Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b83caa-8dd0-4337-bfc9-68462fb40494/1/QjlLqXwrKuX4WWijKXyWQlrwzSI.roa
File:                     QjlLqXwrKuX4WWijKXyWQlrwzSI.roa (raw, json)
Hash identifier:          RrqtKaSOGqQ6cVJgOKK900pw+4nXE4aG5H706/A/L7s=
Subject key identifier:   42:39:4B:A9:7C:2B:2A:E5:F8:59:68:A3:29:7C:96:42:5A:F0:CD:22
Certificate issuer:       /CN=beddc5bba200cfd19b25dce13c1e2e1a2a1988a7
Certificate serial:       019D43301CB317B9579802E435B23CE40050
Authority key identifier: BE:DD:C5:BB:A2:00:CF:D1:9B:25:DC:E1:3C:1E:2E:1A:2A:19:88:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vt3Fu6IAz9GbJdzhPB4uGioZiKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b83caa-8dd0-4337-bfc9-68462fb40494/1/QjlLqXwrKuX4WWijKXyWQlrwzSI.roa
Signing time:             Tue 31 Mar 2026 09:18:39 +0000
ROA not before:           Tue 31 Mar 2026 09:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31570
IP address blocks:        217.149.80.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b83caa-8dd0-4337-bfc9-68462fb40494/1/vt3Fu6IAz9GbJdzhPB4uGioZiKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b83caa-8dd0-4337-bfc9-68462fb40494/1/vt3Fu6IAz9GbJdzhPB4uGioZiKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vt3Fu6IAz9GbJdzhPB4uGioZiKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:43:30:1c:b3:17:b9:57:98:02:e4:35:b2:3c:e4:00:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=beddc5bba200cfd19b25dce13c1e2e1a2a1988a7
        Validity
            Not Before: Mar 31 09:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=42394ba97c2b2ae5f85968a3297c96425af0cd22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:25:15:68:4b:8e:b0:c1:8a:84:b9:ea:0c:00:
                    9c:7e:70:7f:01:89:14:aa:bc:40:da:96:4b:89:c1:
                    c0:68:ac:6e:1b:e0:d1:32:bb:9b:1c:fc:4c:e4:d5:
                    c1:f8:29:ce:40:20:84:61:54:61:a3:6b:ca:ee:c2:
                    3a:60:99:15:46:c3:15:4f:67:19:81:b0:a8:f4:10:
                    8d:ac:88:64:bc:87:81:ee:f8:d1:eb:05:36:a4:58:
                    8c:70:41:d6:f7:ca:11:28:3e:1e:45:b9:1a:f4:a5:
                    ee:fb:3f:19:23:1c:94:5e:af:ad:ab:4a:55:3d:3f:
                    63:09:11:98:0e:5f:43:05:9a:87:43:d6:be:30:a4:
                    73:b3:54:83:a1:bd:68:f4:40:3b:cb:88:1b:11:4d:
                    de:8c:53:9c:c9:3b:96:3e:6a:2d:e0:6f:b9:c1:eb:
                    b6:06:d0:3d:39:ae:86:5f:f3:c7:fa:06:39:90:57:
                    ba:4c:e8:a4:68:45:fe:2b:49:a7:69:f1:c4:6f:f0:
                    23:7a:14:02:d1:41:a5:99:a2:8c:4e:f2:25:7c:d6:
                    93:86:43:bb:c8:05:94:a5:26:b6:a0:5a:4e:6a:1e:
                    1a:9d:8f:b4:18:2d:13:04:a5:71:b2:c8:fa:4c:03:
                    60:15:45:99:07:fc:12:50:d0:47:12:f5:9f:e9:77:
                    ed:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:39:4B:A9:7C:2B:2A:E5:F8:59:68:A3:29:7C:96:42:5A:F0:CD:22
            X509v3 Authority Key Identifier:
                keyid:BE:DD:C5:BB:A2:00:CF:D1:9B:25:DC:E1:3C:1E:2E:1A:2A:19:88:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vt3Fu6IAz9GbJdzhPB4uGioZiKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b83caa-8dd0-4337-bfc9-68462fb40494/1/QjlLqXwrKuX4WWijKXyWQlrwzSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b83caa-8dd0-4337-bfc9-68462fb40494/1/vt3Fu6IAz9GbJdzhPB4uGioZiKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.149.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         54:55:70:66:86:0f:d4:a8:ac:b4:f3:9a:36:ca:e4:40:b8:6d:
         df:b3:6d:bf:09:d3:53:6b:66:41:f6:55:e3:ed:64:d1:9a:9e:
         1f:95:96:d6:a1:4b:6b:e7:5b:0d:d7:6d:34:46:74:9f:ba:61:
         87:ea:c9:6e:06:ae:7c:21:a9:d1:80:d7:aa:ac:f2:ce:a9:53:
         53:cc:79:0e:4e:ef:a5:07:4a:50:94:b4:64:4c:2d:cb:79:b3:
         88:db:e7:fd:eb:bb:a3:e8:6f:56:11:4b:7b:4e:70:29:3b:9b:
         7b:2f:37:2b:61:02:dd:ab:43:7d:03:91:60:dc:21:c0:44:66:
         8b:cc:4a:27:fb:68:1b:23:06:6e:e4:fc:f3:98:7f:9d:78:d8:
         a7:38:0d:fd:79:cd:23:fb:6d:b6:d3:21:1f:3d:60:69:9b:47:
         6f:67:f5:0e:b9:1c:39:c7:c7:dc:f7:8f:36:03:9f:72:06:b6:
         18:e7:88:32:cf:f7:cc:8b:8f:08:15:92:16:c0:a0:16:07:97:
         c8:71:7b:b8:72:88:92:d8:79:6b:17:15:0e:03:a7:49:4b:9f:
         cd:c3:a6:a3:ad:61:4f:de:8c:17:bb:09:3d:d4:b5:ba:58:93:
         e4:6e:19:77:c6:01:ff:2d:40:11:af:49:11:25:41:0b:70:e4:
         b9:9c:88:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1DMByzF7lXmALkNbI85ABQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlZGRjNWJiYTIwMGNmZDE5YjI1ZGNlMTNjMWUyZTFhMmEx
OTg4YTcwHhcNMjYwMzMxMDkxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjM5NGJhOTdjMmIyYWU1Zjg1OTY4YTMyOTdjOTY0MjVhZjBjZDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSUVaEuOsMGKhLnqDACcfnB/AYkU
qrxA2pZLicHAaKxuG+DRMrubHPxM5NXB+CnOQCCEYVRho2vK7sI6YJkVRsMVT2cZ
gbCo9BCNrIhkvIeB7vjR6wU2pFiMcEHW98oRKD4eRbka9KXu+z8ZIxyUXq+tq0pV
PT9jCRGYDl9DBZqHQ9a+MKRzs1SDob1o9EA7y4gbEU3ejFOcyTuWPmot4G+5weu2
BtA9Oa6GX/PH+gY5kFe6TOikaEX+K0mnafHEb/AjehQC0UGlmaKMTvIlfNaThkO7
yAWUpSa2oFpOah4anY+0GC0TBKVxssj6TANgFUWZB/wSUNBHEvWf6XftewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEI5S6l8Kyrl+Flooyl8lkJa8M0iMB8GA1UdIwQY
MBaAFL7dxbuiAM/RmyXc4TweLhoqGYinMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnQzRnU2SUF6OUdiSmR6aFBCNHVHaW9aaUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iODNjYWEtOGRkMC00MzM3LWJmYzkt
Njg0NjJmYjQwNDk0LzEvUWpsTHFYd3JLdVg0V1dpaktYeVdRbHJ3elNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iODNjYWEtOGRkMC00MzM3LWJmYzktNjg0NjJmYjQwNDk0
LzEvdnQzRnU2SUF6OUdiSmR6aFBCNHVHaW9aaUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2ZVQMA0G
CSqGSIb3DQEBCwUAA4IBAQBUVXBmhg/UqKy085o2yuRAuG3fs22/CdNTa2ZB9lXj
7WTRmp4flZbWoUtr51sN1200RnSfumGH6sluBq58IanRgNeqrPLOqVNTzHkOTu+l
B0pQlLRkTC3LebOI2+f967uj6G9WEUt7TnApO5t7LzcrYQLdq0N9A5Fg3CHARGaL
zEon+2gbIwZu5PzzmH+deNinOA39ec0j+2220yEfPWBpm0dvZ/UOuRw5x8fc9482
A59yBrYY54gyz/fMi48IFZIWwKAWB5fIcXu4coiS2HlrFxUOA6dJS5/Nw6ajrWFP
3owXuwk91LW6WJPkbhl3xgH/LUARr0kRJUELcOS5nIgP
-----END CERTIFICATE-----