Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/Qiql6Go7Q-b4ErD7FeQsqVuBdlY.roa
File:                     Qiql6Go7Q-b4ErD7FeQsqVuBdlY.roa (raw, json)
Hash identifier:          K+XzTbXrMRWEIGL5pRY6yHHFD+gA13Hft9u0b4TCVNM=
Subject key identifier:   42:2A:A5:E8:6A:3B:43:E6:F8:12:B0:FB:15:E4:2C:A9:5B:81:76:56
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       019D86588179ACAD50AC88AA10775CAD9D1A
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/Qiql6Go7Q-b4ErD7FeQsqVuBdlY.roa
Signing time:             Mon 13 Apr 2026 10:17:20 +0000
ROA not before:           Mon 13 Apr 2026 10:17:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        195.114.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:86:58:81:79:ac:ad:50:ac:88:aa:10:77:5c:ad:9d:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Apr 13 10:17:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=422aa5e86a3b43e6f812b0fb15e42ca95b817656
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:36:59:44:b1:76:3e:49:7b:01:3b:7d:b6:6a:
                    ca:58:17:d7:08:6a:68:06:17:7f:f6:07:22:7b:19:
                    66:72:ef:fc:1f:b0:48:3a:f7:27:f8:77:8b:6c:9a:
                    3b:10:0f:e2:a4:68:89:cd:b0:ae:22:5d:bb:07:99:
                    06:34:12:62:ae:0e:cb:49:b8:84:b7:8a:ba:c6:0d:
                    87:db:1b:c2:18:3f:db:7a:52:ac:45:14:82:05:98:
                    66:b6:72:48:84:e2:37:14:14:c8:96:a4:93:6a:54:
                    5b:f3:8e:7c:d1:41:5c:64:b9:48:29:6e:4d:f6:9e:
                    f4:7b:79:28:35:19:e8:89:91:c1:19:c4:cb:b5:e5:
                    5a:31:c1:c2:af:56:ff:e0:05:f9:a5:71:e6:91:c7:
                    1d:57:8a:5f:cd:43:39:ff:f8:8b:68:60:dd:ed:a4:
                    2d:62:09:c6:5e:be:39:fa:3c:cd:ce:06:76:7a:ca:
                    a9:78:bf:92:d5:8d:94:a7:4e:82:4c:33:d0:ce:25:
                    c9:17:d2:f1:fe:46:10:6d:d0:77:bf:98:ec:65:c3:
                    24:fa:bc:55:91:b0:e2:b3:dc:87:52:4c:46:10:b5:
                    89:32:ef:b7:ea:fe:75:6b:b3:6f:2e:1c:40:9b:c5:
                    90:e8:e1:94:54:b4:74:e4:f3:e0:19:db:4a:9b:1b:
                    10:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:2A:A5:E8:6A:3B:43:E6:F8:12:B0:FB:15:E4:2C:A9:5B:81:76:56
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/Qiql6Go7Q-b4ErD7FeQsqVuBdlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:bb:06:c6:a7:79:2a:64:ac:10:16:ba:1a:3a:20:ac:93:c1:
         7b:5a:18:31:7b:30:77:99:5c:fe:36:ad:35:d2:6e:82:1e:3d:
         9b:78:73:0d:69:da:dd:4b:25:60:d8:f8:6d:f7:dd:52:a4:45:
         c9:68:d5:78:b7:5b:c1:74:76:4b:f9:83:72:cb:0a:d8:a1:86:
         38:b4:3b:e9:df:8a:a6:c8:9e:49:fe:e6:5c:8b:6b:ce:94:b8:
         5f:cf:69:2a:f6:26:01:ad:92:ac:48:bb:ad:2c:6e:20:d3:68:
         5b:3b:d0:2b:c2:6e:df:77:7a:f8:04:2e:a0:c7:0a:c3:15:5a:
         9d:41:fc:91:f1:80:1d:ed:36:8c:94:30:11:b8:cc:5f:04:52:
         92:13:53:03:7f:52:eb:6c:20:b1:bb:65:16:16:69:62:a6:8c:
         dc:06:48:c8:78:d4:8d:f8:b1:2d:10:52:ad:c9:46:f1:f3:ef:
         29:15:c0:3c:d1:70:94:d7:69:a2:97:3a:73:a0:b3:86:22:9f:
         bc:55:ad:9a:a9:ff:57:f5:1f:02:93:ff:f7:0c:1a:68:ff:7b:
         d1:ca:12:be:e2:e7:3f:f4:76:51:16:5a:81:85:c3:d8:51:49:
         b1:a2:76:71:d9:35:8e:2c:2c:7c:3f:44:cf:3a:fd:80:8f:63:
         35:d2:a3:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2GWIF5rK1QrIiqEHdcrZ0aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjYwNDEzMTAxNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjJhYTVlODZhM2I0M2U2ZjgxMmIwZmIxNWU0MmNhOTViODE3NjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDZZRLF2Pkl7ATt9tmrKWBfXCGpo
Bhd/9gciexlmcu/8H7BIOvcn+HeLbJo7EA/ipGiJzbCuIl27B5kGNBJirg7LSbiE
t4q6xg2H2xvCGD/belKsRRSCBZhmtnJIhOI3FBTIlqSTalRb84580UFcZLlIKW5N
9p70e3koNRnoiZHBGcTLteVaMcHCr1b/4AX5pXHmkccdV4pfzUM5//iLaGDd7aQt
YgnGXr45+jzNzgZ2esqpeL+S1Y2Up06CTDPQziXJF9Lx/kYQbdB3v5jsZcMk+rxV
kbDis9yHUkxGELWJMu+36v51a7NvLhxAm8WQ6OGUVLR05PPgGdtKmxsQjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIqpehqO0Pm+BKw+xXkLKlbgXZWMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvUWlxbDZHbzdRLWI0RXJEN0ZlUXNxVnVCZGxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3LKMA0G
CSqGSIb3DQEBCwUAA4IBAQBLuwbGp3kqZKwQFroaOiCsk8F7WhgxezB3mVz+Nq01
0m6CHj2beHMNadrdSyVg2Pht991SpEXJaNV4t1vBdHZL+YNyywrYoYY4tDvp34qm
yJ5J/uZci2vOlLhfz2kq9iYBrZKsSLutLG4g02hbO9Arwm7fd3r4BC6gxwrDFVqd
QfyR8YAd7TaMlDARuMxfBFKSE1MDf1LrbCCxu2UWFmlipozcBkjIeNSN+LEtEFKt
yUbx8+8pFcA80XCU12milzpzoLOGIp+8Va2aqf9X9R8Ck//3DBpo/3vRyhK+4uc/
9HZRFlqBhcPYUUmxonZx2TWOLCx8P0TPOv2Aj2M10qNj
-----END CERTIFICATE-----