Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/MqJhi3bwECktn6EyJ2p2luMJve8.roa
File:                     MqJhi3bwECktn6EyJ2p2luMJve8.roa (raw, json)
Hash identifier:          7hbc8iO7TEpBaIfqOvtVRrRYwuZNWS907XdmqS56Db0=
Subject key identifier:   32:A2:61:8B:76:F0:10:29:2D:9F:A1:32:27:6A:76:96:E3:09:BD:EF
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019D8FE5E1948DE4F54647827AAB53F7C355
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/MqJhi3bwECktn6EyJ2p2luMJve8.roa
Signing time:             Wed 15 Apr 2026 06:48:20 +0000
ROA not before:           Wed 15 Apr 2026 06:48:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     22427
IP address blocks:        79.172.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8f:e5:e1:94:8d:e4:f5:46:47:82:7a:ab:53:f7:c3:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Apr 15 06:48:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=32a2618b76f010292d9fa132276a7696e309bdef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:37:d7:e3:88:b1:83:51:27:8d:63:92:ff:9f:
                    c7:b6:7a:c6:ec:d1:04:96:55:17:4e:a4:87:4c:59:
                    16:03:27:0e:db:ac:2b:13:b5:0c:e1:1d:77:96:f3:
                    5b:d9:c9:be:c7:a8:64:67:f5:a9:5d:10:2d:05:a0:
                    c8:58:6f:84:ed:49:1c:6d:98:1c:2e:85:72:fd:f9:
                    b7:52:fa:3c:bc:58:e6:e1:42:1c:60:dd:5c:69:10:
                    c1:20:8e:c7:f8:8f:bb:f3:0d:49:20:24:e6:33:6b:
                    39:1d:e3:54:75:27:93:80:5b:54:95:3e:00:db:2d:
                    ae:2a:80:c6:ea:0e:c8:ce:04:94:43:3c:b0:28:45:
                    86:08:15:92:56:b2:99:8e:a3:f2:e1:49:ac:37:54:
                    23:8f:d6:6b:27:e3:ce:0e:46:a5:63:dc:2d:95:17:
                    97:96:c6:e7:be:0b:9a:da:bb:83:9e:0a:c3:45:04:
                    2a:ae:74:af:8e:d0:b4:79:67:2c:12:6f:ec:70:10:
                    24:40:0a:17:7c:73:71:17:36:04:94:e8:00:03:f6:
                    ec:59:93:d3:2c:9f:95:33:fc:77:59:66:45:d4:dc:
                    71:c3:21:75:45:71:04:ef:ed:a5:42:19:88:0c:82:
                    4e:6e:bf:f1:8a:6a:91:ee:63:5d:41:16:28:03:56:
                    e8:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:A2:61:8B:76:F0:10:29:2D:9F:A1:32:27:6A:76:96:E3:09:BD:EF
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/MqJhi3bwECktn6EyJ2p2luMJve8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:66:e1:ea:2d:cb:e9:08:d6:a0:62:00:40:05:ab:bf:5f:ac:
         3f:2a:87:7a:31:d4:36:96:b0:cc:f3:0d:48:8d:f6:9c:34:de:
         e1:89:4e:6a:ff:56:3b:39:42:bb:26:64:e8:a4:81:5b:28:24:
         73:c4:ba:f2:bb:e4:ec:17:58:22:99:89:e3:91:d8:86:23:21:
         db:ea:99:b3:1b:37:6c:c9:3c:1a:76:11:ec:bd:4e:2b:35:25:
         73:5d:e6:79:91:3d:cd:c6:35:4a:21:72:bc:5b:6a:45:2b:7c:
         fb:f8:b4:eb:89:66:3a:98:fc:f7:fc:4a:d7:7b:f8:d3:ad:a7:
         f1:4b:a9:23:a7:db:74:c5:7f:83:06:b5:a5:ec:7c:fa:1a:f8:
         fc:85:0c:f1:2a:32:39:70:81:66:99:08:c9:d0:30:b2:fe:39:
         49:18:41:5c:81:b3:13:5d:f3:5c:8c:97:20:cb:b4:45:49:81:
         8e:37:ed:a9:02:79:62:48:b3:64:c0:02:2e:47:02:f1:0f:d6:
         cb:c2:b5:92:2c:b2:91:b4:99:6c:b0:c1:21:dd:51:06:d2:fb:
         4f:dc:ff:41:0b:93:92:df:d3:8e:1b:36:57:5d:4f:70:f6:89:
         48:76:1c:ae:7a:a0:78:47:2f:1a:68:a0:a3:23:be:59:df:27:
         dd:62:35:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2P5eGUjeT1RkeCeqtT98NVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjYwNDE1MDY0ODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmEyNjE4Yjc2ZjAxMDI5MmQ5ZmExMzIyNzZhNzY5NmUzMDliZGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTfX44ixg1EnjWOS/5/HtnrG7NEE
llUXTqSHTFkWAycO26wrE7UM4R13lvNb2cm+x6hkZ/WpXRAtBaDIWG+E7UkcbZgc
LoVy/fm3Uvo8vFjm4UIcYN1caRDBII7H+I+78w1JICTmM2s5HeNUdSeTgFtUlT4A
2y2uKoDG6g7IzgSUQzywKEWGCBWSVrKZjqPy4UmsN1Qjj9ZrJ+PODkalY9wtlReX
lsbnvgua2ruDngrDRQQqrnSvjtC0eWcsEm/scBAkQAoXfHNxFzYElOgAA/bsWZPT
LJ+VM/x3WWZF1NxxwyF1RXEE7+2lQhmIDIJObr/ximqR7mNdQRYoA1botQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDKiYYt28BApLZ+hMidqdpbjCb3vMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvTXFKaGkzYndFQ2t0bjZFeUoycDJsdU1KdmU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6zkMA0G
CSqGSIb3DQEBCwUAA4IBAQCSZuHqLcvpCNagYgBABau/X6w/Kod6MdQ2lrDM8w1I
jfacNN7hiU5q/1Y7OUK7JmTopIFbKCRzxLryu+TsF1gimYnjkdiGIyHb6pmzGzds
yTwadhHsvU4rNSVzXeZ5kT3NxjVKIXK8W2pFK3z7+LTriWY6mPz3/ErXe/jTrafx
S6kjp9t0xX+DBrWl7Hz6Gvj8hQzxKjI5cIFmmQjJ0DCy/jlJGEFcgbMTXfNcjJcg
y7RFSYGON+2pAnliSLNkwAIuRwLxD9bLwrWSLLKRtJlssMEh3VEG0vtP3P9BC5OS
39OOGzZXXU9w9olIdhyueqB4Ry8aaKCjI75Z3yfdYjXM
-----END CERTIFICATE-----