Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/pUQRSDfWqJEoJFfVuZVUVOmlYsk.roa
File:                     pUQRSDfWqJEoJFfVuZVUVOmlYsk.roa (raw, json)
Hash identifier:          9jvQHXY6BnSchwKk/mPiFTBcmMYYo7JbR6ZjMBc/ZDo=
Subject key identifier:   A5:44:11:48:37:D6:A8:91:28:24:57:D5:B9:95:54:54:E9:A5:62:C9
Certificate issuer:       /CN=de7c82b2276cbdf130ccad046b65feab2c27ed49
Certificate serial:       019B77C7552F461BE1CE88A086F3DBD7795A
Authority key identifier: DE:7C:82:B2:27:6C:BD:F1:30:CC:AD:04:6B:65:FE:AB:2C:27:ED:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3nyCsidsvfEwzK0Ea2X-qywn7Uk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/pUQRSDfWqJEoJFfVuZVUVOmlYsk.roa
Signing time:             Thu 01 Jan 2026 04:18:30 +0000
ROA not before:           Thu 01 Jan 2026 04:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41195
IP address blocks:        176.118.186.0/23 maxlen: 24
                          2a0d:ca47::/47 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/3nyCsidsvfEwzK0Ea2X-qywn7Uk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/3nyCsidsvfEwzK0Ea2X-qywn7Uk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3nyCsidsvfEwzK0Ea2X-qywn7Uk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 04:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:55:2f:46:1b:e1:ce:88:a0:86:f3:db:d7:79:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de7c82b2276cbdf130ccad046b65feab2c27ed49
        Validity
            Not Before: Jan  1 04:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a544114837d6a891282457d5b9955454e9a562c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:56:92:66:1c:3d:97:cd:34:ce:c8:31:d1:e1:
                    4d:b1:a0:b5:18:8e:ee:41:4c:c2:90:d2:96:4d:fc:
                    69:a0:06:97:bc:0c:4f:21:e0:0f:bc:74:0b:c8:d0:
                    c6:99:5a:f7:43:68:c6:41:d9:ff:6e:61:d6:72:36:
                    cf:de:60:11:aa:22:fb:71:ba:35:f6:e6:c0:8e:31:
                    67:99:93:42:83:32:94:b6:95:83:00:d9:f9:20:35:
                    a1:74:ca:8d:6d:f0:a6:21:39:6f:e3:78:cc:1f:44:
                    f6:79:2a:b5:b3:b3:3c:77:1a:6f:5b:a3:a6:98:8c:
                    cf:96:e3:82:12:e9:6f:c5:00:05:82:f7:46:f0:76:
                    39:6d:eb:dc:9d:88:07:04:27:4d:bf:e7:92:74:af:
                    1d:ef:7e:b8:74:b8:57:6c:c9:29:9c:0a:0b:85:ec:
                    f3:28:dc:60:76:89:c0:7c:0c:43:de:36:03:42:81:
                    7f:46:a0:ca:44:f5:99:fa:f5:e2:3c:54:de:b9:01:
                    b1:2e:4b:2a:fa:62:c8:c7:ea:27:85:07:44:d1:b1:
                    c0:76:94:2b:68:f1:ef:65:34:74:11:8a:16:cb:cc:
                    77:0c:93:ab:46:33:56:3d:86:11:bf:b4:04:ab:12:
                    92:f3:8f:86:ad:c6:e3:de:c9:37:ad:68:a8:a9:85:
                    1e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:44:11:48:37:D6:A8:91:28:24:57:D5:B9:95:54:54:E9:A5:62:C9
            X509v3 Authority Key Identifier:
                keyid:DE:7C:82:B2:27:6C:BD:F1:30:CC:AD:04:6B:65:FE:AB:2C:27:ED:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3nyCsidsvfEwzK0Ea2X-qywn7Uk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/pUQRSDfWqJEoJFfVuZVUVOmlYsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/3nyCsidsvfEwzK0Ea2X-qywn7Uk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.118.186.0/23
                IPv6:
                  2a0d:ca47::/47

    Signature Algorithm: sha256WithRSAEncryption
         8a:47:c5:e0:b4:34:c9:c7:43:0e:30:84:c9:0f:99:20:24:09:
         35:fc:2b:4a:f8:a4:26:09:62:07:52:34:63:f3:13:2c:2e:8e:
         8c:c0:d9:27:16:b8:64:c2:85:5b:25:60:38:9c:28:63:81:9c:
         22:ac:f9:21:50:3f:03:d2:a0:ed:88:11:89:36:60:a9:ed:52:
         8c:9c:96:29:1b:25:3e:c7:27:c0:f8:80:05:dc:57:bc:f2:60:
         9b:84:74:c4:cf:77:50:f9:97:d9:68:bc:fd:71:b4:5f:b7:e4:
         b9:7a:8c:32:08:06:6e:e9:df:b9:41:49:44:2f:8e:95:a2:ae:
         f3:2d:b8:04:26:00:4b:59:47:a0:4b:2a:0a:a9:6f:54:51:ca:
         0a:96:4e:26:87:ce:a3:60:5c:f1:9c:c7:0f:11:28:e9:19:8b:
         86:a5:0e:ef:0d:8a:65:2f:71:6d:ba:19:e7:ab:7a:20:18:0c:
         00:72:5d:fa:6a:b9:ab:62:be:97:01:4b:57:2d:a2:2e:70:d6:
         09:ae:1e:fd:24:4d:b7:eb:fc:5a:fb:75:92:7e:06:1e:ec:4d:
         e6:f2:ab:08:47:9b:3e:b3:2d:5e:d9:d8:ab:64:10:c4:de:60:
         fb:32:85:6e:92:69:b7:07:33:31:35:b3:ae:ac:08:49:2b:2b:
         6a:ea:19:71
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt3x1UvRhvhzoighvPb13laMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlN2M4MmIyMjc2Y2JkZjEzMGNjYWQwNDZiNjVmZWFiMmMy
N2VkNDkwHhcNMjYwMTAxMDQxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTQ0MTE0ODM3ZDZhODkxMjgyNDU3ZDViOTk1NTQ1NGU5YTU2MmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1aSZhw9l800zsgx0eFNsaC1GI7u
QUzCkNKWTfxpoAaXvAxPIeAPvHQLyNDGmVr3Q2jGQdn/bmHWcjbP3mARqiL7cbo1
9ubAjjFnmZNCgzKUtpWDANn5IDWhdMqNbfCmITlv43jMH0T2eSq1s7M8dxpvW6Om
mIzPluOCEulvxQAFgvdG8HY5bevcnYgHBCdNv+eSdK8d7364dLhXbMkpnAoLhezz
KNxgdonAfAxD3jYDQoF/RqDKRPWZ+vXiPFTeuQGxLksq+mLIx+onhQdE0bHAdpQr
aPHvZTR0EYoWy8x3DJOrRjNWPYYRv7QEqxKS84+Grcbj3sk3rWioqYUeJwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKVEEUg31qiRKCRX1bmVVFTppWLJMB8GA1UdIwQY
MBaAFN58grInbL3xMMytBGtl/qssJ+1JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM255Q3NpZHN2ZkV3ekswRWEyWC1xeXduN1VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi82ZmE1ZGYtZmI5Zi00YWU1LWJhODkt
N2ZhZjdjMWRlN2IwLzEvcFVRUlNEZldxSkVvSkZmVnVaVlVWT21sWXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi82ZmE1ZGYtZmI5Zi00YWU1LWJhODktN2ZhZjdjMWRlN2Iw
LzEvM255Q3NpZHN2ZkV3ekswRWEyWC1xeXduN1VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBsHa6MA8E
AgACMAkDBwEqDcpHAAAwDQYJKoZIhvcNAQELBQADggEBAIpHxeC0NMnHQw4whMkP
mSAkCTX8K0r4pCYJYgdSNGPzEywujozA2ScWuGTChVslYDicKGOBnCKs+SFQPwPS
oO2IEYk2YKntUoyclikbJT7HJ8D4gAXcV7zyYJuEdMTPd1D5l9lovP1xtF+35Ll6
jDIIBm7p37lBSUQvjpWirvMtuAQmAEtZR6BLKgqpb1RRygqWTiaHzqNgXPGcxw8R
KOkZi4alDu8NimUvcW26GeereiAYDAByXfpquativpcBS1ctoi5w1gmuHv0kTbfr
/Fr7dZJ+Bh7sTebyqwhHmz6zLV7Z2KtkEMTeYPsyhW6SabcHMzE1s66sCEkrK2rq
GXE=
-----END CERTIFICATE-----