Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/deca0e-dd4c-44ef-bf77-05dbe3df98f6/1/QAgOOWOSGVL9EA58pEl1eGs2WSI.roa
File:                     QAgOOWOSGVL9EA58pEl1eGs2WSI.roa (raw, json)
Hash identifier:          h4yfJTuGabEHeQ+rxp95srDtrChZHsYML/0NIEoqm54=
Subject key identifier:   40:08:0E:39:63:92:19:52:FD:10:0E:7C:A4:49:75:78:6B:36:59:22
Certificate issuer:       /CN=508a9a08abef74dcc51004f4fae0266d620395e3
Certificate serial:       019B775931EBBED9488EA39E0E88ACB51A3D
Authority key identifier: 50:8A:9A:08:AB:EF:74:DC:C5:10:04:F4:FA:E0:26:6D:62:03:95:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UIqaCKvvdNzFEAT0-uAmbWIDleM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/deca0e-dd4c-44ef-bf77-05dbe3df98f6/1/QAgOOWOSGVL9EA58pEl1eGs2WSI.roa
Signing time:             Thu 01 Jan 2026 02:18:12 +0000
ROA not before:           Thu 01 Jan 2026 02:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211197
IP address blocks:        185.7.213.0/24 maxlen: 24
                          193.223.109.0/24 maxlen: 24
                          2a03:b680::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/deca0e-dd4c-44ef-bf77-05dbe3df98f6/1/UIqaCKvvdNzFEAT0-uAmbWIDleM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/deca0e-dd4c-44ef-bf77-05dbe3df98f6/1/UIqaCKvvdNzFEAT0-uAmbWIDleM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UIqaCKvvdNzFEAT0-uAmbWIDleM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:31:eb:be:d9:48:8e:a3:9e:0e:88:ac:b5:1a:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=508a9a08abef74dcc51004f4fae0266d620395e3
        Validity
            Not Before: Jan  1 02:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=40080e3963921952fd100e7ca44975786b365922
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e6:3a:82:8f:dd:0a:d1:2c:92:9d:57:b7:14:
                    c6:e9:f5:13:fa:de:a8:88:ab:3c:9e:dd:51:44:17:
                    42:35:6c:e4:72:a1:0d:7a:d5:3d:c6:9f:30:cf:c4:
                    42:26:42:1a:07:4e:5a:a5:81:4c:36:d0:9c:87:17:
                    c9:e3:2c:c1:57:aa:32:3c:d8:c2:44:21:01:76:ec:
                    3a:cc:b4:43:ef:87:10:c3:a1:67:f4:12:77:6b:9a:
                    7a:2d:ef:70:65:c1:33:bb:ef:9c:96:6c:00:cb:7a:
                    5f:01:58:56:0b:26:68:f5:c7:04:33:92:01:5e:3c:
                    a1:c0:b2:28:f4:59:e2:c8:bd:c7:c3:53:58:05:5f:
                    34:08:09:37:07:c1:b4:1e:ee:2a:cd:fd:a7:25:39:
                    a7:e4:61:49:33:b9:52:9c:be:0c:1c:90:33:4a:e5:
                    b7:c5:b6:82:73:d5:62:79:0b:78:e5:0a:3d:d1:c6:
                    82:01:9f:f3:b9:65:82:be:9d:64:07:d6:2e:fe:c3:
                    f6:23:9c:34:64:7b:10:87:1d:5d:74:21:82:61:de:
                    14:8d:78:62:a1:50:c8:00:f3:89:38:3f:ed:3a:78:
                    c8:a9:33:35:b0:be:46:f0:5c:c9:aa:08:9c:06:f5:
                    01:58:77:cf:05:01:a9:2b:60:38:77:81:73:fb:df:
                    94:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:08:0E:39:63:92:19:52:FD:10:0E:7C:A4:49:75:78:6B:36:59:22
            X509v3 Authority Key Identifier:
                keyid:50:8A:9A:08:AB:EF:74:DC:C5:10:04:F4:FA:E0:26:6D:62:03:95:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UIqaCKvvdNzFEAT0-uAmbWIDleM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/deca0e-dd4c-44ef-bf77-05dbe3df98f6/1/QAgOOWOSGVL9EA58pEl1eGs2WSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/deca0e-dd4c-44ef-bf77-05dbe3df98f6/1/UIqaCKvvdNzFEAT0-uAmbWIDleM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.213.0/24
                  193.223.109.0/24
                IPv6:
                  2a03:b680::/29

    Signature Algorithm: sha256WithRSAEncryption
         80:d2:54:85:58:cc:e5:ea:f8:38:10:41:9f:65:7d:7b:a6:b8:
         24:95:56:af:11:81:4c:ff:0f:ec:da:4b:23:f2:ee:a7:a9:9f:
         6b:59:97:65:26:8c:16:5c:9e:d2:db:43:ef:ab:09:ca:81:2c:
         69:75:9b:88:2c:c2:4e:60:a3:ea:a6:35:1f:9f:fc:ac:8c:ca:
         c2:9c:ba:2a:27:85:dc:94:c7:b3:b0:11:8a:4a:82:3d:66:65:
         f8:9a:28:2f:90:3e:91:15:f1:e0:a1:21:0b:9f:04:2f:62:9b:
         3f:f9:a2:d5:be:28:d9:d4:57:9d:ce:ef:d0:5f:59:f5:cb:7a:
         9a:dd:20:af:ca:45:64:d7:09:71:fc:48:ca:10:fe:58:7d:cc:
         dc:01:2e:8b:64:07:7f:75:e6:e9:55:52:6f:8b:c4:9a:11:d0:
         4f:49:1d:df:05:3e:e4:dc:fe:82:85:3c:46:8c:92:b8:c9:9b:
         64:e5:52:0a:88:23:7b:ed:2c:d3:81:7c:c6:56:56:19:8a:3c:
         76:4c:7a:6b:a7:e1:b4:57:c9:2c:bd:e2:d6:fe:c5:64:73:92:
         e1:04:68:b8:dc:f3:54:5d:f1:14:c4:02:8c:bc:5d:83:95:e8:
         ce:85:76:58:b8:5b:5a:69:9e:25:15:f6:cc:7f:4f:19:22:79:
         67:41:c1:85
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt3WTHrvtlIjqOeDoistRo9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOGE5YTA4YWJlZjc0ZGNjNTEwMDRmNGZhZTAyNjZkNjIw
Mzk1ZTMwHhcNMjYwMTAxMDIxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDA4MGUzOTYzOTIxOTUyZmQxMDBlN2NhNDQ5NzU3ODZiMzY1OTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+Y6go/dCtEskp1XtxTG6fUT+t6o
iKs8nt1RRBdCNWzkcqENetU9xp8wz8RCJkIaB05apYFMNtCchxfJ4yzBV6oyPNjC
RCEBduw6zLRD74cQw6Fn9BJ3a5p6Le9wZcEzu++clmwAy3pfAVhWCyZo9ccEM5IB
XjyhwLIo9FniyL3Hw1NYBV80CAk3B8G0Hu4qzf2nJTmn5GFJM7lSnL4MHJAzSuW3
xbaCc9VieQt45Qo90caCAZ/zuWWCvp1kB9Yu/sP2I5w0ZHsQhx1ddCGCYd4UjXhi
oVDIAPOJOD/tOnjIqTM1sL5G8FzJqgicBvUBWHfPBQGpK2A4d4Fz+9+UwQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEAIDjljkhlS/RAOfKRJdXhrNlkiMB8GA1UdIwQY
MBaAFFCKmgir73TcxRAE9PrgJm1iA5XjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUlxYUNLdnZkTnpGRUFUMC11QW1iV0lEbGVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9kZWNhMGUtZGQ0Yy00NGVmLWJmNzct
MDVkYmUzZGY5OGY2LzEvUUFnT09XT1NHVkw5RUE1OHBFbDFlR3MyV1NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9kZWNhMGUtZGQ0Yy00NGVmLWJmNzctMDVkYmUzZGY5OGY2
LzEvVUlxYUNLdnZkTnpGRUFUMC11QW1iV0lEbGVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuQfVAwQA
wd9tMA0EAgACMAcDBQMqA7aAMA0GCSqGSIb3DQEBCwUAA4IBAQCA0lSFWMzl6vg4
EEGfZX17prgklVavEYFM/w/s2ksj8u6nqZ9rWZdlJowWXJ7S20PvqwnKgSxpdZuI
LMJOYKPqpjUfn/ysjMrCnLoqJ4XclMezsBGKSoI9ZmX4migvkD6RFfHgoSELnwQv
Yps/+aLVvijZ1Fedzu/QX1n1y3qa3SCvykVk1wlx/EjKEP5YfczcAS6LZAd/debp
VVJvi8SaEdBPSR3fBT7k3P6ChTxGjJK4yZtk5VIKiCN77SzTgXzGVlYZijx2THpr
p+G0V8ksveLW/sVkc5LhBGi43PNUXfEUxAKMvF2DlejOhXZYuFtaaZ4lFfbMf08Z
InlnQcGF
-----END CERTIFICATE-----