Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/SQvNoFC8mFg4IUMQKBfVp8NnnFg.roa
File:                     SQvNoFC8mFg4IUMQKBfVp8NnnFg.roa (raw, json)
Hash identifier:          mzz3e9Y3hMvRecd47TF+bM6eQvbkg5bJu6xf2RyQZp4=
Subject key identifier:   49:0B:CD:A0:50:BC:98:58:38:21:43:10:28:17:D5:A7:C3:67:9C:58
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       019D7D81518921E3796ABFB36241D09AE54A
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/SQvNoFC8mFg4IUMQKBfVp8NnnFg.roa
Signing time:             Sat 11 Apr 2026 17:05:20 +0000
ROA not before:           Sat 11 Apr 2026 17:05:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206134
IP address blocks:        2a01:ecc0:3000::/36 maxlen: 36
                          2a01:ecc0:5000::/36 maxlen: 36
                          2a01:ecc0:7000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:7d:81:51:89:21:e3:79:6a:bf:b3:62:41:d0:9a:e5:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: Apr 11 17:05:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=490bcda050bc9858382143102817d5a7c3679c58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:a3:ad:55:8a:fc:11:f9:a8:b4:e7:49:d4:7b:
                    98:85:b5:8b:b6:e8:05:01:1d:c0:02:24:15:b9:98:
                    88:15:cd:63:53:48:06:aa:22:ca:f5:b9:4f:14:79:
                    bd:9e:9d:6d:b2:95:cb:9a:9d:2c:2d:7d:35:a0:d4:
                    6b:26:bf:4a:8a:2a:c9:ff:91:25:2d:53:fb:a3:f1:
                    f0:0e:75:53:78:93:f8:f7:16:bf:f6:68:3f:d0:54:
                    df:06:aa:fd:bf:ad:58:01:f9:31:bf:47:a8:40:98:
                    ca:0a:ac:8f:20:c1:f4:b0:e6:49:34:86:44:a4:7e:
                    33:e8:28:d5:18:fc:d6:8a:25:55:d9:d5:11:4a:cd:
                    40:b0:cf:de:f2:cf:27:bb:7f:93:ae:b4:ae:3a:dd:
                    cf:b7:26:36:5f:21:4a:b3:0b:ea:19:22:f0:dc:e8:
                    0f:fd:90:f2:0f:b8:a7:9e:6c:ad:6f:3b:2f:d2:34:
                    ef:5e:3e:22:6b:d9:9d:d9:29:92:66:e3:63:c0:95:
                    4b:99:11:32:ca:9b:a7:4f:0c:d7:76:b5:ea:da:ea:
                    03:6e:2f:3d:13:8f:9e:df:9a:e4:62:c7:66:0b:5b:
                    27:88:29:09:e3:29:d4:ce:e6:30:0b:65:2a:2e:d3:
                    50:d7:89:99:12:ff:ee:d7:cf:97:ef:ac:17:e2:85:
                    1b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:0B:CD:A0:50:BC:98:58:38:21:43:10:28:17:D5:A7:C3:67:9C:58
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/SQvNoFC8mFg4IUMQKBfVp8NnnFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc0:3000::/36
                  2a01:ecc0:5000::/36
                  2a01:ecc0:7000::/36

    Signature Algorithm: sha256WithRSAEncryption
         8a:d6:75:32:13:9e:ff:4a:2b:f8:5a:35:36:74:fa:23:7e:4a:
         b7:b4:1a:d7:70:fc:bc:53:2d:e8:f8:dd:e2:e6:5e:de:21:29:
         59:15:ec:8c:51:6c:e0:dc:6e:92:1a:2d:c7:6e:4d:f9:af:fb:
         fb:7b:99:14:7c:4e:ff:e8:a5:d9:7c:e3:75:58:81:c8:95:81:
         7a:da:e3:1c:42:be:62:4e:03:a0:29:65:59:0a:5e:9d:3b:a0:
         58:5f:d4:ed:b0:31:50:d2:de:37:2e:dc:cd:35:cb:c3:61:98:
         c7:28:78:27:83:9c:87:2f:43:6d:55:81:bd:ae:a9:d6:bb:e8:
         a0:ac:70:3a:a7:05:2f:61:6d:d3:bb:ef:ce:36:4a:db:66:c3:
         36:63:d1:0e:6f:f2:70:9b:9f:e3:7e:92:07:e1:a9:15:03:c5:
         55:65:6e:f1:ab:15:42:2c:7b:25:2a:76:f9:f1:2b:9e:1f:c6:
         56:80:92:32:b4:17:27:42:a1:14:4d:cf:0d:4d:c3:7c:61:1a:
         75:b7:b2:1c:cb:34:6c:9b:9a:af:2a:c6:c0:bb:4b:3f:2f:65:
         50:47:54:60:da:90:c5:8b:99:13:6b:e8:82:0c:ea:9f:37:8b:
         64:94:8d:2d:64:a7:81:c5:67:29:80:8c:54:e9:54:ec:c8:17:
         2b:cf:2b:ba
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZ19gVGJIeN5ar+zYkHQmuVKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjYwNDExMTcwNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTBiY2RhMDUwYmM5ODU4MzgyMTQzMTAyODE3ZDVhN2MzNjc5YzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnqOtVYr8EfmotOdJ1HuYhbWLtugF
AR3AAiQVuZiIFc1jU0gGqiLK9blPFHm9np1tspXLmp0sLX01oNRrJr9KiirJ/5El
LVP7o/HwDnVTeJP49xa/9mg/0FTfBqr9v61YAfkxv0eoQJjKCqyPIMH0sOZJNIZE
pH4z6CjVGPzWiiVV2dURSs1AsM/e8s8nu3+TrrSuOt3PtyY2XyFKswvqGSLw3OgP
/ZDyD7innmytbzsv0jTvXj4ia9md2SmSZuNjwJVLmREyypunTwzXdrXq2uoDbi89
E4+e35rkYsdmC1sniCkJ4ynUzuYwC2UqLtNQ14mZEv/u18+X76wX4oUbUwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEkLzaBQvJhYOCFDECgX1afDZ5xYMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvU1F2Tm9GQzhtRmc0SVVNUUtCZlZwOE5ubkZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAAjAYAwYEKgHswDAD
BgQqAezAUAMGBCoB7MBwMA0GCSqGSIb3DQEBCwUAA4IBAQCK1nUyE57/Siv4WjU2
dPojfkq3tBrXcPy8Uy3o+N3i5l7eISlZFeyMUWzg3G6SGi3Hbk35r/v7e5kUfE7/
6KXZfON1WIHIlYF62uMcQr5iTgOgKWVZCl6dO6BYX9TtsDFQ0t43LtzNNcvDYZjH
KHgng5yHL0NtVYG9rqnWu+igrHA6pwUvYW3Tu+/ONkrbZsM2Y9EOb/Jwm5/jfpIH
4akVA8VVZW7xqxVCLHslKnb58SueH8ZWgJIytBcnQqEUTc8NTcN8YRp1t7IcyzRs
m5qvKsbAu0s/L2VQR1Rg2pDFi5kTa+iCDOqfN4tklI0tZKeBxWcpgIxU6VTsyBcr
zyu6
-----END CERTIFICATE-----