Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/qdTxmC1M-cLgpOCU4X2vmsVLSxA.roa
File:                     qdTxmC1M-cLgpOCU4X2vmsVLSxA.roa (raw, json)
Hash identifier:          A9F9hgF4690mdOxK/7gd71yvYHQZzaHopzHxADwnEzA=
Subject key identifier:   A9:D4:F1:98:2D:4C:F9:C2:E0:A4:E0:94:E1:7D:AF:9A:C5:4B:4B:10
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019BF508C1AB7B5C3F819909AD5E72A530F2
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/qdTxmC1M-cLgpOCU4X2vmsVLSxA.roa
Signing time:             Sun 25 Jan 2026 12:02:30 +0000
ROA not before:           Sun 25 Jan 2026 12:02:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212219
IP address blocks:        193.35.154.0/24 maxlen: 24
                          194.62.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:f5:08:c1:ab:7b:5c:3f:81:99:09:ad:5e:72:a5:30:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan 25 12:02:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a9d4f1982d4cf9c2e0a4e094e17daf9ac54b4b10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:12:53:bd:8a:99:b9:08:c1:c0:d2:54:c0:3e:
                    57:9c:1d:34:cd:d0:0c:82:ab:d0:80:ae:f4:dd:00:
                    5d:08:47:cb:59:1f:f3:ed:4e:08:f7:e0:14:c4:81:
                    85:4b:9e:92:e0:63:fc:14:81:6e:17:a6:64:cc:fd:
                    79:86:cf:79:30:76:14:35:60:c7:d5:f4:ee:07:55:
                    4e:fe:09:79:ff:8b:61:c7:52:41:7f:d5:71:c4:e1:
                    b7:75:a1:9e:b2:ad:ad:e8:5a:f7:19:e1:a2:06:6f:
                    69:c6:e6:65:ba:b3:24:30:6d:5b:e6:7b:12:3a:6f:
                    8e:06:75:e0:8d:1b:d7:69:f7:15:bc:9a:f7:8a:31:
                    93:c1:13:e5:02:60:7d:f4:36:a5:43:a6:91:3a:cf:
                    51:7b:ea:f3:8f:7c:18:6f:fa:41:c5:57:0c:66:0b:
                    ea:2e:e0:9a:76:a5:16:d0:40:6b:a3:7f:79:ad:a8:
                    2e:54:ac:46:24:67:5b:b7:c6:17:69:e8:7f:34:29:
                    8a:a1:b4:90:a4:66:df:db:a7:b5:78:54:27:35:1b:
                    7b:bb:1c:0b:d9:74:de:1c:60:6b:1f:b7:19:e2:c4:
                    dd:a0:9f:12:51:e9:20:10:f9:38:b5:58:a1:00:0c:
                    c9:c2:f1:f6:92:59:9b:8c:ac:aa:d9:02:3b:83:f1:
                    49:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:D4:F1:98:2D:4C:F9:C2:E0:A4:E0:94:E1:7D:AF:9A:C5:4B:4B:10
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/qdTxmC1M-cLgpOCU4X2vmsVLSxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.154.0/24
                  194.62.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:59:ce:ba:d7:0b:8b:48:1e:1c:4d:f9:d9:a5:3d:85:45:2f:
         d8:fc:aa:06:9a:c1:c7:f9:c7:d3:77:da:07:b9:aa:da:fa:58:
         75:f9:8b:d6:1e:aa:a6:0f:23:fc:29:e9:39:b6:85:c8:14:42:
         11:44:24:de:26:93:22:a6:2f:f3:cd:29:e0:d1:ab:57:93:4c:
         e0:7b:60:86:10:b8:7b:63:9b:90:5f:9c:e8:c5:92:e5:98:1b:
         2c:ea:6a:ea:b2:a3:fb:12:e6:cb:18:f5:5e:e2:70:37:9a:01:
         e6:aa:cb:4a:4f:ee:f8:05:4e:65:a5:b0:2a:a9:54:b3:17:69:
         e5:a3:f8:17:60:38:f2:ea:6b:89:56:9d:45:75:97:76:8c:09:
         e9:1b:ef:12:32:ff:20:cf:23:4b:23:2d:d9:c1:64:ca:46:95:
         4b:73:70:e2:fa:7a:0c:64:94:fb:b9:23:cc:31:76:62:94:c5:
         1c:eb:14:c3:37:da:29:8c:b2:5f:71:e9:e8:fc:47:86:c7:d2:
         61:1f:ac:20:e5:f5:d4:58:62:2c:9b:03:d9:07:2e:52:50:58:
         a4:6d:c5:b5:68:d7:0c:69:06:a8:bd:8b:f9:72:ff:c4:51:1a:
         3d:12:5a:89:2e:84:02:41:b7:67:f5:63:e0:f3:8c:6b:b6:9b:
         f1:f0:31:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZv1CMGre1w/gZkJrV5ypTDyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwMTI1MTIwMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWQ0ZjE5ODJkNGNmOWMyZTBhNGUwOTRlMTdkYWY5YWM1NGI0YjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRJTvYqZuQjBwNJUwD5XnB00zdAM
gqvQgK703QBdCEfLWR/z7U4I9+AUxIGFS56S4GP8FIFuF6ZkzP15hs95MHYUNWDH
1fTuB1VO/gl5/4thx1JBf9VxxOG3daGesq2t6Fr3GeGiBm9pxuZlurMkMG1b5nsS
Om+OBnXgjRvXafcVvJr3ijGTwRPlAmB99DalQ6aROs9Re+rzj3wYb/pBxVcMZgvq
LuCadqUW0EBro395raguVKxGJGdbt8YXaeh/NCmKobSQpGbf26e1eFQnNRt7uxwL
2XTeHGBrH7cZ4sTdoJ8SUekgEPk4tVihAAzJwvH2klmbjKyq2QI7g/FJAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKnU8ZgtTPnC4KTglOF9r5rFS0sQMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvcWRUeG1DMU0tY0xncE9DVTRYMnZtc1ZMU3hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSOaAwQA
wj43MA0GCSqGSIb3DQEBCwUAA4IBAQA4Wc661wuLSB4cTfnZpT2FRS/Y/KoGmsHH
+cfTd9oHuara+lh1+YvWHqqmDyP8Kek5toXIFEIRRCTeJpMipi/zzSng0atXk0zg
e2CGELh7Y5uQX5zoxZLlmBss6mrqsqP7EubLGPVe4nA3mgHmqstKT+74BU5lpbAq
qVSzF2nlo/gXYDjy6muJVp1FdZd2jAnpG+8SMv8gzyNLIy3ZwWTKRpVLc3Di+noM
ZJT7uSPMMXZilMUc6xTDN9opjLJfceno/EeGx9JhH6wg5fXUWGIsmwPZBy5SUFik
bcW1aNcMaQaovYv5cv/EURo9ElqJLoQCQbdn9WPg84xrtpvx8DFz
-----END CERTIFICATE-----