Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/SC9MOMjrqmbOVAWcGnRcQF-RFqE.roa
File:                     SC9MOMjrqmbOVAWcGnRcQF-RFqE.roa (raw, json)
Hash identifier:          eQcJ+zf8+aHLfgfb+8QPSi/V+ow88wMOF3ndX9/Y9o8=
Subject key identifier:   48:2F:4C:38:C8:EB:AA:66:CE:54:05:9C:1A:74:5C:40:5F:91:16:A1
Certificate issuer:       /CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
Certificate serial:       019D64B4D8A733F1C3E63E6FA36EB1C022CB
Authority key identifier: 5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/SC9MOMjrqmbOVAWcGnRcQF-RFqE.roa
Signing time:             Mon 06 Apr 2026 21:31:06 +0000
ROA not before:           Mon 06 Apr 2026 21:31:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200445
IP address blocks:        89.126.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:64:b4:d8:a7:33:f1:c3:e6:3e:6f:a3:6e:b1:c0:22:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fe53c0bfc3c8fb56b81191317144443e0e29d25
        Validity
            Not Before: Apr  6 21:31:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=482f4c38c8ebaa66ce54059c1a745c405f9116a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:43:d5:64:5c:3e:7f:86:05:a6:88:69:57:bc:
                    29:d1:df:8f:60:f6:ab:89:55:69:89:ef:0b:d7:89:
                    5a:fb:e7:ff:b7:65:0d:da:46:12:81:54:7d:10:2e:
                    e4:0e:7b:93:20:88:62:28:e7:6a:07:b3:88:fe:45:
                    53:0b:84:a3:25:62:90:c3:c7:ee:23:f7:02:ae:77:
                    08:b5:48:f1:70:a2:bb:ed:d0:6b:78:df:d6:89:a2:
                    c3:d4:b5:6b:3c:3c:95:b5:0f:ed:44:ae:50:db:37:
                    d5:42:f9:e3:57:47:31:95:2b:6a:c0:87:cc:15:2f:
                    ed:dd:04:9d:53:fd:26:80:ed:7b:bc:c3:1e:38:9b:
                    02:42:ec:82:e9:39:9f:24:5e:f9:b2:85:e7:00:b2:
                    05:d9:25:4b:f1:bb:c6:5b:5b:04:41:3f:3e:63:63:
                    94:d6:68:be:8d:00:96:17:35:8f:38:fe:4a:c9:a2:
                    8c:fb:ea:1d:ce:cd:32:1d:9a:96:82:47:31:5c:cf:
                    6d:5d:99:8f:f5:85:f1:48:ae:82:be:43:5b:a0:8f:
                    37:79:10:87:76:aa:02:e2:66:46:39:4b:49:48:8c:
                    57:48:93:8e:fb:05:7b:0a:78:7e:cf:3e:67:5f:88:
                    30:bf:3d:f1:2c:b9:4f:bc:2b:0c:d9:a6:e1:7d:8f:
                    b9:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:2F:4C:38:C8:EB:AA:66:CE:54:05:9C:1A:74:5C:40:5F:91:16:A1
            X509v3 Authority Key Identifier:
                keyid:5F:E5:3C:0B:FC:3C:8F:B5:6B:81:19:13:17:14:44:43:E0:E2:9D:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-U8C_w8j7VrgRkTFxREQ-DinSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/SC9MOMjrqmbOVAWcGnRcQF-RFqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/bc6089-3d90-4529-bb47-5cf56ee435b3/1/X-U8C_w8j7VrgRkTFxREQ-DinSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.126.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:de:0b:45:db:3c:26:77:8e:88:9c:0e:00:f0:dc:41:2b:f3:
         f4:74:4b:f6:a2:2e:8f:ea:c8:dd:2b:3c:86:0d:bb:24:20:56:
         d8:17:04:5c:4e:ad:42:48:ea:81:f6:f5:5b:dd:a4:08:3a:8c:
         48:52:82:79:2c:61:07:c5:a0:39:5f:2b:87:a3:4a:a2:ff:a0:
         7d:9f:7f:20:3a:46:fc:8e:08:6e:6a:f9:50:5c:30:72:9f:3c:
         7b:a6:e0:b0:40:f5:ee:32:b6:d6:12:56:94:9e:01:b9:34:99:
         74:1c:30:26:5c:9a:4a:df:4d:e8:fd:43:5f:a0:dd:40:6f:9c:
         94:a1:41:2c:fb:55:2d:fc:1f:03:28:1a:5b:20:94:fa:13:42:
         15:62:d2:90:b8:6f:84:95:e2:5c:ef:98:c3:a8:4a:ef:4d:b9:
         f9:1a:49:8e:49:f3:6b:cd:63:30:01:cd:ee:38:8f:92:1c:eb:
         a5:6c:d3:fe:09:22:10:c6:ca:f6:55:40:96:9f:4d:5f:47:13:
         88:0f:08:f1:ed:bc:b5:3b:1c:3e:9c:f4:3e:21:65:40:7d:1e:
         60:3b:46:23:52:4f:c3:d6:40:2b:c6:a1:6e:9b:b7:9b:f7:22:
         bc:82:6b:f4:77:d1:4e:d8:6d:99:48:c6:75:8f:a3:eb:3f:7c:
         8b:73:53:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1ktNinM/HD5j5vo26xwCLLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZTUzYzBiZmMzYzhmYjU2YjgxMTkxMzE3MTQ0NDQzZTBl
MjlkMjUwHhcNMjYwNDA2MjEzMTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODJmNGMzOGM4ZWJhYTY2Y2U1NDA1OWMxYTc0NWM0MDVmOTExNmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3EPVZFw+f4YFpohpV7wp0d+PYPar
iVVpie8L14la++f/t2UN2kYSgVR9EC7kDnuTIIhiKOdqB7OI/kVTC4SjJWKQw8fu
I/cCrncItUjxcKK77dBreN/WiaLD1LVrPDyVtQ/tRK5Q2zfVQvnjV0cxlStqwIfM
FS/t3QSdU/0mgO17vMMeOJsCQuyC6TmfJF75soXnALIF2SVL8bvGW1sEQT8+Y2OU
1mi+jQCWFzWPOP5KyaKM++odzs0yHZqWgkcxXM9tXZmP9YXxSK6CvkNboI83eRCH
dqoC4mZGOUtJSIxXSJOO+wV7Cnh+zz5nX4gwvz3xLLlPvCsM2abhfY+5uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEgvTDjI66pmzlQFnBp0XEBfkRahMB8GA1UdIwQY
MBaAFF/lPAv8PI+1a4EZExcUREPg4p0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDct
NWNmNTZlZTQzNWIzLzEvU0M5TU9NanJxbWJPVkFXY0duUmNRRi1SRnFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iYzYwODktM2Q5MC00NTI5LWJiNDctNWNmNTZlZTQzNWIz
LzEvWC1VOENfdzhqN1ZyZ1JrVEZ4UkVRLURpblNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWX7nMA0G
CSqGSIb3DQEBCwUAA4IBAQB53gtF2zwmd46InA4A8NxBK/P0dEv2oi6P6sjdKzyG
DbskIFbYFwRcTq1CSOqB9vVb3aQIOoxIUoJ5LGEHxaA5XyuHo0qi/6B9n38gOkb8
jghuavlQXDBynzx7puCwQPXuMrbWElaUngG5NJl0HDAmXJpK303o/UNfoN1Ab5yU
oUEs+1Ut/B8DKBpbIJT6E0IVYtKQuG+EleJc75jDqErvTbn5GkmOSfNrzWMwAc3u
OI+SHOulbNP+CSIQxsr2VUCWn01fRxOIDwjx7by1Oxw+nPQ+IWVAfR5gO0YjUk/D
1kArxqFum7eb9yK8gmv0d9FO2G2ZSMZ1j6PrP3yLc1Nb
-----END CERTIFICATE-----