Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/CUSqQS4QKnGCNCgaQezjlIZw2iY.roa
File:                     CUSqQS4QKnGCNCgaQezjlIZw2iY.roa (raw, json)
Hash identifier:          8InyqqU++KxFwFJEW5Jhm9k7mOFDPYwAuogmbKN/po4=
Subject key identifier:   09:44:AA:41:2E:10:2A:71:82:34:28:1A:41:EC:E3:94:86:70:DA:26
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019D67A2F56C3CEE3E9551743A5535A95A46
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/CUSqQS4QKnGCNCgaQezjlIZw2iY.roa
Signing time:             Tue 07 Apr 2026 11:10:26 +0000
ROA not before:           Tue 07 Apr 2026 11:10:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3503
IP address blocks:        80.81.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 12:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:67:a2:f5:6c:3c:ee:3e:95:51:74:3a:55:35:a9:5a:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Apr  7 11:10:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0944aa412e102a718234281a41ece3948670da26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:94:ed:58:6d:2a:5e:57:f3:4f:99:46:fb:fd:
                    58:f7:a2:aa:8d:8e:81:c4:50:55:c4:d0:f8:98:78:
                    ad:db:91:d5:7e:5a:30:09:51:8a:19:cf:22:34:ed:
                    ec:d6:fc:30:82:7a:ef:ad:59:99:d6:af:5a:48:6a:
                    07:4b:01:f2:93:a6:2e:84:cb:b3:f2:34:c5:af:fd:
                    2d:cc:bd:62:de:eb:05:10:93:9d:23:31:b3:72:f2:
                    95:05:ec:76:eb:bb:e1:ac:f1:c5:fa:8c:80:95:b6:
                    41:a9:b9:47:ac:e7:2f:10:f5:7d:70:bb:6c:8f:e4:
                    39:f7:ef:0f:38:42:78:ba:61:4d:0e:bb:ce:88:8d:
                    b7:58:e5:e2:0c:15:7c:6c:37:7f:de:11:0c:8c:06:
                    c1:c3:90:d8:f4:39:7c:23:fa:93:35:b6:a4:9d:68:
                    08:a9:43:22:87:e5:1b:63:af:57:d4:40:24:de:95:
                    6c:76:b7:ae:8d:8e:7a:0d:db:1d:43:ca:e1:cd:75:
                    50:15:84:34:7e:f9:fa:73:65:c7:af:79:1d:1d:a3:
                    f5:46:17:e8:16:77:74:ba:81:29:14:ae:a6:20:d8:
                    e8:b6:60:76:38:40:d6:e0:c5:20:df:05:5e:63:d9:
                    61:69:cb:7c:2b:e9:df:25:5a:26:80:23:b2:52:97:
                    e8:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:44:AA:41:2E:10:2A:71:82:34:28:1A:41:EC:E3:94:86:70:DA:26
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/CUSqQS4QKnGCNCgaQezjlIZw2iY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.81.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:27:fd:26:70:b2:36:c1:63:a9:ea:a9:6f:6b:1b:b8:2b:92:
         11:67:c2:e3:52:b9:86:b7:d0:34:52:1b:ad:77:5b:c8:71:ac:
         bc:e0:fc:39:a3:75:7f:fb:c2:3b:2d:e3:22:68:2e:dc:ad:30:
         b2:25:f0:ef:ca:ff:fb:13:5f:11:31:a4:7e:ac:b2:34:4a:0f:
         93:dd:17:10:18:2d:b4:aa:05:1d:22:f0:70:fa:7c:b6:a6:23:
         a4:75:51:99:93:cf:2e:2b:07:94:6c:a6:ce:cc:9f:f2:13:6f:
         48:91:33:db:08:81:59:17:a6:18:8f:f2:d2:38:1e:ec:f1:59:
         5c:27:46:6f:96:3d:ce:b2:57:d2:b0:75:bd:9a:a4:24:ef:dc:
         d9:68:82:f0:16:4d:d8:1d:a5:1a:7d:53:c5:87:de:8c:b5:bb:
         89:b8:b1:9c:5f:83:ec:df:34:45:f9:d1:1c:46:87:ba:21:fd:
         f5:e5:14:cc:88:25:eb:15:14:ff:72:90:35:eb:92:11:c6:d9:
         25:ae:62:90:5a:9a:57:cd:58:37:08:8c:2c:b3:f8:b1:e7:6e:
         1f:2b:9e:4d:8d:7f:30:30:5b:ea:56:8c:e8:b9:eb:55:5d:21:
         e0:76:32:f9:4f:83:0a:09:69:cb:ca:22:a8:05:55:b6:76:5b:
         4c:2b:66:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1novVsPO4+lVF0OlU1qVpGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjYwNDA3MTExMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTQ0YWE0MTJlMTAyYTcxODIzNDI4MWE0MWVjZTM5NDg2NzBkYTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA55TtWG0qXlfzT5lG+/1Y96KqjY6B
xFBVxND4mHit25HVflowCVGKGc8iNO3s1vwwgnrvrVmZ1q9aSGoHSwHyk6YuhMuz
8jTFr/0tzL1i3usFEJOdIzGzcvKVBex267vhrPHF+oyAlbZBqblHrOcvEPV9cLts
j+Q59+8POEJ4umFNDrvOiI23WOXiDBV8bDd/3hEMjAbBw5DY9Dl8I/qTNbaknWgI
qUMih+UbY69X1EAk3pVsdreujY56DdsdQ8rhzXVQFYQ0fvn6c2XHr3kdHaP1Rhfo
Fnd0uoEpFK6mINjotmB2OEDW4MUg3wVeY9lhact8K+nfJVomgCOyUpfoWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlEqkEuECpxgjQoGkHs45SGcNomMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvQ1VTcVFTNFFLbkdDTkNnYVFlempsSVp3MmlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFEnMA0G
CSqGSIb3DQEBCwUAA4IBAQBDJ/0mcLI2wWOp6qlvaxu4K5IRZ8LjUrmGt9A0Uhut
d1vIcay84Pw5o3V/+8I7LeMiaC7crTCyJfDvyv/7E18RMaR+rLI0Sg+T3RcQGC20
qgUdIvBw+ny2piOkdVGZk88uKweUbKbOzJ/yE29IkTPbCIFZF6YYj/LSOB7s8Vlc
J0Zvlj3OslfSsHW9mqQk79zZaILwFk3YHaUafVPFh96MtbuJuLGcX4Ps3zRF+dEc
Roe6If315RTMiCXrFRT/cpA165IRxtklrmKQWppXzVg3CIwss/ix524fK55NjX8w
MFvqVozouetVXSHgdjL5T4MKCWnLyiKoBVW2dltMK2ap
-----END CERTIFICATE-----