Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/QI6P2rjg0KTEHj0abHLeX5NrCNw.roa
File:                     QI6P2rjg0KTEHj0abHLeX5NrCNw.roa (raw, json)
Hash identifier:          cNfX9kMj7jm75WwWsewudy5zy4Y1MC/doZUI28Cxpqs=
Subject key identifier:   40:8E:8F:DA:B8:E0:D0:A4:C4:1E:3D:1A:6C:72:DE:5F:93:6B:08:DC
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       019D72ED308CC72EF479036DF09EFD1A7B0D
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/QI6P2rjg0KTEHj0abHLeX5NrCNw.roa
Signing time:             Thu 09 Apr 2026 15:47:20 +0000
ROA not before:           Thu 09 Apr 2026 15:47:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201670
IP address blocks:        93.185.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:72:ed:30:8c:c7:2e:f4:79:03:6d:f0:9e:fd:1a:7b:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Apr  9 15:47:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=408e8fdab8e0d0a4c41e3d1a6c72de5f936b08dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:5d:1b:1e:ba:d7:8a:24:b7:9a:aa:08:57:f4:
                    af:1b:dd:dd:b1:09:39:2b:02:f7:0f:3b:a0:45:32:
                    e1:16:35:ba:33:17:c3:ea:27:66:49:ee:02:3e:81:
                    ee:d2:fb:15:79:f0:2e:0c:1e:ff:01:3f:dd:7a:a2:
                    11:aa:2b:7f:5d:7b:6c:20:76:11:eb:6f:e1:4f:c3:
                    a6:0c:d1:29:0d:c0:50:68:ce:7d:4e:60:c0:28:3b:
                    c5:42:5e:f4:b7:4f:cf:04:b0:59:45:0a:d2:52:f3:
                    3b:2f:02:a4:e9:90:44:60:5f:b0:b3:98:98:2f:d2:
                    3a:0e:26:0b:5f:7c:fa:ff:92:bd:98:18:07:3e:19:
                    8a:1f:f1:6b:ae:b7:6f:d5:a3:de:22:25:b5:89:c7:
                    f8:19:46:8d:6a:97:f2:23:72:93:e3:68:f0:2b:84:
                    1c:f3:61:7d:8e:93:16:1e:85:44:e4:80:a0:6e:b6:
                    8e:fa:2a:ef:22:6e:9f:09:9a:ee:cb:ab:4e:15:f1:
                    b5:ce:82:e4:6a:58:b4:27:e7:1d:50:e3:a2:a5:dd:
                    3b:e3:27:ab:c0:41:4f:64:ef:8b:dd:57:ef:3d:c7:
                    cf:29:60:45:90:9a:de:ab:1a:63:41:67:de:0c:96:
                    b3:d3:44:db:df:58:9c:7e:e0:12:05:bc:f4:45:a4:
                    e0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:8E:8F:DA:B8:E0:D0:A4:C4:1E:3D:1A:6C:72:DE:5F:93:6B:08:DC
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/QI6P2rjg0KTEHj0abHLeX5NrCNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:2b:4c:ee:db:34:6a:1c:30:a3:1f:24:fb:b2:5f:02:8b:c2:
         17:3c:7d:6f:c7:a1:54:ba:9f:dc:1c:4c:e9:d8:7f:13:ff:92:
         fb:1f:58:e8:a9:e9:b1:3d:4b:48:18:b8:a8:83:15:5e:28:27:
         8d:84:15:ec:9f:9e:92:1a:7a:41:3c:77:74:30:be:59:d9:bf:
         bf:99:e7:f3:55:e9:2a:63:70:76:78:ed:ef:2e:4e:66:60:2f:
         46:16:69:ee:c6:f6:6a:5c:75:ab:08:4d:4a:36:2a:e0:53:fc:
         47:77:5a:ee:d2:b2:b5:e4:a2:59:d9:52:73:56:3c:a5:b0:95:
         8f:78:ee:91:3b:a8:38:53:3c:f9:5c:fd:e8:4e:bd:69:5a:5b:
         65:bd:57:6f:00:a1:b4:80:17:45:e3:3c:66:30:7e:9d:c5:87:
         b7:d5:7d:3f:c0:03:07:1a:54:1e:03:6b:b1:06:7b:20:36:8e:
         91:6f:38:d7:df:5b:e4:51:28:4e:40:1d:55:39:1f:54:ae:c4:
         f0:ea:c0:08:10:5b:97:c3:df:85:09:a9:c0:2e:b8:c4:7a:82:
         8e:1b:74:b8:c8:c0:12:f5:34:c0:9c:a5:0c:f8:be:99:57:79:
         18:ae:22:46:7c:12:7d:f5:61:3a:53:fe:2a:77:11:2f:1c:60:
         41:78:46:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1y7TCMxy70eQNt8J79GnsNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjYwNDA5MTU0NzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDhlOGZkYWI4ZTBkMGE0YzQxZTNkMWE2YzcyZGU1ZjkzNmIwOGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy10bHrrXiiS3mqoIV/SvG93dsQk5
KwL3DzugRTLhFjW6MxfD6idmSe4CPoHu0vsVefAuDB7/AT/deqIRqit/XXtsIHYR
62/hT8OmDNEpDcBQaM59TmDAKDvFQl70t0/PBLBZRQrSUvM7LwKk6ZBEYF+ws5iY
L9I6DiYLX3z6/5K9mBgHPhmKH/Frrrdv1aPeIiW1icf4GUaNapfyI3KT42jwK4Qc
82F9jpMWHoVE5ICgbraO+irvIm6fCZruy6tOFfG1zoLkali0J+cdUOOipd074yer
wEFPZO+L3VfvPcfPKWBFkJreqxpjQWfeDJaz00Tb31icfuASBbz0RaTgzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECOj9q44NCkxB49Gmxy3l+TawjcMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvUUk2UDJyamcwS1RFSGowYWJITGVYNU5yQ053LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbmlMA0G
CSqGSIb3DQEBCwUAA4IBAQAyK0zu2zRqHDCjHyT7sl8Ci8IXPH1vx6FUup/cHEzp
2H8T/5L7H1joqemxPUtIGLiogxVeKCeNhBXsn56SGnpBPHd0ML5Z2b+/mefzVekq
Y3B2eO3vLk5mYC9GFmnuxvZqXHWrCE1KNirgU/xHd1ru0rK15KJZ2VJzVjylsJWP
eO6RO6g4Uzz5XP3oTr1pWltlvVdvAKG0gBdF4zxmMH6dxYe31X0/wAMHGlQeA2ux
BnsgNo6RbzjX31vkUShOQB1VOR9UrsTw6sAIEFuXw9+FCanALrjEeoKOG3S4yMAS
9TTAnKUM+L6ZV3kYriJGfBJ99WE6U/4qdxEvHGBBeEYw
-----END CERTIFICATE-----