66:ca:46:c5:1c:49:31:05:3d:78:80:dd:6d:c2:2f:80:83:
         19:70:5b:ba:9e:f0:21:9c:99:49:1d:bc:18:3a:1a:59:f3:a6:
         fc:dd:1a:f8:ff:9c:81:0e:6e:0d:c2:51:77:4a:4b:8e:c3:cb:
         16:3c:bc:dc:49:71:8d:20:08:be:4e:44:1f:96:ed:eb:9f:ae:
         99:34:8f:38:8d:0f:ea:36:1f:93:8b:2e:1b:44:65:a8:37:8e:
         ed:5b:29:40:2f:f8:53:95:9d:90:46:08:27:77:fa:b7:26:5b:
         a3:f0:4a:c0:01:5a:c9:96:9c:01:0f:13:25:1c:48:e7:30:57:
         88:2a:62:44:3f:8d:ed:d0:3c:a3:73:c3:60:a6:0f:de:9c:41:
         ed:69:7a:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2HXX5R84+HxsRwfB7wG3fvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNDEzMTUwMjI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2Q1OWVhZTc1ZmI1MTVjMDY1MzdlZDk1ODNhMTljOWE4NTg1NjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlF0tjJhpXGN4hIJA+pnGIyRB8sZW
b/MbDfS/yJu7R99h+qQg/59XGOua2cOWi1zVHCRgEx4inMldWfFKbMKCr230X/LD
xx+cSry0K016l18n5BI0x0OQA7j+lqd5FTnhCFrIgJ9gFpg+JAiW/JjxLhDz7AwB
QARyNEJC1rbQTvQlE3DOKEj0E/ModzOwk5UFl5WjCDudrNXPA5HQB+710bC03ATf
fJ4kWd6tw+PU1FxcvPNMkGKVez+5Tr1oA4HOC3hyx2Z5mIxn0qCHI/axze8L5x6P
+CAoFb3SidC8xms5Dky5I8wn5OlI9W48+YzZZsiqmEraRUDgYcXp1wxiewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfVnq51+1FcBlN+2Vg6GcmoWFYlMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUjlXZXJuWDdVVndHVTM3WldEb1p5YWhZVmlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/JbMA0G
CSqGSIb3DQEBCwUAA4IBAQA8Q+Ayr0oGCmjalA6EFgEYtZ15nNgrC0ccNt69pllu
31Y3Vq7/lzy/bjZ/x3s/V2M++9aupamZL3/ASO0oLTmJSsYHTnr6CBE5e6tEe1km
uZOh5WfYr5mVBcAYKbnpwb0doj9BR7SvPtpUzWJFZspGxRxJMQU9eIDdbcIvgIMZ
cFu6nvAhnJlJHbwYOhpZ86b83Rr4/5yBDm4NwlF3SkuOw8sWPLzcSXGNIAi+TkQf
lu3rn66ZNI84jQ/qNh+Tiy4bRGWoN47tWylAL/hTlZ2QRggnd/q3Jluj8ErAAVrJ
lpwBDxMlHEjnMFeIKmJEP43t0Dyjc8Ngpg/enEHtaXpe
-----END CERTIFICATE-----