Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/Q9JiG8GXp93kcJ2WOpaQsdK9Lzs.roa
File:                     Q9JiG8GXp93kcJ2WOpaQsdK9Lzs.roa (raw, json)
Hash identifier:          zUf+bGddrpA+7UcSj79VRWI/9ftA3676CcT0DzzC6fQ=
Subject key identifier:   43:D2:62:1B:C1:97:A7:DD:E4:70:9D:96:3A:96:90:B1:D2:BD:2F:3B
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       019EBE46800B870AEDDFA2E06751187D5533
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/Q9JiG8GXp93kcJ2WOpaQsdK9Lzs.roa
Signing time:             Fri 12 Jun 2026 23:59:11 +0000
ROA not before:           Fri 12 Jun 2026 23:59:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        2a06:e881:9200::/45 maxlen: 48
                          2a06:e881:9600::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 23:59:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:be:46:80:0b:87:0a:ed:df:a2:e0:67:51:18:7d:55:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jun 12 23:59:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43d2621bc197a7dde4709d963a9690b1d2bd2f3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c5:50:3f:69:31:7f:a0:ea:5d:e8:23:29:03:
                    b6:0f:5d:e9:7d:30:7e:d8:38:bb:70:23:84:e7:da:
                    e6:49:75:09:30:d2:17:5c:9d:6a:93:23:a9:c3:4f:
                    60:8b:d9:9b:11:03:ed:b9:84:3f:7d:d4:92:e1:62:
                    e4:05:c4:41:b2:89:a1:40:07:bb:9b:f6:bb:5e:cd:
                    ac:89:06:e0:f1:7d:89:6d:eb:e5:46:df:66:25:fc:
                    6a:d8:14:89:6e:aa:da:13:22:aa:85:f7:55:81:6f:
                    8b:3d:3c:b3:22:7b:56:53:b1:7a:c4:ba:86:e4:c4:
                    4f:af:f3:07:e3:1c:ef:a1:a1:cc:11:89:0d:eb:22:
                    ad:5c:6d:5f:1d:28:73:9c:93:00:c4:27:f6:c4:3a:
                    9d:32:81:e8:13:a3:70:9e:d4:64:58:bf:33:62:ba:
                    c9:bd:e8:e9:02:96:b2:51:c0:8e:06:91:63:20:90:
                    0a:cb:83:94:02:2c:8f:8f:38:ff:30:8c:51:e8:9b:
                    41:64:21:57:59:1b:9e:53:46:b7:7f:87:cb:fc:0d:
                    2e:cf:3c:9a:e9:38:84:97:7f:bb:74:0f:c5:d4:89:
                    d8:8e:c1:fe:12:c9:47:e9:58:b1:21:10:ba:72:fa:
                    13:e3:15:8e:35:da:42:bc:78:fb:5f:23:dc:1a:d9:
                    55:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:D2:62:1B:C1:97:A7:DD:E4:70:9D:96:3A:96:90:B1:D2:BD:2F:3B
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/Q9JiG8GXp93kcJ2WOpaQsdK9Lzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:e881:9200::/45
                  2a06:e881:9600::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:68:df:84:e9:56:86:cc:83:22:e5:b3:72:ff:a1:b3:10:45:
         3d:54:2b:2a:1d:a1:2f:61:fa:7b:35:98:5a:4a:ac:cf:80:e6:
         d4:a8:10:96:29:d1:4b:01:b4:a6:12:68:90:d6:68:90:ea:29:
         a3:00:e0:84:c9:cf:ab:be:0d:4f:b4:32:e7:a7:0e:f2:92:8f:
         06:09:d9:05:ce:38:d5:20:5a:ea:50:c0:fb:1a:81:be:af:93:
         60:77:cb:78:ad:17:10:e2:56:d1:4b:80:4b:0d:ed:aa:49:2e:
         80:11:0a:5c:26:ab:f5:88:e5:0f:6c:7b:16:93:6f:11:2b:f6:
         e0:1c:7e:95:dc:ec:c0:4c:0d:ce:e6:27:86:2d:67:f0:02:c7:
         23:0c:80:f5:65:78:95:7a:af:4f:19:cd:d3:de:7c:51:cc:c4:
         14:74:9a:5e:0f:35:f7:55:9b:65:c2:15:ce:eb:5d:6e:07:5a:
         65:93:af:ce:5d:1d:58:46:ba:ce:aa:15:99:11:0e:1d:49:c1:
         f2:c8:c9:07:40:ff:5b:5a:2e:7d:cf:71:16:8b:d7:19:8b:6f:
         15:70:a8:56:2f:5f:af:a2:fd:cb:1e:9c:21:9a:fe:d3:30:b2:
         dc:47:7d:a0:06:be:42:5d:60:48:40:d7:e5:64:f3:b5:be:f8:
         c3:d9:ae:b8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6+RoALhwrt36LgZ1EYfVUzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjYwNjEyMjM1OTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2QyNjIxYmMxOTdhN2RkZTQ3MDlkOTYzYTk2OTBiMWQyYmQyZjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMVQP2kxf6DqXegjKQO2D13pfTB+
2Di7cCOE59rmSXUJMNIXXJ1qkyOpw09gi9mbEQPtuYQ/fdSS4WLkBcRBsomhQAe7
m/a7Xs2siQbg8X2JbevlRt9mJfxq2BSJbqraEyKqhfdVgW+LPTyzIntWU7F6xLqG
5MRPr/MH4xzvoaHMEYkN6yKtXG1fHShznJMAxCf2xDqdMoHoE6NwntRkWL8zYrrJ
vejpApayUcCOBpFjIJAKy4OUAiyPjzj/MIxR6JtBZCFXWRueU0a3f4fL/A0uzzya
6TiEl3+7dA/F1InYjsH+EslH6VixIRC6cvoT4xWONdpCvHj7XyPcGtlVDwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEPSYhvBl6fd5HCdljqWkLHSvS87MB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvUTlKaUc4R1hwOTNrY0oyV09wYVFzZEs5THpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcDKgbogZIA
AwcAKgbogZYAMA0GCSqGSIb3DQEBCwUAA4IBAQAraN+E6VaGzIMi5bNy/6GzEEU9
VCsqHaEvYfp7NZhaSqzPgObUqBCWKdFLAbSmEmiQ1miQ6imjAOCEyc+rvg1PtDLn
pw7yko8GCdkFzjjVIFrqUMD7GoG+r5Ngd8t4rRcQ4lbRS4BLDe2qSS6AEQpcJqv1
iOUPbHsWk28RK/bgHH6V3OzATA3O5ieGLWfwAscjDID1ZXiVeq9PGc3T3nxRzMQU
dJpeDzX3VZtlwhXO611uB1plk6/OXR1YRrrOqhWZEQ4dScHyyMkHQP9bWi59z3EW
i9cZi28VcKhWL1+vov3LHpwhmv7TMLLcR32gBr5CXWBIQNflZPO1vvjD2a64
-----END CERTIFICATE-----