Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/aqoU9zJ3XearIjlOINJlmfcvvuw.roa
File:                     aqoU9zJ3XearIjlOINJlmfcvvuw.roa (raw, json)
Hash identifier:          Sz6yVgzziCuFuMg8Vphcvorcn0t0kQDujyZ/W1bGUWw=
Subject key identifier:   6A:AA:14:F7:32:77:5D:E6:AB:22:39:4E:20:D2:65:99:F7:2F:BE:EC
Certificate issuer:       /CN=5dde4b3b82f209b701ae340cf53b974078f16a9f
Certificate serial:       019D886F5FF8C2EC51EE6E74356D71F03140
Authority key identifier: 5D:DE:4B:3B:82:F2:09:B7:01:AE:34:0C:F5:3B:97:40:78:F1:6A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/aqoU9zJ3XearIjlOINJlmfcvvuw.roa
Signing time:             Mon 13 Apr 2026 20:01:33 +0000
ROA not before:           Mon 13 Apr 2026 20:01:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50049
IP address blocks:        185.200.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:88:6f:5f:f8:c2:ec:51:ee:6e:74:35:6d:71:f0:31:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dde4b3b82f209b701ae340cf53b974078f16a9f
        Validity
            Not Before: Apr 13 20:01:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6aaa14f732775de6ab22394e20d26599f72fbeec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e6:7c:43:40:41:df:ea:d5:20:23:54:3e:70:
                    ac:ed:2a:81:37:f5:ae:52:b1:f3:b8:65:01:94:61:
                    99:93:6a:2d:52:7c:a9:4f:94:f7:78:dc:8b:c8:57:
                    9c:bf:c6:db:7f:6c:be:05:1c:ef:13:8a:f9:08:a0:
                    a5:11:9c:74:91:98:12:50:a6:64:26:2f:56:78:6f:
                    87:3d:f4:ff:22:c0:2f:65:17:05:dc:d8:7a:71:16:
                    77:34:24:d8:35:57:74:80:0a:a5:99:e5:27:f0:eb:
                    ae:6c:64:e3:1c:d4:39:41:60:3a:87:55:29:df:11:
                    2b:d5:11:7f:64:29:a3:73:10:32:1d:3c:40:4f:bf:
                    28:7a:35:b1:fe:45:20:4a:9d:f0:27:cf:e0:65:63:
                    97:83:f4:ef:b2:2c:ad:d9:0c:c4:d5:bd:49:fb:cc:
                    6b:43:3c:e4:27:dd:c9:48:a5:5c:5f:33:54:8b:4d:
                    f2:74:f6:46:56:8b:d6:58:5c:57:82:db:f3:f2:c2:
                    26:55:60:d2:c0:c7:ea:3b:33:27:7b:f7:16:71:ba:
                    92:9a:20:57:b2:b5:64:8a:26:99:bc:a7:7d:f5:79:
                    b3:2e:ee:98:c9:be:b7:20:48:4e:fd:e5:00:01:69:
                    55:a5:a3:77:4c:70:cd:6b:f9:77:8d:23:3c:d5:1c:
                    e3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:AA:14:F7:32:77:5D:E6:AB:22:39:4E:20:D2:65:99:F7:2F:BE:EC
            X509v3 Authority Key Identifier:
                keyid:5D:DE:4B:3B:82:F2:09:B7:01:AE:34:0C:F5:3B:97:40:78:F1:6A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/aqoU9zJ3XearIjlOINJlmfcvvuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:03:c0:8c:d5:53:05:25:89:c0:86:bf:fa:7a:b5:58:47:f7:
         03:75:0a:c6:32:06:c1:1f:7c:55:15:7f:6e:66:85:2c:03:06:
         8b:bf:06:12:5f:db:10:3c:22:74:9b:8c:17:32:7a:7d:ae:4e:
         3b:b0:11:ec:bc:fa:18:3b:cf:95:15:90:e2:5c:c2:3d:aa:34:
         34:40:ed:c1:9b:80:df:9e:0f:5f:47:dc:44:9f:29:18:f1:bb:
         e9:5c:b7:62:5a:30:e2:e0:49:32:c1:9b:24:bf:ab:e8:7c:60:
         6a:c8:b1:19:b6:9a:09:3c:be:3e:6c:61:9d:80:6c:32:2a:57:
         ac:78:1d:9e:c1:f8:2c:0d:e0:95:ac:08:d3:0b:25:dd:a5:0b:
         db:db:46:98:ee:8a:13:c7:df:f1:bd:d5:db:8d:83:17:17:7f:
         f5:fe:19:03:e3:e3:4a:6d:d3:c6:3d:82:19:55:c5:ca:e6:19:
         f2:66:da:e2:2f:6c:97:f2:1d:0d:83:b2:20:8a:c3:f9:00:7d:
         6f:c1:f1:fb:fc:3a:80:33:e5:cd:f7:9a:1b:56:5f:55:40:2c:
         7a:e5:fd:a4:72:27:5f:6e:71:41:34:ea:21:cf:4a:5b:c3:36:
         bd:2b:3a:7f:ea:84:17:5b:1c:30:ae:2a:a3:b7:14:b9:1b:75:
         8b:4e:3b:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Ib1/4wuxR7m50NW1x8DFAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZGU0YjNiODJmMjA5YjcwMWFlMzQwY2Y1M2I5NzQwNzhm
MTZhOWYwHhcNMjYwNDEzMjAwMTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWFhMTRmNzMyNzc1ZGU2YWIyMjM5NGUyMGQyNjU5OWY3MmZiZWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseZ8Q0BB3+rVICNUPnCs7SqBN/Wu
UrHzuGUBlGGZk2otUnypT5T3eNyLyFecv8bbf2y+BRzvE4r5CKClEZx0kZgSUKZk
Ji9WeG+HPfT/IsAvZRcF3Nh6cRZ3NCTYNVd0gAqlmeUn8OuubGTjHNQ5QWA6h1Up
3xEr1RF/ZCmjcxAyHTxAT78oejWx/kUgSp3wJ8/gZWOXg/Tvsiyt2QzE1b1J+8xr
QzzkJ93JSKVcXzNUi03ydPZGVovWWFxXgtvz8sImVWDSwMfqOzMne/cWcbqSmiBX
srVkiiaZvKd99XmzLu6Yyb63IEhO/eUAAWlVpaN3THDNa/l3jSM81RzjSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqqFPcyd13mqyI5TiDSZZn3L77sMB8GA1UdIwQY
MBaAFF3eSzuC8gm3Aa40DPU7l0B48WqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGQ1TE80THlDYmNCcmpRTTlUdVhRSGp4YXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8wMmJkZjAtYmYyOS00ZGFlLWIxOWIt
ODZhNTUxOGUyZDUyLzEvYXFvVTl6SjNYZWFySWpsT0lOSmxtZmN2dnV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8wMmJkZjAtYmYyOS00ZGFlLWIxOWItODZhNTUxOGUyZDUy
LzEvWGQ1TE80THlDYmNCcmpRTTlUdVhRSGp4YXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucj3MA0G
CSqGSIb3DQEBCwUAA4IBAQB1A8CM1VMFJYnAhr/6erVYR/cDdQrGMgbBH3xVFX9u
ZoUsAwaLvwYSX9sQPCJ0m4wXMnp9rk47sBHsvPoYO8+VFZDiXMI9qjQ0QO3Bm4Df
ng9fR9xEnykY8bvpXLdiWjDi4EkywZskv6vofGBqyLEZtpoJPL4+bGGdgGwyKles
eB2ewfgsDeCVrAjTCyXdpQvb20aY7ooTx9/xvdXbjYMXF3/1/hkD4+NKbdPGPYIZ
VcXK5hnyZtriL2yX8h0Ng7IgisP5AH1vwfH7/DqAM+XN95obVl9VQCx65f2kcidf
bnFBNOohz0pbwza9Kzp/6oQXWxwwriqjtxS5G3WLTjus
-----END CERTIFICATE-----