Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/3qqdfy_UnFdVQlDpIxR1zw9DOmI.roa
File:                     3qqdfy_UnFdVQlDpIxR1zw9DOmI.roa (raw, json)
Hash identifier:          JXo5pmi2bOioFRZlNCJNAYMl2NAvXPqzIcF0g4BSru0=
Subject key identifier:   DE:AA:9D:7F:2F:D4:9C:57:55:42:50:E9:23:14:75:CF:0F:43:3A:62
Certificate issuer:       /CN=e4c86da3f483246518d368034bc86113906a55a3
Certificate serial:       019C1A619BAE3F2B7866BD73AC3DEE86D3BF
Authority key identifier: E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/3qqdfy_UnFdVQlDpIxR1zw9DOmI.roa
Signing time:             Sun 01 Feb 2026 18:05:30 +0000
ROA not before:           Sun 01 Feb 2026 18:05:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29512
IP address blocks:        79.110.8.0/21 maxlen: 21
                          195.140.236.0/22 maxlen: 24
                          2a00:fbc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:16:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:1a:61:9b:ae:3f:2b:78:66:bd:73:ac:3d:ee:86:d3:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4c86da3f483246518d368034bc86113906a55a3
        Validity
            Not Before: Feb  1 18:05:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=deaa9d7f2fd49c57554250e9231475cf0f433a62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b4:ed:e2:1f:57:8b:cf:43:fd:aa:78:19:60:
                    71:7b:16:ec:3c:c5:6a:09:fe:e8:f3:3f:16:6b:b6:
                    0e:b0:fa:fa:11:d5:47:43:18:85:45:34:4c:ca:71:
                    95:0e:30:6d:c8:f5:3f:bf:98:8a:41:0c:f2:d4:38:
                    19:17:cd:60:72:76:10:d0:5f:85:7a:5d:bb:26:e8:
                    d5:c7:54:42:f3:e1:f0:85:ce:ad:4c:22:4c:93:5a:
                    d9:26:4b:00:30:16:fb:4a:f4:51:c3:ed:ec:68:84:
                    5b:33:bf:49:f1:dc:56:f3:d9:18:4d:e9:8d:3d:86:
                    c9:e4:c4:04:0c:3e:b1:32:10:32:9f:6a:1f:26:a6:
                    26:41:7b:bb:32:c3:9e:86:a1:dd:f5:ca:ed:1f:1d:
                    d3:98:60:d9:39:5b:1a:dd:84:98:62:5b:d8:90:bb:
                    f9:6a:90:42:76:0d:d5:1a:9b:5b:e9:5e:3e:dd:a8:
                    77:51:b7:69:11:b9:33:67:f5:08:81:f7:4a:b6:f7:
                    fe:fd:57:3e:c3:43:b1:10:8c:59:78:a1:9d:b2:e9:
                    8f:16:20:c7:9a:37:72:70:5c:ce:a7:5c:be:38:7e:
                    f8:9c:18:05:1c:ac:3a:65:25:9d:1c:af:ad:d0:db:
                    71:e7:f5:55:a4:c0:02:9a:f8:2b:67:47:f5:94:60:
                    2c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:AA:9D:7F:2F:D4:9C:57:55:42:50:E9:23:14:75:CF:0F:43:3A:62
            X509v3 Authority Key Identifier:
                keyid:E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/3qqdfy_UnFdVQlDpIxR1zw9DOmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.8.0/21
                  195.140.236.0/22
                IPv6:
                  2a00:fbc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b7:7b:2f:02:ce:58:f9:47:9a:2a:6e:1c:f5:10:34:eb:d5:f5:
         c5:4f:44:b0:ed:54:87:29:ce:58:01:66:c5:09:98:57:9b:0a:
         88:e2:fd:4e:66:e1:03:46:0b:04:97:c0:48:de:ac:5a:b6:e2:
         b7:56:94:6e:7d:7b:ba:9c:ec:03:fd:c1:03:81:dc:14:ba:41:
         2c:46:59:44:68:19:4d:26:b7:63:c4:06:98:c7:54:e2:34:e6:
         af:93:2e:c9:01:6a:7c:98:bb:ae:e9:b0:97:78:41:f5:e7:82:
         e5:d2:b4:66:0d:a9:49:43:f8:5c:05:2b:ae:83:ee:3b:ae:48:
         e5:a3:78:49:c0:b5:e1:09:81:87:b4:67:1d:d2:44:02:42:be:
         b6:dd:df:ff:15:8f:0b:c9:f8:a0:01:f2:cb:8d:61:2c:0c:e0:
         42:1c:7d:f5:f4:eb:ac:b4:df:f9:42:c7:11:96:08:9d:9d:80:
         31:f1:b4:d0:68:26:09:a4:1e:e1:31:97:4a:68:d6:cd:ea:7f:
         ac:1d:3b:3e:32:7b:41:c1:c9:85:2f:d6:bb:63:b1:bb:28:f1:
         12:3e:10:44:b2:03:ce:76:57:25:b4:40:99:bb:41:b3:e3:42:
         85:a8:5b:14:87:70:77:de:ee:2e:0f:17:dd:21:0f:de:6c:b9:
         b8:3f:d9:cf
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZwaYZuuPyt4Zr1zrD3uhtO/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Yzg2ZGEzZjQ4MzI0NjUxOGQzNjgwMzRiYzg2MTEzOTA2
YTU1YTMwHhcNMjYwMjAxMTgwNTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWFhOWQ3ZjJmZDQ5YzU3NTU0MjUwZTkyMzE0NzVjZjBmNDMzYTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrTt4h9Xi89D/ap4GWBxexbsPMVq
Cf7o8z8Wa7YOsPr6EdVHQxiFRTRMynGVDjBtyPU/v5iKQQzy1DgZF81gcnYQ0F+F
el27JujVx1RC8+Hwhc6tTCJMk1rZJksAMBb7SvRRw+3saIRbM79J8dxW89kYTemN
PYbJ5MQEDD6xMhAyn2ofJqYmQXu7MsOehqHd9crtHx3TmGDZOVsa3YSYYlvYkLv5
apBCdg3VGptb6V4+3ah3UbdpEbkzZ/UIgfdKtvf+/Vc+w0OxEIxZeKGdsumPFiDH
mjdycFzOp1y+OH74nBgFHKw6ZSWdHK+t0Ntx5/VVpMACmvgrZ0f1lGAsPQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFN6qnX8v1JxXVUJQ6SMUdc8PQzpiMB8GA1UdIwQY
MBaAFOTIbaP0gyRlGNNoA0vIYROQalWjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTct
YzUxMWEzZTkxMmI2LzEvM3FxZGZ5X1VuRmRWUWxEcEl4UjF6dzlET21JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTctYzUxMWEzZTkxMmI2
LzEvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDT24IAwQC
w4zsMA0EAgACMAcDBQMqAPvAMA0GCSqGSIb3DQEBCwUAA4IBAQC3ey8Czlj5R5oq
bhz1EDTr1fXFT0Sw7VSHKc5YAWbFCZhXmwqI4v1OZuEDRgsEl8BI3qxatuK3VpRu
fXu6nOwD/cEDgdwUukEsRllEaBlNJrdjxAaYx1TiNOavky7JAWp8mLuu6bCXeEH1
54Ll0rRmDalJQ/hcBSuug+47rkjlo3hJwLXhCYGHtGcd0kQCQr623d//FY8Lyfig
AfLLjWEsDOBCHH319OustN/5QscRlgidnYAx8bTQaCYJpB7hMZdKaNbN6n+sHTs+
MntBwcmFL9a7Y7G7KPESPhBEsgPOdlcltECZu0Gz40KFqFsUh3B33u4uDxfdIQ/e
bLm4P9nP
-----END CERTIFICATE-----