Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QaNd_he2J6yhJYCdm3vyQcdi2-I.roa
File:                     QaNd_he2J6yhJYCdm3vyQcdi2-I.roa (raw, json)
Hash identifier:          42BrLYHgeHE5z6qUE7SNRy7TpqBGf37X8oelCPTj7eg=
Subject key identifier:   41:A3:5D:FE:17:B6:27:AC:A1:25:80:9D:9B:7B:F2:41:C7:62:DB:E2
Certificate issuer:       /CN=42239fb9af128428f84fed9f358686717ed97601
Certificate serial:       019EBC652E888BC69CAF8AF76D04C7999AEB
Authority key identifier: 42:23:9F:B9:AF:12:84:28:F8:4F:ED:9F:35:86:86:71:7E:D9:76:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QaNd_he2J6yhJYCdm3vyQcdi2-I.roa
Signing time:             Fri 12 Jun 2026 15:13:28 +0000
ROA not before:           Fri 12 Jun 2026 15:13:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200566
IP address blocks:        153.52.64.0/24 maxlen: 24
                          2a07:4680::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bc:65:2e:88:8b:c6:9c:af:8a:f7:6d:04:c7:99:9a:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42239fb9af128428f84fed9f358686717ed97601
        Validity
            Not Before: Jun 12 15:13:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=41a35dfe17b627aca125809d9b7bf241c762dbe2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:70:bf:36:b6:a5:61:76:89:92:8a:13:25:52:
                    26:2e:39:16:14:a5:ee:9e:91:63:b4:30:e1:40:40:
                    59:d7:fe:53:71:3b:e8:da:43:38:0d:8d:2e:83:d2:
                    20:23:ac:4d:e8:da:3e:f0:43:cd:59:c4:c0:49:fb:
                    4e:77:0b:7d:dc:05:7c:37:5a:90:a7:b0:bb:da:dc:
                    52:af:08:42:18:40:04:d5:6c:ed:d8:4f:49:ab:27:
                    55:41:9c:ed:da:61:f1:39:ea:69:42:e5:d6:5c:8c:
                    e7:87:63:b9:82:2d:cd:f1:8d:ca:31:dd:f7:41:d2:
                    67:79:58:c2:10:24:05:c9:8f:bd:99:31:6c:57:93:
                    84:7c:b4:67:2d:c1:ec:c2:1e:35:e7:27:1e:44:d9:
                    10:00:a8:65:7f:c0:55:4b:29:c9:a4:54:ae:1a:54:
                    01:9e:d1:bd:71:48:f2:44:57:9d:6c:25:6c:a2:6d:
                    89:3a:74:06:d8:d0:ea:a2:69:d0:9c:c0:33:66:fd:
                    76:9f:17:51:93:60:a8:11:5f:02:52:e8:9a:57:f0:
                    fb:4a:0e:55:b3:e1:57:74:c6:6e:e9:b6:0a:17:23:
                    3b:23:88:18:d4:0f:f9:da:78:ef:b2:26:ed:71:4b:
                    e4:e4:83:15:e0:3e:30:c5:f3:85:67:85:93:1b:47:
                    58:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:A3:5D:FE:17:B6:27:AC:A1:25:80:9D:9B:7B:F2:41:C7:62:DB:E2
            X509v3 Authority Key Identifier:
                keyid:42:23:9F:B9:AF:12:84:28:F8:4F:ED:9F:35:86:86:71:7E:D9:76:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QaNd_he2J6yhJYCdm3vyQcdi2-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.52.64.0/24
                IPv6:
                  2a07:4680::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:56:4f:e2:c0:c9:02:0a:96:75:4d:7b:46:40:70:2d:a4:ce:
         69:46:38:19:5d:3d:bd:0f:5a:a0:55:32:d5:8c:21:db:f2:03:
         bf:b0:10:10:f8:6a:9d:6d:6d:c5:9a:f5:50:03:f0:fb:a2:27:
         31:9b:66:c0:a0:be:ff:b6:64:ba:7b:3a:90:63:05:ed:25:b0:
         67:66:29:86:ba:f5:6b:49:48:2f:cd:b5:b4:a9:8a:a2:f8:c6:
         a5:52:00:d2:c6:dd:1f:cf:53:41:2e:e8:2e:49:22:4b:af:ad:
         97:0d:56:1e:19:c2:57:b5:34:01:32:7e:ad:ca:be:77:9a:8b:
         50:a5:cc:b0:4a:ff:90:eb:a1:fd:57:de:96:b8:3f:7b:2a:e0:
         05:d1:92:3d:ae:7b:fa:79:01:41:9b:6a:e6:e3:d9:b6:12:61:
         c3:cb:5e:40:b4:c3:bc:6c:f7:88:e9:6e:0e:ba:8b:b2:60:c2:
         b2:53:4b:0e:43:1f:a8:5a:05:1f:af:96:fd:6f:d4:dd:07:90:
         1a:44:34:0d:1b:9c:be:6b:94:e4:81:87:d1:69:7e:50:a4:0a:
         e5:b5:7d:d8:aa:68:3f:dc:6a:07:6f:4a:7d:09:9d:f9:df:0e:
         bd:16:e6:46:6e:3d:6d:72:0a:2e:ac:de:04:ef:03:a7:49:a6:
         c7:48:7f:1b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ68ZS6Ii8acr4r3bQTHmZrrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMjM5ZmI5YWYxMjg0MjhmODRmZWQ5ZjM1ODY4NjcxN2Vk
OTc2MDEwHhcNMjYwNjEyMTUxMzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWEzNWRmZTE3YjYyN2FjYTEyNTgwOWQ5YjdiZjI0MWM3NjJkYmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnC/NralYXaJkooTJVImLjkWFKXu
npFjtDDhQEBZ1/5TcTvo2kM4DY0ug9IgI6xN6No+8EPNWcTASftOdwt93AV8N1qQ
p7C72txSrwhCGEAE1Wzt2E9JqydVQZzt2mHxOeppQuXWXIznh2O5gi3N8Y3KMd33
QdJneVjCECQFyY+9mTFsV5OEfLRnLcHswh415yceRNkQAKhlf8BVSynJpFSuGlQB
ntG9cUjyRFedbCVsom2JOnQG2NDqomnQnMAzZv12nxdRk2CoEV8CUuiaV/D7Sg5V
s+FXdMZu6bYKFyM7I4gY1A/52njvsibtcUvk5IMV4D4wxfOFZ4WTG0dYgwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEGjXf4XtiesoSWAnZt78kHHYtviMB8GA1UdIwQY
MBaAFEIjn7mvEoQo+E/tnzWGhnF+2XYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWlPZnVhOFNoQ2o0VC0yZk5ZYUdjWDdaZGdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8zZTNkNDAtMmFlNC00M2YzLWFlN2Mt
YmM1NDAzYWMyYTk1LzEvUWFOZF9oZTJKNnloSllDZG0zdnlRY2RpMi1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8zZTNkNDAtMmFlNC00M2YzLWFlN2MtYmM1NDAzYWMyYTk1
LzEvUWlPZnVhOFNoQ2o0VC0yZk5ZYUdjWDdaZGdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAmTRAMA8E
AgACMAkDBwAqB0aAAAAwDQYJKoZIhvcNAQELBQADggEBAI1WT+LAyQIKlnVNe0ZA
cC2kzmlGOBldPb0PWqBVMtWMIdvyA7+wEBD4ap1tbcWa9VAD8PuiJzGbZsCgvv+2
ZLp7OpBjBe0lsGdmKYa69WtJSC/NtbSpiqL4xqVSANLG3R/PU0Eu6C5JIkuvrZcN
Vh4Zwle1NAEyfq3Kvneai1ClzLBK/5Drof1X3pa4P3sq4AXRkj2ue/p5AUGbaubj
2bYSYcPLXkC0w7xs94jpbg66i7JgwrJTSw5DH6haBR+vlv1v1N0HkBpENA0bnL5r
lOSBh9FpflCkCuW1fdiqaD/cagdvSn0JnfnfDr0W5kZuPW1yCi6s3gTvA6dJpsdI
fxs=
-----END CERTIFICATE-----