Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/qoAheOHH9UlqCoE7XA-QfCZLxZw.roa
File:                     qoAheOHH9UlqCoE7XA-QfCZLxZw.roa (raw, json)
Hash identifier:          VVjSLN2hXu/mswe8VPF+IlHQVMhQLF+wIH35GZEPXZ0=
Subject key identifier:   AA:80:21:78:E1:C7:F5:49:6A:0A:81:3B:5C:0F:90:7C:26:4B:C5:9C
Certificate issuer:       /CN=ae261a8df53292c730e2ae1dfcfc4fe3ff76b1d0
Certificate serial:       019D5242D9B430D3F6F183DE5DE93D657950
Authority key identifier: AE:26:1A:8D:F5:32:92:C7:30:E2:AE:1D:FC:FC:4F:E3:FF:76:B1:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/riYajfUykscw4q4d_PxP4_92sdA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/qoAheOHH9UlqCoE7XA-QfCZLxZw.roa
Signing time:             Fri 03 Apr 2026 07:33:25 +0000
ROA not before:           Fri 03 Apr 2026 07:33:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205623
IP address blocks:        62.162.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/riYajfUykscw4q4d_PxP4_92sdA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/riYajfUykscw4q4d_PxP4_92sdA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/riYajfUykscw4q4d_PxP4_92sdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 02:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:42:d9:b4:30:d3:f6:f1:83:de:5d:e9:3d:65:79:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae261a8df53292c730e2ae1dfcfc4fe3ff76b1d0
        Validity
            Not Before: Apr  3 07:33:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aa802178e1c7f5496a0a813b5c0f907c264bc59c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:43:34:e0:22:96:7c:a9:38:59:69:aa:7d:5c:
                    4f:2c:c8:ee:a4:e2:cf:c2:a6:2e:0a:f4:31:4f:03:
                    5b:d8:e1:44:fc:09:71:e8:13:00:a6:d8:14:fb:73:
                    b5:da:37:f0:4a:75:0b:22:1b:7a:ca:fa:03:9d:ef:
                    f3:52:0f:64:ec:35:c0:a7:14:a1:bd:5f:08:45:e1:
                    23:75:ad:34:45:1e:92:9f:00:b4:7b:6b:8c:88:81:
                    95:22:c5:b4:a9:7b:c5:15:af:e2:24:ad:33:12:17:
                    21:8c:e1:b1:fe:87:0c:77:8c:ad:19:3b:44:f4:06:
                    e6:f7:5a:6c:1c:b7:42:eb:c1:f0:89:42:1b:92:de:
                    dd:47:d2:a0:c3:35:0f:77:44:0a:fb:74:9b:5c:59:
                    6f:6c:38:df:e2:a9:77:f9:33:19:dc:a9:2b:68:9a:
                    e9:f4:a3:02:71:b0:7b:6a:8f:5d:55:b0:50:b8:d7:
                    36:b3:c3:41:c0:c4:f4:f7:23:64:34:de:16:a0:a2:
                    01:3f:42:11:88:fb:60:53:96:eb:76:8b:c5:ea:74:
                    e3:b8:44:1b:ed:66:9a:f6:20:ce:00:b8:45:93:f5:
                    52:fe:d8:07:bd:b6:21:75:71:7a:87:5f:82:7f:a2:
                    a2:67:78:e8:21:51:3b:2f:60:cc:7e:2a:1f:c0:78:
                    48:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:80:21:78:E1:C7:F5:49:6A:0A:81:3B:5C:0F:90:7C:26:4B:C5:9C
            X509v3 Authority Key Identifier:
                keyid:AE:26:1A:8D:F5:32:92:C7:30:E2:AE:1D:FC:FC:4F:E3:FF:76:B1:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/riYajfUykscw4q4d_PxP4_92sdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/qoAheOHH9UlqCoE7XA-QfCZLxZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/1a849e-861c-4c4d-bcf4-5695d89d7b36/1/riYajfUykscw4q4d_PxP4_92sdA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.162.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:c9:0d:d1:19:98:5b:11:f0:e4:e0:6d:3c:3d:d5:17:de:b3:
         c9:e3:95:e2:16:2b:ea:0a:d2:b1:c6:db:a1:d3:65:24:65:7e:
         a8:b0:12:5c:e2:f7:17:f8:f3:f4:a3:f9:32:35:65:27:2c:f6:
         aa:7a:43:d1:73:b9:5c:24:06:d9:90:83:01:76:d5:37:a3:4f:
         cc:4a:73:7c:b7:22:ec:6e:68:e3:70:be:1b:54:09:34:6d:bf:
         da:0f:da:27:bd:24:a1:d6:f3:8f:71:b0:fc:a9:26:4f:e6:72:
         e9:7b:2e:76:c3:93:f5:5a:bb:42:f1:e8:54:27:77:b6:99:e8:
         1b:d4:e9:1f:2f:82:c1:1c:3f:0f:a1:57:d7:23:34:9e:b8:0c:
         46:18:9a:42:eb:e7:a3:cb:20:e8:d0:ae:79:5e:b2:fa:1e:9f:
         4a:a4:ba:a7:b3:d1:14:0d:8d:bf:dc:78:6b:c9:04:dd:f9:06:
         cc:48:f6:dd:6f:3d:ad:9e:16:bb:0e:13:d9:45:38:64:57:27:
         41:3e:89:22:03:b3:4a:2c:f3:47:2e:3d:21:33:ac:0f:b2:ff:
         dd:31:23:3d:f7:99:7c:8e:cf:91:89:8e:2e:41:ef:29:33:ed:
         40:1a:83:af:b0:e3:3e:a2:c1:69:a0:37:df:03:28:93:33:e2:
         c7:fd:e0:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1SQtm0MNP28YPeXek9ZXlQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlMjYxYThkZjUzMjkyYzczMGUyYWUxZGZjZmM0ZmUzZmY3
NmIxZDAwHhcNMjYwNDAzMDczMzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTgwMjE3OGUxYzdmNTQ5NmEwYTgxM2I1YzBmOTA3YzI2NGJjNTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukM04CKWfKk4WWmqfVxPLMjupOLP
wqYuCvQxTwNb2OFE/Alx6BMAptgU+3O12jfwSnULIht6yvoDne/zUg9k7DXApxSh
vV8IReEjda00RR6SnwC0e2uMiIGVIsW0qXvFFa/iJK0zEhchjOGx/ocMd4ytGTtE
9Abm91psHLdC68HwiUIbkt7dR9KgwzUPd0QK+3SbXFlvbDjf4ql3+TMZ3KkraJrp
9KMCcbB7ao9dVbBQuNc2s8NBwMT09yNkNN4WoKIBP0IRiPtgU5brdovF6nTjuEQb
7Waa9iDOALhFk/VS/tgHvbYhdXF6h1+Cf6KiZ3joIVE7L2DMfiofwHhIRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqAIXjhx/VJagqBO1wPkHwmS8WcMB8GA1UdIwQY
MBaAFK4mGo31MpLHMOKuHfz8T+P/drHQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmlZYWpmVXlrc2N3NHE0ZF9QeFA0Xzkyc2RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy8xYTg0OWUtODYxYy00YzRkLWJjZjQt
NTY5NWQ4OWQ3YjM2LzEvcW9BaGVPSEg5VWxxQ29FN1hBLVFmQ1pMeFp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy8xYTg0OWUtODYxYy00YzRkLWJjZjQtNTY5NWQ4OWQ3YjM2
LzEvcmlZYWpmVXlrc2N3NHE0ZF9QeFA0Xzkyc2RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqJ0MA0G
CSqGSIb3DQEBCwUAA4IBAQBmyQ3RGZhbEfDk4G08PdUX3rPJ45XiFivqCtKxxtuh
02UkZX6osBJc4vcX+PP0o/kyNWUnLPaqekPRc7lcJAbZkIMBdtU3o0/MSnN8tyLs
bmjjcL4bVAk0bb/aD9onvSSh1vOPcbD8qSZP5nLpey52w5P1WrtC8ehUJ3e2megb
1OkfL4LBHD8PoVfXIzSeuAxGGJpC6+ejyyDo0K55XrL6Hp9KpLqns9EUDY2/3Hhr
yQTd+QbMSPbdbz2tnha7DhPZRThkVydBPokiA7NKLPNHLj0hM6wPsv/dMSM995l8
js+RiY4uQe8pM+1AGoOvsOM+osFpoDffAyiTM+LH/eDq
-----END CERTIFICATE-----