Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/291463-91cc-4704-9528-69794f050276/1/qXW1tFeOtiksAO4B-LToz6aX1z0.roa
File:                     qXW1tFeOtiksAO4B-LToz6aX1z0.roa (raw, json)
Hash identifier:          uLilZNr9B9MLP79uUoSooDJXZ1XBNKFz1okgC0rlTvg=
Subject key identifier:   A9:75:B5:B4:57:8E:B6:29:2C:00:EE:01:F8:B4:E8:CF:A6:97:D7:3D
Certificate issuer:       /CN=1e9289a015af4441f8f9df4c8c55e98b292881cf
Certificate serial:       019B7F15211EA0E39FB4F1417D7CB6B77545
Authority key identifier: 1E:92:89:A0:15:AF:44:41:F8:F9:DF:4C:8C:55:E9:8B:29:28:81:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpKJoBWvREH4-d9MjFXpiykogc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/291463-91cc-4704-9528-69794f050276/1/qXW1tFeOtiksAO4B-LToz6aX1z0.roa
Signing time:             Fri 02 Jan 2026 14:20:49 +0000
ROA not before:           Fri 02 Jan 2026 14:20:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50570
IP address blocks:        195.191.152.0/24 maxlen: 24
                          195.191.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/291463-91cc-4704-9528-69794f050276/1/HpKJoBWvREH4-d9MjFXpiykogc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/291463-91cc-4704-9528-69794f050276/1/HpKJoBWvREH4-d9MjFXpiykogc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HpKJoBWvREH4-d9MjFXpiykogc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:21:1e:a0:e3:9f:b4:f1:41:7d:7c:b6:b7:75:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9289a015af4441f8f9df4c8c55e98b292881cf
        Validity
            Not Before: Jan  2 14:20:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a975b5b4578eb6292c00ee01f8b4e8cfa697d73d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:97:a6:63:a8:c7:9a:f3:45:a4:85:65:0b:04:
                    28:36:02:dd:f5:ef:68:b7:c8:95:1c:b3:ed:ab:db:
                    e4:32:21:7f:4c:4c:4c:14:7b:f6:6b:f3:75:80:2e:
                    5a:b1:b2:b1:f7:41:cb:ae:29:33:1c:d6:f8:ad:0f:
                    7d:ed:6e:93:be:c9:c2:fa:20:ca:21:2b:f5:70:07:
                    38:58:47:29:9e:4b:10:09:e9:e7:79:18:0f:6e:8c:
                    4a:7f:c6:bd:94:ba:13:06:24:0b:5c:8f:c3:f3:97:
                    49:0d:f2:22:0c:5a:b4:2d:b7:44:36:e4:a8:0b:f6:
                    fa:59:71:d4:d7:30:d2:e7:0d:be:df:2c:86:fb:ff:
                    81:b8:77:df:41:a1:f6:c2:e7:b5:d6:95:d0:dc:2c:
                    24:ec:0b:56:fb:d0:fd:8b:33:37:7e:c7:43:50:76:
                    18:5f:e9:fc:12:16:56:52:5d:e8:23:53:3b:b3:be:
                    df:e4:04:6e:ae:f6:57:5d:94:4f:5f:73:f1:f1:61:
                    15:34:ab:89:6c:34:1d:c1:86:74:aa:94:79:db:36:
                    21:1f:1d:9c:4a:7e:e1:1c:87:ae:c8:7d:ad:7e:0f:
                    b9:50:4b:13:45:e8:1c:9a:c9:b9:6f:2d:ee:e3:4d:
                    27:f7:2a:c1:c8:4e:55:7d:9b:f4:a1:a1:cd:b6:df:
                    99:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:75:B5:B4:57:8E:B6:29:2C:00:EE:01:F8:B4:E8:CF:A6:97:D7:3D
            X509v3 Authority Key Identifier:
                keyid:1E:92:89:A0:15:AF:44:41:F8:F9:DF:4C:8C:55:E9:8B:29:28:81:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpKJoBWvREH4-d9MjFXpiykogc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/291463-91cc-4704-9528-69794f050276/1/qXW1tFeOtiksAO4B-LToz6aX1z0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/291463-91cc-4704-9528-69794f050276/1/HpKJoBWvREH4-d9MjFXpiykogc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         98:69:97:15:87:f1:f2:e2:9d:d0:ce:33:02:f2:02:89:1f:83:
         ed:18:c3:b0:a4:2c:ae:02:34:b2:9c:35:fe:c3:b6:37:8c:49:
         30:b4:eb:d0:13:a3:6a:42:e6:2d:c5:71:33:6c:46:dd:7f:16:
         ee:06:42:b6:bb:87:e8:2b:f7:64:3f:4d:55:82:4f:0d:b5:21:
         b6:9f:02:c4:d9:45:76:e4:17:d1:08:e1:05:2f:09:cf:92:22:
         0b:4c:11:bf:c6:e5:0d:03:d2:76:87:05:11:48:01:95:af:1b:
         3c:6c:62:19:ab:a3:d5:4d:78:4c:88:0b:9f:84:50:73:f3:02:
         43:51:40:d4:11:63:cf:e8:ed:6b:73:81:d3:69:25:30:e8:d1:
         05:49:19:6a:2b:07:47:e5:40:78:93:99:64:46:17:e2:99:d6:
         58:dc:85:f9:d5:4e:fe:2a:8b:4f:8a:dd:e6:a6:9e:f1:c0:1d:
         3c:97:fa:8a:fd:e4:b9:9b:17:03:06:bf:f7:66:5a:b7:90:64:
         63:96:a5:84:57:79:c4:ff:95:47:95:b7:c9:20:6b:89:e6:ca:
         58:8d:76:5b:6d:81:84:5d:65:10:ae:2f:51:95:3e:31:df:ad:
         d4:25:62:26:b5:f9:a9:5e:40:de:3b:77:47:ae:c7:c9:7b:ac:
         e7:b8:35:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FSEeoOOftPFBfXy2t3VFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOTI4OWEwMTVhZjQ0NDFmOGY5ZGY0YzhjNTVlOThiMjky
ODgxY2YwHhcNMjYwMTAyMTQyMDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTc1YjViNDU3OGViNjI5MmMwMGVlMDFmOGI0ZThjZmE2OTdkNzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5emY6jHmvNFpIVlCwQoNgLd9e9o
t8iVHLPtq9vkMiF/TExMFHv2a/N1gC5asbKx90HLrikzHNb4rQ997W6TvsnC+iDK
ISv1cAc4WEcpnksQCenneRgPboxKf8a9lLoTBiQLXI/D85dJDfIiDFq0LbdENuSo
C/b6WXHU1zDS5w2+3yyG+/+BuHffQaH2wue11pXQ3Cwk7AtW+9D9izM3fsdDUHYY
X+n8EhZWUl3oI1M7s77f5ARurvZXXZRPX3Px8WEVNKuJbDQdwYZ0qpR52zYhHx2c
Sn7hHIeuyH2tfg+5UEsTRegcmsm5by3u400n9yrByE5VfZv0oaHNtt+ZwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKl1tbRXjrYpLADuAfi06M+ml9c9MB8GA1UdIwQY
MBaAFB6SiaAVr0RB+PnfTIxV6YspKIHPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBLSm9CV3ZSRUg0LWQ5TWpGWHBpeWtvZ2M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8yOTE0NjMtOTFjYy00NzA0LTk1Mjgt
Njk3OTRmMDUwMjc2LzEvcVhXMXRGZU90aWtzQU80Qi1MVG96NmFYMXowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8yOTE0NjMtOTFjYy00NzA0LTk1MjgtNjk3OTRmMDUwMjc2
LzEvSHBLSm9CV3ZSRUg0LWQ5TWpGWHBpeWtvZ2M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7+YMA0G
CSqGSIb3DQEBCwUAA4IBAQCYaZcVh/Hy4p3QzjMC8gKJH4PtGMOwpCyuAjSynDX+
w7Y3jEkwtOvQE6NqQuYtxXEzbEbdfxbuBkK2u4foK/dkP01Vgk8NtSG2nwLE2UV2
5BfRCOEFLwnPkiILTBG/xuUNA9J2hwURSAGVrxs8bGIZq6PVTXhMiAufhFBz8wJD
UUDUEWPP6O1rc4HTaSUw6NEFSRlqKwdH5UB4k5lkRhfimdZY3IX51U7+KotPit3m
pp7xwB08l/qK/eS5mxcDBr/3Zlq3kGRjlqWEV3nE/5VHlbfJIGuJ5spYjXZbbYGE
XWUQri9RlT4x363UJWImtfmpXkDeO3dHrsfJe6znuDXS
-----END CERTIFICATE-----