Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/QxbU9vvhcA75ENS1lZHkpNyfErk.roa
File:                     QxbU9vvhcA75ENS1lZHkpNyfErk.roa (raw, json)
Hash identifier:          yv8oGh8GGZWvW+9jiR8h6piajHrkuA5egN2MppGfk+w=
Subject key identifier:   43:16:D4:F6:FB:E1:70:0E:F9:10:D4:B5:95:91:E4:A4:DC:9F:12:B9
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       019D728D0F385B2ED46F516388BAC009DBA6
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/QxbU9vvhcA75ENS1lZHkpNyfErk.roa
Signing time:             Thu 09 Apr 2026 14:02:20 +0000
ROA not before:           Thu 09 Apr 2026 14:02:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     139803
IP address blocks:        85.149.192.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:72:8d:0f:38:5b:2e:d4:6f:51:63:88:ba:c0:09:db:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Apr  9 14:02:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4316d4f6fbe1700ef910d4b59591e4a4dc9f12b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c8:9a:71:c3:cd:cb:a7:85:70:ff:e5:36:6f:
                    e1:75:d0:5f:41:1a:6c:4a:d2:08:24:a1:c6:16:36:
                    ce:67:19:5a:27:e2:29:02:4e:9e:52:fb:ae:f7:aa:
                    e1:04:c0:42:39:32:87:03:45:9d:f1:e9:fd:44:d6:
                    42:31:d5:5e:c7:61:fa:68:69:b7:d3:ed:e9:ee:56:
                    6f:c9:0f:50:76:4c:11:6d:73:f4:42:65:c9:10:96:
                    b2:8d:64:b8:cb:91:49:cc:d6:92:eb:38:c4:32:1c:
                    5a:82:b6:2d:53:7a:9b:8a:e7:96:95:e7:70:9f:d5:
                    0a:5c:80:88:e3:9b:e9:42:b6:a8:ef:f9:52:6f:f7:
                    56:4d:93:ad:b2:d2:e2:b0:a7:fa:7c:06:39:a6:20:
                    f5:0f:51:b3:5e:87:2c:68:38:ea:6e:e5:0c:a7:4a:
                    ed:16:73:ed:13:13:29:8b:b2:3e:e3:9c:61:fc:02:
                    88:dd:86:fa:46:ea:3a:3a:49:52:3a:0f:16:1c:cc:
                    25:d2:c5:14:c4:c2:cc:04:c0:85:a3:25:59:ac:cb:
                    59:02:71:1d:49:86:5e:bd:92:1a:dd:8a:70:3a:38:
                    af:fb:94:68:4f:da:bf:80:04:58:39:75:98:b3:60:
                    04:e5:d1:e5:ec:0c:9e:f5:8d:ed:ab:bc:2b:6e:c3:
                    e9:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:16:D4:F6:FB:E1:70:0E:F9:10:D4:B5:95:91:E4:A4:DC:9F:12:B9
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/QxbU9vvhcA75ENS1lZHkpNyfErk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.149.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         05:b9:d7:9f:ad:af:47:ff:25:3e:11:43:b2:64:e6:63:43:d5:
         a6:81:a8:72:4b:11:78:7e:08:11:55:75:a1:14:f5:64:db:7b:
         47:e4:eb:3a:fc:1f:40:83:77:59:b5:58:54:4e:81:f4:0f:e2:
         f0:cb:2a:a5:6c:f8:12:05:1c:75:57:08:1b:15:fe:97:8f:35:
         d5:61:8a:81:bc:1b:66:bf:6c:eb:e3:02:8d:41:6b:ba:4f:1e:
         4f:c0:b5:4e:65:ee:75:76:d4:ca:37:a5:1f:7a:4f:8c:d2:2f:
         5b:b7:09:87:53:dc:3c:6b:48:e2:65:c2:f7:cb:9e:f4:6e:86:
         67:48:e5:b6:50:a8:c5:7d:bd:a6:92:7b:f0:f0:84:3c:c9:3e:
         38:88:00:ed:96:af:99:98:84:69:62:be:f2:eb:4a:6f:e9:4e:
         3c:f9:b9:e2:f8:56:42:f1:78:e5:f2:e3:4d:14:82:9a:76:f8:
         bd:b5:fe:35:8d:a0:e1:39:96:5b:8e:f4:eb:26:15:92:17:71:
         fb:cc:b7:c1:e3:86:cd:ca:e1:b3:15:8e:70:50:b1:d0:7d:8e:
         a2:0a:27:c5:0d:a5:72:cc:78:db:87:50:2a:d4:ba:e3:af:55:
         25:22:32:26:77:01:35:9e:ba:bb:cc:ff:f3:7b:e3:77:79:3b:
         62:d8:99:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1yjQ84Wy7Ub1FjiLrACdumMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjYwNDA5MTQwMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzE2ZDRmNmZiZTE3MDBlZjkxMGQ0YjU5NTkxZTRhNGRjOWYxMmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8iaccPNy6eFcP/lNm/hddBfQRps
StIIJKHGFjbOZxlaJ+IpAk6eUvuu96rhBMBCOTKHA0Wd8en9RNZCMdVex2H6aGm3
0+3p7lZvyQ9QdkwRbXP0QmXJEJayjWS4y5FJzNaS6zjEMhxagrYtU3qbiueWledw
n9UKXICI45vpQrao7/lSb/dWTZOtstLisKf6fAY5piD1D1GzXocsaDjqbuUMp0rt
FnPtExMpi7I+45xh/AKI3Yb6Ruo6OklSOg8WHMwl0sUUxMLMBMCFoyVZrMtZAnEd
SYZevZIa3YpwOjiv+5RoT9q/gARYOXWYs2AE5dHl7Aye9Y3tq7wrbsPpKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMW1Pb74XAO+RDUtZWR5KTcnxK5MB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEvUXhiVTl2dmhjQTc1RU5TMWxaSGtwTnlmRXJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVZXAMA0G
CSqGSIb3DQEBCwUAA4IBAQAFudefra9H/yU+EUOyZOZjQ9WmgahySxF4fggRVXWh
FPVk23tH5Os6/B9Ag3dZtVhUToH0D+LwyyqlbPgSBRx1VwgbFf6XjzXVYYqBvBtm
v2zr4wKNQWu6Tx5PwLVOZe51dtTKN6Ufek+M0i9btwmHU9w8a0jiZcL3y570boZn
SOW2UKjFfb2mknvw8IQ8yT44iADtlq+ZmIRpYr7y60pv6U48+bni+FZC8Xjl8uNN
FIKadvi9tf41jaDhOZZbjvTrJhWSF3H7zLfB44bNyuGzFY5wULHQfY6iCifFDaVy
zHjbh1Aq1Lrjr1UlIjImdwE1nrq7zP/ze+N3eTti2JlO
-----END CERTIFICATE-----