Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/QBxAHeVP1SUKuf9dkloadR0SVa0.roa
File:                     QBxAHeVP1SUKuf9dkloadR0SVa0.roa (raw, json)
Hash identifier:          pQVW66pL369D8L52LKDJhHLpMXywS7qO0j/DyJl5GfU=
Subject key identifier:   40:1C:40:1D:E5:4F:D5:25:0A:B9:FF:5D:92:5A:1A:75:1D:12:55:AD
Certificate issuer:       /CN=c2d21e804ab7713ad7877dde603aa7824b31983c
Certificate serial:       019D440BE3C11B5744FFC7166EDE1624ABFC
Authority key identifier: C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/QBxAHeVP1SUKuf9dkloadR0SVa0.roa
Signing time:             Tue 31 Mar 2026 13:18:42 +0000
ROA not before:           Tue 31 Mar 2026 13:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     268624
IP address blocks:        195.182.200.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:44:0b:e3:c1:1b:57:44:ff:c7:16:6e:de:16:24:ab:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d21e804ab7713ad7877dde603aa7824b31983c
        Validity
            Not Before: Mar 31 13:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=401c401de54fd5250ab9ff5d925a1a751d1255ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:fe:0a:ab:55:7d:7c:20:27:5c:e2:e4:6f:e3:
                    1c:e0:6e:0f:ed:f1:b2:d8:ef:8f:11:3e:ec:60:48:
                    e5:11:6d:2a:03:47:7d:9b:4f:23:a7:d8:5c:9c:81:
                    e7:14:45:a5:3f:0b:41:15:65:c7:33:5d:aa:4a:08:
                    28:1b:38:e7:5b:92:cc:4f:60:37:92:2b:03:17:d4:
                    76:6f:55:fa:70:04:d6:f8:2f:eb:e0:98:50:c1:bc:
                    ad:b3:a3:59:fe:97:f5:a4:2e:c1:81:a0:16:7f:f5:
                    15:06:44:4b:14:30:73:7d:bc:6f:3d:50:8c:75:16:
                    6d:93:62:7f:f5:6f:16:6f:8a:5c:bc:3c:ec:04:f7:
                    48:10:fd:6d:b9:55:32:81:ea:eb:4e:a6:04:fe:59:
                    e1:14:96:c9:89:32:4c:da:64:98:57:26:71:8c:de:
                    b8:f6:07:ee:2f:ef:3d:69:80:ed:74:31:36:d7:c2:
                    dc:e8:86:d5:2f:a7:95:d4:de:43:d7:b2:3b:c7:73:
                    fb:f0:49:b4:55:57:03:a9:9d:05:60:cb:75:3d:5f:
                    9f:62:12:c6:b6:3a:09:51:09:a6:85:17:c4:ce:d6:
                    6c:01:35:06:0c:83:32:4c:c4:c2:64:65:bc:e7:f7:
                    de:d1:52:37:3e:5b:15:91:ab:df:3c:23:c0:c3:f6:
                    7b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:1C:40:1D:E5:4F:D5:25:0A:B9:FF:5D:92:5A:1A:75:1D:12:55:AD
            X509v3 Authority Key Identifier:
                keyid:C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/QBxAHeVP1SUKuf9dkloadR0SVa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:89:c5:2b:b3:35:ad:3a:4f:de:15:b6:48:d2:09:8e:20:24:
         4e:a1:4b:33:80:c8:a5:19:37:15:c6:01:d9:1e:f7:4d:91:ea:
         9e:08:5c:51:31:04:37:18:a9:cf:d8:95:07:ee:ad:1a:12:40:
         ae:67:52:8f:7d:39:fc:44:fb:55:61:e4:09:70:7e:dc:36:cd:
         c3:e5:c4:e9:f1:e0:d9:4e:ea:a9:75:d6:9e:be:c1:11:56:7e:
         47:5c:06:2b:dc:5b:1e:4b:99:65:79:aa:1b:f9:68:8c:16:26:
         48:ab:f4:14:34:6a:09:4b:d8:93:79:83:ea:14:3c:27:1b:43:
         3e:44:bd:7e:9d:a4:7f:74:90:db:e8:8b:e4:94:0f:cc:55:c3:
         a6:e4:e2:9f:11:7b:d3:01:46:d0:f8:1b:7d:21:3d:44:8b:9b:
         26:ba:40:83:9a:c6:88:76:82:83:c3:70:ae:b4:df:14:cd:03:
         c0:61:49:fc:a7:3a:c3:96:db:90:eb:da:a0:a0:c7:fd:65:b3:
         86:40:05:b0:7a:01:e7:b2:09:ef:cb:47:b3:14:3f:85:98:91:
         f2:82:ac:02:18:db:03:6e:62:44:82:92:18:26:f9:40:84:00:
         79:14:62:00:c7:b0:c9:cc:c0:ed:23:01:59:56:3f:7c:2f:04:
         55:7c:f3:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1EC+PBG1dE/8cWbt4WJKv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDIxZTgwNGFiNzcxM2FkNzg3N2RkZTYwM2FhNzgyNGIz
MTk4M2MwHhcNMjYwMzMxMTMxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDFjNDAxZGU1NGZkNTI1MGFiOWZmNWQ5MjVhMWE3NTFkMTI1NWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3v4Kq1V9fCAnXOLkb+Mc4G4P7fGy
2O+PET7sYEjlEW0qA0d9m08jp9hcnIHnFEWlPwtBFWXHM12qSggoGzjnW5LMT2A3
kisDF9R2b1X6cATW+C/r4JhQwbyts6NZ/pf1pC7BgaAWf/UVBkRLFDBzfbxvPVCM
dRZtk2J/9W8Wb4pcvDzsBPdIEP1tuVUygerrTqYE/lnhFJbJiTJM2mSYVyZxjN64
9gfuL+89aYDtdDE218Lc6IbVL6eV1N5D17I7x3P78Em0VVcDqZ0FYMt1PV+fYhLG
tjoJUQmmhRfEztZsATUGDIMyTMTCZGW85/fe0VI3PlsVkavfPCPAw/Z7QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAcQB3lT9UlCrn/XZJaGnUdElWtMB8GA1UdIwQY
MBaAFMLSHoBKt3E614d93mA6p4JLMZg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYt
NTlhZTA5ZWRiZWI5LzEvUUJ4QUhlVlAxU1VLdWY5ZGtsb2FkUjBTVmEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYtNTlhZTA5ZWRiZWI5
LzEvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7bIMA0G
CSqGSIb3DQEBCwUAA4IBAQCCicUrszWtOk/eFbZI0gmOICROoUszgMilGTcVxgHZ
HvdNkeqeCFxRMQQ3GKnP2JUH7q0aEkCuZ1KPfTn8RPtVYeQJcH7cNs3D5cTp8eDZ
TuqpddaevsERVn5HXAYr3FseS5lleaob+WiMFiZIq/QUNGoJS9iTeYPqFDwnG0M+
RL1+naR/dJDb6IvklA/MVcOm5OKfEXvTAUbQ+Bt9IT1Ei5smukCDmsaIdoKDw3Cu
tN8UzQPAYUn8pzrDltuQ69qgoMf9ZbOGQAWwegHnsgnvy0ezFD+FmJHygqwCGNsD
bmJEgpIYJvlAhAB5FGIAx7DJzMDtIwFZVj98LwRVfPMR
-----END CERTIFICATE-----