Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/2a2b88-fc11-4824-95dd-9a6b6eaaed38/1/2qKpe107wG5JVGZmhM-9ulhsBNk.roa
File:                     2qKpe107wG5JVGZmhM-9ulhsBNk.roa (raw, json)
Hash identifier:          YqAbcKnhc9tQvPIiqsxdd96YUAj8t/cCoA1qvpRjwZc=
Subject key identifier:   DA:A2:A9:7B:5D:3B:C0:6E:49:54:66:66:84:CF:BD:BA:58:6C:04:D9
Certificate issuer:       /CN=48680bde56bd3bf561578a0fe108cbc1c6a759db
Certificate serial:       019B7CECEF0EAB5175E120F97BA79C101547
Authority key identifier: 48:68:0B:DE:56:BD:3B:F5:61:57:8A:0F:E1:08:CB:C1:C6:A7:59:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SGgL3la9O_VhV4oP4QjLwcanWds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/2a2b88-fc11-4824-95dd-9a6b6eaaed38/1/2qKpe107wG5JVGZmhM-9ulhsBNk.roa
Signing time:             Fri 02 Jan 2026 04:17:40 +0000
ROA not before:           Fri 02 Jan 2026 04:17:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201619
IP address blocks:        78.31.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/2a2b88-fc11-4824-95dd-9a6b6eaaed38/1/SGgL3la9O_VhV4oP4QjLwcanWds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/2a2b88-fc11-4824-95dd-9a6b6eaaed38/1/SGgL3la9O_VhV4oP4QjLwcanWds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SGgL3la9O_VhV4oP4QjLwcanWds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ec:ef:0e:ab:51:75:e1:20:f9:7b:a7:9c:10:15:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48680bde56bd3bf561578a0fe108cbc1c6a759db
        Validity
            Not Before: Jan  2 04:17:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=daa2a97b5d3bc06e4954666684cfbdba586c04d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:00:4c:3e:b2:2c:93:4d:a2:36:b3:59:bb:eb:
                    e7:b9:75:cd:89:e9:60:4c:1d:f4:8d:51:79:0f:0f:
                    14:59:93:36:ab:38:f7:36:36:4b:11:28:cb:82:88:
                    02:d1:fd:f9:ee:4e:a9:cc:3f:b0:f5:cf:20:37:8a:
                    e6:7a:80:99:69:c8:59:0f:47:06:d7:ab:16:b2:10:
                    e5:d1:af:98:4e:c8:85:cb:e7:3b:17:3a:17:30:d7:
                    55:51:13:d4:74:aa:e0:1b:37:83:93:ba:af:43:fe:
                    02:be:58:bb:1f:ab:f3:2c:a2:81:e0:60:49:27:57:
                    67:fe:6e:e3:bf:6e:f6:cd:e7:29:2f:0e:6f:b7:82:
                    ba:d4:e1:15:d3:7e:dd:f8:9d:81:91:c8:d9:dd:24:
                    63:cf:57:87:18:f0:06:75:64:14:4d:d7:5c:0d:b9:
                    8a:73:a7:a4:67:3a:50:00:b5:7e:6a:44:d3:e9:18:
                    cf:78:9b:aa:a5:e6:83:ab:1a:80:20:d3:7b:1e:04:
                    5d:2b:87:d4:71:b4:13:be:24:5f:c4:a1:18:eb:6d:
                    ff:71:07:b7:f5:2c:83:11:b1:51:69:16:3a:04:e0:
                    cf:d9:39:d2:3e:4e:a3:96:bf:8f:19:ca:c2:f0:bc:
                    b2:ca:0e:94:d8:13:29:64:7f:1d:ed:c7:c4:4b:d7:
                    67:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:A2:A9:7B:5D:3B:C0:6E:49:54:66:66:84:CF:BD:BA:58:6C:04:D9
            X509v3 Authority Key Identifier:
                keyid:48:68:0B:DE:56:BD:3B:F5:61:57:8A:0F:E1:08:CB:C1:C6:A7:59:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SGgL3la9O_VhV4oP4QjLwcanWds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/2a2b88-fc11-4824-95dd-9a6b6eaaed38/1/2qKpe107wG5JVGZmhM-9ulhsBNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/2a2b88-fc11-4824-95dd-9a6b6eaaed38/1/SGgL3la9O_VhV4oP4QjLwcanWds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:65:77:40:6c:c3:8b:9a:18:db:c0:a8:99:28:8f:ff:d1:49:
         1e:db:42:d7:e2:d2:cc:1b:52:6e:58:0b:77:bb:49:79:61:ab:
         45:68:20:e1:66:a4:d6:ba:86:f5:75:03:c5:91:be:1b:71:a3:
         6d:a2:d7:f7:97:dc:a7:90:74:3e:f5:d1:f3:ee:3f:b4:7f:b7:
         fc:70:c0:96:57:6c:64:c3:cd:7c:60:72:01:2e:55:39:37:da:
         04:df:5a:02:08:00:30:6e:14:49:28:0b:5b:6a:84:6a:8e:43:
         9a:7d:d5:62:8e:04:62:02:6b:19:73:94:0d:ce:ae:b6:2a:93:
         c1:d3:40:0b:98:a3:d2:0f:24:8f:5d:58:5a:e9:55:8e:0f:02:
         fd:46:b2:0e:2d:4f:64:33:bc:ef:0b:d1:fa:56:68:ea:c0:74:
         a4:cf:68:f4:de:aa:0c:a6:40:8b:57:76:69:45:db:2e:62:3e:
         4b:e5:c0:ac:e7:1f:dc:e0:9e:74:9c:f2:1a:b9:8b:65:46:18:
         ea:5c:50:62:5a:cf:10:ae:ae:40:fd:fb:e5:61:ff:83:8e:d9:
         94:53:82:30:c5:61:1c:3a:da:b4:ed:e7:7a:ac:3c:a3:ac:34:
         16:b8:97:99:a8:3d:95:e6:7d:9b:63:af:54:d3:ef:a5:18:54:
         8c:c3:19:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87O8Oq1F14SD5e6ecEBVHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4NjgwYmRlNTZiZDNiZjU2MTU3OGEwZmUxMDhjYmMxYzZh
NzU5ZGIwHhcNMjYwMTAyMDQxNzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWEyYTk3YjVkM2JjMDZlNDk1NDY2NjY4NGNmYmRiYTU4NmMwNGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwBMPrIsk02iNrNZu+vnuXXNielg
TB30jVF5Dw8UWZM2qzj3NjZLESjLgogC0f357k6pzD+w9c8gN4rmeoCZachZD0cG
16sWshDl0a+YTsiFy+c7FzoXMNdVURPUdKrgGzeDk7qvQ/4Cvli7H6vzLKKB4GBJ
J1dn/m7jv272zecpLw5vt4K61OEV037d+J2BkcjZ3SRjz1eHGPAGdWQUTddcDbmK
c6ekZzpQALV+akTT6RjPeJuqpeaDqxqAINN7HgRdK4fUcbQTviRfxKEY623/cQe3
9SyDEbFRaRY6BODP2TnSPk6jlr+PGcrC8Lyyyg6U2BMpZH8d7cfES9dnOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNqiqXtdO8BuSVRmZoTPvbpYbATZMB8GA1UdIwQY
MBaAFEhoC95WvTv1YVeKD+EIy8HGp1nbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0dnTDNsYTlPX1ZoVjRvUDRRakx3Y2FuV2RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8yYTJiODgtZmMxMS00ODI0LTk1ZGQt
OWE2YjZlYWFlZDM4LzEvMnFLcGUxMDd3RzVKVkdabWhNLTl1bGhzQk5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8yYTJiODgtZmMxMS00ODI0LTk1ZGQtOWE2YjZlYWFlZDM4
LzEvU0dnTDNsYTlPX1ZoVjRvUDRRakx3Y2FuV2RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATh+lMA0G
CSqGSIb3DQEBCwUAA4IBAQAIZXdAbMOLmhjbwKiZKI//0Uke20LX4tLMG1JuWAt3
u0l5YatFaCDhZqTWuob1dQPFkb4bcaNtotf3l9ynkHQ+9dHz7j+0f7f8cMCWV2xk
w818YHIBLlU5N9oE31oCCAAwbhRJKAtbaoRqjkOafdVijgRiAmsZc5QNzq62KpPB
00ALmKPSDySPXVha6VWODwL9RrIOLU9kM7zvC9H6VmjqwHSkz2j03qoMpkCLV3Zp
RdsuYj5L5cCs5x/c4J50nPIauYtlRhjqXFBiWs8Qrq5A/fvlYf+DjtmUU4IwxWEc
Otq07ed6rDyjrDQWuJeZqD2V5n2bY69U0++lGFSMwxnp
-----END CERTIFICATE-----