Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/xZQQ0CvgvGISAk0eT_rFmazBHWc.roa
File:                     xZQQ0CvgvGISAk0eT_rFmazBHWc.roa (raw, json)
Hash identifier:          2uo51y4FTldRjelw7bQ2s6OQpSKwuYg+UN+zR4NJjsw=
Subject key identifier:   C5:94:10:D0:2B:E0:BC:62:12:02:4D:1E:4F:FA:C5:99:AC:C1:1D:67
Certificate issuer:       /CN=1d0c7e7bb27c533a997d277cadd417ec7bd284f0
Certificate serial:       019E3C3352C4E17EE73240E687ABBE731EFE
Authority key identifier: 1D:0C:7E:7B:B2:7C:53:3A:99:7D:27:7C:AD:D4:17:EC:7B:D2:84:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQx-e7J8UzqZfSd8rdQX7HvShPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/xZQQ0CvgvGISAk0eT_rFmazBHWc.roa
Signing time:             Mon 18 May 2026 17:47:36 +0000
ROA not before:           Mon 18 May 2026 17:47:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34696
IP address blocks:        185.238.86.0/24 maxlen: 24
                          185.238.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/HQx-e7J8UzqZfSd8rdQX7HvShPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/HQx-e7J8UzqZfSd8rdQX7HvShPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HQx-e7J8UzqZfSd8rdQX7HvShPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 05:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3c:33:52:c4:e1:7e:e7:32:40:e6:87:ab:be:73:1e:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d0c7e7bb27c533a997d277cadd417ec7bd284f0
        Validity
            Not Before: May 18 17:47:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c59410d02be0bc6212024d1e4ffac599acc11d67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:5b:eb:83:99:00:31:9c:75:45:7c:fb:42:dd:
                    b0:c5:c5:0f:4a:8b:8e:43:f7:65:a6:16:e4:8f:0c:
                    1a:ce:59:f2:c7:2a:b7:fd:25:e5:c4:85:50:db:44:
                    75:ba:07:e7:b6:04:d9:9a:5b:03:da:9e:32:d9:3b:
                    16:97:b3:12:e7:8e:51:47:b3:52:61:ab:dd:92:39:
                    09:08:26:9b:c5:35:6a:a2:6b:05:72:2b:86:80:20:
                    09:0b:56:0d:b5:b6:21:03:3d:1d:65:d4:e7:01:a5:
                    73:a8:26:cc:60:aa:07:fe:fc:ca:6b:2c:9d:20:d8:
                    a9:8e:2d:9d:44:ab:3e:60:56:0d:55:61:f5:42:41:
                    72:fe:a4:7a:75:79:82:dd:b1:c6:69:2c:48:97:06:
                    13:0e:49:20:27:20:9c:40:3c:06:16:71:ab:7c:48:
                    a0:a9:a1:c6:9a:df:39:7a:39:28:a9:fe:2a:af:a1:
                    ef:1f:61:84:f3:bb:f5:79:b9:27:f5:c7:3c:ac:80:
                    df:fc:aa:ad:2c:91:af:c2:a3:df:de:37:dc:2c:1d:
                    0d:32:ee:5f:56:8e:85:4a:1a:a4:8d:7c:ba:51:3f:
                    e2:97:fe:13:bb:01:d5:ec:17:08:8b:23:59:5d:81:
                    21:c3:88:5b:1b:af:6d:19:66:72:27:3b:16:00:dd:
                    3c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:94:10:D0:2B:E0:BC:62:12:02:4D:1E:4F:FA:C5:99:AC:C1:1D:67
            X509v3 Authority Key Identifier:
                keyid:1D:0C:7E:7B:B2:7C:53:3A:99:7D:27:7C:AD:D4:17:EC:7B:D2:84:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQx-e7J8UzqZfSd8rdQX7HvShPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/xZQQ0CvgvGISAk0eT_rFmazBHWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/HQx-e7J8UzqZfSd8rdQX7HvShPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:e2:b8:75:c3:36:c6:dc:41:dd:df:3b:7c:eb:67:bd:f1:43:
         80:86:ad:88:af:9d:fd:19:4b:67:83:4f:1d:9a:c7:c1:c6:44:
         38:c1:11:2e:bd:f8:69:82:30:74:3a:39:69:fc:76:67:23:59:
         2e:c7:6c:85:a3:46:d1:57:c0:24:86:6c:b9:b2:e6:7d:00:5c:
         bc:43:db:56:d9:b5:03:7a:e1:a9:b1:6c:7a:95:9a:ab:2a:35:
         92:3b:dd:98:45:cb:35:2d:8b:fa:5a:14:82:48:da:71:07:e1:
         3e:07:0c:b8:61:c9:a9:47:39:d9:1e:ff:fd:4a:57:19:87:2f:
         07:0e:c8:89:67:96:12:86:1f:7c:ff:89:68:48:76:6a:f7:5d:
         78:72:83:8c:e3:fd:a2:e5:5a:b8:bb:f7:4b:69:41:84:c1:c5:
         ad:e2:3e:e0:83:f9:a1:0e:91:d5:29:16:ef:02:14:5d:94:85:
         af:86:e9:86:90:06:7f:f8:7e:d6:c9:30:03:4c:d8:17:df:95:
         90:c3:14:9b:d3:bc:98:14:ea:f5:73:6b:b4:24:f2:e8:2a:4b:
         b0:df:d4:bf:cb:0d:b6:cf:2b:b4:c4:23:f4:94:d5:ed:b5:22:
         eb:c8:e2:28:ae:57:08:c1:bc:a6:0b:1c:26:f4:5e:c5:01:97:
         f7:18:1e:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ48M1LE4X7nMkDmh6u+cx7+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMGM3ZTdiYjI3YzUzM2E5OTdkMjc3Y2FkZDQxN2VjN2Jk
Mjg0ZjAwHhcNMjYwNTE4MTc0NzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTk0MTBkMDJiZTBiYzYyMTIwMjRkMWU0ZmZhYzU5OWFjYzExZDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01vrg5kAMZx1RXz7Qt2wxcUPSouO
Q/dlphbkjwwazlnyxyq3/SXlxIVQ20R1ugfntgTZmlsD2p4y2TsWl7MS545RR7NS
YavdkjkJCCabxTVqomsFciuGgCAJC1YNtbYhAz0dZdTnAaVzqCbMYKoH/vzKayyd
INipji2dRKs+YFYNVWH1QkFy/qR6dXmC3bHGaSxIlwYTDkkgJyCcQDwGFnGrfEig
qaHGmt85ejkoqf4qr6HvH2GE87v1ebkn9cc8rIDf/KqtLJGvwqPf3jfcLB0NMu5f
Vo6FShqkjXy6UT/il/4TuwHV7BcIiyNZXYEhw4hbG69tGWZyJzsWAN08xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWUENAr4LxiEgJNHk/6xZmswR1nMB8GA1UdIwQY
MBaAFB0MfnuyfFM6mX0nfK3UF+x70oTwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFF4LWU3SjhVenFaZlNkOHJkUVg3SHZTaFBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9kZGQzNDktYWM1MC00M2U1LWE4OGEt
YjI4ZjA3YjJmNDViLzEveFpRUTBDdmd2R0lTQWswZVRfckZtYXpCSFdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9kZGQzNDktYWM1MC00M2U1LWE4OGEtYjI4ZjA3YjJmNDVi
LzEvSFF4LWU3SjhVenFaZlNkOHJkUVg3SHZTaFBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBue5WMA0G
CSqGSIb3DQEBCwUAA4IBAQAv4rh1wzbG3EHd3zt862e98UOAhq2Ir539GUtng08d
msfBxkQ4wREuvfhpgjB0Ojlp/HZnI1kux2yFo0bRV8Akhmy5suZ9AFy8Q9tW2bUD
euGpsWx6lZqrKjWSO92YRcs1LYv6WhSCSNpxB+E+Bwy4YcmpRznZHv/9SlcZhy8H
DsiJZ5YShh98/4loSHZq9114coOM4/2i5Vq4u/dLaUGEwcWt4j7gg/mhDpHVKRbv
AhRdlIWvhumGkAZ/+H7WyTADTNgX35WQwxSb07yYFOr1c2u0JPLoKkuw39S/yw22
zyu0xCP0lNXttSLryOIorlcIwbymCxwm9F7FAZf3GB4K
-----END CERTIFICATE-----