Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/a1a2a5-38e0-458f-8600-377493ce5877/1/QY5IABNKSh9wzdwDFAlBjYGLgBY.roa
File:                     QY5IABNKSh9wzdwDFAlBjYGLgBY.roa (raw, json)
Hash identifier:          DKFoMZra8knldwWf2JPXIqtTY/e0bpiT44EwSqV2A2s=
Subject key identifier:   41:8E:48:00:13:4A:4A:1F:70:CD:DC:03:14:09:41:8D:81:8B:80:16
Certificate issuer:       /CN=2d0719ebd9a7b253e14b25cdec4cdd154a111e30
Certificate serial:       019B7D5AF47EE1E4C1160C1B98CA0578A09D
Authority key identifier: 2D:07:19:EB:D9:A7:B2:53:E1:4B:25:CD:EC:4C:DD:15:4A:11:1E:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LQcZ69mnslPhSyXN7EzdFUoRHjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/a1a2a5-38e0-458f-8600-377493ce5877/1/QY5IABNKSh9wzdwDFAlBjYGLgBY.roa
Signing time:             Fri 02 Jan 2026 06:17:51 +0000
ROA not before:           Fri 02 Jan 2026 06:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197198
IP address blocks:        91.216.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/a1a2a5-38e0-458f-8600-377493ce5877/1/LQcZ69mnslPhSyXN7EzdFUoRHjA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/a1a2a5-38e0-458f-8600-377493ce5877/1/LQcZ69mnslPhSyXN7EzdFUoRHjA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LQcZ69mnslPhSyXN7EzdFUoRHjA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5a:f4:7e:e1:e4:c1:16:0c:1b:98:ca:05:78:a0:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d0719ebd9a7b253e14b25cdec4cdd154a111e30
        Validity
            Not Before: Jan  2 06:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=418e4800134a4a1f70cddc031409418d818b8016
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:1b:75:ec:69:58:80:37:f3:2b:99:1c:5f:05:
                    d6:09:2f:50:f3:88:b6:a1:a0:c7:83:07:e2:74:fa:
                    45:75:82:85:4c:34:ce:0a:9c:cf:b5:e6:f6:a1:13:
                    da:94:fa:51:38:c8:c2:d4:a8:a8:ad:bf:11:5d:b4:
                    ad:9e:0e:02:2e:35:98:dd:6e:8c:4c:db:cf:8c:3f:
                    57:39:8d:fa:3f:9e:6f:bc:d9:00:89:13:59:58:fe:
                    5c:6f:2b:33:fa:1e:0a:e1:bb:c1:3b:a3:b6:5c:4e:
                    9d:b3:37:75:ac:be:30:3f:3f:c1:9d:4f:77:4e:45:
                    e1:6b:fd:9c:1b:41:9e:4a:31:2d:69:3a:80:08:77:
                    9c:4d:fb:c7:43:5b:88:13:66:15:a5:97:c3:24:e4:
                    ef:43:21:f3:48:bb:3d:a3:07:3d:47:40:f6:b2:bc:
                    49:a2:f0:8f:e3:b7:aa:15:37:aa:ef:f9:e2:e1:d0:
                    84:5a:76:62:62:41:0a:a5:dc:d6:53:08:a0:06:63:
                    bf:70:70:60:48:09:a7:ff:27:8c:1a:be:af:6d:cd:
                    53:6d:d6:89:2e:8d:de:c7:da:bf:b5:70:b9:d4:a8:
                    ab:95:41:4c:11:c8:45:50:f1:ce:ac:13:89:79:27:
                    fb:13:fe:0a:20:2a:54:19:c0:df:00:57:28:40:8d:
                    35:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:8E:48:00:13:4A:4A:1F:70:CD:DC:03:14:09:41:8D:81:8B:80:16
            X509v3 Authority Key Identifier:
                keyid:2D:07:19:EB:D9:A7:B2:53:E1:4B:25:CD:EC:4C:DD:15:4A:11:1E:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LQcZ69mnslPhSyXN7EzdFUoRHjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/a1a2a5-38e0-458f-8600-377493ce5877/1/QY5IABNKSh9wzdwDFAlBjYGLgBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/a1a2a5-38e0-458f-8600-377493ce5877/1/LQcZ69mnslPhSyXN7EzdFUoRHjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:50:3a:85:68:50:68:cf:f2:f5:68:16:80:87:15:5b:5e:57:
         40:fe:8d:cb:93:80:eb:5b:92:cc:97:34:d5:16:ce:4a:39:a7:
         c6:dd:ca:bc:09:4d:ec:7f:e7:f8:21:0e:74:05:50:e0:5f:39:
         6b:db:0f:17:2c:81:e5:9e:69:b2:3d:aa:f1:c1:01:86:ce:4b:
         a3:05:81:8f:dc:30:25:c5:db:e6:e1:8c:66:25:81:dd:48:23:
         96:29:15:ef:a2:53:15:77:c2:b9:61:2c:ac:8a:83:a3:67:2e:
         a9:97:e8:5b:95:07:6d:a1:f4:fc:0d:cf:00:b0:d3:8a:f9:77:
         36:a4:7a:2b:76:e1:b7:5e:7a:9f:92:f3:9b:fc:b8:2a:5b:e4:
         dc:a8:b4:44:3d:0e:19:7d:d6:b7:0a:31:8d:76:da:19:a4:e0:
         77:65:9f:bf:ca:e1:7f:3f:9a:d4:73:68:2e:42:2d:21:d8:9c:
         f1:75:ad:ea:51:74:ce:64:07:f0:3f:89:5e:6d:21:7c:b3:79:
         f9:29:1d:34:79:74:0d:01:80:ff:63:04:e6:08:2a:ef:b9:c2:
         f1:da:1e:51:9a:39:3d:f2:33:34:56:63:cc:a9:05:07:65:84:
         3f:62:98:21:8e:01:ac:58:7b:42:c0:c9:e6:55:55:76:1a:47:
         d9:aa:d7:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WvR+4eTBFgwbmMoFeKCdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMDcxOWViZDlhN2IyNTNlMTRiMjVjZGVjNGNkZDE1NGEx
MTFlMzAwHhcNMjYwMTAyMDYxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MThlNDgwMDEzNGE0YTFmNzBjZGRjMDMxNDA5NDE4ZDgxOGI4MDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRt17GlYgDfzK5kcXwXWCS9Q84i2
oaDHgwfidPpFdYKFTDTOCpzPteb2oRPalPpROMjC1Kiorb8RXbStng4CLjWY3W6M
TNvPjD9XOY36P55vvNkAiRNZWP5cbysz+h4K4bvBO6O2XE6dszd1rL4wPz/BnU93
TkXha/2cG0GeSjEtaTqACHecTfvHQ1uIE2YVpZfDJOTvQyHzSLs9owc9R0D2srxJ
ovCP47eqFTeq7/ni4dCEWnZiYkEKpdzWUwigBmO/cHBgSAmn/yeMGr6vbc1TbdaJ
Lo3ex9q/tXC51KirlUFMEchFUPHOrBOJeSf7E/4KICpUGcDfAFcoQI01wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEGOSAATSkofcM3cAxQJQY2Bi4AWMB8GA1UdIwQY
MBaAFC0HGevZp7JT4UslzexM3RVKER4wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFFjWjY5bW5zbFBoU3lYTjdFemRGVW9SSGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9hMWEyYTUtMzhlMC00NThmLTg2MDAt
Mzc3NDkzY2U1ODc3LzEvUVk1SUFCTktTaDl3emR3REZBbEJqWUdMZ0JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9hMWEyYTUtMzhlMC00NThmLTg2MDAtMzc3NDkzY2U1ODc3
LzEvTFFjWjY5bW5zbFBoU3lYTjdFemRGVW9SSGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9jmMA0G
CSqGSIb3DQEBCwUAA4IBAQBXUDqFaFBoz/L1aBaAhxVbXldA/o3Lk4DrW5LMlzTV
Fs5KOafG3cq8CU3sf+f4IQ50BVDgXzlr2w8XLIHlnmmyParxwQGGzkujBYGP3DAl
xdvm4YxmJYHdSCOWKRXvolMVd8K5YSysioOjZy6pl+hblQdtofT8Dc8AsNOK+Xc2
pHorduG3XnqfkvOb/LgqW+TcqLREPQ4Zfda3CjGNdtoZpOB3ZZ+/yuF/P5rUc2gu
Qi0h2Jzxda3qUXTOZAfwP4lebSF8s3n5KR00eXQNAYD/YwTmCCrvucLx2h5Rmjk9
8jM0VmPMqQUHZYQ/YpghjgGsWHtCwMnmVVV2GkfZqtco
-----END CERTIFICATE-----