Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/r9Onf1Z5MTGo6HQvvK-yrmEpNLw.roa
File:                     r9Onf1Z5MTGo6HQvvK-yrmEpNLw.roa (raw, json)
Hash identifier:          MdZ3nuj2R7EYy2YZK3WtRbRVVeyc+IpvGV7gP3oPGfI=
Subject key identifier:   AF:D3:A7:7F:56:79:31:31:A8:E8:74:2F:BC:AF:B2:AE:61:29:34:BC
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       019C240D31B9E9858C6E419A52934B888EE0
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/r9Onf1Z5MTGo6HQvvK-yrmEpNLw.roa
Signing time:             Tue 03 Feb 2026 15:09:30 +0000
ROA not before:           Tue 03 Feb 2026 15:09:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210260
IP address blocks:        46.32.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:24:0d:31:b9:e9:85:8c:6e:41:9a:52:93:4b:88:8e:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: Feb  3 15:09:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=afd3a77f56793131a8e8742fbcafb2ae612934bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:37:a3:40:d0:f9:37:f5:7f:60:4d:94:72:8b:
                    e7:48:90:ca:64:f7:56:d3:0f:e1:8c:1d:74:36:7b:
                    28:9b:56:ba:f5:06:72:33:18:3c:5b:c6:15:91:fb:
                    65:14:e1:0a:28:03:71:db:69:85:eb:59:ad:11:ff:
                    8c:5d:8c:47:5c:b1:e2:c9:d1:93:87:b9:37:a3:1e:
                    8a:fb:e5:32:a2:10:91:8a:79:df:b9:80:f0:ba:db:
                    8c:6f:8a:ec:bb:b1:0d:89:ee:1a:3c:1d:ff:a6:a3:
                    a0:ea:1d:bc:e6:4b:f2:cd:04:e1:0c:77:c8:fa:e2:
                    d9:b9:14:2d:25:b9:2b:7d:3d:fd:a6:2d:95:5a:df:
                    09:df:1c:8f:d2:97:18:3a:71:7d:50:03:69:c1:45:
                    6e:fd:42:1b:df:c6:77:52:df:a4:af:95:18:ef:4f:
                    69:3c:65:cd:99:67:7e:9f:46:0b:f9:03:dd:fc:a1:
                    0e:21:5b:e7:48:34:0f:79:03:d6:6a:ea:09:53:ba:
                    c9:6d:27:31:15:25:21:e0:12:42:80:80:50:57:71:
                    32:5f:52:ad:20:16:33:88:28:13:3f:45:48:dd:a3:
                    f6:5c:93:50:12:1d:ee:3e:8b:0e:02:49:93:5c:7b:
                    22:69:b1:f7:c5:f8:dc:4a:e8:67:8a:35:79:c7:d2:
                    e4:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:D3:A7:7F:56:79:31:31:A8:E8:74:2F:BC:AF:B2:AE:61:29:34:BC
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/r9Onf1Z5MTGo6HQvvK-yrmEpNLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:27:3f:4e:21:35:4e:89:9d:05:e1:56:52:12:d3:af:6a:6e:
         b2:e5:8e:18:2d:c3:39:68:dc:9f:7d:94:13:f4:f8:dd:98:0b:
         2e:60:5c:19:49:a3:91:56:94:58:b5:9a:30:bc:45:14:dc:3c:
         b8:46:71:1c:88:95:e4:48:93:b7:1d:d7:7a:bf:02:de:d7:8d:
         78:b4:b3:a4:63:f4:e3:dc:bc:46:ce:34:32:d7:0b:4f:03:ac:
         74:a4:ef:da:69:3d:80:d6:25:f5:91:a3:8a:8b:63:9f:c5:37:
         9d:e7:1d:80:aa:79:83:ea:56:44:0f:43:de:80:69:1c:cd:8f:
         c5:ea:60:5c:b4:75:ea:d9:4e:0c:ef:21:15:f7:f1:17:a6:d4:
         6b:d6:69:6c:8d:25:c7:a4:5f:44:ca:d4:54:d6:e1:81:76:c2:
         c0:d9:fd:d6:21:9a:61:82:12:9b:dc:bc:c0:86:3c:a8:d3:da:
         a5:fc:20:7d:44:7a:4b:a3:e7:69:95:8d:91:a7:09:e1:2c:ca:
         a5:bd:57:c9:de:7e:e5:30:58:39:0d:2c:7e:66:09:b7:6b:a6:
         54:92:58:77:1e:01:02:6c:64:8e:4f:77:00:a8:ba:66:9d:bd:
         61:75:dd:4d:c5:70:36:49:d4:d6:c8:99:96:c6:57:ba:17:f5:
         d1:81:8b:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwkDTG56YWMbkGaUpNLiI7gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjYwMjAzMTUwOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmQzYTc3ZjU2NzkzMTMxYThlODc0MmZiY2FmYjJhZTYxMjkzNGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzejQND5N/V/YE2UcovnSJDKZPdW
0w/hjB10Nnsom1a69QZyMxg8W8YVkftlFOEKKANx22mF61mtEf+MXYxHXLHiydGT
h7k3ox6K++UyohCRinnfuYDwutuMb4rsu7ENie4aPB3/pqOg6h285kvyzQThDHfI
+uLZuRQtJbkrfT39pi2VWt8J3xyP0pcYOnF9UANpwUVu/UIb38Z3Ut+kr5UY709p
PGXNmWd+n0YL+QPd/KEOIVvnSDQPeQPWauoJU7rJbScxFSUh4BJCgIBQV3EyX1Kt
IBYziCgTP0VI3aP2XJNQEh3uPosOAkmTXHsiabH3xfjcSuhnijV5x9Lk6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/Tp39WeTExqOh0L7yvsq5hKTS8MB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEvcjlPbmYxWjVNVEdvNkhRdnZLLXlybUVwTkx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMtMzZlMzQ0YWJjOWQz
LzEvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiC8MA0G
CSqGSIb3DQEBCwUAA4IBAQBLJz9OITVOiZ0F4VZSEtOvam6y5Y4YLcM5aNyffZQT
9PjdmAsuYFwZSaORVpRYtZowvEUU3Dy4RnEciJXkSJO3Hdd6vwLe1414tLOkY/Tj
3LxGzjQy1wtPA6x0pO/aaT2A1iX1kaOKi2OfxTed5x2AqnmD6lZED0PegGkczY/F
6mBctHXq2U4M7yEV9/EXptRr1mlsjSXHpF9EytRU1uGBdsLA2f3WIZphghKb3LzA
hjyo09ql/CB9RHpLo+dplY2RpwnhLMqlvVfJ3n7lMFg5DSx+Zgm3a6ZUklh3HgEC
bGSOT3cAqLpmnb1hdd1NxXA2SdTWyJmWxle6F/XRgYvD
-----END CERTIFICATE-----