Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/qGSJDYxfQ3dproMIpgTITGdpiXM.roa
File:                     qGSJDYxfQ3dproMIpgTITGdpiXM.roa (raw, json)
Hash identifier:          r66j/l8L1jLLu66GfqUEgm9JROBqZsScLN0nerfe/vY=
Subject key identifier:   A8:64:89:0D:8C:5F:43:77:69:AE:83:08:A6:04:C8:4C:67:69:89:73
Certificate issuer:       /CN=465ef7bd2eb3dcdbab04908380d48a8f2febc62c
Certificate serial:       019CA5F4C1A1525F4683CEE8FFD658F5E365
Authority key identifier: 46:5E:F7:BD:2E:B3:DC:DB:AB:04:90:83:80:D4:8A:8F:2F:EB:C6:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rl73vS6z3NurBJCDgNSKjy_rxiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/qGSJDYxfQ3dproMIpgTITGdpiXM.roa
Signing time:             Sat 28 Feb 2026 20:33:26 +0000
ROA not before:           Sat 28 Feb 2026 20:33:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210955
IP address blocks:        194.113.70.0/24 maxlen: 24
                          194.113.92.0/24 maxlen: 24
                          194.113.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/Rl73vS6z3NurBJCDgNSKjy_rxiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/Rl73vS6z3NurBJCDgNSKjy_rxiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rl73vS6z3NurBJCDgNSKjy_rxiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a5:f4:c1:a1:52:5f:46:83:ce:e8:ff:d6:58:f5:e3:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=465ef7bd2eb3dcdbab04908380d48a8f2febc62c
        Validity
            Not Before: Feb 28 20:33:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a864890d8c5f437769ae8308a604c84c67698973
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f4:fc:e2:81:c5:57:62:80:b3:78:bf:d1:94:
                    c9:f5:6e:c4:3d:a5:a8:82:ba:42:f9:b4:9a:fb:dc:
                    55:81:99:43:24:58:dc:08:3b:ea:29:4d:d6:f3:af:
                    31:c6:45:8f:3f:43:64:27:32:79:8c:cb:4d:d5:85:
                    98:d2:d1:31:e0:ad:f8:d8:1c:6c:db:76:e4:bc:78:
                    2f:82:7f:58:9c:f3:75:6a:20:9f:cc:6b:bc:0e:7f:
                    1a:91:45:97:5b:4d:3a:4e:26:c2:37:0f:ed:cc:96:
                    94:f4:f2:f4:99:79:9d:53:33:ee:84:c6:db:57:38:
                    81:76:a9:6c:4f:fd:c7:f9:e7:69:3e:dc:ff:34:a7:
                    b6:14:31:42:9a:0f:1f:f5:6a:43:69:c3:9d:bd:cc:
                    90:29:81:82:c4:85:af:1f:25:e7:c5:86:5f:df:fe:
                    ba:e5:40:67:d6:1e:12:d2:76:ff:16:ba:f0:22:96:
                    4b:59:49:ff:1d:70:f2:28:a8:b7:cb:d5:7f:80:98:
                    fc:a8:38:d5:d6:46:21:42:29:af:d8:2c:e7:76:10:
                    8a:72:0d:1b:f3:a2:23:cd:16:74:a6:48:52:40:00:
                    fa:96:bb:98:60:58:ca:0d:ca:9e:62:77:90:a1:36:
                    2d:00:b0:d0:b7:74:80:80:08:17:c1:0b:ac:74:e7:
                    44:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:64:89:0D:8C:5F:43:77:69:AE:83:08:A6:04:C8:4C:67:69:89:73
            X509v3 Authority Key Identifier:
                keyid:46:5E:F7:BD:2E:B3:DC:DB:AB:04:90:83:80:D4:8A:8F:2F:EB:C6:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl73vS6z3NurBJCDgNSKjy_rxiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/qGSJDYxfQ3dproMIpgTITGdpiXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/Rl73vS6z3NurBJCDgNSKjy_rxiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.70.0/24
                  194.113.92.0/24
                  194.113.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:cd:af:ad:cd:09:9d:e8:18:4b:6a:88:66:b8:90:a6:0c:f4:
         1b:c1:1c:f7:d7:b0:73:36:96:94:8c:9d:89:c3:c6:44:dd:98:
         ac:45:d8:1f:75:e2:5e:fd:23:c3:9d:cb:75:7e:f0:46:24:39:
         28:d6:ca:c6:06:d3:64:72:92:bb:a0:78:3f:a1:f2:e2:d3:6a:
         2c:8b:a9:66:61:a6:fd:87:2f:1c:e5:a6:6d:75:6b:ac:96:a8:
         9a:ba:49:73:71:1e:3d:fb:48:10:c7:83:48:49:d8:c0:4e:8f:
         cf:4b:1d:43:d8:6a:17:fe:d4:02:a7:d3:33:01:e6:a6:14:3c:
         06:49:f9:13:30:b1:7d:e1:33:09:dc:53:ae:36:0e:af:1e:6c:
         f1:9b:4b:65:eb:4e:ce:4d:4d:ad:d6:50:25:55:ac:55:60:7e:
         bb:f9:23:a5:8c:72:2b:fc:31:18:34:1d:ca:3a:d7:21:08:ac:
         a9:12:d5:e9:36:5c:04:d7:91:07:95:9e:31:07:0b:9d:1d:28:
         1f:d3:28:ed:ed:1b:93:98:ff:1c:9f:80:04:80:97:d7:9e:87:
         03:5f:2e:43:15:6d:ac:e0:c8:d4:b4:41:08:5b:b7:48:e5:b9:
         35:32:04:70:bd:56:de:66:fc:9f:17:9e:c7:f6:50:c8:d2:f6:
         26:52:2f:10
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZyl9MGhUl9Gg87o/9ZY9eNlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWVmN2JkMmViM2RjZGJhYjA0OTA4MzgwZDQ4YThmMmZl
YmM2MmMwHhcNMjYwMjI4MjAzMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODY0ODkwZDhjNWY0Mzc3NjlhZTgzMDhhNjA0Yzg0YzY3Njk4OTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvT84oHFV2KAs3i/0ZTJ9W7EPaWo
grpC+bSa+9xVgZlDJFjcCDvqKU3W868xxkWPP0NkJzJ5jMtN1YWY0tEx4K342Bxs
23bkvHgvgn9YnPN1aiCfzGu8Dn8akUWXW006TibCNw/tzJaU9PL0mXmdUzPuhMbb
VziBdqlsT/3H+edpPtz/NKe2FDFCmg8f9WpDacOdvcyQKYGCxIWvHyXnxYZf3/66
5UBn1h4S0nb/FrrwIpZLWUn/HXDyKKi3y9V/gJj8qDjV1kYhQimv2CzndhCKcg0b
86IjzRZ0pkhSQAD6lruYYFjKDcqeYneQoTYtALDQt3SAgAgXwQusdOdE8wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKhkiQ2MX0N3aa6DCKYEyExnaYlzMB8GA1UdIwQY
MBaAFEZe970us9zbqwSQg4DUio8v68YsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw3M3ZTNnozTnVyQkpDRGdOU0tqeV9yeGl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80MDk5NDktZjIyOS00OThkLTkzMTUt
MzRiNjdkZjdjYjAzLzEvcUdTSkRZeGZRM2Rwcm9NSXBnVElUR2RwaVhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80MDk5NDktZjIyOS00OThkLTkzMTUtMzRiNjdkZjdjYjAz
LzEvUmw3M3ZTNnozTnVyQkpDRGdOU0tqeV9yeGl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwnFGAwQA
wnFcAwQAwnFyMA0GCSqGSIb3DQEBCwUAA4IBAQB+za+tzQmd6BhLaohmuJCmDPQb
wRz317BzNpaUjJ2Jw8ZE3ZisRdgfdeJe/SPDnct1fvBGJDko1srGBtNkcpK7oHg/
ofLi02osi6lmYab9hy8c5aZtdWuslqiauklzcR49+0gQx4NISdjATo/PSx1D2GoX
/tQCp9MzAeamFDwGSfkTMLF94TMJ3FOuNg6vHmzxm0tl607OTU2t1lAlVaxVYH67
+SOljHIr/DEYNB3KOtchCKypEtXpNlwE15EHlZ4xBwudHSgf0yjt7RuTmP8cn4AE
gJfXnocDXy5DFW2s4MjUtEEIW7dI5bk1MgRwvVbeZvyfF57H9lDI0vYmUi8Q
-----END CERTIFICATE-----