Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/qfYseX0GpDJ3nwbZkrDDY-_lcTQ.roa
File:                     qfYseX0GpDJ3nwbZkrDDY-_lcTQ.roa (raw, json)
Hash identifier:          9SV1r203DsffZLFBuKYeAWKCRAM7udUdpGOOPSGi5Bw=
Subject key identifier:   A9:F6:2C:79:7D:06:A4:32:77:9F:06:D9:92:B0:C3:63:EF:E5:71:34
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019D5ECE08AA61BFB85114132FBAF966FE25
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/qfYseX0GpDJ3nwbZkrDDY-_lcTQ.roa
Signing time:             Sun 05 Apr 2026 18:00:53 +0000
ROA not before:           Sun 05 Apr 2026 18:00:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        45.11.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 Apr 2026 09:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5e:ce:08:aa:61:bf:b8:51:14:13:2f:ba:f9:66:fe:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Apr  5 18:00:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a9f62c797d06a432779f06d992b0c363efe57134
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:86:55:87:44:d1:04:91:4e:9f:8a:aa:cc:b7:
                    a4:a4:5f:d8:01:0b:03:e2:ba:27:ad:15:77:83:0c:
                    0d:40:00:54:50:b5:81:08:dc:9d:c0:1a:eb:d9:8d:
                    ed:88:13:ce:bb:34:89:ee:cd:31:4b:00:2a:b9:65:
                    d1:1c:e1:d9:48:c8:f0:31:09:74:c5:5f:02:a9:44:
                    2c:00:e6:f6:05:13:50:56:23:bf:17:20:ab:4a:95:
                    7c:16:6d:8f:12:32:9b:08:71:d5:7e:fb:60:af:0c:
                    e2:89:31:69:d5:97:c0:b4:0f:e1:c2:3d:5d:fa:c7:
                    b5:fa:c2:ca:70:25:88:be:3c:b7:35:e8:4d:a3:f4:
                    91:b3:70:46:68:87:3e:79:08:c5:8b:0e:44:46:06:
                    7e:0d:bd:66:8b:e1:e6:57:c0:aa:55:c4:a8:ef:e0:
                    fb:a9:1e:6f:b4:96:40:9d:d7:ac:7c:d7:fb:6a:ab:
                    05:df:1e:0e:09:72:30:c6:9c:ba:db:d1:94:be:2d:
                    56:35:e7:cc:44:c7:57:92:56:97:e1:ff:8b:36:48:
                    b2:90:27:b8:21:f9:5c:05:b3:f9:eb:f7:38:26:c9:
                    83:2e:64:b7:4e:0f:a3:dc:6b:cd:3e:d5:dc:fb:5e:
                    00:18:28:79:a2:6f:fb:ef:3f:3a:cb:38:9a:0b:a1:
                    38:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:F6:2C:79:7D:06:A4:32:77:9F:06:D9:92:B0:C3:63:EF:E5:71:34
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/qfYseX0GpDJ3nwbZkrDDY-_lcTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:7b:1b:81:32:fc:95:44:94:12:5e:a9:fe:12:b3:0c:24:f9:
         56:fd:be:63:b0:18:fb:b5:8a:6e:a4:36:65:6c:b2:94:d0:30:
         ef:99:db:c8:a0:32:28:f9:e3:c3:49:64:92:a5:49:00:37:bd:
         ab:ce:df:1c:50:d7:ac:58:01:32:b5:5b:f1:e3:b8:76:53:46:
         20:db:e1:5c:e5:e1:d8:4a:3e:ac:95:b6:5f:79:15:f8:2e:e5:
         c4:7b:61:4b:59:9a:f7:6b:12:62:50:32:08:ce:cb:62:c3:f1:
         ec:19:3e:73:43:24:cf:a1:b2:84:15:d6:37:ba:9d:32:b4:9b:
         51:0a:00:b0:cc:80:e1:f3:1d:a7:dd:ed:db:9f:29:ff:61:30:
         69:53:8f:0b:de:30:90:f1:1b:8c:9b:bf:20:f0:52:a9:57:bf:
         d3:39:63:82:82:3c:b6:4d:e9:cc:b6:b3:bb:c2:24:8a:61:b5:
         28:06:29:e5:88:b9:47:c2:52:b2:b9:4e:b6:ca:7f:03:73:5f:
         99:c8:8a:5b:21:6d:39:5c:4e:86:e1:5f:36:e0:0a:b4:24:7b:
         51:2b:8f:66:2b:5b:8f:a1:74:88:1c:c0:ca:98:fd:30:c1:b0:
         03:64:84:57:9b:b0:46:d3:02:cf:58:63:98:90:0a:65:3f:20:
         5a:68:3d:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1ezgiqYb+4URQTL7r5Zv4lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjYwNDA1MTgwMDUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWY2MmM3OTdkMDZhNDMyNzc5ZjA2ZDk5MmIwYzM2M2VmZTU3MTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1IZVh0TRBJFOn4qqzLekpF/YAQsD
4ronrRV3gwwNQABUULWBCNydwBrr2Y3tiBPOuzSJ7s0xSwAquWXRHOHZSMjwMQl0
xV8CqUQsAOb2BRNQViO/FyCrSpV8Fm2PEjKbCHHVfvtgrwziiTFp1ZfAtA/hwj1d
+se1+sLKcCWIvjy3NehNo/SRs3BGaIc+eQjFiw5ERgZ+Db1mi+HmV8CqVcSo7+D7
qR5vtJZAndesfNf7aqsF3x4OCXIwxpy629GUvi1WNefMRMdXklaX4f+LNkiykCe4
IflcBbP56/c4JsmDLmS3Tg+j3GvNPtXc+14AGCh5om/77z86yziaC6E4ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKn2LHl9BqQyd58G2ZKww2Pv5XE0MB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvcWZZc2VYMEdwREozbndiWmtyRERZLV9sY1RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQu6MA0G
CSqGSIb3DQEBCwUAA4IBAQB8exuBMvyVRJQSXqn+ErMMJPlW/b5jsBj7tYpupDZl
bLKU0DDvmdvIoDIo+ePDSWSSpUkAN72rzt8cUNesWAEytVvx47h2U0Yg2+Fc5eHY
Sj6slbZfeRX4LuXEe2FLWZr3axJiUDIIzstiw/HsGT5zQyTPobKEFdY3up0ytJtR
CgCwzIDh8x2n3e3bnyn/YTBpU48L3jCQ8RuMm78g8FKpV7/TOWOCgjy2TenMtrO7
wiSKYbUoBinliLlHwlKyuU62yn8Dc1+ZyIpbIW05XE6G4V824Aq0JHtRK49mK1uP
oXSIHMDKmP0wwbADZIRXm7BG0wLPWGOYkAplPyBaaD0O
-----END CERTIFICATE-----