Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/eb5fd2-b974-47c9-b924-bebda1608d09/1/Qu7i1hfHBSzNKAEQCFhBjLBdX88.roa
File:                     Qu7i1hfHBSzNKAEQCFhBjLBdX88.roa (raw, json)
Hash identifier:          txu1MfU2gFXJdRpf1GKWelwI6kKmpvlKQLQat4JHcus=
Subject key identifier:   42:EE:E2:D6:17:C7:05:2C:CD:28:01:10:08:58:41:8C:B0:5D:5F:CF
Certificate issuer:       /CN=8ccc82a5bee3a9363303c33cdcdd36efc68f8b44
Certificate serial:       019D6DA40A4AF69EC185E90CAD310B43B014
Authority key identifier: 8C:CC:82:A5:BE:E3:A9:36:33:03:C3:3C:DC:DD:36:EF:C6:8F:8B:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jMyCpb7jqTYzA8M83N0278aPi0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/eb5fd2-b974-47c9-b924-bebda1608d09/1/Qu7i1hfHBSzNKAEQCFhBjLBdX88.roa
Signing time:             Wed 08 Apr 2026 15:09:19 +0000
ROA not before:           Wed 08 Apr 2026 15:09:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        185.192.184.0/23 maxlen: 23
                          185.192.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/eb5fd2-b974-47c9-b924-bebda1608d09/1/jMyCpb7jqTYzA8M83N0278aPi0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/eb5fd2-b974-47c9-b924-bebda1608d09/1/jMyCpb7jqTYzA8M83N0278aPi0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jMyCpb7jqTYzA8M83N0278aPi0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 21:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6d:a4:0a:4a:f6:9e:c1:85:e9:0c:ad:31:0b:43:b0:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ccc82a5bee3a9363303c33cdcdd36efc68f8b44
        Validity
            Not Before: Apr  8 15:09:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=42eee2d617c7052ccd2801100858418cb05d5fcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:60:70:ab:12:45:76:6e:92:d1:f8:c7:ae:cb:
                    1b:af:55:04:db:b9:5e:ef:01:7c:07:44:ce:99:51:
                    7a:42:c7:6d:57:3f:db:26:e5:fe:a2:e2:f9:b2:f3:
                    0f:60:ff:bc:fc:2b:6e:15:5b:74:fb:20:76:93:75:
                    da:28:97:38:e2:dc:6a:a5:b2:ba:a4:48:81:eb:af:
                    f3:ec:b3:30:54:5e:1f:ed:6c:1a:ff:5d:05:a2:17:
                    9f:07:82:4d:a4:80:4f:db:bd:e1:70:9a:8d:99:06:
                    61:39:38:22:95:86:d0:2f:77:e3:14:84:4e:1b:88:
                    d1:7f:f4:46:ff:4a:ff:dc:d6:9d:68:2d:6c:47:13:
                    b2:22:f4:22:4e:35:7e:b3:6a:4b:5e:99:a9:64:79:
                    7f:e7:2c:5d:f2:a3:02:80:b3:e7:a4:85:bc:d6:c0:
                    e8:0a:9d:9e:5a:37:58:f1:41:4e:c0:24:cb:b8:32:
                    99:b0:37:01:67:2b:a6:ef:4c:82:b3:99:84:7b:0d:
                    0c:e8:fa:ad:f5:7b:12:6d:73:2e:66:5e:40:68:c5:
                    cd:79:fa:ba:1b:8b:a7:94:11:a0:c0:b4:25:56:0a:
                    20:5d:e7:59:c3:a9:93:e3:34:14:8b:18:c9:86:a0:
                    3a:68:60:1a:d9:c1:e1:d7:9d:97:91:02:24:79:cf:
                    56:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:EE:E2:D6:17:C7:05:2C:CD:28:01:10:08:58:41:8C:B0:5D:5F:CF
            X509v3 Authority Key Identifier:
                keyid:8C:CC:82:A5:BE:E3:A9:36:33:03:C3:3C:DC:DD:36:EF:C6:8F:8B:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jMyCpb7jqTYzA8M83N0278aPi0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/eb5fd2-b974-47c9-b924-bebda1608d09/1/Qu7i1hfHBSzNKAEQCFhBjLBdX88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/eb5fd2-b974-47c9-b924-bebda1608d09/1/jMyCpb7jqTYzA8M83N0278aPi0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.184.0-185.192.186.255

    Signature Algorithm: sha256WithRSAEncryption
         c5:d6:21:97:b4:c2:81:29:e5:2e:d8:8f:a4:66:58:3f:19:e1:
         c4:01:6f:e9:da:c1:70:6d:ce:bb:5d:1a:2a:6d:cf:43:d7:5e:
         f1:86:b4:cb:c8:88:7e:77:0d:dc:e8:5c:79:3f:45:23:e8:86:
         0b:91:61:81:1d:ad:b3:51:ae:5c:f6:db:3a:35:88:a2:2f:5f:
         15:a3:6f:d0:a0:ee:98:d1:7c:10:74:68:40:58:41:b9:98:11:
         2b:7d:52:a5:d2:01:43:6a:a4:f8:26:79:fd:dd:96:56:3c:e6:
         88:a1:2d:a3:6e:0d:22:31:08:27:8b:96:81:d5:4b:d2:ef:ee:
         22:61:07:3a:22:2d:15:b7:3f:65:93:4c:cd:c9:f2:12:a8:9a:
         cb:7a:cb:8d:38:09:1f:4c:69:a8:60:a1:e9:b7:ae:21:67:58:
         84:26:35:6c:16:b9:ba:33:f4:18:7a:3f:07:10:fd:9a:13:4f:
         f5:4e:91:0b:03:51:ec:cd:73:d7:ef:3d:46:6e:b6:83:9f:1b:
         0a:96:8f:78:a0:89:a7:9e:26:ac:4f:43:c3:63:c7:55:0f:db:
         35:c8:da:d5:98:c8:18:2f:62:82:60:1c:f7:fd:59:bc:94:b1:
         40:44:67:2a:95:60:16:cf:45:1a:a1:9b:b6:93:2d:f5:63:5e:
         bb:2b:ff:2e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ1tpApK9p7BhekMrTELQ7AUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjY2M4MmE1YmVlM2E5MzYzMzAzYzMzY2RjZGQzNmVmYzY4
ZjhiNDQwHhcNMjYwNDA4MTUwOTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmVlZTJkNjE3YzcwNTJjY2QyODAxMTAwODU4NDE4Y2IwNWQ1ZmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2BwqxJFdm6S0fjHrssbr1UE27le
7wF8B0TOmVF6QsdtVz/bJuX+ouL5svMPYP+8/CtuFVt0+yB2k3XaKJc44txqpbK6
pEiB66/z7LMwVF4f7Wwa/10FohefB4JNpIBP273hcJqNmQZhOTgilYbQL3fjFIRO
G4jRf/RG/0r/3NadaC1sRxOyIvQiTjV+s2pLXpmpZHl/5yxd8qMCgLPnpIW81sDo
Cp2eWjdY8UFOwCTLuDKZsDcBZyum70yCs5mEew0M6Pqt9XsSbXMuZl5AaMXNefq6
G4unlBGgwLQlVgogXedZw6mT4zQUixjJhqA6aGAa2cHh152XkQIkec9W6wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFELu4tYXxwUszSgBEAhYQYywXV/PMB8GA1UdIwQY
MBaAFIzMgqW+46k2MwPDPNzdNu/Gj4tEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak15Q3BiN2pxVFl6QThNODNOMDI3OGFQaTBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lYjVmZDItYjk3NC00N2M5LWI5MjQt
YmViZGExNjA4ZDA5LzEvUXU3aTFoZkhCU3pOS0FFUUNGaEJqTEJkWDg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lYjVmZDItYjk3NC00N2M5LWI5MjQtYmViZGExNjA4ZDA5
LzEvak15Q3BiN2pxVFl6QThNODNOMDI3OGFQaTBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAO5wLgD
BAC5wLowDQYJKoZIhvcNAQELBQADggEBAMXWIZe0woEp5S7Yj6RmWD8Z4cQBb+na
wXBtzrtdGiptz0PXXvGGtMvIiH53DdzoXHk/RSPohguRYYEdrbNRrlz22zo1iKIv
XxWjb9Cg7pjRfBB0aEBYQbmYESt9UqXSAUNqpPgmef3dllY85oihLaNuDSIxCCeL
loHVS9Lv7iJhBzoiLRW3P2WTTM3J8hKomst6y404CR9Maahgoem3riFnWIQmNWwW
uboz9Bh6PwcQ/ZoTT/VOkQsDUezNc9fvPUZutoOfGwqWj3igiaeeJqxPQ8Njx1UP
2zXI2tWYyBgvYoJgHPf9WbyUsUBEZyqVYBbPRRqhm7aTLfVjXrsr/y4=
-----END CERTIFICATE-----