Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/QMsnxDn1U9mR4sMFHQ6HnCTXii0.roa
File:                     QMsnxDn1U9mR4sMFHQ6HnCTXii0.roa (raw, json)
Hash identifier:          cocD6RI54KwRFv+gUvwR77adw7dgW8zSvDMGKCO0yk4=
Subject key identifier:   40:CB:27:C4:39:F5:53:D9:91:E2:C3:05:1D:0E:87:9C:24:D7:8A:2D
Certificate issuer:       /CN=a5b0c05731efa4bbe5c2a30ae5189f7785d2d499
Certificate serial:       019EC20079CB95095071140DE310A6476FF1
Authority key identifier: A5:B0:C0:57:31:EF:A4:BB:E5:C2:A3:0A:E5:18:9F:77:85:D2:D4:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/QMsnxDn1U9mR4sMFHQ6HnCTXii0.roa
Signing time:             Sat 13 Jun 2026 17:21:11 +0000
ROA not before:           Sat 13 Jun 2026 17:21:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153947
IP address blocks:        192.94.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c2:00:79:cb:95:09:50:71:14:0d:e3:10:a6:47:6f:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5b0c05731efa4bbe5c2a30ae5189f7785d2d499
        Validity
            Not Before: Jun 13 17:21:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=40cb27c439f553d991e2c3051d0e879c24d78a2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:0e:d8:09:dc:d7:a7:3d:8a:dc:72:14:24:b0:
                    30:9e:7d:c3:58:3b:40:da:ba:29:54:18:c2:b3:85:
                    78:55:f2:87:f3:33:64:85:c0:67:64:c5:fc:82:82:
                    a4:4f:dc:d3:65:77:db:4b:40:7d:b5:b8:70:bb:d3:
                    09:74:09:4b:c5:c5:63:f8:d2:3f:7b:db:33:65:78:
                    2f:f9:ac:79:7a:87:a5:4c:c1:6a:a9:e0:ec:dd:b4:
                    37:b7:a3:fd:91:a1:fe:c2:ff:da:a4:be:3d:e5:30:
                    43:d8:cf:76:ab:b7:14:3d:45:d8:18:ff:3c:a3:cd:
                    a8:7b:fd:5d:f1:d9:e4:cd:c2:26:84:2f:82:e1:b7:
                    de:8e:cc:bb:5c:ef:2c:35:1d:0c:84:a8:3c:17:09:
                    34:ac:1d:8f:8a:6d:64:4f:f1:e5:62:63:6e:37:db:
                    b6:30:da:76:8c:72:3c:e4:cc:1a:f7:be:fd:aa:5c:
                    1b:e1:08:18:7c:cb:4a:00:24:e0:9d:5e:ab:0a:d6:
                    5a:c5:18:55:91:00:2c:55:fb:73:90:54:84:47:ba:
                    30:f8:78:dd:54:b2:83:1b:86:28:59:81:91:68:d8:
                    e3:e5:b4:81:22:d8:e1:c5:dc:84:41:1f:dd:d3:15:
                    83:a3:88:44:3f:23:6a:04:83:4c:c9:39:06:bc:ab:
                    61:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:CB:27:C4:39:F5:53:D9:91:E2:C3:05:1D:0E:87:9C:24:D7:8A:2D
            X509v3 Authority Key Identifier:
                keyid:A5:B0:C0:57:31:EF:A4:BB:E5:C2:A3:0A:E5:18:9F:77:85:D2:D4:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/QMsnxDn1U9mR4sMFHQ6HnCTXii0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.94.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:fa:71:f0:84:a3:22:d5:17:c9:db:01:9c:fb:bf:fc:01:51:
         0e:2c:9d:1c:76:d9:cc:38:7f:26:df:31:3c:91:6a:1a:24:d9:
         bf:86:3d:b4:3b:d0:e8:da:c7:b8:3b:8c:2f:18:00:af:29:c9:
         35:2f:f1:34:f0:81:95:8d:a0:b7:fc:25:2b:7d:c9:6a:de:cc:
         e3:ba:8b:83:30:92:7f:e0:3e:d2:ba:16:45:19:63:c0:e3:09:
         fd:bb:82:47:f4:fd:a9:59:44:e7:84:18:cf:ff:67:97:30:79:
         dd:c1:28:c8:0d:69:fb:f6:8a:b6:fd:71:cc:d3:74:a2:34:a3:
         46:56:ef:4c:1f:e0:d0:23:95:fa:07:da:b2:6b:c8:6d:13:02:
         68:50:1e:44:dc:84:b1:62:a4:8d:b1:59:5b:41:1b:89:73:ea:
         a2:de:d3:72:68:50:c5:fd:d7:28:7d:89:ed:77:8f:23:ca:c2:
         52:b3:2f:db:f3:21:e0:b3:2d:26:3a:74:85:91:87:ac:55:f0:
         46:5c:05:08:d2:a5:da:c7:72:a4:8f:ce:7a:c0:a1:1d:a0:3a:
         15:3d:9b:05:0b:7a:a1:c2:f1:29:fd:27:de:91:d3:b5:37:13:
         63:51:46:0e:4c:81:28:b1:f6:8d:0d:b6:6e:ab:77:1f:10:6d:
         d1:e0:1a:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7CAHnLlQlQcRQN4xCmR2/xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YjBjMDU3MzFlZmE0YmJlNWMyYTMwYWU1MTg5Zjc3ODVk
MmQ0OTkwHhcNMjYwNjEzMTcyMTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGNiMjdjNDM5ZjU1M2Q5OTFlMmMzMDUxZDBlODc5YzI0ZDc4YTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuw7YCdzXpz2K3HIUJLAwnn3DWDtA
2ropVBjCs4V4VfKH8zNkhcBnZMX8goKkT9zTZXfbS0B9tbhwu9MJdAlLxcVj+NI/
e9szZXgv+ax5eoelTMFqqeDs3bQ3t6P9kaH+wv/apL495TBD2M92q7cUPUXYGP88
o82oe/1d8dnkzcImhC+C4bfejsy7XO8sNR0MhKg8Fwk0rB2Pim1kT/HlYmNuN9u2
MNp2jHI85Mwa9779qlwb4QgYfMtKACTgnV6rCtZaxRhVkQAsVftzkFSER7ow+Hjd
VLKDG4YoWYGRaNjj5bSBItjhxdyEQR/d0xWDo4hEPyNqBINMyTkGvKthVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDLJ8Q59VPZkeLDBR0Oh5wk14otMB8GA1UdIwQY
MBaAFKWwwFcx76S75cKjCuUYn3eF0tSZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGJEQVZ6SHZwTHZsd3FNSzVSaWZkNFhTMUprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yNTE0OWMtMDkzMi00NjgzLThhYjgt
ZDE1ZmViZGY1ZWNmLzEvUU1zbnhEbjFVOW1SNHNNRkhRNkhuQ1RYaWkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yNTE0OWMtMDkzMi00NjgzLThhYjgtZDE1ZmViZGY1ZWNm
LzEvcGJEQVZ6SHZwTHZsd3FNSzVSaWZkNFhTMUprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwF46MA0G
CSqGSIb3DQEBCwUAA4IBAQAJ+nHwhKMi1RfJ2wGc+7/8AVEOLJ0cdtnMOH8m3zE8
kWoaJNm/hj20O9Do2se4O4wvGACvKck1L/E08IGVjaC3/CUrfclq3szjuouDMJJ/
4D7SuhZFGWPA4wn9u4JH9P2pWUTnhBjP/2eXMHndwSjIDWn79oq2/XHM03SiNKNG
Vu9MH+DQI5X6B9qya8htEwJoUB5E3ISxYqSNsVlbQRuJc+qi3tNyaFDF/dcofYnt
d48jysJSsy/b8yHgsy0mOnSFkYesVfBGXAUI0qXax3Kkj856wKEdoDoVPZsFC3qh
wvEp/SfekdO1NxNjUUYOTIEosfaNDbZuq3cfEG3R4Bqu
-----END CERTIFICATE-----