Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/618e36-e0c3-428a-afd1-43cc90117aac/1/Q_4QWEMBSDdLrYJSZ1nFgTQeuIQ.roa
File:                     Q_4QWEMBSDdLrYJSZ1nFgTQeuIQ.roa (raw, json)
Hash identifier:          3AglCdllhiV/NPv9Ua1FbmPwtUIroh3ujOKJTo592Vc=
Subject key identifier:   43:FE:10:58:43:01:48:37:4B:AD:82:52:67:59:C5:81:34:1E:B8:84
Certificate issuer:       /CN=d1ab8947a8601f4ba1a85bd1c07b3f384f79611d
Certificate serial:       019D94F72D0CB16359EAEE2AB970B83BB8A8
Authority key identifier: D1:AB:89:47:A8:60:1F:4B:A1:A8:5B:D1:C0:7B:3F:38:4F:79:61:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0auJR6hgH0uhqFvRwHs_OE95YR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/618e36-e0c3-428a-afd1-43cc90117aac/1/Q_4QWEMBSDdLrYJSZ1nFgTQeuIQ.roa
Signing time:             Thu 16 Apr 2026 06:25:19 +0000
ROA not before:           Thu 16 Apr 2026 06:25:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204027
IP address blocks:        195.43.60.0/22 maxlen: 22
                          2001:678:f0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/618e36-e0c3-428a-afd1-43cc90117aac/1/0auJR6hgH0uhqFvRwHs_OE95YR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/618e36-e0c3-428a-afd1-43cc90117aac/1/0auJR6hgH0uhqFvRwHs_OE95YR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0auJR6hgH0uhqFvRwHs_OE95YR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:94:f7:2d:0c:b1:63:59:ea:ee:2a:b9:70:b8:3b:b8:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1ab8947a8601f4ba1a85bd1c07b3f384f79611d
        Validity
            Not Before: Apr 16 06:25:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43fe1058430148374bad82526759c581341eb884
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:f9:ef:fb:83:c1:f2:d6:d5:65:7e:89:7e:e2:
                    0c:08:1b:7a:16:40:99:cc:38:02:9d:95:62:b6:a0:
                    5d:05:95:14:c8:a2:46:2a:88:7d:c2:0d:b7:ae:1a:
                    d1:2c:b9:cf:f2:1d:90:88:b7:e1:7d:f8:2c:86:dd:
                    16:8f:83:17:15:79:e9:84:35:99:94:7d:ea:16:00:
                    8c:60:b9:4f:7e:fb:f4:7b:7d:a8:fa:0c:4d:77:7c:
                    e9:d3:90:d2:7e:97:ec:82:a8:f8:aa:f8:34:05:43:
                    b1:42:39:81:9a:22:fa:2a:3e:36:1f:29:73:bd:e9:
                    7d:37:39:1c:91:ba:f7:fb:88:fd:e9:a2:08:3e:15:
                    2b:be:da:f1:36:a1:fe:06:e6:37:87:9f:58:25:46:
                    32:34:51:4e:a6:ac:5b:f4:55:1d:fd:49:22:02:25:
                    cb:9d:fa:64:53:7f:e8:4c:05:4c:97:2a:85:b0:b1:
                    53:c2:08:60:77:fb:70:de:10:3a:cc:83:76:3b:09:
                    b0:ff:a5:6b:8e:4f:88:cf:b6:97:36:45:9c:fa:f4:
                    59:dd:d0:ea:20:50:40:7e:29:bc:18:af:92:d1:a3:
                    5c:f9:df:d3:81:4d:39:7c:7c:51:bc:2d:98:0b:69:
                    b2:cf:e2:0e:0a:2f:31:79:b5:de:1f:83:2f:0c:38:
                    2d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:FE:10:58:43:01:48:37:4B:AD:82:52:67:59:C5:81:34:1E:B8:84
            X509v3 Authority Key Identifier:
                keyid:D1:AB:89:47:A8:60:1F:4B:A1:A8:5B:D1:C0:7B:3F:38:4F:79:61:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0auJR6hgH0uhqFvRwHs_OE95YR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/618e36-e0c3-428a-afd1-43cc90117aac/1/Q_4QWEMBSDdLrYJSZ1nFgTQeuIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/618e36-e0c3-428a-afd1-43cc90117aac/1/0auJR6hgH0uhqFvRwHs_OE95YR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.60.0/22
                IPv6:
                  2001:678:f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:c9:c0:ff:bc:47:62:64:c7:e9:ce:08:f9:66:b0:4c:da:0f:
         b5:1c:b3:30:94:d7:3f:88:ca:a1:e7:96:70:a0:4e:fb:80:76:
         0f:0b:2e:54:41:5e:2c:ce:2e:6a:7d:e3:6d:6b:7d:6f:8a:a4:
         a5:52:36:2f:f9:8d:5a:3c:b0:49:93:a7:7b:ac:9b:92:4e:46:
         f7:34:6f:5e:c4:dd:4b:17:53:93:5b:1b:82:a1:7f:1c:bd:5a:
         32:b3:aa:d9:66:df:91:f2:be:2f:7e:c9:1a:64:fa:1d:74:7d:
         ab:fc:80:c0:db:7e:d2:3b:e2:5d:2b:d5:8d:53:95:b3:8a:78:
         ff:d7:f8:d1:93:ce:dd:1f:63:e3:71:d9:12:03:38:dc:16:0c:
         bc:ef:ef:25:8e:62:17:ba:e4:8e:3a:b3:2f:c1:69:4d:6e:ef:
         64:25:4e:30:a6:10:75:09:44:9a:33:e8:2e:3b:e8:89:a9:46:
         76:f4:1d:37:f3:42:1f:82:13:69:af:c9:86:a7:0b:7e:92:da:
         41:c8:46:f3:f4:f2:02:50:99:24:75:39:be:65:85:7d:32:e9:
         0d:0b:7b:e0:e8:0b:c1:4a:7d:4b:44:d2:08:6c:58:ab:4b:26:
         7d:38:38:0c:9f:b7:40:1a:84:70:a9:4a:a4:07:76:6a:2b:ea:
         8d:46:46:94
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ2U9y0MsWNZ6u4quXC4O7ioMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxYWI4OTQ3YTg2MDFmNGJhMWE4NWJkMWMwN2IzZjM4NGY3
OTYxMWQwHhcNMjYwNDE2MDYyNTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2ZlMTA1ODQzMDE0ODM3NGJhZDgyNTI2NzU5YzU4MTM0MWViODg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Pnv+4PB8tbVZX6JfuIMCBt6FkCZ
zDgCnZVitqBdBZUUyKJGKoh9wg23rhrRLLnP8h2QiLfhffgsht0Wj4MXFXnphDWZ
lH3qFgCMYLlPfvv0e32o+gxNd3zp05DSfpfsgqj4qvg0BUOxQjmBmiL6Kj42Hylz
vel9Nzkckbr3+4j96aIIPhUrvtrxNqH+BuY3h59YJUYyNFFOpqxb9FUd/UkiAiXL
nfpkU3/oTAVMlyqFsLFTwghgd/tw3hA6zIN2Owmw/6Vrjk+Iz7aXNkWc+vRZ3dDq
IFBAfim8GK+S0aNc+d/TgU05fHxRvC2YC2myz+IOCi8xebXeH4MvDDgt8QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEP+EFhDAUg3S62CUmdZxYE0HriEMB8GA1UdIwQY
MBaAFNGriUeoYB9Loahb0cB7PzhPeWEdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGF1SlI2aGdIMHVocUZ2UndIc19PRTk1WVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS82MThlMzYtZTBjMy00MjhhLWFmZDEt
NDNjYzkwMTE3YWFjLzEvUV80UVdFTUJTRGRMcllKU1oxbkZnVFFldUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS82MThlMzYtZTBjMy00MjhhLWFmZDEtNDNjYzkwMTE3YWFj
LzEvMGF1SlI2aGdIMHVocUZ2UndIc19PRTk1WVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwys8MA8E
AgACMAkDBwAgAQZ4APAwDQYJKoZIhvcNAQELBQADggEBACrJwP+8R2Jkx+nOCPlm
sEzaD7UcszCU1z+IyqHnlnCgTvuAdg8LLlRBXizOLmp9421rfW+KpKVSNi/5jVo8
sEmTp3usm5JORvc0b17E3UsXU5NbG4Khfxy9WjKzqtlm35Hyvi9+yRpk+h10fav8
gMDbftI74l0r1Y1TlbOKeP/X+NGTzt0fY+Nx2RIDONwWDLzv7yWOYhe65I46sy/B
aU1u72QlTjCmEHUJRJoz6C476ImpRnb0HTfzQh+CE2mvyYanC36S2kHIRvP08gJQ
mSR1Ob5lhX0y6Q0Le+DoC8FKfUtE0ghsWKtLJn04OAyft0AahHCpSqQHdmor6o1G
RpQ=
-----END CERTIFICATE-----