Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8f5e75-1334-4fb0-9f6a-bddc18c7a3f3/1/q1IZFoWH6F5cO3VvqugfG96ypds.roa
File:                     q1IZFoWH6F5cO3VvqugfG96ypds.roa (raw, json)
Hash identifier:          z06wuJ9uV7kG95Di5icAYTCKgXmbkwtxhSJONbDTzzQ=
Subject key identifier:   AB:52:19:16:85:87:E8:5E:5C:3B:75:6F:AA:E8:1F:1B:DE:B2:A5:DB
Certificate issuer:       /CN=dc030af8c7538b9c5af852f1c42a175aaf46f7e0
Certificate serial:       019C8B3587C319A7A464881D5E1AE87AC6F4
Authority key identifier: DC:03:0A:F8:C7:53:8B:9C:5A:F8:52:F1:C4:2A:17:5A:AF:46:F7:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3AMK-MdTi5xa-FLxxCoXWq9G9-A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8f5e75-1334-4fb0-9f6a-bddc18c7a3f3/1/q1IZFoWH6F5cO3VvqugfG96ypds.roa
Signing time:             Mon 23 Feb 2026 15:54:27 +0000
ROA not before:           Mon 23 Feb 2026 15:54:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51647
IP address blocks:        194.104.80.0/22 maxlen: 22
                          2a04:9fc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8f5e75-1334-4fb0-9f6a-bddc18c7a3f3/1/3AMK-MdTi5xa-FLxxCoXWq9G9-A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8f5e75-1334-4fb0-9f6a-bddc18c7a3f3/1/3AMK-MdTi5xa-FLxxCoXWq9G9-A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3AMK-MdTi5xa-FLxxCoXWq9G9-A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 18:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8b:35:87:c3:19:a7:a4:64:88:1d:5e:1a:e8:7a:c6:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc030af8c7538b9c5af852f1c42a175aaf46f7e0
        Validity
            Not Before: Feb 23 15:54:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab5219168587e85e5c3b756faae81f1bdeb2a5db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:85:5e:32:2d:9e:1b:b7:24:31:a8:bb:b2:2f:
                    02:ec:ad:ee:6b:de:8c:d0:ba:f7:2c:53:9f:2e:0c:
                    63:c5:6c:b7:fa:f1:54:69:7f:24:bb:1d:96:6d:49:
                    50:74:21:6c:b1:00:be:f9:9a:bc:e1:83:d6:6c:02:
                    a9:24:1c:6a:60:7e:14:63:0c:35:6b:3a:8d:15:9f:
                    a3:16:5e:a0:1f:25:e5:14:8f:0e:cd:24:23:55:fb:
                    ea:10:78:f1:d4:be:9b:17:70:30:14:ca:19:3b:68:
                    3d:47:6b:a9:a4:8a:93:02:fe:f0:fd:aa:ee:7c:0d:
                    88:9d:b0:36:d3:b5:98:45:ea:bd:cc:32:3b:51:ea:
                    6a:fd:ae:3a:62:41:e2:8a:56:59:5f:d7:0b:41:ff:
                    58:e8:33:25:c2:07:6e:0f:8a:e3:6b:54:87:e3:97:
                    71:75:5d:d2:a8:f1:f5:2e:a6:02:56:f4:54:a2:d4:
                    d9:94:ae:f9:35:bb:cd:13:68:74:f0:61:ae:3e:42:
                    0d:8b:88:4d:45:b7:37:e8:35:10:12:36:34:a5:4b:
                    bc:eb:0c:16:36:13:c0:8b:14:f1:b1:87:ef:2d:59:
                    cf:96:ff:b9:5c:87:82:90:66:79:3e:77:22:41:f0:
                    21:dd:8b:2e:27:bb:2d:7a:b1:fb:58:83:1c:5e:ec:
                    b9:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:52:19:16:85:87:E8:5E:5C:3B:75:6F:AA:E8:1F:1B:DE:B2:A5:DB
            X509v3 Authority Key Identifier:
                keyid:DC:03:0A:F8:C7:53:8B:9C:5A:F8:52:F1:C4:2A:17:5A:AF:46:F7:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3AMK-MdTi5xa-FLxxCoXWq9G9-A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8f5e75-1334-4fb0-9f6a-bddc18c7a3f3/1/q1IZFoWH6F5cO3VvqugfG96ypds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8f5e75-1334-4fb0-9f6a-bddc18c7a3f3/1/3AMK-MdTi5xa-FLxxCoXWq9G9-A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.80.0/22
                IPv6:
                  2a04:9fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:52:1c:cf:5b:27:92:2b:24:35:51:3f:68:ca:e0:54:9b:4e:
         ea:30:ff:21:40:39:a2:aa:ab:2a:62:c6:a8:f7:e1:8a:a5:45:
         c4:8d:88:03:d5:3e:24:d1:0a:b0:07:e7:30:75:4b:28:1d:da:
         10:1c:90:59:36:06:b9:72:a6:9d:c1:4a:35:75:66:70:33:49:
         89:ea:2b:32:60:42:5a:f3:14:6e:d1:a3:84:c6:5f:6d:2d:c8:
         98:9c:76:02:65:81:4e:1a:90:4e:55:f5:87:8d:b9:79:fc:61:
         df:37:ac:9f:a6:a0:0e:fe:1b:df:c9:5f:53:32:b6:b5:55:54:
         a8:e5:1a:2f:0c:0f:71:55:bf:d1:8c:9f:5c:e4:1c:46:27:bb:
         56:da:ab:4b:c5:3d:61:7c:c3:9d:08:84:e2:6a:6b:1e:f9:6b:
         ac:8b:0d:58:7f:c5:46:a3:77:ef:dd:d0:54:0c:ed:8e:29:fa:
         78:10:0a:d5:e4:16:83:62:f8:88:d2:28:44:7a:84:e9:c4:b5:
         11:75:22:49:81:fa:d0:a1:1f:49:c1:c5:9c:1d:ff:cc:9b:71:
         45:88:06:67:60:de:cc:c0:5f:88:81:f1:d1:17:55:53:55:76:
         95:cb:b4:b5:e1:8d:21:31:d9:80:ed:d4:1f:71:cf:dd:b3:ce:
         de:25:90:5b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZyLNYfDGaekZIgdXhroesb0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMDMwYWY4Yzc1MzhiOWM1YWY4NTJmMWM0MmExNzVhYWY0
NmY3ZTAwHhcNMjYwMjIzMTU1NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjUyMTkxNjg1ODdlODVlNWMzYjc1NmZhYWU4MWYxYmRlYjJhNWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1IVeMi2eG7ckMai7si8C7K3ua96M
0Lr3LFOfLgxjxWy3+vFUaX8kux2WbUlQdCFssQC++Zq84YPWbAKpJBxqYH4UYww1
azqNFZ+jFl6gHyXlFI8OzSQjVfvqEHjx1L6bF3AwFMoZO2g9R2uppIqTAv7w/aru
fA2InbA207WYReq9zDI7Uepq/a46YkHiilZZX9cLQf9Y6DMlwgduD4rja1SH45dx
dV3SqPH1LqYCVvRUotTZlK75NbvNE2h08GGuPkINi4hNRbc36DUQEjY0pUu86wwW
NhPAixTxsYfvLVnPlv+5XIeCkGZ5PnciQfAh3YsuJ7sterH7WIMcXuy5uQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKtSGRaFh+heXDt1b6roHxvesqXbMB8GA1UdIwQY
MBaAFNwDCvjHU4ucWvhS8cQqF1qvRvfgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0FNSy1NZFRpNXhhLUZMeHhDb1hXcTlHOS1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84ZjVlNzUtMTMzNC00ZmIwLTlmNmEt
YmRkYzE4YzdhM2YzLzEvcTFJWkZvV0g2RjVjTzNWdnF1Z2ZHOTZ5cGRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84ZjVlNzUtMTMzNC00ZmIwLTlmNmEtYmRkYzE4YzdhM2Yz
LzEvM0FNSy1NZFRpNXhhLUZMeHhDb1hXcTlHOS1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwmhQMA0E
AgACMAcDBQMqBJ/AMA0GCSqGSIb3DQEBCwUAA4IBAQBpUhzPWyeSKyQ1UT9oyuBU
m07qMP8hQDmiqqsqYsao9+GKpUXEjYgD1T4k0QqwB+cwdUsoHdoQHJBZNga5cqad
wUo1dWZwM0mJ6isyYEJa8xRu0aOExl9tLciYnHYCZYFOGpBOVfWHjbl5/GHfN6yf
pqAO/hvfyV9TMra1VVSo5RovDA9xVb/RjJ9c5BxGJ7tW2qtLxT1hfMOdCITiamse
+Wusiw1Yf8VGo3fv3dBUDO2OKfp4EArV5BaDYviI0ihEeoTpxLURdSJJgfrQoR9J
wcWcHf/Mm3FFiAZnYN7MwF+IgfHRF1VTVXaVy7S14Y0hMdmA7dQfcc/ds87eJZBb
-----END CERTIFICATE-----