Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/q3gUzU97j2RVDtM4CbuTr5ACAD4.roa
File:                     q3gUzU97j2RVDtM4CbuTr5ACAD4.roa (raw, json)
Hash identifier:          rYA240BhPQIfAoHPOn9xxzmH9ldKEiVQ7iO6HZORQtw=
Subject key identifier:   AB:78:14:CD:4F:7B:8F:64:55:0E:D3:38:09:BB:93:AF:90:02:00:3E
Certificate issuer:       /CN=969948d0fe4d7f99d54ba8bffcd99a1a608ae0d3
Certificate serial:       019B7CED95D12854F12010F7B34329DE7D50
Authority key identifier: 96:99:48:D0:FE:4D:7F:99:D5:4B:A8:BF:FC:D9:9A:1A:60:8A:E0:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lplI0P5Nf5nVS6i__NmaGmCK4NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/q3gUzU97j2RVDtM4CbuTr5ACAD4.roa
Signing time:             Fri 02 Jan 2026 04:18:23 +0000
ROA not before:           Fri 02 Jan 2026 04:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     45794
IP address blocks:        134.97.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/lplI0P5Nf5nVS6i__NmaGmCK4NM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/lplI0P5Nf5nVS6i__NmaGmCK4NM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lplI0P5Nf5nVS6i__NmaGmCK4NM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 19:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:95:d1:28:54:f1:20:10:f7:b3:43:29:de:7d:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=969948d0fe4d7f99d54ba8bffcd99a1a608ae0d3
        Validity
            Not Before: Jan  2 04:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab7814cd4f7b8f64550ed33809bb93af9002003e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d6:d3:6a:72:60:41:68:a8:c3:84:b9:40:4b:
                    d8:c9:ce:17:20:ae:c6:5f:4a:3a:e5:a4:2a:44:b0:
                    27:e1:6c:1a:f4:cc:d9:e5:3b:71:87:c3:61:c9:2b:
                    5f:3d:f4:e7:bd:7b:ab:42:75:66:9b:59:67:ca:e7:
                    a7:77:d2:c6:1f:15:8f:cd:f1:85:d2:f2:b6:7c:cf:
                    22:c7:dd:df:d6:42:ac:49:37:0f:7e:ac:88:2e:54:
                    ad:40:cf:81:ed:95:52:94:ec:5c:00:47:0f:54:bf:
                    71:56:9a:2f:90:b6:e4:52:4d:8d:3b:96:9d:b0:e5:
                    a1:86:56:1a:40:9e:c2:98:b4:27:ef:dd:fd:53:82:
                    c1:5f:67:90:ad:cb:5f:73:72:fa:21:0f:53:54:75:
                    d8:92:bd:3b:26:ce:01:17:24:6a:04:44:96:e2:00:
                    68:5f:2e:92:cb:70:64:a9:c3:8d:a2:dd:aa:29:4a:
                    09:d5:85:28:88:51:55:79:cf:81:46:ff:57:c4:99:
                    80:06:d3:59:6d:84:af:3d:c2:ee:77:2d:8a:39:13:
                    f9:55:df:9b:84:a3:6c:e7:c9:07:75:47:82:d9:b5:
                    66:0b:d7:b3:0a:a3:9e:1b:b5:e6:32:32:89:77:f2:
                    b3:42:08:14:59:bd:57:46:24:98:d4:7d:82:9e:a6:
                    97:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:78:14:CD:4F:7B:8F:64:55:0E:D3:38:09:BB:93:AF:90:02:00:3E
            X509v3 Authority Key Identifier:
                keyid:96:99:48:D0:FE:4D:7F:99:D5:4B:A8:BF:FC:D9:9A:1A:60:8A:E0:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lplI0P5Nf5nVS6i__NmaGmCK4NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/q3gUzU97j2RVDtM4CbuTr5ACAD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/lplI0P5Nf5nVS6i__NmaGmCK4NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.97.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:61:42:34:1d:e9:c3:8e:77:ed:de:10:c2:c2:57:3d:4e:85:
         a5:9d:bc:4d:b9:1c:88:f0:8b:2d:1b:f5:a5:5d:ad:2c:db:21:
         12:df:ab:4d:19:23:e5:da:58:da:10:96:52:e7:39:a7:6a:7b:
         43:ba:e2:50:68:f5:67:71:4d:e9:b5:5f:13:23:be:90:06:ca:
         3c:63:ce:17:de:48:00:a4:84:58:24:d9:15:34:1f:7c:ec:34:
         7c:23:24:06:1b:e4:5c:2d:73:4f:be:ed:2b:9c:4d:f9:6c:86:
         0b:ac:e5:ee:e7:ec:e1:ae:68:7e:eb:6d:63:ab:fa:8f:ae:fe:
         79:1e:7a:e3:2c:df:de:55:c1:8d:e1:4b:d7:6e:a9:83:52:32:
         f2:ee:0b:5d:26:8d:48:54:9c:77:ae:67:25:1f:cb:81:64:cf:
         d9:44:ce:29:74:c8:23:f2:31:a0:5d:a1:90:10:6b:f5:07:d0:
         70:b4:50:7b:d5:ee:f3:72:5c:cc:1a:ef:12:ec:dd:ed:96:45:
         4c:1c:90:ee:5a:67:d5:99:ca:83:f8:0d:4e:a3:b3:57:18:09:
         de:bc:f0:fe:0a:e6:1d:0a:29:7a:93:45:52:3f:66:d5:2b:19:
         ee:43:e1:bc:be:1c:41:5a:05:0d:1d:a5:5f:7b:83:48:93:7d:
         1b:54:56:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87ZXRKFTxIBD3s0Mp3n1QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2OTk0OGQwZmU0ZDdmOTlkNTRiYThiZmZjZDk5YTFhNjA4
YWUwZDMwHhcNMjYwMTAyMDQxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjc4MTRjZDRmN2I4ZjY0NTUwZWQzMzgwOWJiOTNhZjkwMDIwMDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdbTanJgQWiow4S5QEvYyc4XIK7G
X0o65aQqRLAn4Wwa9MzZ5Ttxh8NhyStfPfTnvXurQnVmm1lnyuend9LGHxWPzfGF
0vK2fM8ix93f1kKsSTcPfqyILlStQM+B7ZVSlOxcAEcPVL9xVpovkLbkUk2NO5ad
sOWhhlYaQJ7CmLQn7939U4LBX2eQrctfc3L6IQ9TVHXYkr07Js4BFyRqBESW4gBo
Xy6Sy3BkqcONot2qKUoJ1YUoiFFVec+BRv9XxJmABtNZbYSvPcLudy2KORP5Vd+b
hKNs58kHdUeC2bVmC9ezCqOeG7XmMjKJd/KzQggUWb1XRiSY1H2CnqaX6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKt4FM1Pe49kVQ7TOAm7k6+QAgA+MB8GA1UdIwQY
MBaAFJaZSND+TX+Z1Uuov/zZmhpgiuDTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHBsSTBQNU5mNW5WUzZpX19ObWFHbUNLNE5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xYTJmYTItZWViMy00MzEyLTkxMzAt
NTNjYzVkYWY1MmNmLzEvcTNnVXpVOTdqMlJWRHRNNENidVRyNUFDQUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xYTJmYTItZWViMy00MzEyLTkxMzAtNTNjYzVkYWY1MmNm
LzEvbHBsSTBQNU5mNW5WUzZpX19ObWFHbUNLNE5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhmESMA0G
CSqGSIb3DQEBCwUAA4IBAQAQYUI0HenDjnft3hDCwlc9ToWlnbxNuRyI8IstG/Wl
Xa0s2yES36tNGSPl2ljaEJZS5zmnantDuuJQaPVncU3ptV8TI76QBso8Y84X3kgA
pIRYJNkVNB987DR8IyQGG+RcLXNPvu0rnE35bIYLrOXu5+zhrmh+621jq/qPrv55
HnrjLN/eVcGN4UvXbqmDUjLy7gtdJo1IVJx3rmclH8uBZM/ZRM4pdMgj8jGgXaGQ
EGv1B9BwtFB71e7zclzMGu8S7N3tlkVMHJDuWmfVmcqD+A1Oo7NXGAnevPD+CuYd
Cil6k0VSP2bVKxnuQ+G8vhxBWgUNHaVfe4NIk30bVFaA
-----END CERTIFICATE-----