Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/d679f2-414e-4538-9c60-295611aa7e92/1/qyHL6II4esJ4dc5VWl8lMms3EA0.roa
File:                     qyHL6II4esJ4dc5VWl8lMms3EA0.roa (raw, json)
Hash identifier:          XUNHvMm3tr618bDepCNFHXOwOdAqjvCOtPPWHwwDwkg=
Subject key identifier:   AB:21:CB:E8:82:38:7A:C2:78:75:CE:55:5A:5F:25:32:6B:37:10:0D
Certificate issuer:       /CN=0b5e798db6e8f57c5f4a445150901dee8a96d5e5
Certificate serial:       019B79ECACC618A0E63AECFCF75DE56F137F
Authority key identifier: 0B:5E:79:8D:B6:E8:F5:7C:5F:4A:44:51:50:90:1D:EE:8A:96:D5:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C155jbbo9XxfSkRRUJAd7oqW1eU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/d679f2-414e-4538-9c60-295611aa7e92/1/qyHL6II4esJ4dc5VWl8lMms3EA0.roa
Signing time:             Thu 01 Jan 2026 14:18:32 +0000
ROA not before:           Thu 01 Jan 2026 14:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34024
IP address blocks:        91.199.235.0/24 maxlen: 24
                          193.26.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/d679f2-414e-4538-9c60-295611aa7e92/1/C155jbbo9XxfSkRRUJAd7oqW1eU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/d679f2-414e-4538-9c60-295611aa7e92/1/C155jbbo9XxfSkRRUJAd7oqW1eU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C155jbbo9XxfSkRRUJAd7oqW1eU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 05:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:ac:c6:18:a0:e6:3a:ec:fc:f7:5d:e5:6f:13:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b5e798db6e8f57c5f4a445150901dee8a96d5e5
        Validity
            Not Before: Jan  1 14:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab21cbe882387ac27875ce555a5f25326b37100d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:70:2e:4c:95:0b:f4:3c:f5:9a:3c:c8:01:31:
                    f2:75:0c:08:0a:4e:38:dd:3a:93:4b:a4:50:dc:83:
                    68:47:2d:87:be:02:6a:03:4d:d0:f0:69:ca:cf:67:
                    a7:67:c1:cf:89:4e:dd:95:10:5c:c4:0c:20:6b:23:
                    ed:09:46:a1:c0:59:2c:e3:15:38:d6:0b:de:02:7e:
                    29:61:fa:7f:c6:8e:a2:75:3a:90:67:d8:e7:39:3c:
                    26:27:8f:10:b2:40:f8:f1:17:5b:2a:d8:1c:21:3a:
                    1c:9e:a6:32:ca:32:96:b3:bb:9a:a9:70:3b:96:ae:
                    44:4e:68:3a:0e:4c:43:7c:3e:11:ac:6b:a8:22:c6:
                    7e:97:25:51:d8:2d:62:88:ab:f2:f8:a9:a3:45:b0:
                    3d:07:e9:53:91:ea:3f:91:4c:19:cd:cf:05:51:e6:
                    19:b4:f6:2e:71:a7:24:d1:c3:c5:62:92:1a:22:cb:
                    ac:73:e5:38:3c:b7:60:19:c4:9b:be:dd:5e:3f:cc:
                    5e:01:34:d6:39:5b:3b:31:54:7e:5f:9c:0f:ee:bc:
                    9c:9c:2e:e6:03:5c:fa:1f:9d:00:ca:af:3d:02:7c:
                    61:69:82:cc:b5:3d:60:62:3e:9c:f0:0d:d7:a7:f9:
                    02:58:4c:6c:f4:8f:50:25:bc:66:35:58:58:f4:e0:
                    58:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:21:CB:E8:82:38:7A:C2:78:75:CE:55:5A:5F:25:32:6B:37:10:0D
            X509v3 Authority Key Identifier:
                keyid:0B:5E:79:8D:B6:E8:F5:7C:5F:4A:44:51:50:90:1D:EE:8A:96:D5:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C155jbbo9XxfSkRRUJAd7oqW1eU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/d679f2-414e-4538-9c60-295611aa7e92/1/qyHL6II4esJ4dc5VWl8lMms3EA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/d679f2-414e-4538-9c60-295611aa7e92/1/C155jbbo9XxfSkRRUJAd7oqW1eU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.235.0/24
                  193.26.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:17:a6:03:d5:1f:ae:7b:e0:02:86:f2:21:e6:a5:3d:cf:1c:
         6e:b1:df:b3:99:85:10:19:0c:28:6f:7c:96:7f:d7:5e:65:75:
         43:2d:2c:5a:03:69:c4:88:21:dd:91:0a:3a:b6:5e:f9:5a:4c:
         7c:59:88:35:54:24:cd:15:3b:42:44:dd:2c:cb:a4:f6:30:94:
         fe:2f:ab:99:bb:6a:17:24:51:58:9a:77:92:ac:23:0b:bf:95:
         2f:6e:41:99:e0:12:1d:1d:85:11:d8:ed:86:0a:14:aa:07:90:
         0f:fd:ce:b2:a7:e1:5a:04:cf:d2:38:67:a4:fe:99:ce:b6:92:
         c9:7f:e1:bd:73:62:9d:69:1d:35:5f:36:33:6d:0d:7d:96:13:
         0d:6b:b2:fb:62:46:82:bd:39:df:9c:c0:d0:f3:7f:dc:e1:61:
         35:16:87:7c:50:0c:92:4d:d2:41:ea:0d:da:58:a7:e5:6f:1b:
         89:7d:0c:ad:ea:e9:41:e6:91:31:8a:3a:a8:c9:7f:0d:93:70:
         2f:bd:c9:bc:cf:c0:cb:90:9b:d1:06:cf:e8:6e:0f:3a:d2:54:
         a5:20:5f:03:77:38:d3:1b:45:ba:07:78:3e:2d:df:f0:e0:60:
         cb:8b:00:cd:22:17:30:71:85:13:a5:3e:21:a8:4b:8e:d7:45:
         85:57:93:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt57KzGGKDmOuz8913lbxN/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNWU3OThkYjZlOGY1N2M1ZjRhNDQ1MTUwOTAxZGVlOGE5
NmQ1ZTUwHhcNMjYwMTAxMTQxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjIxY2JlODgyMzg3YWMyNzg3NWNlNTU1YTVmMjUzMjZiMzcxMDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23AuTJUL9Dz1mjzIATHydQwICk44
3TqTS6RQ3INoRy2HvgJqA03Q8GnKz2enZ8HPiU7dlRBcxAwgayPtCUahwFks4xU4
1gveAn4pYfp/xo6idTqQZ9jnOTwmJ48QskD48RdbKtgcITocnqYyyjKWs7uaqXA7
lq5ETmg6DkxDfD4RrGuoIsZ+lyVR2C1iiKvy+KmjRbA9B+lTkeo/kUwZzc8FUeYZ
tPYucack0cPFYpIaIsusc+U4PLdgGcSbvt1eP8xeATTWOVs7MVR+X5wP7rycnC7m
A1z6H50Ayq89AnxhaYLMtT1gYj6c8A3Xp/kCWExs9I9QJbxmNVhY9OBYgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKshy+iCOHrCeHXOVVpfJTJrNxANMB8GA1UdIwQY
MBaAFAteeY226PV8X0pEUVCQHe6KltXlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzE1NWpiYm85WHhmU2tSUlVKQWQ3b3FXMWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9kNjc5ZjItNDE0ZS00NTM4LTljNjAt
Mjk1NjExYWE3ZTkyLzEvcXlITDZJSTRlc0o0ZGM1VldsOGxNbXMzRUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9kNjc5ZjItNDE0ZS00NTM4LTljNjAtMjk1NjExYWE3ZTky
LzEvQzE1NWpiYm85WHhmU2tSUlVKQWQ3b3FXMWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8frAwQA
wRoaMA0GCSqGSIb3DQEBCwUAA4IBAQCyF6YD1R+ue+AChvIh5qU9zxxusd+zmYUQ
GQwob3yWf9deZXVDLSxaA2nEiCHdkQo6tl75Wkx8WYg1VCTNFTtCRN0sy6T2MJT+
L6uZu2oXJFFYmneSrCMLv5UvbkGZ4BIdHYUR2O2GChSqB5AP/c6yp+FaBM/SOGek
/pnOtpLJf+G9c2KdaR01XzYzbQ19lhMNa7L7YkaCvTnfnMDQ83/c4WE1Fod8UAyS
TdJB6g3aWKflbxuJfQyt6ulB5pExijqoyX8Nk3Avvcm8z8DLkJvRBs/obg860lSl
IF8DdzjTG0W6B3g+Ld/w4GDLiwDNIhcwcYUTpT4hqEuO10WFV5NE
-----END CERTIFICATE-----