Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/9e47e9-3281-4d17-a6bc-e2a7fb848318/1/QORmhi_9epbeW9LCcd6n0EGtUY8.roa
File:                     QORmhi_9epbeW9LCcd6n0EGtUY8.roa (raw, json)
Hash identifier:          yh8fGZBqg446G7IvQWeFZ53Dmb/4eGEcmhE71J/WqVg=
Subject key identifier:   40:E4:66:86:2F:FD:7A:96:DE:5B:D2:C2:71:DE:A7:D0:41:AD:51:8F
Certificate issuer:       /CN=74b4cd3edf521df8ec0a151111272d3fb91b99c3
Certificate serial:       019C8A980EDFFF7521D2EA63169AB6F98D4F
Authority key identifier: 74:B4:CD:3E:DF:52:1D:F8:EC:0A:15:11:11:27:2D:3F:B9:1B:99:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dLTNPt9SHfjsChURESctP7kbmcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/9e47e9-3281-4d17-a6bc-e2a7fb848318/1/QORmhi_9epbeW9LCcd6n0EGtUY8.roa
Signing time:             Mon 23 Feb 2026 13:02:26 +0000
ROA not before:           Mon 23 Feb 2026 13:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214171
IP address blocks:        45.144.16.0/24 maxlen: 24
                          45.144.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/9e47e9-3281-4d17-a6bc-e2a7fb848318/1/dLTNPt9SHfjsChURESctP7kbmcM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/9e47e9-3281-4d17-a6bc-e2a7fb848318/1/dLTNPt9SHfjsChURESctP7kbmcM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dLTNPt9SHfjsChURESctP7kbmcM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8a:98:0e:df:ff:75:21:d2:ea:63:16:9a:b6:f9:8d:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74b4cd3edf521df8ec0a151111272d3fb91b99c3
        Validity
            Not Before: Feb 23 13:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=40e466862ffd7a96de5bd2c271dea7d041ad518f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:dc:8c:cb:77:3e:9b:9a:e1:60:81:ad:53:3c:
                    9d:5a:cb:86:86:23:c8:a8:c7:be:f7:9e:69:37:e8:
                    13:df:a7:a2:f6:9e:c5:f0:97:e1:71:54:7a:da:e3:
                    66:c2:b1:3d:b7:ab:7f:20:13:42:66:71:3f:13:c6:
                    e2:f5:de:7c:47:80:15:6c:a7:7b:a2:a5:57:ef:03:
                    56:4e:45:a3:a6:07:f9:01:53:c3:77:21:12:90:54:
                    34:e7:5b:2a:80:30:0c:30:16:02:06:e4:4a:dd:5a:
                    8a:b8:7c:02:9c:86:2a:5a:57:7f:f0:9d:19:e4:69:
                    70:7d:6c:97:54:98:55:4f:ef:a5:c9:e4:3c:cf:84:
                    a6:23:2b:6c:ae:9e:c0:e2:2d:e6:63:bc:4e:6a:fc:
                    6b:ba:06:17:15:f3:84:b2:9d:93:1d:a8:d0:5d:d2:
                    ee:b5:db:93:e9:81:e2:8f:2f:36:de:f8:83:ac:a9:
                    4e:06:99:a3:ab:8a:18:d8:6c:d6:7a:23:50:6f:f9:
                    e2:64:76:7c:15:41:e0:5e:c9:e9:8d:07:ad:b2:a2:
                    ec:7a:71:ac:1d:0d:7b:ee:6d:64:e7:3e:79:e6:4d:
                    64:32:9e:95:60:7c:07:7a:fe:34:b9:3b:05:b5:8c:
                    03:4d:b7:ac:ec:10:61:dd:8e:1c:b2:79:0f:db:11:
                    af:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:E4:66:86:2F:FD:7A:96:DE:5B:D2:C2:71:DE:A7:D0:41:AD:51:8F
            X509v3 Authority Key Identifier:
                keyid:74:B4:CD:3E:DF:52:1D:F8:EC:0A:15:11:11:27:2D:3F:B9:1B:99:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dLTNPt9SHfjsChURESctP7kbmcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/9e47e9-3281-4d17-a6bc-e2a7fb848318/1/QORmhi_9epbeW9LCcd6n0EGtUY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/9e47e9-3281-4d17-a6bc-e2a7fb848318/1/dLTNPt9SHfjsChURESctP7kbmcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.16.0/24
                  45.144.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:47:ab:c7:e2:2e:be:b2:5f:74:5d:eb:5f:f1:d8:64:4b:0c:
         7d:d3:42:8d:a4:89:61:fe:44:22:f0:94:85:7a:96:5e:ec:9d:
         a4:7c:68:c8:c5:3e:62:31:8e:87:4e:94:f6:6e:92:07:94:9b:
         af:fb:f7:33:a7:82:9d:1b:ea:36:93:0b:79:5b:46:a9:8b:87:
         d1:6c:a3:19:de:66:19:38:2d:a9:0e:e6:0d:10:5c:dc:c7:b1:
         1d:0f:68:d9:f1:62:c4:20:48:62:75:39:28:53:33:b6:7d:50:
         cf:ff:30:a2:28:0f:e3:99:41:23:53:8d:c9:d8:ac:07:69:bb:
         e4:bb:e2:2d:a6:d9:e1:79:82:c4:40:c2:b3:39:40:9b:5c:63:
         f4:ef:f1:81:93:09:da:47:4e:a7:d3:da:85:45:25:6d:05:9e:
         a8:d3:a8:00:8b:5b:bd:5b:1f:41:31:31:32:91:c2:33:cd:8d:
         20:25:23:ef:e8:f2:ae:89:82:65:11:12:7a:03:bc:2a:fd:37:
         c1:17:9b:fc:8a:54:af:87:c6:59:e3:63:dc:48:84:15:32:b3:
         f3:aa:36:66:2c:19:61:6d:d1:00:d8:5d:39:7f:9b:bc:2a:27:
         31:58:cc:82:66:69:f1:5d:e4:23:fe:8c:e1:cb:13:64:be:33:
         e5:07:fb:d4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyKmA7f/3Uh0upjFpq2+Y1PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YjRjZDNlZGY1MjFkZjhlYzBhMTUxMTExMjcyZDNmYjkx
Yjk5YzMwHhcNMjYwMjIzMTMwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGU0NjY4NjJmZmQ3YTk2ZGU1YmQyYzI3MWRlYTdkMDQxYWQ1MThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdyMy3c+m5rhYIGtUzydWsuGhiPI
qMe+955pN+gT36ei9p7F8JfhcVR62uNmwrE9t6t/IBNCZnE/E8bi9d58R4AVbKd7
oqVX7wNWTkWjpgf5AVPDdyESkFQ051sqgDAMMBYCBuRK3VqKuHwCnIYqWld/8J0Z
5GlwfWyXVJhVT++lyeQ8z4SmIytsrp7A4i3mY7xOavxrugYXFfOEsp2THajQXdLu
tduT6YHijy823viDrKlOBpmjq4oY2GzWeiNQb/niZHZ8FUHgXsnpjQetsqLsenGs
HQ177m1k5z555k1kMp6VYHwHev40uTsFtYwDTbes7BBh3Y4csnkP2xGvbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEDkZoYv/XqW3lvSwnHep9BBrVGPMB8GA1UdIwQY
MBaAFHS0zT7fUh347AoVEREnLT+5G5nDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZExUTlB0OVNIZmpzQ2hVUkVTY3RQN2tibWNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS85ZTQ3ZTktMzI4MS00ZDE3LWE2YmMt
ZTJhN2ZiODQ4MzE4LzEvUU9SbWhpXzllcGJlVzlMQ2NkNm4wRUd0VVk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS85ZTQ3ZTktMzI4MS00ZDE3LWE2YmMtZTJhN2ZiODQ4MzE4
LzEvZExUTlB0OVNIZmpzQ2hVUkVTY3RQN2tibWNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZAQAwQA
LZATMA0GCSqGSIb3DQEBCwUAA4IBAQCwR6vH4i6+sl90Xetf8dhkSwx900KNpIlh
/kQi8JSFepZe7J2kfGjIxT5iMY6HTpT2bpIHlJuv+/czp4KdG+o2kwt5W0api4fR
bKMZ3mYZOC2pDuYNEFzcx7EdD2jZ8WLEIEhidTkoUzO2fVDP/zCiKA/jmUEjU43J
2KwHabvku+ItptnheYLEQMKzOUCbXGP07/GBkwnaR06n09qFRSVtBZ6o06gAi1u9
Wx9BMTEykcIzzY0gJSPv6PKuiYJlERJ6A7wq/TfBF5v8ilSvh8ZZ42PcSIQVMrPz
qjZmLBlhbdEA2F05f5u8KicxWMyCZmnxXeQj/ozhyxNkvjPlB/vU
-----END CERTIFICATE-----