Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/a826b2-ff3d-462c-9d59-f85b24748f89/1/quPkq094_wBHsRH0_SsJ-7fIlnA.roa
File:                     quPkq094_wBHsRH0_SsJ-7fIlnA.roa (raw, json)
Hash identifier:          w//hK3ihdIQlX/8ciiWSqwiAkFJLkZx5RbBMvxf8m88=
Subject key identifier:   AA:E3:E4:AB:4F:78:FF:00:47:B1:11:F4:FD:2B:09:FB:B7:C8:96:70
Certificate issuer:       /CN=6caeacf345ed7504bb9eaf443dfc395ec6e64990
Certificate serial:       019C8AAE073A748978264D2ED33EDB5AC546
Authority key identifier: 6C:AE:AC:F3:45:ED:75:04:BB:9E:AF:44:3D:FC:39:5E:C6:E6:49:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bK6s80XtdQS7nq9EPfw5XsbmSZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/a826b2-ff3d-462c-9d59-f85b24748f89/1/quPkq094_wBHsRH0_SsJ-7fIlnA.roa
Signing time:             Mon 23 Feb 2026 13:26:26 +0000
ROA not before:           Mon 23 Feb 2026 13:26:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199749
IP address blocks:        83.171.208.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/a826b2-ff3d-462c-9d59-f85b24748f89/1/bK6s80XtdQS7nq9EPfw5XsbmSZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/a826b2-ff3d-462c-9d59-f85b24748f89/1/bK6s80XtdQS7nq9EPfw5XsbmSZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bK6s80XtdQS7nq9EPfw5XsbmSZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8a:ae:07:3a:74:89:78:26:4d:2e:d3:3e:db:5a:c5:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6caeacf345ed7504bb9eaf443dfc395ec6e64990
        Validity
            Not Before: Feb 23 13:26:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aae3e4ab4f78ff0047b111f4fd2b09fbb7c89670
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:64:17:ae:e6:69:95:b7:7d:c4:b8:00:98:03:
                    60:b0:8d:94:a9:50:25:b5:c5:f6:97:80:e1:75:58:
                    b2:8c:f0:d4:7b:2e:6d:83:e8:3c:4f:f9:22:69:b9:
                    ab:03:a3:8d:59:6f:90:a2:93:48:7b:b7:81:03:d5:
                    f0:02:6b:49:e5:3a:4e:4d:09:82:2d:9a:de:c0:16:
                    1f:7c:06:94:9a:85:aa:bb:f5:11:2d:57:d0:38:70:
                    86:4d:14:b9:6d:a3:74:ff:27:8c:1e:5a:b4:60:43:
                    eb:67:62:46:94:47:41:b0:80:03:a9:12:d5:c7:82:
                    b7:ab:4d:8e:85:b9:2c:5c:c1:a2:5f:d0:9d:59:33:
                    36:e0:21:81:8a:08:41:4c:f5:6c:c7:6a:d1:ec:8e:
                    a6:72:28:6b:44:c3:88:94:79:7e:a3:ba:3a:40:f6:
                    00:6e:f2:24:3a:f2:d8:30:b7:a9:37:81:98:1e:73:
                    de:5d:2e:eb:98:86:e4:75:60:f3:28:87:4c:6a:c9:
                    e1:71:cf:d1:70:ba:a8:af:4c:cd:67:55:2a:74:82:
                    80:1e:f4:51:ec:15:57:6c:61:34:db:48:2f:9b:8f:
                    36:6d:f7:25:3f:d5:9c:ff:a7:8d:5d:12:69:96:a2:
                    40:67:1a:45:65:ec:7b:7e:7c:ae:ef:0b:5f:f3:bf:
                    54:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:E3:E4:AB:4F:78:FF:00:47:B1:11:F4:FD:2B:09:FB:B7:C8:96:70
            X509v3 Authority Key Identifier:
                keyid:6C:AE:AC:F3:45:ED:75:04:BB:9E:AF:44:3D:FC:39:5E:C6:E6:49:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bK6s80XtdQS7nq9EPfw5XsbmSZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/a826b2-ff3d-462c-9d59-f85b24748f89/1/quPkq094_wBHsRH0_SsJ-7fIlnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/a826b2-ff3d-462c-9d59-f85b24748f89/1/bK6s80XtdQS7nq9EPfw5XsbmSZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.171.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:ad:5e:aa:3e:92:3d:ee:ec:3f:f5:c6:9e:6c:61:cf:42:50:
         4d:e9:20:a4:22:a4:6b:e5:6e:fe:ce:2b:a5:1a:24:ba:67:3b:
         53:89:6b:21:a8:07:73:c8:dc:88:e3:a4:4c:7b:77:69:eb:50:
         55:b5:c4:23:85:3f:3f:33:47:3f:a2:2a:d4:56:97:75:89:91:
         6f:04:50:ec:bd:ba:dc:d4:8d:0e:93:dc:23:43:4d:ef:ae:66:
         dd:9d:5c:a9:f9:9d:fd:dc:8b:82:84:cf:44:72:63:a9:5a:73:
         5a:67:8e:92:30:ea:f4:8c:0e:34:c6:2c:c1:96:22:87:7e:85:
         4d:83:df:9f:51:64:fc:2f:9d:c8:f2:1e:20:66:3c:d3:2a:6d:
         d4:11:21:0d:bd:f5:ff:9a:b2:b4:29:24:4d:f5:6b:5f:8e:3a:
         39:86:19:c0:da:02:0b:95:51:01:42:94:9a:7f:49:b0:38:e2:
         a3:58:95:b4:6d:6d:cd:10:6b:7f:dd:63:21:69:be:99:76:3e:
         51:28:40:9f:f1:4c:83:84:85:8f:1f:51:44:f8:53:1f:4e:9e:
         d5:41:33:28:79:05:e8:2e:40:21:93:d4:62:bb:f8:f8:9f:59:
         34:dd:a4:d3:01:c2:48:6c:36:89:9b:6b:b1:d6:d1:77:90:02:
         b4:6e:b3:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyKrgc6dIl4Jk0u0z7bWsVGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYWVhY2YzNDVlZDc1MDRiYjllYWY0NDNkZmMzOTVlYzZl
NjQ5OTAwHhcNMjYwMjIzMTMyNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWUzZTRhYjRmNzhmZjAwNDdiMTExZjRmZDJiMDlmYmI3Yzg5NjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GQXruZplbd9xLgAmANgsI2UqVAl
tcX2l4DhdViyjPDUey5tg+g8T/kiabmrA6ONWW+QopNIe7eBA9XwAmtJ5TpOTQmC
LZrewBYffAaUmoWqu/URLVfQOHCGTRS5baN0/yeMHlq0YEPrZ2JGlEdBsIADqRLV
x4K3q02OhbksXMGiX9CdWTM24CGBighBTPVsx2rR7I6mcihrRMOIlHl+o7o6QPYA
bvIkOvLYMLepN4GYHnPeXS7rmIbkdWDzKIdMasnhcc/RcLqor0zNZ1UqdIKAHvRR
7BVXbGE020gvm482bfclP9Wc/6eNXRJplqJAZxpFZex7fnyu7wtf879ULQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKrj5KtPeP8AR7ER9P0rCfu3yJZwMB8GA1UdIwQY
MBaAFGyurPNF7XUEu56vRD38OV7G5kmQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYks2czgwWHRkUVM3bnE5RVBmdzVYc2JtU1pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hODI2YjItZmYzZC00NjJjLTlkNTkt
Zjg1YjI0NzQ4Zjg5LzEvcXVQa3EwOTRfd0JIc1JIMF9Tc0otN2ZJbG5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hODI2YjItZmYzZC00NjJjLTlkNTktZjg1YjI0NzQ4Zjg5
LzEvYks2czgwWHRkUVM3bnE5RVBmdzVYc2JtU1pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU6vQMA0G
CSqGSIb3DQEBCwUAA4IBAQA3rV6qPpI97uw/9caebGHPQlBN6SCkIqRr5W7+ziul
GiS6ZztTiWshqAdzyNyI46RMe3dp61BVtcQjhT8/M0c/oirUVpd1iZFvBFDsvbrc
1I0Ok9wjQ03vrmbdnVyp+Z393IuChM9EcmOpWnNaZ46SMOr0jA40xizBliKHfoVN
g9+fUWT8L53I8h4gZjzTKm3UESENvfX/mrK0KSRN9Wtfjjo5hhnA2gILlVEBQpSa
f0mwOOKjWJW0bW3NEGt/3WMhab6Zdj5RKECf8UyDhIWPH1FE+FMfTp7VQTMoeQXo
LkAhk9Riu/j4n1k03aTTAcJIbDaJm2ux1tF3kAK0brN8
-----END CERTIFICATE-----