Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/QsJVa7ALHglGVdigmvX7md5Q674.roa
File:                     QsJVa7ALHglGVdigmvX7md5Q674.roa (raw, json)
Hash identifier:          22/vuBN3pEmuYMdjZicb7ImHZcbO8Ev5qKlpNkyNuag=
Subject key identifier:   42:C2:55:6B:B0:0B:1E:09:46:55:D8:A0:9A:F5:FB:99:DE:50:EB:BE
Certificate issuer:       /CN=61b866e323382caea961e7d2423e53cab5099131
Certificate serial:       019B775892C6683D81F284FBB9452030D775
Authority key identifier: 61:B8:66:E3:23:38:2C:AE:A9:61:E7:D2:42:3E:53:CA:B5:09:91:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ybhm4yM4LK6pYefSQj5TyrUJkTE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/QsJVa7ALHglGVdigmvX7md5Q674.roa
Signing time:             Thu 01 Jan 2026 02:17:32 +0000
ROA not before:           Thu 01 Jan 2026 02:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200741
IP address blocks:        185.33.13.0/24 maxlen: 24
                          185.33.14.0/24 maxlen: 24
                          185.33.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/Ybhm4yM4LK6pYefSQj5TyrUJkTE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/Ybhm4yM4LK6pYefSQj5TyrUJkTE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ybhm4yM4LK6pYefSQj5TyrUJkTE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 11:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:92:c6:68:3d:81:f2:84:fb:b9:45:20:30:d7:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b866e323382caea961e7d2423e53cab5099131
        Validity
            Not Before: Jan  1 02:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=42c2556bb00b1e094655d8a09af5fb99de50ebbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:b7:62:83:fe:15:ff:73:69:e2:29:7c:65:0d:
                    34:ab:ec:41:00:91:ad:ff:91:9e:43:ce:02:02:58:
                    42:1a:4a:dc:88:8a:01:dd:f5:0d:1d:52:ad:ea:d0:
                    f5:9d:42:8c:cb:e2:ef:2b:d0:02:79:e3:64:6d:20:
                    b0:74:d9:e8:44:f2:84:5c:2c:7f:18:4c:df:3f:c7:
                    9b:fe:1d:bc:33:d1:bf:23:2b:12:e9:d0:cf:8d:0b:
                    ab:af:20:ba:b5:42:f2:98:df:6d:da:14:97:55:81:
                    3f:3e:30:01:a7:23:ba:81:0c:26:6a:3e:bb:87:6f:
                    24:12:0c:61:ce:6c:a0:1a:39:28:e1:5f:b0:76:7a:
                    23:92:e7:40:2d:a4:7a:22:85:ee:be:f4:ae:17:dc:
                    de:04:7c:b9:a5:36:1e:bf:88:24:3a:5a:d0:56:63:
                    31:b6:7c:55:97:4d:c1:b0:db:b1:29:cd:dc:77:2c:
                    df:fe:87:3f:8b:34:2a:cd:dc:96:e9:5e:7a:8c:76:
                    8a:50:ca:84:ac:2d:01:64:6b:7d:86:1e:d9:c4:4c:
                    cc:e4:4d:c0:46:35:00:bc:c8:82:8d:d6:c6:3f:77:
                    e4:b6:27:ef:06:fb:39:6b:15:e0:3f:a1:2d:0b:f4:
                    fa:c3:e7:e6:c7:1a:7f:d3:fc:9b:e7:c3:89:0c:81:
                    ff:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:C2:55:6B:B0:0B:1E:09:46:55:D8:A0:9A:F5:FB:99:DE:50:EB:BE
            X509v3 Authority Key Identifier:
                keyid:61:B8:66:E3:23:38:2C:AE:A9:61:E7:D2:42:3E:53:CA:B5:09:91:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ybhm4yM4LK6pYefSQj5TyrUJkTE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/QsJVa7ALHglGVdigmvX7md5Q674.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/4ef4a9-6d96-4989-9c81-d92e68dfffe4/1/Ybhm4yM4LK6pYefSQj5TyrUJkTE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.13.0-185.33.15.255

    Signature Algorithm: sha256WithRSAEncryption
         05:42:88:cf:bb:20:ca:93:28:37:0c:d0:98:51:f9:cc:50:18:
         8d:94:34:a7:8b:e6:f0:4a:6a:4d:ac:a7:35:bf:b4:17:a6:9d:
         83:5d:4f:41:f1:52:fe:19:45:84:b6:8a:9e:44:9e:f5:e2:51:
         3a:f1:9e:30:ad:4d:c1:ef:d9:6f:14:af:52:4e:b2:31:17:bb:
         23:d6:f5:06:2c:3d:a1:da:b7:99:54:fd:9f:5b:e6:49:ab:20:
         84:f9:a4:de:fa:bc:ee:36:9b:13:41:88:cf:33:f0:2a:ea:b2:
         19:23:93:58:21:26:3a:6e:aa:ea:70:9a:a6:d4:5b:09:41:6a:
         8f:0e:2e:0f:98:ca:28:4d:7f:90:1f:5b:48:85:8f:4e:4f:d9:
         02:58:96:dc:6d:58:da:a0:45:02:91:7f:d6:7f:be:5e:c5:ba:
         44:b9:56:1c:34:6a:b9:61:63:79:50:9c:dc:20:23:d6:9b:89:
         f7:3e:76:34:9c:77:17:13:24:36:b8:1f:7a:d5:08:a2:53:cd:
         66:5b:d0:74:f0:1a:07:79:2b:7a:e6:72:63:9f:8c:58:db:e6:
         d7:c6:80:93:83:fd:28:cc:a9:2e:7b:11:43:64:3d:ef:2a:4b:
         2c:f7:5d:90:09:c4:1d:88:1b:8f:02:a9:1e:54:41:8a:bd:66:
         28:89:09:c3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZt3WJLGaD2B8oT7uUUgMNd1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjg2NmUzMjMzODJjYWVhOTYxZTdkMjQyM2U1M2NhYjUw
OTkxMzEwHhcNMjYwMTAxMDIxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmMyNTU2YmIwMGIxZTA5NDY1NWQ4YTA5YWY1ZmI5OWRlNTBlYmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rdig/4V/3Np4il8ZQ00q+xBAJGt
/5GeQ84CAlhCGkrciIoB3fUNHVKt6tD1nUKMy+LvK9ACeeNkbSCwdNnoRPKEXCx/
GEzfP8eb/h28M9G/IysS6dDPjQurryC6tULymN9t2hSXVYE/PjABpyO6gQwmaj67
h28kEgxhzmygGjko4V+wdnojkudALaR6IoXuvvSuF9zeBHy5pTYev4gkOlrQVmMx
tnxVl03BsNuxKc3cdyzf/oc/izQqzdyW6V56jHaKUMqErC0BZGt9hh7ZxEzM5E3A
RjUAvMiCjdbGP3fktifvBvs5axXgP6EtC/T6w+fmxxp/0/yb58OJDIH/TwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFELCVWuwCx4JRlXYoJr1+5neUOu+MB8GA1UdIwQY
MBaAFGG4ZuMjOCyuqWHn0kI+U8q1CZExMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJobTR5TTRMSzZwWWVmU1FqNVR5clVKa1RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS80ZWY0YTktNmQ5Ni00OTg5LTljODEt
ZDkyZTY4ZGZmZmU0LzEvUXNKVmE3QUxIZ2xHVmRpZ212WDdtZDVRNjc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS80ZWY0YTktNmQ5Ni00OTg5LTljODEtZDkyZTY4ZGZmZmU0
LzEvWWJobTR5TTRMSzZwWWVmU1FqNVR5clVKa1RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5IQ0D
BAS5IQAwDQYJKoZIhvcNAQELBQADggEBAAVCiM+7IMqTKDcM0JhR+cxQGI2UNKeL
5vBKak2spzW/tBemnYNdT0HxUv4ZRYS2ip5EnvXiUTrxnjCtTcHv2W8Ur1JOsjEX
uyPW9QYsPaHat5lU/Z9b5kmrIIT5pN76vO42mxNBiM8z8Crqshkjk1ghJjpuqupw
mqbUWwlBao8OLg+YyihNf5AfW0iFj05P2QJYltxtWNqgRQKRf9Z/vl7FukS5Vhw0
arlhY3lQnNwgI9abifc+djScdxcTJDa4H3rVCKJTzWZb0HTwGgd5K3rmcmOfjFjb
5tfGgJOD/SjMqS57EUNkPe8qSyz3XZAJxB2IG48CqR5UQYq9ZiiJCcM=
-----END CERTIFICATE-----