Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/8c37f0-af3a-4024-8043-d30cef9114b7/1/Qy_dYjktdWTMwKlvlGZGCPvqukk.roa
File:                     Qy_dYjktdWTMwKlvlGZGCPvqukk.roa (raw, json)
Hash identifier:          HyB9pQQ7gH7LCMcZGQN6Qp3fcmCpTOcafmUokwLnbLM=
Subject key identifier:   43:2F:DD:62:39:2D:75:64:CC:C0:A9:6F:94:66:46:08:FB:EA:BA:49
Certificate issuer:       /CN=ec757603b171af34e1c6231e5e82e77f2d589db9
Certificate serial:       019B7AC8136E9B1C04BD72BEAA73F882CAA2
Authority key identifier: EC:75:76:03:B1:71:AF:34:E1:C6:23:1E:5E:82:E7:7F:2D:58:9D:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7HV2A7FxrzThxiMeXoLnfy1Ynbk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/8c37f0-af3a-4024-8043-d30cef9114b7/1/Qy_dYjktdWTMwKlvlGZGCPvqukk.roa
Signing time:             Thu 01 Jan 2026 18:18:11 +0000
ROA not before:           Thu 01 Jan 2026 18:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202635
IP address blocks:        193.3.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/8c37f0-af3a-4024-8043-d30cef9114b7/1/7HV2A7FxrzThxiMeXoLnfy1Ynbk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/8c37f0-af3a-4024-8043-d30cef9114b7/1/7HV2A7FxrzThxiMeXoLnfy1Ynbk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7HV2A7FxrzThxiMeXoLnfy1Ynbk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:13:6e:9b:1c:04:bd:72:be:aa:73:f8:82:ca:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec757603b171af34e1c6231e5e82e77f2d589db9
        Validity
            Not Before: Jan  1 18:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=432fdd62392d7564ccc0a96f94664608fbeaba49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:57:d4:96:3f:6d:ee:b4:2d:3f:f9:c0:ff:c8:
                    63:76:84:c6:3d:32:b6:5a:e6:df:e1:e5:56:8f:b1:
                    0d:1f:20:b5:e7:d3:d3:44:7d:ff:fd:10:c1:39:a3:
                    52:92:0d:c1:6e:db:1d:ca:a0:c9:93:d5:41:22:39:
                    8c:f5:d1:03:7b:91:02:44:bc:c4:2c:58:58:59:fc:
                    03:95:6f:57:5d:7a:cb:72:3f:ec:22:eb:38:d1:c5:
                    a1:e3:84:34:ca:0c:9a:3d:2b:a9:c6:38:bc:a1:2d:
                    4c:a3:2a:7f:16:4a:b2:1a:89:ea:e8:02:a3:49:f6:
                    2e:73:3d:03:f4:30:e7:ec:7b:3a:56:b0:e0:56:77:
                    10:98:7a:41:17:40:13:61:89:6c:8b:10:03:36:10:
                    af:e2:81:fc:09:ec:54:c1:c9:e6:b7:9c:3b:2c:24:
                    bd:f3:1f:90:d4:ac:fa:8e:86:1a:b5:19:d1:35:5a:
                    8f:d3:32:88:b1:37:0a:d9:05:78:81:3b:1c:4c:c8:
                    b9:4b:9e:be:5f:54:31:4a:4e:57:ca:0a:5b:65:38:
                    19:01:c5:0c:2b:d1:bf:8a:6f:dc:ce:1b:8a:0a:b5:
                    68:2c:09:cb:d1:36:40:52:e1:37:09:4d:9b:c0:b1:
                    23:94:62:51:d7:bf:84:00:f9:dd:7d:c0:6c:4b:43:
                    34:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:2F:DD:62:39:2D:75:64:CC:C0:A9:6F:94:66:46:08:FB:EA:BA:49
            X509v3 Authority Key Identifier:
                keyid:EC:75:76:03:B1:71:AF:34:E1:C6:23:1E:5E:82:E7:7F:2D:58:9D:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7HV2A7FxrzThxiMeXoLnfy1Ynbk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8c37f0-af3a-4024-8043-d30cef9114b7/1/Qy_dYjktdWTMwKlvlGZGCPvqukk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8c37f0-af3a-4024-8043-d30cef9114b7/1/7HV2A7FxrzThxiMeXoLnfy1Ynbk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:55:0d:df:d7:3b:28:6b:5f:6e:f8:06:69:3f:b8:51:ae:c7:
         d6:d9:2b:99:c9:95:6e:02:cb:8f:ef:79:c7:ab:a3:fd:90:a3:
         5d:93:9c:ea:bf:ad:67:23:2f:21:53:2a:d4:46:8d:8e:d9:50:
         c9:77:1f:1b:dd:42:04:23:19:ca:6e:59:b1:14:39:a9:43:fd:
         84:fa:37:b0:86:35:4a:f5:ba:b0:7d:9f:cf:84:4f:88:83:88:
         af:70:dd:88:2a:d7:00:62:10:11:15:e5:47:ad:10:60:8b:a8:
         15:93:1d:ca:c5:03:47:ee:6e:fa:41:c5:61:18:61:6a:a0:aa:
         16:59:bd:59:80:9b:27:66:6a:94:2f:0a:29:14:f6:26:53:38:
         42:f9:b8:de:b8:d0:2e:24:da:a4:c5:e9:36:23:d8:77:98:6f:
         85:36:04:d9:38:0f:2f:ab:9c:bd:5c:ee:f3:e0:75:2f:8f:2b:
         6a:eb:d6:d8:9a:ed:b8:f6:28:c2:20:8e:ba:a8:df:46:fe:37:
         e1:74:bb:cb:6c:34:6b:86:04:e9:94:15:f3:5e:ea:86:94:c8:
         4b:61:e0:9f:49:7a:48:49:ae:8d:ea:1f:c1:33:34:c5:29:d1:
         51:97:3b:e3:79:5d:6a:ba:33:4b:49:fe:1d:e7:06:de:39:c9:
         3d:5f:be:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yBNumxwEvXK+qnP4gsqiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNzU3NjAzYjE3MWFmMzRlMWM2MjMxZTVlODJlNzdmMmQ1
ODlkYjkwHhcNMjYwMTAxMTgxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzJmZGQ2MjM5MmQ3NTY0Y2NjMGE5NmY5NDY2NDYwOGZiZWFiYTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1FfUlj9t7rQtP/nA/8hjdoTGPTK2
Wubf4eVWj7ENHyC159PTRH3//RDBOaNSkg3BbtsdyqDJk9VBIjmM9dEDe5ECRLzE
LFhYWfwDlW9XXXrLcj/sIus40cWh44Q0ygyaPSupxji8oS1Moyp/FkqyGonq6AKj
SfYucz0D9DDn7Hs6VrDgVncQmHpBF0ATYYlsixADNhCv4oH8CexUwcnmt5w7LCS9
8x+Q1Kz6joYatRnRNVqP0zKIsTcK2QV4gTscTMi5S56+X1QxSk5XygpbZTgZAcUM
K9G/im/czhuKCrVoLAnL0TZAUuE3CU2bwLEjlGJR17+EAPndfcBsS0M0rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMv3WI5LXVkzMCpb5RmRgj76rpJMB8GA1UdIwQY
MBaAFOx1dgOxca804cYjHl6C538tWJ25MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0hWMkE3RnhyelRoeGlNZVhvTG5meTFZbmJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy84YzM3ZjAtYWYzYS00MDI0LTgwNDMt
ZDMwY2VmOTExNGI3LzEvUXlfZFlqa3RkV1RNd0tsdmxHWkdDUHZxdWtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy84YzM3ZjAtYWYzYS00MDI0LTgwNDMtZDMwY2VmOTExNGI3
LzEvN0hWMkE3RnhyelRoeGlNZVhvTG5meTFZbmJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQMeMA0G
CSqGSIb3DQEBCwUAA4IBAQAFVQ3f1zsoa19u+AZpP7hRrsfW2SuZyZVuAsuP73nH
q6P9kKNdk5zqv61nIy8hUyrURo2O2VDJdx8b3UIEIxnKblmxFDmpQ/2E+jewhjVK
9bqwfZ/PhE+Ig4ivcN2IKtcAYhARFeVHrRBgi6gVkx3KxQNH7m76QcVhGGFqoKoW
Wb1ZgJsnZmqULwopFPYmUzhC+bjeuNAuJNqkxek2I9h3mG+FNgTZOA8vq5y9XO7z
4HUvjytq69bYmu249ijCII66qN9G/jfhdLvLbDRrhgTplBXzXuqGlMhLYeCfSXpI
Sa6N6h/BMzTFKdFRlzvjeV1qujNLSf4d5wbeOck9X76Q
-----END CERTIFICATE-----