Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Q9515wb_maT3WH_ZA0zWLYmFpWU.roa
File:                     Q9515wb_maT3WH_ZA0zWLYmFpWU.roa (raw, json)
Hash identifier:          2JcLpqb/aL4ws5YTMMeWat/4VEzyd3I9lUyE0L2DFl0=
Subject key identifier:   43:DE:75:E7:06:FF:99:A4:F7:58:7F:D9:03:4C:D6:2D:89:85:A5:65
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019DA5BB30E945A64AED909CC2CFA9C15C8A
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Q9515wb_maT3WH_ZA0zWLYmFpWU.roa
Signing time:             Sun 19 Apr 2026 12:33:21 +0000
ROA not before:           Sun 19 Apr 2026 12:33:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196609
IP address blocks:        195.110.14.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 21:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a5:bb:30:e9:45:a6:4a:ed:90:9c:c2:cf:a9:c1:5c:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 19 12:33:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43de75e706ff99a4f7587fd9034cd62d8985a565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:73:c6:fa:b4:a2:e5:7c:4f:2e:8b:86:3a:d6:
                    05:56:82:eb:5d:1d:bf:2a:a7:bd:af:b2:f5:56:3c:
                    72:e4:c8:47:62:cd:3c:48:4b:07:d2:8a:8f:2a:22:
                    fd:78:a0:d4:0d:fc:54:cc:3f:37:d5:3c:ee:00:60:
                    07:57:f7:2b:b0:b2:74:c6:c6:66:d9:c4:93:05:e3:
                    cf:9b:eb:35:00:e8:18:df:85:ca:1b:da:02:ff:a6:
                    5a:5e:9c:b0:c1:d1:86:6f:0d:7b:54:1c:28:80:a8:
                    8c:99:27:74:22:a2:4f:a2:3e:21:e5:a2:48:1c:03:
                    02:91:27:9f:29:c2:5a:d4:47:c2:63:82:c9:d9:ef:
                    4f:c8:c5:0b:90:10:1a:ab:97:1c:2c:7c:0e:2d:00:
                    b0:35:0b:b1:41:56:0d:a6:b4:1f:35:0d:6b:ab:dc:
                    3c:bd:f7:85:77:38:3d:f3:03:41:f5:3d:12:99:ee:
                    fc:a8:ac:21:8c:cc:08:59:a8:a4:e5:0a:be:5b:f3:
                    fb:5b:2c:16:87:3b:0e:ce:f6:52:91:ea:62:68:5f:
                    7b:f2:69:08:fc:1b:f5:9c:85:c6:6a:5a:70:d5:6c:
                    12:d1:52:e6:a2:56:f7:0b:78:a8:4c:4d:0d:7f:ec:
                    80:6a:a3:ef:29:9f:5f:82:9a:8f:74:ef:a9:7a:dd:
                    0b:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:DE:75:E7:06:FF:99:A4:F7:58:7F:D9:03:4C:D6:2D:89:85:A5:65
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/Q9515wb_maT3WH_ZA0zWLYmFpWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.110.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:a9:ea:f2:1a:d9:56:d4:72:fd:9c:c5:a3:49:4d:5d:62:f5:
         d4:84:e5:70:bb:bd:da:50:bc:98:7b:c9:55:57:32:53:7b:08:
         f7:f2:e8:e2:72:9d:9e:66:d6:9d:0a:53:32:20:13:3c:bc:ac:
         23:8a:b5:ce:99:c2:f3:20:67:8a:e7:46:d6:b0:84:f4:18:4a:
         95:8a:15:dd:d4:57:84:fe:57:52:d6:04:81:53:7f:5b:64:5f:
         fe:ae:97:12:f9:63:c7:26:fa:c4:d7:f4:6e:af:63:4c:7a:a2:
         59:66:00:a4:46:8f:33:35:64:ad:01:ad:5a:2e:57:e9:bd:26:
         18:dd:c9:81:4d:dd:51:d1:ef:15:da:a7:b8:75:3d:b7:32:53:
         71:35:43:66:8c:af:fa:df:6f:17:3e:32:43:04:3f:6a:02:ba:
         3c:6f:63:64:7d:21:3c:6b:8f:03:3c:7f:ba:a6:04:0e:74:80:
         f8:97:ca:4b:ff:56:7c:28:20:4d:7c:2c:c0:ea:87:ff:ee:f1:
         98:45:54:22:c5:46:a1:82:cc:b5:3e:03:3e:bf:75:dc:8b:02:
         30:0b:dc:00:c9:9f:42:3b:e0:c2:93:1e:49:ff:a5:5c:55:9f:
         84:cc:e8:3e:58:74:12:7b:6a:42:28:9e:97:d2:e5:49:1f:fb:
         f5:04:43:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2luzDpRaZK7ZCcws+pwVyKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNDE5MTIzMzIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2RlNzVlNzA2ZmY5OWE0Zjc1ODdmZDkwMzRjZDYyZDg5ODVhNTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXPG+rSi5XxPLouGOtYFVoLrXR2/
Kqe9r7L1Vjxy5MhHYs08SEsH0oqPKiL9eKDUDfxUzD831TzuAGAHV/crsLJ0xsZm
2cSTBePPm+s1AOgY34XKG9oC/6ZaXpywwdGGbw17VBwogKiMmSd0IqJPoj4h5aJI
HAMCkSefKcJa1EfCY4LJ2e9PyMULkBAaq5ccLHwOLQCwNQuxQVYNprQfNQ1rq9w8
vfeFdzg98wNB9T0Sme78qKwhjMwIWaik5Qq+W/P7WywWhzsOzvZSkepiaF978mkI
/Bv1nIXGalpw1WwS0VLmolb3C3ioTE0Nf+yAaqPvKZ9fgpqPdO+pet0LZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPedecG/5mk91h/2QNM1i2JhaVlMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvUTk1MTV3Yl9tYVQzV0hfWkEweldMWW1GcFdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw24OMA0G
CSqGSIb3DQEBCwUAA4IBAQBBqeryGtlW1HL9nMWjSU1dYvXUhOVwu73aULyYe8lV
VzJTewj38ujicp2eZtadClMyIBM8vKwjirXOmcLzIGeK50bWsIT0GEqVihXd1FeE
/ldS1gSBU39bZF/+rpcS+WPHJvrE1/Rur2NMeqJZZgCkRo8zNWStAa1aLlfpvSYY
3cmBTd1R0e8V2qe4dT23MlNxNUNmjK/6328XPjJDBD9qAro8b2NkfSE8a48DPH+6
pgQOdID4l8pL/1Z8KCBNfCzA6of/7vGYRVQixUahgsy1PgM+v3XciwIwC9wAyZ9C
O+DCkx5J/6VcVZ+EzOg+WHQSe2pCKJ6X0uVJH/v1BEOD
-----END CERTIFICATE-----