Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/QW73u8rMuH1v1Kv7BEJQbwmdG30.roa
File:                     QW73u8rMuH1v1Kv7BEJQbwmdG30.roa (raw, json)
Hash identifier:          86pULR+fbjp+HIMXs4j+2SEmIr4Htvw47MfRZHiRzRU=
Subject key identifier:   41:6E:F7:BB:CA:CC:B8:7D:6F:D4:AB:FB:04:42:50:6F:09:9D:1B:7D
Certificate issuer:       /CN=b6a1654dae96c532578ce1df1ebb8221dbb68145
Certificate serial:       019B7CEE62F8B187B98FD42B3DC7B5F8B312
Authority key identifier: B6:A1:65:4D:AE:96:C5:32:57:8C:E1:DF:1E:BB:82:21:DB:B6:81:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/QW73u8rMuH1v1Kv7BEJQbwmdG30.roa
Signing time:             Fri 02 Jan 2026 04:19:16 +0000
ROA not before:           Fri 02 Jan 2026 04:19:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25181
IP address blocks:        37.139.152.0/21 maxlen: 21
                          2a00:96c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:62:f8:b1:87:b9:8f:d4:2b:3d:c7:b5:f8:b3:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6a1654dae96c532578ce1df1ebb8221dbb68145
        Validity
            Not Before: Jan  2 04:19:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=416ef7bbcaccb87d6fd4abfb0442506f099d1b7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:fd:cf:e3:05:f4:ec:90:e3:21:1b:3d:fa:0d:
                    84:33:1a:fb:64:b5:7b:55:97:cb:37:9f:0f:99:e7:
                    95:97:0c:59:f3:4b:01:ad:e0:f8:59:db:a0:f1:03:
                    4d:b2:15:a1:b7:1c:08:3c:29:b0:f4:bb:1a:b4:8d:
                    51:f0:a3:b3:f3:b7:85:3b:d6:8e:5c:38:87:f5:a0:
                    cd:94:85:3d:92:bc:f6:aa:64:97:af:41:cc:ea:f4:
                    e2:2b:61:e0:6c:d5:36:ce:37:47:8d:50:42:27:0b:
                    f1:42:b2:6d:35:ce:4b:34:97:7f:19:c0:fe:47:fd:
                    17:ec:43:94:3b:5f:90:b1:21:06:17:31:74:ec:38:
                    0d:66:91:57:ee:ad:64:21:2f:ee:ed:98:21:19:ce:
                    e6:8a:70:31:78:c1:53:79:74:5d:db:5b:f6:f7:c6:
                    d1:94:6d:11:13:72:02:6e:f9:9d:a3:18:d2:ae:19:
                    b5:ee:68:45:cc:68:9e:e3:fb:b5:19:07:73:24:e9:
                    d0:c2:cf:0d:62:11:a9:cd:1d:f6:33:c5:9e:1f:79:
                    69:e2:38:b7:20:fc:9c:ac:f8:5d:6f:e4:08:60:1e:
                    c3:ab:d7:20:18:3d:a6:0b:8b:06:81:35:d3:c4:ec:
                    cc:92:88:0e:01:49:5f:36:86:e8:b4:48:a4:9a:29:
                    24:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:6E:F7:BB:CA:CC:B8:7D:6F:D4:AB:FB:04:42:50:6F:09:9D:1B:7D
            X509v3 Authority Key Identifier:
                keyid:B6:A1:65:4D:AE:96:C5:32:57:8C:E1:DF:1E:BB:82:21:DB:B6:81:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/QW73u8rMuH1v1Kv7BEJQbwmdG30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.152.0/21
                IPv6:
                  2a00:96c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         91:9b:e7:30:98:4b:e4:70:81:00:87:25:53:b8:6b:16:eb:55:
         3d:de:5a:2c:f2:11:67:16:0b:15:64:05:9b:e6:53:1a:ca:02:
         fe:f5:1c:8d:81:39:19:21:23:59:92:66:df:9e:cd:1a:90:6e:
         d8:60:20:61:e3:20:bb:d8:98:cd:33:2f:03:6a:d3:9f:3f:8f:
         c4:d3:40:35:ab:81:0f:88:bb:61:22:cf:84:bc:66:8d:2d:ff:
         81:dc:62:e5:5c:f5:ec:3c:e8:f7:fc:23:c6:0c:46:8d:9c:db:
         3d:65:2d:1b:1c:23:6c:78:0f:bd:c9:3f:dc:2d:a0:fe:1f:90:
         f9:71:3b:fa:35:76:51:82:6a:1c:68:ca:06:8a:b8:cb:a8:57:
         c7:de:64:fd:e5:bc:2b:11:45:93:67:b6:2c:b4:ed:d4:18:00:
         01:0a:07:2f:47:4e:3e:a7:30:8c:2f:5e:c0:92:74:4e:5a:fb:
         cc:70:4b:be:ec:c7:fc:1c:09:93:00:92:28:c0:5a:71:cb:0e:
         45:82:2d:70:da:21:ca:d3:c6:88:e8:e9:f9:14:98:5e:13:14:
         09:6b:9d:4a:56:48:b4:4d:fd:8f:21:d9:84:33:be:5d:fb:85:
         aa:fc:4a:3b:7f:e2:ec:f2:bf:5a:43:13:7b:37:ff:fb:f4:84:
         e4:f6:56:be
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt87mL4sYe5j9QrPce1+LMSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YTE2NTRkYWU5NmM1MzI1NzhjZTFkZjFlYmI4MjIxZGJi
NjgxNDUwHhcNMjYwMTAyMDQxOTE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTZlZjdiYmNhY2NiODdkNmZkNGFiZmIwNDQyNTA2ZjA5OWQxYjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzf3P4wX07JDjIRs9+g2EMxr7ZLV7
VZfLN58PmeeVlwxZ80sBreD4Wdug8QNNshWhtxwIPCmw9LsatI1R8KOz87eFO9aO
XDiH9aDNlIU9krz2qmSXr0HM6vTiK2HgbNU2zjdHjVBCJwvxQrJtNc5LNJd/GcD+
R/0X7EOUO1+QsSEGFzF07DgNZpFX7q1kIS/u7ZghGc7minAxeMFTeXRd21v298bR
lG0RE3ICbvmdoxjSrhm17mhFzGie4/u1GQdzJOnQws8NYhGpzR32M8WeH3lp4ji3
IPycrPhdb+QIYB7Dq9cgGD2mC4sGgTXTxOzMkogOAUlfNobotEikmikkCwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEFu97vKzLh9b9Sr+wRCUG8JnRt9MB8GA1UdIwQY
MBaAFLahZU2ulsUyV4zh3x67giHbtoFFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHFGbFRhNld4VEpYak9IZkhydUNJZHUyZ1VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iMDExZDMtYmRiYS00NWNkLWE4YWMt
ZTBiZTg5YzRmMTY5LzEvUVc3M3U4ck11SDF2MUt2N0JFSlFid21kRzMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iMDExZDMtYmRiYS00NWNkLWE4YWMtZTBiZTg5YzRmMTY5
LzEvdHFGbFRhNld4VEpYak9IZkhydUNJZHUyZ1VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDJYuYMA0E
AgACMAcDBQAqAJbAMA0GCSqGSIb3DQEBCwUAA4IBAQCRm+cwmEvkcIEAhyVTuGsW
61U93los8hFnFgsVZAWb5lMaygL+9RyNgTkZISNZkmbfns0akG7YYCBh4yC72JjN
My8DatOfP4/E00A1q4EPiLthIs+EvGaNLf+B3GLlXPXsPOj3/CPGDEaNnNs9ZS0b
HCNseA+9yT/cLaD+H5D5cTv6NXZRgmocaMoGirjLqFfH3mT95bwrEUWTZ7YstO3U
GAABCgcvR04+pzCML17AknROWvvMcEu+7Mf8HAmTAJIowFpxyw5Fgi1w2iHK08aI
6On5FJheExQJa51KVki0Tf2PIdmEM75d+4Wq/Eo7f+Ls8r9aQxN7N//79ITk9la+
-----END CERTIFICATE-----