Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/vHsuwB5Z2rH9jCREzeu2zYsqUAE.roa
File:                     vHsuwB5Z2rH9jCREzeu2zYsqUAE.roa (raw, json)
Hash identifier:          +czerfierRrt+kI5ELMLczwt3wLY/wHJdsEKaO7Oz3U=
Subject key identifier:   BC:7B:2E:C0:1E:59:DA:B1:FD:8C:24:44:CD:EB:B6:CD:8B:2A:50:01
Certificate issuer:       /CN=1e9a2f083f471dfb9507b4c973cb5c3acd49759d
Certificate serial:       019E847DD22BD3D2198DEFFE5224A0A6400E
Authority key identifier: 1E:9A:2F:08:3F:47:1D:FB:95:07:B4:C9:73:CB:5C:3A:CD:49:75:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpovCD9HHfuVB7TJc8tcOs1JdZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/vHsuwB5Z2rH9jCREzeu2zYsqUAE.roa
Signing time:             Mon 01 Jun 2026 18:41:38 +0000
ROA not before:           Mon 01 Jun 2026 18:41:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50201
IP address blocks:        109.232.90.0/24 maxlen: 24
                          109.232.92.0/22 maxlen: 22
                          2a0b:93c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/HpovCD9HHfuVB7TJc8tcOs1JdZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/HpovCD9HHfuVB7TJc8tcOs1JdZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HpovCD9HHfuVB7TJc8tcOs1JdZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 11:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:84:7d:d2:2b:d3:d2:19:8d:ef:fe:52:24:a0:a6:40:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9a2f083f471dfb9507b4c973cb5c3acd49759d
        Validity
            Not Before: Jun  1 18:41:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc7b2ec01e59dab1fd8c2444cdebb6cd8b2a5001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:8c:26:6d:7d:8c:a7:88:66:91:d9:06:f7:f2:
                    bc:09:fc:2f:ac:c7:25:cc:c1:09:1f:44:46:6e:f6:
                    80:7c:90:58:7c:51:a1:24:b2:31:e2:57:01:45:60:
                    f9:7e:af:82:35:db:91:4b:33:91:d6:94:28:5c:b0:
                    b1:de:22:14:ed:bb:6c:fb:36:21:f2:ab:a3:82:8c:
                    71:55:5b:24:ec:52:c0:ca:c9:86:df:b6:1b:d1:f2:
                    68:c4:d3:cf:13:16:c5:03:11:06:ea:89:20:f7:74:
                    a8:10:b2:51:57:d1:a0:5f:e9:2b:58:f4:6c:0d:43:
                    f1:2e:20:80:e1:86:f7:73:02:ae:ea:42:55:89:5d:
                    42:1b:e3:e0:47:77:ec:85:7d:81:58:bb:aa:af:e4:
                    97:c2:fa:69:13:c7:1c:7e:6b:6c:b2:30:75:ba:b5:
                    e7:49:52:01:cb:dd:38:27:e4:5f:07:59:97:ed:fd:
                    60:15:22:26:7d:d0:3d:d4:99:79:d3:fd:46:78:b9:
                    c5:fa:b2:2b:3a:04:ad:fb:ec:8b:a0:a6:35:5f:bd:
                    06:b6:69:3b:04:44:15:3d:1b:fa:f0:bf:f0:55:0b:
                    99:7c:7d:78:c5:32:02:53:ff:53:21:a1:13:b9:ec:
                    fa:fc:66:7f:02:5a:6f:16:56:9b:71:24:43:39:5a:
                    1d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:7B:2E:C0:1E:59:DA:B1:FD:8C:24:44:CD:EB:B6:CD:8B:2A:50:01
            X509v3 Authority Key Identifier:
                keyid:1E:9A:2F:08:3F:47:1D:FB:95:07:B4:C9:73:CB:5C:3A:CD:49:75:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpovCD9HHfuVB7TJc8tcOs1JdZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/vHsuwB5Z2rH9jCREzeu2zYsqUAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/6277a7-290f-4994-b286-25d6e8613dc4/1/HpovCD9HHfuVB7TJc8tcOs1JdZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.232.90.0/24
                  109.232.92.0/22
                IPv6:
                  2a0b:93c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:4c:74:6b:09:6f:3e:90:99:6e:3b:23:48:3e:00:7a:d8:c2:
         eb:78:5a:96:2e:f4:80:e7:ff:00:69:1c:ac:97:ed:f4:f9:6a:
         33:18:5e:ca:be:ef:ed:83:21:c6:58:cc:e6:b6:fa:d2:e5:35:
         ab:84:ed:d4:6d:72:0a:d9:90:6e:ad:d3:85:f7:89:f3:aa:40:
         69:5b:15:74:d5:be:37:3e:9f:6a:93:46:65:43:7f:fe:46:93:
         9f:59:c5:85:7a:ed:93:ff:a6:db:44:56:e3:12:c5:03:23:3a:
         ce:8f:e6:85:ad:e8:4f:8e:c2:03:34:41:8e:b4:a1:da:9b:5d:
         1c:0f:9b:52:f2:03:86:5e:0a:40:27:f2:1c:1d:5f:b2:24:5b:
         a0:95:c0:dd:83:a3:4a:e2:77:d5:c5:89:48:c7:dd:df:cb:c3:
         02:1b:db:7d:44:2c:56:be:1f:5a:b5:5a:94:ff:2a:4e:84:4e:
         a0:66:90:a8:a5:78:48:d9:9d:73:43:aa:08:3f:fc:ac:ab:0c:
         d6:96:a8:ee:ca:83:3f:63:4b:1a:76:4f:cf:f1:1c:a0:ff:53:
         ba:f4:84:84:6b:10:d4:33:cf:b2:19:06:51:75:9b:4d:0d:ba:
         f2:48:81:11:98:39:89:3a:57:6a:8e:ed:68:e2:55:7d:f5:66:
         27:0c:40:79
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ6EfdIr09IZje/+UiSgpkAOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWEyZjA4M2Y0NzFkZmI5NTA3YjRjOTczY2I1YzNhY2Q0
OTc1OWQwHhcNMjYwNjAxMTg0MTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzdiMmVjMDFlNTlkYWIxZmQ4YzI0NDRjZGViYjZjZDhiMmE1MDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYwmbX2Mp4hmkdkG9/K8CfwvrMcl
zMEJH0RGbvaAfJBYfFGhJLIx4lcBRWD5fq+CNduRSzOR1pQoXLCx3iIU7bts+zYh
8qujgoxxVVsk7FLAysmG37Yb0fJoxNPPExbFAxEG6okg93SoELJRV9GgX+krWPRs
DUPxLiCA4Yb3cwKu6kJViV1CG+PgR3fshX2BWLuqr+SXwvppE8ccfmtssjB1urXn
SVIBy904J+RfB1mX7f1gFSImfdA91Jl50/1GeLnF+rIrOgSt++yLoKY1X70Gtmk7
BEQVPRv68L/wVQuZfH14xTICU/9TIaETuez6/GZ/AlpvFlabcSRDOVodTQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLx7LsAeWdqx/YwkRM3rts2LKlABMB8GA1UdIwQY
MBaAFB6aLwg/Rx37lQe0yXPLXDrNSXWdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBvdkNEOUhIZnVWQjdUSmM4dGNPczFKZFowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC82Mjc3YTctMjkwZi00OTk0LWIyODYt
MjVkNmU4NjEzZGM0LzEvdkhzdXdCNVoyckg5akNSRXpldTJ6WXNxVUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC82Mjc3YTctMjkwZi00OTk0LWIyODYtMjVkNmU4NjEzZGM0
LzEvSHBvdkNEOUhIZnVWQjdUSmM4dGNPczFKZFowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAbehaAwQC
behcMA0EAgACMAcDBQMqC5PAMA0GCSqGSIb3DQEBCwUAA4IBAQAlTHRrCW8+kJlu
OyNIPgB62MLreFqWLvSA5/8AaRysl+30+WozGF7Kvu/tgyHGWMzmtvrS5TWrhO3U
bXIK2ZBurdOF94nzqkBpWxV01b43Pp9qk0ZlQ3/+RpOfWcWFeu2T/6bbRFbjEsUD
IzrOj+aFrehPjsIDNEGOtKHam10cD5tS8gOGXgpAJ/IcHV+yJFuglcDdg6NK4nfV
xYlIx93fy8MCG9t9RCxWvh9atVqU/ypOhE6gZpCopXhI2Z1zQ6oIP/ysqwzWlqju
yoM/Y0sadk/P8Ryg/1O69ISEaxDUM8+yGQZRdZtNDbrySIERmDmJOldqju1o4lV9
9WYnDEB5
-----END CERTIFICATE-----