Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/qo7ie-ZCOxr3kULK0wr2-czci7A.roa
File:                     qo7ie-ZCOxr3kULK0wr2-czci7A.roa (raw, json)
Hash identifier:          tjSzYVU1BPWM+eWE8epAD1zQp+0FNjjYVtJc8ORfDvE=
Subject key identifier:   AA:8E:E2:7B:E6:42:3B:1A:F7:91:42:CA:D3:0A:F6:F9:CC:DC:8B:B0
Certificate issuer:       /CN=6f5e0230be799e44829c8720ca38347045494e20
Certificate serial:       019D953484B1342DA55BD57A518EE755EFD4
Authority key identifier: 6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/qo7ie-ZCOxr3kULK0wr2-czci7A.roa
Signing time:             Thu 16 Apr 2026 07:32:20 +0000
ROA not before:           Thu 16 Apr 2026 07:32:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        85.232.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 05:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:95:34:84:b1:34:2d:a5:5b:d5:7a:51:8e:e7:55:ef:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f5e0230be799e44829c8720ca38347045494e20
        Validity
            Not Before: Apr 16 07:32:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aa8ee27be6423b1af79142cad30af6f9ccdc8bb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e9:79:b4:4c:ef:d5:8a:9f:73:37:54:32:bb:
                    9b:64:d9:20:28:65:c7:85:73:b8:f8:fd:0e:99:67:
                    19:a0:e2:be:c0:eb:13:fc:24:a7:c5:f4:93:6c:03:
                    09:44:aa:9b:ee:f5:55:8f:9b:34:57:d1:25:bf:55:
                    a6:e2:09:39:5e:be:77:8e:28:67:cd:5d:cb:f6:7e:
                    26:fd:ad:4e:94:0a:16:76:5b:3e:14:6c:3b:86:83:
                    30:10:5e:b5:37:a2:44:1b:85:24:05:95:13:53:e0:
                    62:ff:d2:09:21:d2:e6:43:4b:7e:b3:2f:0b:f3:4b:
                    38:03:50:61:11:cf:98:4a:20:4b:8f:22:3f:ed:99:
                    d0:50:3a:bd:e2:2c:22:dc:63:08:28:a8:e9:03:d4:
                    51:17:b5:a7:47:84:9a:8b:30:03:2b:2a:26:89:a0:
                    93:f7:c0:04:48:e2:c5:93:b0:1e:1e:ee:b2:fc:cd:
                    92:a3:57:a2:0e:f0:a9:2d:c9:c7:64:f4:9b:0b:c7:
                    ee:a9:90:f4:d9:8b:67:92:0c:a0:8a:2a:03:81:a3:
                    02:14:0c:53:2f:eb:30:70:1d:c7:62:78:08:54:97:
                    f0:65:c1:11:1c:82:7d:ce:71:06:8b:56:3f:bf:b7:
                    65:bf:2e:14:c8:72:99:47:52:99:86:c3:f4:29:99:
                    6c:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:8E:E2:7B:E6:42:3B:1A:F7:91:42:CA:D3:0A:F6:F9:CC:DC:8B:B0
            X509v3 Authority Key Identifier:
                keyid:6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/qo7ie-ZCOxr3kULK0wr2-czci7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.232.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:00:50:0f:f9:39:23:5c:66:c7:02:d1:58:b6:65:fe:f4:f7:
         7c:ed:4e:cc:0c:7e:aa:8c:6d:01:d6:25:1f:18:7c:d5:65:d8:
         37:fb:5a:78:25:e9:b1:a1:01:7a:7e:25:11:9b:cf:ce:3f:d1:
         c0:46:ca:01:ab:03:34:20:5a:be:40:10:46:bd:7a:af:e8:5f:
         67:47:3e:ac:9d:cc:10:b6:e7:92:64:31:f0:e5:b8:53:63:fe:
         3d:45:0b:1c:9a:6c:ea:8b:05:39:15:6a:58:92:2c:d9:70:91:
         1b:de:96:72:3b:2f:49:e7:98:e5:2c:0f:f2:50:ef:c9:ef:ef:
         b4:2d:8e:17:89:56:65:aa:6f:ee:de:6d:7e:7e:1b:a8:65:b6:
         8c:da:94:81:60:3e:d4:a1:89:85:d0:59:ed:c0:23:e6:2a:e2:
         96:6f:d0:32:1f:6d:e0:e4:13:c9:b9:59:a4:67:c0:45:a5:3f:
         6a:20:84:d7:a4:09:8f:fd:82:e0:3c:78:24:c3:b2:91:64:0c:
         60:56:63:f2:6a:76:5e:84:90:d4:ce:99:df:0b:0a:56:de:06:
         52:3f:8d:5b:c5:22:88:c0:83:1e:82:f7:5d:6d:36:74:46:9f:
         ab:5f:7f:72:0c:d6:5f:27:eb:d1:f2:d4:08:d3:5c:2b:43:2f:
         de:66:fb:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2VNISxNC2lW9V6UY7nVe/UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNWUwMjMwYmU3OTllNDQ4MjljODcyMGNhMzgzNDcwNDU0
OTRlMjAwHhcNMjYwNDE2MDczMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYThlZTI3YmU2NDIzYjFhZjc5MTQyY2FkMzBhZjZmOWNjZGM4YmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArel5tEzv1YqfczdUMrubZNkgKGXH
hXO4+P0OmWcZoOK+wOsT/CSnxfSTbAMJRKqb7vVVj5s0V9Elv1Wm4gk5Xr53jihn
zV3L9n4m/a1OlAoWdls+FGw7hoMwEF61N6JEG4UkBZUTU+Bi/9IJIdLmQ0t+sy8L
80s4A1BhEc+YSiBLjyI/7ZnQUDq94iwi3GMIKKjpA9RRF7WnR4SaizADKyomiaCT
98AESOLFk7AeHu6y/M2So1eiDvCpLcnHZPSbC8fuqZD02YtnkgygiioDgaMCFAxT
L+swcB3HYngIVJfwZcERHIJ9znEGi1Y/v7dlvy4UyHKZR1KZhsP0KZlsQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqO4nvmQjsa95FCytMK9vnM3IuwMB8GA1UdIwQY
MBaAFG9eAjC+eZ5EgpyHIMo4NHBFSU4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGIt
YmE3YzdkODE5MGNhLzEvcW83aWUtWkNPeHIza1VMSzB3cjItY3pjaTdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGItYmE3YzdkODE5MGNh
LzEvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVei0MA0G
CSqGSIb3DQEBCwUAA4IBAQAxAFAP+TkjXGbHAtFYtmX+9Pd87U7MDH6qjG0B1iUf
GHzVZdg3+1p4JemxoQF6fiURm8/OP9HARsoBqwM0IFq+QBBGvXqv6F9nRz6sncwQ
tueSZDHw5bhTY/49RQscmmzqiwU5FWpYkizZcJEb3pZyOy9J55jlLA/yUO/J7++0
LY4XiVZlqm/u3m1+fhuoZbaM2pSBYD7UoYmF0FntwCPmKuKWb9AyH23g5BPJuVmk
Z8BFpT9qIITXpAmP/YLgPHgkw7KRZAxgVmPyanZehJDUzpnfCwpW3gZSP41bxSKI
wIMegvddbTZ0Rp+rX39yDNZfJ+vR8tQI01wrQy/eZvt5
-----END CERTIFICATE-----