Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/5fbd09-0a61-421c-9c36-05b3b9709f09/1/Q9-NRTuMMnqARHq49_Cuxnzrpl4.roa
File:                     Q9-NRTuMMnqARHq49_Cuxnzrpl4.roa (raw, json)
Hash identifier:          NRZTfCUYWGj35ekHkCYEsq0YVn/edvt5CYrvQlwekLk=
Subject key identifier:   43:DF:8D:45:3B:8C:32:7A:80:44:7A:B8:F7:F0:AE:C6:7C:EB:A6:5E
Certificate issuer:       /CN=ed6518c426cfc4082fb92ec740d7c3c78825563b
Certificate serial:       019B7C7FF761EC82B7CED89E6C8FB4C439C3
Authority key identifier: ED:65:18:C4:26:CF:C4:08:2F:B9:2E:C7:40:D7:C3:C7:88:25:56:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7WUYxCbPxAgvuS7HQNfDx4glVjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/5fbd09-0a61-421c-9c36-05b3b9709f09/1/Q9-NRTuMMnqARHq49_Cuxnzrpl4.roa
Signing time:             Fri 02 Jan 2026 02:18:39 +0000
ROA not before:           Fri 02 Jan 2026 02:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50090
IP address blocks:        217.74.24.0/24 maxlen: 24
                          217.74.25.0/24 maxlen: 24
                          217.74.26.0/24 maxlen: 24
                          217.74.27.0/24 maxlen: 24
                          217.74.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/5fbd09-0a61-421c-9c36-05b3b9709f09/1/7WUYxCbPxAgvuS7HQNfDx4glVjs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/5fbd09-0a61-421c-9c36-05b3b9709f09/1/7WUYxCbPxAgvuS7HQNfDx4glVjs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7WUYxCbPxAgvuS7HQNfDx4glVjs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 23:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:f7:61:ec:82:b7:ce:d8:9e:6c:8f:b4:c4:39:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed6518c426cfc4082fb92ec740d7c3c78825563b
        Validity
            Not Before: Jan  2 02:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43df8d453b8c327a80447ab8f7f0aec67ceba65e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:75:49:30:f2:5d:7f:04:5e:9a:d7:5f:c8:b4:
                    3a:41:0c:22:4d:d2:7e:74:82:81:fe:59:4d:01:d4:
                    15:83:a3:d9:13:f8:ce:0e:61:4c:02:d9:17:cc:db:
                    e5:78:61:5c:7a:8a:51:72:00:ee:b5:60:db:64:b4:
                    84:d8:2c:1a:5d:bb:22:14:6f:f2:03:6c:95:78:82:
                    fb:18:f4:ec:d6:41:d6:02:68:d2:01:57:0d:fe:f1:
                    6f:f4:80:6e:49:d8:7a:2a:5f:cf:a9:b8:cb:f2:c1:
                    a1:f2:4b:1e:70:4c:6a:31:f2:2a:e1:98:57:79:7e:
                    96:8f:bc:cd:bb:4b:5f:19:a6:f9:af:d6:a6:66:e6:
                    c0:ec:5a:fb:bf:92:a6:8d:d3:5a:23:e9:b3:a2:7d:
                    0f:60:07:24:7f:ef:e6:e6:d0:ec:7f:86:8a:c8:d8:
                    7e:26:ff:51:76:28:81:de:8f:3f:fa:a0:9a:ee:40:
                    50:b1:b7:95:43:d2:75:e1:73:af:8f:19:fe:19:7d:
                    cf:6c:c4:86:26:cf:3c:78:50:82:cf:08:33:78:68:
                    0f:2d:27:fe:44:71:39:2f:b1:d8:45:23:57:b6:a4:
                    49:7e:91:de:9b:f1:8e:53:d0:71:1e:0f:73:fb:12:
                    68:d5:ac:74:b6:c0:5f:c2:13:03:cc:3c:4f:b6:d8:
                    41:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:DF:8D:45:3B:8C:32:7A:80:44:7A:B8:F7:F0:AE:C6:7C:EB:A6:5E
            X509v3 Authority Key Identifier:
                keyid:ED:65:18:C4:26:CF:C4:08:2F:B9:2E:C7:40:D7:C3:C7:88:25:56:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7WUYxCbPxAgvuS7HQNfDx4glVjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/5fbd09-0a61-421c-9c36-05b3b9709f09/1/Q9-NRTuMMnqARHq49_Cuxnzrpl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/5fbd09-0a61-421c-9c36-05b3b9709f09/1/7WUYxCbPxAgvuS7HQNfDx4glVjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.74.24.0-217.74.28.255

    Signature Algorithm: sha256WithRSAEncryption
         0f:25:cb:cd:1e:5a:9f:d7:5e:34:7f:48:f5:66:55:a0:6c:c1:
         7f:40:b6:4b:bb:20:69:d9:3c:0d:23:42:86:2e:f5:4a:c8:75:
         26:d5:25:2f:00:b0:51:f0:c3:c7:49:e5:3a:bc:dc:e8:34:be:
         6b:67:4b:d9:b5:0d:96:49:c4:85:e5:b0:51:66:77:a4:cf:13:
         16:81:6e:66:ad:32:e6:d6:81:28:92:ae:94:9e:52:21:f7:97:
         f3:8a:40:a2:cb:62:e0:e8:06:b2:dc:d0:4d:21:da:3e:c4:65:
         ad:e5:12:13:fb:35:06:d0:b6:a7:20:04:35:be:25:ce:51:34:
         99:1d:ea:02:b7:78:ee:1d:3b:28:a8:a0:7f:fb:ec:06:c2:35:
         d6:31:3f:91:c6:bd:3a:d2:c1:92:ac:ea:ec:df:28:1e:cf:2c:
         98:6c:7e:d7:0f:5f:9c:b8:87:87:27:b9:25:1f:49:62:e4:e3:
         3b:78:04:73:07:20:b1:f6:d9:d8:b5:7c:f0:67:cd:c2:e1:4f:
         a5:7a:4c:f4:cb:1d:58:50:9c:08:8d:54:8a:5e:6f:9a:20:85:
         73:c1:c7:7c:6a:4e:a5:b8:21:6d:30:ab:1c:09:84:76:e2:41:
         cf:6c:19:ca:89:d9:36:8a:89:36:d6:93:15:40:0c:52:ed:2e:
         c9:83:d9:ed
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZt8f/dh7IK3ztiebI+0xDnDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNjUxOGM0MjZjZmM0MDgyZmI5MmVjNzQwZDdjM2M3ODgy
NTU2M2IwHhcNMjYwMTAyMDIxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2RmOGQ0NTNiOGMzMjdhODA0NDdhYjhmN2YwYWVjNjdjZWJhNjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXVJMPJdfwRemtdfyLQ6QQwiTdJ+
dIKB/llNAdQVg6PZE/jODmFMAtkXzNvleGFceopRcgDutWDbZLSE2CwaXbsiFG/y
A2yVeIL7GPTs1kHWAmjSAVcN/vFv9IBuSdh6Kl/PqbjL8sGh8ksecExqMfIq4ZhX
eX6Wj7zNu0tfGab5r9amZubA7Fr7v5KmjdNaI+mzon0PYAckf+/m5tDsf4aKyNh+
Jv9RdiiB3o8/+qCa7kBQsbeVQ9J14XOvjxn+GX3PbMSGJs88eFCCzwgzeGgPLSf+
RHE5L7HYRSNXtqRJfpHem/GOU9BxHg9z+xJo1ax0tsBfwhMDzDxPtthBDQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEPfjUU7jDJ6gER6uPfwrsZ866ZeMB8GA1UdIwQY
MBaAFO1lGMQmz8QIL7kux0DXw8eIJVY7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1dVWXhDYlB4QWd2dVM3SFFOZkR4NGdsVmpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS81ZmJkMDktMGE2MS00MjFjLTljMzYt
MDViM2I5NzA5ZjA5LzEvUTktTlJUdU1NbnFBUkhxNDlfQ3V4bnpycGw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS81ZmJkMDktMGE2MS00MjFjLTljMzYtMDViM2I5NzA5ZjA5
LzEvN1dVWXhDYlB4QWd2dVM3SFFOZkR4NGdsVmpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAPZShgD
BADZShwwDQYJKoZIhvcNAQELBQADggEBAA8ly80eWp/XXjR/SPVmVaBswX9Atku7
IGnZPA0jQoYu9UrIdSbVJS8AsFHww8dJ5Tq83Og0vmtnS9m1DZZJxIXlsFFmd6TP
ExaBbmatMubWgSiSrpSeUiH3l/OKQKLLYuDoBrLc0E0h2j7EZa3lEhP7NQbQtqcg
BDW+Jc5RNJkd6gK3eO4dOyiooH/77AbCNdYxP5HGvTrSwZKs6uzfKB7PLJhsftcP
X5y4h4cnuSUfSWLk4zt4BHMHILH22di1fPBnzcLhT6V6TPTLHVhQnAiNVIpeb5og
hXPBx3xqTqW4IW0wqxwJhHbiQc9sGcqJ2TaKiTbWkxVADFLtLsmD2e0=
-----END CERTIFICATE-----