Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/q8TRW-nxF77mnHW626ye6CxptZs.roa
File:                     q8TRW-nxF77mnHW626ye6CxptZs.roa (raw, json)
Hash identifier:          tsP4mbqeyfW3lJKs8auJSMWq6KIkEBqI6CN97FBqDPM=
Subject key identifier:   AB:C4:D1:5B:E9:F1:17:BE:E6:9C:75:BA:DB:AC:9E:E8:2C:69:B5:9B
Certificate issuer:       /CN=2ff6182beb7b82c8573df8b6d51044d6c6724e82
Certificate serial:       019C468C6DBD73DE2425944AB54A896E433B
Authority key identifier: 2F:F6:18:2B:EB:7B:82:C8:57:3D:F8:B6:D5:10:44:D6:C6:72:4E:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L_YYK-t7gshXPfi21RBE1sZyToI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/q8TRW-nxF77mnHW626ye6CxptZs.roa
Signing time:             Tue 10 Feb 2026 07:55:34 +0000
ROA not before:           Tue 10 Feb 2026 07:55:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395954
IP address blocks:        91.198.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/L_YYK-t7gshXPfi21RBE1sZyToI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/L_YYK-t7gshXPfi21RBE1sZyToI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L_YYK-t7gshXPfi21RBE1sZyToI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:46:8c:6d:bd:73:de:24:25:94:4a:b5:4a:89:6e:43:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ff6182beb7b82c8573df8b6d51044d6c6724e82
        Validity
            Not Before: Feb 10 07:55:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=abc4d15be9f117bee69c75badbac9ee82c69b59b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:48:80:ab:13:11:33:53:c9:33:88:31:c1:1c:
                    85:f4:a0:46:fe:db:41:90:5d:84:c1:6e:46:13:a4:
                    b5:eb:ab:79:40:e3:5b:29:88:bc:08:e5:b5:e5:2e:
                    7e:08:9e:dd:d1:f9:5f:7b:c8:07:4e:96:ef:c3:30:
                    60:93:87:6f:09:76:e7:8d:cc:e7:55:d3:fd:6a:5f:
                    1a:9a:82:3d:eb:dd:9a:b0:46:b3:41:f7:3d:88:67:
                    77:15:4a:9a:bf:db:9e:23:43:9a:43:22:ed:e6:ba:
                    59:83:cc:72:c0:f2:1a:8e:27:e2:34:bd:8d:bc:37:
                    09:07:e6:a8:16:9f:7a:99:a5:71:3b:dd:44:a1:b2:
                    5c:24:89:8d:68:01:9d:84:7a:ec:61:2f:b1:27:b2:
                    c0:86:6c:e4:ff:8a:8d:e7:11:f9:52:75:f4:a3:57:
                    ea:08:22:1d:80:09:d2:b6:48:7d:af:0a:83:37:33:
                    48:fd:a2:5c:cf:07:da:01:78:ae:94:e7:3b:2d:ee:
                    d7:e7:2c:b5:82:57:47:47:1e:02:b5:7d:2d:b6:d0:
                    8e:4d:47:b0:0c:91:a7:ad:3a:58:c3:d8:0c:4e:84:
                    37:54:7d:0c:84:03:76:f6:85:86:34:4b:7a:a7:96:
                    8c:41:5d:5c:40:30:be:91:29:fb:c6:0c:7e:40:96:
                    79:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:C4:D1:5B:E9:F1:17:BE:E6:9C:75:BA:DB:AC:9E:E8:2C:69:B5:9B
            X509v3 Authority Key Identifier:
                keyid:2F:F6:18:2B:EB:7B:82:C8:57:3D:F8:B6:D5:10:44:D6:C6:72:4E:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L_YYK-t7gshXPfi21RBE1sZyToI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/q8TRW-nxF77mnHW626ye6CxptZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/L_YYK-t7gshXPfi21RBE1sZyToI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:61:a4:f7:3f:fd:7c:c6:2e:04:01:6d:75:9c:5d:bd:8e:95:
         35:9e:96:25:67:ef:15:cc:99:a2:f2:8a:a2:67:ee:55:ef:e8:
         e7:38:35:2f:21:9e:9a:b0:7f:cb:d8:82:f2:6f:67:08:70:be:
         71:16:e7:f5:d7:a0:bf:1b:a6:1f:d8:e2:7a:6e:60:70:8d:a6:
         16:b8:46:7b:7e:ff:58:1c:04:a2:54:89:97:f3:e5:a3:13:5d:
         01:08:a7:17:20:31:db:2a:03:d3:a0:bd:02:63:82:ad:79:83:
         0c:c0:fa:39:57:ac:b1:12:bc:74:c2:97:c0:f0:e4:87:d7:4e:
         d0:6a:cf:e2:89:86:2d:e8:57:cf:13:60:e2:c0:bb:c5:67:11:
         09:71:4b:07:95:3c:ce:57:9d:6b:bb:e7:82:55:93:06:7b:fe:
         3e:a7:5e:ab:93:9e:4a:61:46:46:0b:a8:22:12:c4:ac:d6:41:
         b1:90:23:3d:b7:f9:db:5b:0a:1b:92:c7:b5:62:18:89:6e:cb:
         d4:6f:c8:3a:cd:a3:07:d5:a8:98:69:0c:d5:db:93:c3:70:ec:
         32:af:f1:14:30:ae:a7:41:f6:9d:db:40:ce:8c:6c:56:3e:73:
         5a:36:4b:77:83:48:e8:47:84:8f:c0:e9:22:b6:79:4f:82:5c:
         dd:f3:3b:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxGjG29c94kJZRKtUqJbkM7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmZjYxODJiZWI3YjgyYzg1NzNkZjhiNmQ1MTA0NGQ2YzY3
MjRlODIwHhcNMjYwMjEwMDc1NTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmM0ZDE1YmU5ZjExN2JlZTY5Yzc1YmFkYmFjOWVlODJjNjliNTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA40iAqxMRM1PJM4gxwRyF9KBG/ttB
kF2EwW5GE6S166t5QONbKYi8COW15S5+CJ7d0flfe8gHTpbvwzBgk4dvCXbnjczn
VdP9al8amoI9692asEazQfc9iGd3FUqav9ueI0OaQyLt5rpZg8xywPIajifiNL2N
vDcJB+aoFp96maVxO91EobJcJImNaAGdhHrsYS+xJ7LAhmzk/4qN5xH5UnX0o1fq
CCIdgAnStkh9rwqDNzNI/aJczwfaAXiulOc7Le7X5yy1gldHRx4CtX0tttCOTUew
DJGnrTpYw9gMToQ3VH0MhAN29oWGNEt6p5aMQV1cQDC+kSn7xgx+QJZ5IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvE0Vvp8Re+5px1utusnugsabWbMB8GA1UdIwQY
MBaAFC/2GCvre4LIVz34ttUQRNbGck6CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTF9ZWUstdDdnc2hYUGZpMjFSQkUxc1p5VG9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9hOGVjZmItNzM1NS00Y2ZlLTg0YmYt
Yjc3NmEyMjA0NTZiLzEvcThUUlctbnhGNzdtbkhXNjI2eWU2Q3hwdFpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9hOGVjZmItNzM1NS00Y2ZlLTg0YmYtYjc3NmEyMjA0NTZi
LzEvTF9ZWUstdDdnc2hYUGZpMjFSQkUxc1p5VG9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ZfMA0G
CSqGSIb3DQEBCwUAA4IBAQCOYaT3P/18xi4EAW11nF29jpU1npYlZ+8VzJmi8oqi
Z+5V7+jnODUvIZ6asH/L2ILyb2cIcL5xFuf116C/G6Yf2OJ6bmBwjaYWuEZ7fv9Y
HASiVImX8+WjE10BCKcXIDHbKgPToL0CY4KteYMMwPo5V6yxErx0wpfA8OSH107Q
as/iiYYt6FfPE2DiwLvFZxEJcUsHlTzOV51ru+eCVZMGe/4+p16rk55KYUZGC6gi
EsSs1kGxkCM9t/nbWwobkse1YhiJbsvUb8g6zaMH1aiYaQzV25PDcOwyr/EUMK6n
Qfad20DOjGxWPnNaNkt3g0joR4SPwOkitnlPglzd8zt7
-----END CERTIFICATE-----