Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/QDPNf8HwZYJ09Af_mjmhv0DtiN8.roa
File:                     QDPNf8HwZYJ09Af_mjmhv0DtiN8.roa (raw, json)
Hash identifier:          NkuXbumplisKca/w91dYv/Fqnnb9X5d7ZqsZKHBZPco=
Subject key identifier:   40:33:CD:7F:C1:F0:65:82:74:F4:07:FF:9A:39:A1:BF:40:ED:88:DF
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019ED0DA8C7A14B474C86B3EF0A6813380B2
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/QDPNf8HwZYJ09Af_mjmhv0DtiN8.roa
Signing time:             Tue 16 Jun 2026 14:34:04 +0000
ROA not before:           Tue 16 Jun 2026 14:34:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205261
IP address blocks:        147.45.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d0:da:8c:7a:14:b4:74:c8:6b:3e:f0:a6:81:33:80:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jun 16 14:34:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4033cd7fc1f0658274f407ff9a39a1bf40ed88df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7a:89:45:90:c8:14:2b:22:bb:bd:57:ad:62:
                    4a:db:7f:37:3c:c1:ac:81:f3:3c:80:b4:01:61:79:
                    ea:cd:ab:27:c7:79:aa:12:fe:93:3b:66:7a:22:cb:
                    1e:6e:e3:32:61:07:b2:30:f4:64:79:8a:ed:f1:97:
                    e1:11:94:64:ec:7e:0c:e9:85:29:fb:49:01:c8:8a:
                    04:2f:32:48:8d:ae:f4:97:81:12:93:f6:ab:1f:25:
                    fe:4f:7e:c4:23:9d:55:97:f2:7a:31:69:b6:e6:dc:
                    6e:0d:33:ea:14:43:07:c8:f0:77:9f:d9:89:31:5c:
                    8a:a1:ee:bf:4b:d5:aa:5a:77:48:94:af:70:0d:d0:
                    e7:36:61:b0:3f:9e:a2:03:15:73:86:e8:c1:09:1b:
                    bb:4e:16:82:10:46:81:08:02:a0:94:e5:b5:43:a0:
                    7f:d1:ab:9a:fb:4d:51:37:47:20:f5:17:8c:3f:93:
                    4d:0c:c2:ca:52:e8:64:a5:dc:53:fb:ee:99:00:ce:
                    d4:74:7d:ad:da:cd:f7:d4:95:11:cf:9c:12:1d:bf:
                    6d:73:08:d4:dd:eb:1c:c7:c8:42:c4:2f:e7:5f:11:
                    b5:4f:63:97:43:ad:82:6e:77:d2:22:eb:4d:19:e6:
                    3c:a3:48:70:4b:3f:60:0e:e9:dc:1c:7c:fd:24:e9:
                    21:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:33:CD:7F:C1:F0:65:82:74:F4:07:FF:9A:39:A1:BF:40:ED:88:DF
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/QDPNf8HwZYJ09Af_mjmhv0DtiN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:96:18:ba:32:3a:d2:27:58:74:66:b2:1d:11:72:97:26:65:
         b0:31:98:1c:69:7b:40:28:63:ed:8a:fe:cf:96:05:7c:63:65:
         b2:4f:0b:9e:81:d6:89:f9:a3:f6:c4:a8:80:23:d6:7e:6b:4d:
         39:a2:52:5a:32:ff:a7:17:2a:12:1d:1b:8d:57:57:75:38:49:
         20:ab:bf:91:a1:37:20:ad:7c:24:43:5f:08:73:f5:08:ba:5f:
         c6:8a:05:ba:87:ed:4e:0f:5b:80:98:cb:54:3a:e0:9f:78:ae:
         57:0a:25:c3:cb:db:a9:5a:c4:f1:f4:90:11:a5:f6:73:5b:f2:
         aa:80:44:4c:a5:be:15:4f:67:aa:75:a0:0d:0d:cf:12:e8:f3:
         3d:08:60:36:1e:7a:66:c5:fe:e8:ca:d8:51:2a:3a:e0:eb:e0:
         f9:81:e0:37:d5:5d:bd:da:8a:7c:0a:93:c8:e3:97:81:8c:97:
         ce:36:34:16:2d:99:59:bc:6b:1c:43:91:9e:25:09:a1:e2:4a:
         ae:21:e0:9e:bf:12:df:4d:8a:cd:8b:37:00:a2:f8:34:f7:6f:
         d7:aa:08:a0:f2:2c:3b:42:80:f2:90:19:87:f4:ea:d1:85:d5:
         38:ea:f6:9f:fc:bd:5f:60:bb:f0:89:d3:2a:20:f5:c7:36:63:
         7f:94:18:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7Q2ox6FLR0yGs+8KaBM4CyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwNjE2MTQzNDA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDMzY2Q3ZmMxZjA2NTgyNzRmNDA3ZmY5YTM5YTFiZjQwZWQ4OGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3qJRZDIFCsiu71XrWJK2383PMGs
gfM8gLQBYXnqzasnx3mqEv6TO2Z6IssebuMyYQeyMPRkeYrt8ZfhEZRk7H4M6YUp
+0kByIoELzJIja70l4ESk/arHyX+T37EI51Vl/J6MWm25txuDTPqFEMHyPB3n9mJ
MVyKoe6/S9WqWndIlK9wDdDnNmGwP56iAxVzhujBCRu7ThaCEEaBCAKglOW1Q6B/
0aua+01RN0cg9ReMP5NNDMLKUuhkpdxT++6ZAM7UdH2t2s331JURz5wSHb9tcwjU
3escx8hCxC/nXxG1T2OXQ62CbnfSIutNGeY8o0hwSz9gDuncHHz9JOkhJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAzzX/B8GWCdPQH/5o5ob9A7YjfMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvUURQTmY4SHdaWUowOUFmX21qbWh2MER0aU44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAky28MA0G
CSqGSIb3DQEBCwUAA4IBAQBAlhi6MjrSJ1h0ZrIdEXKXJmWwMZgcaXtAKGPtiv7P
lgV8Y2WyTwuegdaJ+aP2xKiAI9Z+a005olJaMv+nFyoSHRuNV1d1OEkgq7+RoTcg
rXwkQ18Ic/UIul/GigW6h+1OD1uAmMtUOuCfeK5XCiXDy9upWsTx9JARpfZzW/Kq
gERMpb4VT2eqdaANDc8S6PM9CGA2Hnpmxf7oythRKjrg6+D5geA31V292op8CpPI
45eBjJfONjQWLZlZvGscQ5GeJQmh4kquIeCevxLfTYrNizcAovg092/Xqgig8iw7
QoDykBmH9OrRhdU46vaf/L1fYLvwidMqIPXHNmN/lBiV
-----END CERTIFICATE-----