Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/Q_rrlmseqjc9c8mfs_9rzyd3284.roa
File:                     Q_rrlmseqjc9c8mfs_9rzyd3284.roa (raw, json)
Hash identifier:          GSzKRbWz/hHkNfc9qit79if8AoJkjbgwLaFILxum/nA=
Subject key identifier:   43:FA:EB:96:6B:1E:AA:37:3D:73:C9:9F:B3:FF:6B:CF:27:77:DB:CE
Certificate issuer:       /CN=f82554a856a422b061ae64c577630f91d408cd4a
Certificate serial:       019C1138F19E26723FE0DC5550942F33D308
Authority key identifier: F8:25:54:A8:56:A4:22:B0:61:AE:64:C5:77:63:0F:91:D4:08:CD:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/Q_rrlmseqjc9c8mfs_9rzyd3284.roa
Signing time:             Fri 30 Jan 2026 23:24:30 +0000
ROA not before:           Fri 30 Jan 2026 23:24:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29075
IP address blocks:        89.234.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:11:38:f1:9e:26:72:3f:e0:dc:55:50:94:2f:33:d3:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f82554a856a422b061ae64c577630f91d408cd4a
        Validity
            Not Before: Jan 30 23:24:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43faeb966b1eaa373d73c99fb3ff6bcf2777dbce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:16:fb:4a:8a:4f:fd:d1:6e:37:dd:42:5a:ee:
                    f2:e2:be:33:88:d8:77:a2:b2:65:83:25:30:27:f7:
                    14:db:ec:4a:ac:c7:3d:11:7b:89:7b:14:c2:fb:81:
                    c2:34:54:4d:a6:9e:aa:61:87:d1:1e:d6:24:1b:1e:
                    67:78:61:23:42:7f:20:49:6b:e2:d8:d1:af:3f:d7:
                    3d:07:de:e4:37:4e:db:ab:54:a8:c3:a4:89:c1:c5:
                    9a:98:37:1d:7b:3e:a5:b1:dc:d4:d8:ed:9d:a4:67:
                    fc:00:d4:04:7f:5a:dd:04:53:21:c1:9a:83:44:36:
                    ea:ba:40:4f:ea:f9:15:f7:95:60:ca:3a:ab:be:da:
                    cf:bd:cf:69:c0:58:8e:c3:8e:8a:67:db:ec:7c:0c:
                    9e:46:2b:67:d4:b9:d2:dd:1d:7d:8e:a1:70:a9:88:
                    3f:19:2b:a6:38:67:c1:f3:88:4d:dc:76:8f:d3:92:
                    e8:16:77:aa:d5:d4:4b:f8:af:66:70:be:d3:a4:80:
                    59:fb:5a:35:32:52:00:a4:72:77:8b:5b:73:21:69:
                    96:b9:9b:a5:41:6e:2f:6c:6c:f4:22:c7:3f:91:c2:
                    c2:21:42:28:53:40:7f:b3:c6:08:1b:02:3d:84:e7:
                    3b:8f:4a:2d:ee:5a:38:a2:20:22:0d:b5:60:2d:42:
                    63:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:FA:EB:96:6B:1E:AA:37:3D:73:C9:9F:B3:FF:6B:CF:27:77:DB:CE
            X509v3 Authority Key Identifier:
                keyid:F8:25:54:A8:56:A4:22:B0:61:AE:64:C5:77:63:0F:91:D4:08:CD:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-CVUqFakIrBhrmTFd2MPkdQIzUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/Q_rrlmseqjc9c8mfs_9rzyd3284.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/9437a2-07e6-4e6a-aa3f-965d6d603bfa/1/1-CVUqFakIrBhrmTFd2MPkdQIzUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.234.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:e5:6e:50:c7:b7:df:96:fa:e1:18:21:1c:42:70:8e:57:d8:
         fb:46:81:2a:43:f0:08:dc:36:e2:90:ab:40:76:57:78:ca:14:
         77:dd:af:ba:2d:a9:49:f4:79:94:ea:cc:73:25:da:a5:64:06:
         e6:f7:08:b8:42:68:8c:b1:94:02:42:c2:16:25:5d:46:24:9f:
         b6:4d:a2:b7:2d:9c:5f:f7:42:91:55:8d:3f:8f:7f:85:ce:66:
         fb:33:5f:50:27:34:e1:3a:4c:cb:93:3c:ab:7a:d9:79:05:c2:
         3c:16:f3:f6:f9:b9:9c:c9:e9:26:30:35:bc:88:4b:31:34:0e:
         be:30:52:b7:bd:08:4a:aa:53:6d:fb:dd:5f:d2:41:3b:04:13:
         95:43:7b:54:c7:ed:3e:48:29:fc:e8:31:b4:4e:ce:96:fa:9b:
         1e:ff:4c:ec:d0:7f:45:7e:85:20:f1:e3:9b:e3:ac:0b:f8:59:
         cd:41:7c:cd:14:94:16:d1:e2:f8:73:39:36:10:61:5f:c9:f0:
         66:54:54:45:a0:5e:8f:a2:22:6e:ba:56:29:61:d9:cb:fc:cb:
         52:f9:f5:6d:c2:7f:44:61:0d:7c:e3:22:c4:0c:c3:6d:69:07:
         f5:7e:43:35:df:55:42:14:a0:7d:28:0f:fb:7e:d1:1d:75:91:
         3f:e8:2b:f0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZwROPGeJnI/4NxVUJQvM9MIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MjU1NGE4NTZhNDIyYjA2MWFlNjRjNTc3NjMwZjkxZDQw
OGNkNGEwHhcNMjYwMTMwMjMyNDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2ZhZWI5NjZiMWVhYTM3M2Q3M2M5OWZiM2ZmNmJjZjI3NzdkYmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxb7SopP/dFuN91CWu7y4r4ziNh3
orJlgyUwJ/cU2+xKrMc9EXuJexTC+4HCNFRNpp6qYYfRHtYkGx5neGEjQn8gSWvi
2NGvP9c9B97kN07bq1Sow6SJwcWamDcdez6lsdzU2O2dpGf8ANQEf1rdBFMhwZqD
RDbqukBP6vkV95VgyjqrvtrPvc9pwFiOw46KZ9vsfAyeRitn1LnS3R19jqFwqYg/
GSumOGfB84hN3HaP05LoFneq1dRL+K9mcL7TpIBZ+1o1MlIApHJ3i1tzIWmWuZul
QW4vbGz0Isc/kcLCIUIoU0B/s8YIGwI9hOc7j0ot7lo4oiAiDbVgLUJjIQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEP665ZrHqo3PXPJn7P/a88nd9vOMB8GA1UdIwQY
MBaAFPglVKhWpCKwYa5kxXdjD5HUCM1KMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1DVlVxRmFrSXJCaHJtVEZkMk1Qa2RRSXpVby5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYvOTQzN2EyLTA3ZTYtNGU2YS1hYTNm
LTk2NWQ2ZDYwM2JmYS8xL1FfcnJsbXNlcWpjOWM4bWZzXzlyenlkMzI4NC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGYvOTQzN2EyLTA3ZTYtNGU2YS1hYTNmLTk2NWQ2ZDYwM2Jm
YS8xLzEtQ1ZVcUZha0lyQmhybVRGZDJNUGtkUUl6VW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABZ6r0w
DQYJKoZIhvcNAQELBQADggEBAH/lblDHt9+W+uEYIRxCcI5X2PtGgSpD8AjcNuKQ
q0B2V3jKFHfdr7otqUn0eZTqzHMl2qVkBub3CLhCaIyxlAJCwhYlXUYkn7ZNorct
nF/3QpFVjT+Pf4XOZvszX1AnNOE6TMuTPKt62XkFwjwW8/b5uZzJ6SYwNbyISzE0
Dr4wUre9CEqqU2373V/SQTsEE5VDe1TH7T5IKfzoMbROzpb6mx7/TOzQf0V+hSDx
45vjrAv4Wc1BfM0UlBbR4vhzOTYQYV/J8GZUVEWgXo+iIm66Vilh2cv8y1L59W3C
f0RhDXzjIsQMw21pB/V+QzXfVUIUoH0oD/t+0R11kT/oK/A=
-----END CERTIFICATE-----