Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/QD9hPLX-80rYaJMQB0QtMTgFYKs.roa
File:                     QD9hPLX-80rYaJMQB0QtMTgFYKs.roa (raw, json)
Hash identifier:          PZIAWp7QYwirxEd2GD8nNF0JlxDC6asrNj48mYAoR8s=
Subject key identifier:   40:3F:61:3C:B5:FE:F3:4A:D8:68:93:10:07:44:2D:31:38:05:60:AB
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019C2967F1D9CC8DFA2BE99B53DEAEDA28F1
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/QD9hPLX-80rYaJMQB0QtMTgFYKs.roa
Signing time:             Wed 04 Feb 2026 16:06:43 +0000
ROA not before:           Wed 04 Feb 2026 16:06:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     174
IP address blocks:        89.191.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:29:67:f1:d9:cc:8d:fa:2b:e9:9b:53:de:ae:da:28:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Feb  4 16:06:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=403f613cb5fef34ad868931007442d31380560ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:24:ec:30:a8:56:ef:94:ee:a3:b3:58:fd:10:
                    03:b4:1c:4a:84:c6:8d:79:94:97:51:7f:e0:81:5d:
                    74:a9:bf:ae:4a:5b:70:f8:ff:61:84:fb:68:41:42:
                    b6:12:1c:46:c2:44:f6:a0:7d:76:4b:29:a3:20:08:
                    74:90:54:ad:7d:ff:77:ae:fd:d9:32:1b:6c:4c:bb:
                    48:ef:b3:5e:e0:3e:8d:a9:4f:36:ee:ee:b4:c3:69:
                    fb:45:41:e2:95:fd:a3:c4:b3:30:96:35:1a:86:cf:
                    4f:4a:98:65:77:9b:84:4c:b8:a7:8e:17:3f:e9:0a:
                    78:c8:db:0d:b9:49:b1:8f:66:7d:e0:d1:99:bb:2b:
                    75:ec:4d:f6:6a:58:65:19:8c:62:0b:9f:94:8a:4f:
                    cc:de:21:bb:8e:33:ed:32:dd:bb:a5:e4:96:b1:3b:
                    53:77:da:02:e0:b9:72:7d:4c:e5:98:07:36:42:35:
                    ac:c5:5f:91:35:db:e6:eb:a2:25:e8:b4:ee:90:40:
                    52:9a:d3:ee:30:32:38:2a:e6:81:07:0e:e9:1a:3e:
                    ae:65:7a:b9:76:59:1f:27:2e:39:3d:95:51:28:4a:
                    3e:19:99:9e:82:6a:c5:20:d5:85:a1:4d:84:bc:a6:
                    e4:dd:85:75:78:e8:65:44:52:f1:35:39:bf:5a:cd:
                    0d:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:3F:61:3C:B5:FE:F3:4A:D8:68:93:10:07:44:2D:31:38:05:60:AB
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/QD9hPLX-80rYaJMQB0QtMTgFYKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.191.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:17:f1:cd:cd:55:39:58:b9:01:ae:c7:82:08:71:85:13:6e:
         15:15:0a:fd:3c:cc:48:72:9e:bc:d5:c3:af:8e:45:e6:8c:95:
         da:e8:64:26:96:7e:d6:47:b1:02:6a:9e:3c:83:1d:cd:d6:ef:
         f9:b4:1c:82:64:e9:20:ec:0b:6a:ec:2e:b0:8e:34:44:35:09:
         ba:fc:87:cf:ef:01:d8:54:46:0e:f0:99:d3:9b:81:af:8e:af:
         6c:fb:03:c1:c9:3b:5b:53:ca:d9:2e:ae:e8:1d:e1:9f:b6:91:
         ca:e5:85:25:93:18:65:22:a3:2e:92:c0:ba:94:6a:2d:ba:da:
         c8:33:44:fa:0e:d6:8c:ab:d1:64:47:33:f5:f0:df:a3:ad:07:
         70:f1:fa:75:b5:e4:f3:1d:ed:dd:03:5c:6c:d4:3b:cc:45:72:
         85:7f:53:7b:3e:2b:1a:5b:69:28:76:e3:2b:d3:f0:6c:cb:3a:
         bf:09:3f:d2:94:c1:41:af:d0:f5:b2:7e:56:95:c9:7a:d3:18:
         be:34:6b:e1:c2:98:ca:05:eb:36:8b:54:b1:c2:85:c5:85:1b:
         1e:59:60:f2:1a:7d:7d:d8:41:80:20:9b:a8:21:31:42:71:ca:
         47:1f:76:03:74:2a:c0:37:b3:7c:e9:12:18:6a:9c:4a:55:37:
         6d:86:f1:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwpZ/HZzI36K+mbU96u2ijxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjYwMjA0MTYwNjQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDNmNjEzY2I1ZmVmMzRhZDg2ODkzMTAwNzQ0MmQzMTM4MDU2MGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiTsMKhW75Tuo7NY/RADtBxKhMaN
eZSXUX/ggV10qb+uSltw+P9hhPtoQUK2EhxGwkT2oH12SymjIAh0kFStff93rv3Z
MhtsTLtI77Ne4D6NqU827u60w2n7RUHilf2jxLMwljUahs9PSphld5uETLinjhc/
6Qp4yNsNuUmxj2Z94NGZuyt17E32alhlGYxiC5+Uik/M3iG7jjPtMt27peSWsTtT
d9oC4LlyfUzlmAc2QjWsxV+RNdvm66Il6LTukEBSmtPuMDI4KuaBBw7pGj6uZXq5
dlkfJy45PZVRKEo+GZmegmrFINWFoU2EvKbk3YV1eOhlRFLxNTm/Ws0NwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEA/YTy1/vNK2GiTEAdELTE4BWCrMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvUUQ5aFBMWC04MHJZYUpNUUIwUXRNVGdGWUtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWb94MA0G
CSqGSIb3DQEBCwUAA4IBAQAyF/HNzVU5WLkBrseCCHGFE24VFQr9PMxIcp681cOv
jkXmjJXa6GQmln7WR7ECap48gx3N1u/5tByCZOkg7Atq7C6wjjRENQm6/IfP7wHY
VEYO8JnTm4Gvjq9s+wPByTtbU8rZLq7oHeGftpHK5YUlkxhlIqMuksC6lGotutrI
M0T6DtaMq9FkRzP18N+jrQdw8fp1teTzHe3dA1xs1DvMRXKFf1N7PisaW2koduMr
0/Bsyzq/CT/SlMFBr9D1sn5Wlcl60xi+NGvhwpjKBes2i1SxwoXFhRseWWDyGn19
2EGAIJuoITFCccpHH3YDdCrAN7N86RIYapxKVTdthvG9
-----END CERTIFICATE-----