Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/QbtpjRD7vzt8Yfk_ZoeW9WIF0Po.roa
File:                     QbtpjRD7vzt8Yfk_ZoeW9WIF0Po.roa (raw, json)
Hash identifier:          1WEseGejgzdLozBcwPJnEs/tdv2HbetqvcupBe94udA=
Subject key identifier:   41:BB:69:8D:10:FB:BF:3B:7C:61:F9:3F:66:87:96:F5:62:05:D0:FA
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019F17FADF81EB5C4D60D266CD795384E202
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/QbtpjRD7vzt8Yfk_ZoeW9WIF0Po.roa
Signing time:             Tue 30 Jun 2026 10:02:24 +0000
ROA not before:           Tue 30 Jun 2026 10:02:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197328
IP address blocks:        45.94.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 19:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:17:fa:df:81:eb:5c:4d:60:d2:66:cd:79:53:84:e2:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jun 30 10:02:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=41bb698d10fbbf3b7c61f93f668796f56205d0fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b8:df:c0:78:95:ae:5f:6e:5c:a5:03:34:cc:
                    e4:38:f9:31:c8:c2:2b:0f:df:50:a7:67:3f:5d:c0:
                    3f:54:84:f4:09:e0:98:a2:7c:ca:3e:9b:6e:27:c6:
                    a7:04:b0:b8:11:bc:65:29:5d:75:27:2f:40:7c:8d:
                    d4:e2:3f:6a:95:65:82:ab:59:c7:47:84:ab:b3:35:
                    17:25:f3:03:43:ab:e2:7d:5b:2b:8a:8a:31:3f:00:
                    7f:cb:ee:29:97:86:f4:10:46:0a:87:13:be:35:ce:
                    11:5c:82:b2:e2:82:e2:ed:ee:56:8e:f0:85:32:c9:
                    19:4e:da:a1:e6:5f:12:00:bf:56:a6:2c:ac:60:a0:
                    62:31:f7:89:69:0b:27:a2:26:95:ee:59:ef:6b:57:
                    b0:ae:6f:5e:ac:1c:58:23:2c:b0:8b:af:fc:dd:35:
                    d2:b8:60:26:bc:15:20:85:9e:fe:15:72:a5:01:1c:
                    05:45:fc:be:04:08:71:dd:55:5b:76:5c:2c:26:85:
                    00:26:56:6a:64:e6:92:db:d1:12:b3:41:7d:1b:d1:
                    ae:ce:b6:05:7c:f2:28:38:75:02:d4:b4:6e:74:89:
                    ad:4b:d4:1f:95:8a:19:3c:4b:7b:f5:e7:48:47:f0:
                    5c:46:c9:26:39:de:89:07:11:81:c0:dd:2f:28:07:
                    c7:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:BB:69:8D:10:FB:BF:3B:7C:61:F9:3F:66:87:96:F5:62:05:D0:FA
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/QbtpjRD7vzt8Yfk_ZoeW9WIF0Po.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:05:f0:75:ea:7f:ed:41:3d:39:45:79:af:03:16:33:39:df:
         2b:4e:f1:d0:6b:7f:dd:1f:af:b6:4b:c8:a2:bf:c7:f1:50:59:
         15:e8:7b:56:34:ac:06:4a:e6:b1:ac:53:84:a6:7e:e5:14:c9:
         35:45:01:6b:58:33:ad:6e:fd:3f:2e:d6:47:62:97:80:b8:17:
         6f:9f:70:81:67:94:12:b0:97:6b:53:7e:f4:53:ca:8a:6c:cf:
         95:68:00:c1:0e:f5:32:00:ed:25:f5:29:a1:87:8c:2b:48:47:
         76:54:b0:2e:3f:ff:2d:2d:84:9b:20:32:07:33:6d:c5:47:8a:
         26:52:24:50:27:98:73:50:e0:3e:87:22:a6:3c:97:b1:e8:6b:
         95:a0:a4:93:63:c0:67:3e:5e:7f:17:70:01:e0:5e:53:58:4f:
         41:11:6c:90:2c:a6:54:8b:bc:8e:a3:f9:72:cf:9c:fc:a0:f2:
         7b:63:62:20:6f:53:cc:f9:52:26:f8:5d:a4:ae:17:2c:82:74:
         1f:10:7a:ac:25:d4:8b:eb:54:e0:ce:9b:09:04:a8:4d:32:21:
         7d:7a:6a:f3:b9:a6:04:16:20:c8:52:68:e2:8c:68:67:fc:b5:
         31:5d:52:f4:74:23:aa:f8:f3:78:7d:ec:b2:04:a7:89:a4:0d:
         e1:a0:82:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8X+t+B61xNYNJmzXlThOICMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwNjMwMTAwMjI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWJiNjk4ZDEwZmJiZjNiN2M2MWY5M2Y2Njg3OTZmNTYyMDVkMGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbjfwHiVrl9uXKUDNMzkOPkxyMIr
D99Qp2c/XcA/VIT0CeCYonzKPptuJ8anBLC4EbxlKV11Jy9AfI3U4j9qlWWCq1nH
R4SrszUXJfMDQ6vifVsriooxPwB/y+4pl4b0EEYKhxO+Nc4RXIKy4oLi7e5WjvCF
MskZTtqh5l8SAL9WpiysYKBiMfeJaQsnoiaV7lnva1ewrm9erBxYIyywi6/83TXS
uGAmvBUghZ7+FXKlARwFRfy+BAhx3VVbdlwsJoUAJlZqZOaS29ESs0F9G9GuzrYF
fPIoOHUC1LRudImtS9QflYoZPEt79edIR/BcRskmOd6JBxGBwN0vKAfHbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEG7aY0Q+787fGH5P2aHlvViBdD6MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvUWJ0cGpSRDd2enQ4WWZrX1pvZVc5V0lGMFBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV6qMA0G
CSqGSIb3DQEBCwUAA4IBAQBvBfB16n/tQT05RXmvAxYzOd8rTvHQa3/dH6+2S8ii
v8fxUFkV6HtWNKwGSuaxrFOEpn7lFMk1RQFrWDOtbv0/LtZHYpeAuBdvn3CBZ5QS
sJdrU370U8qKbM+VaADBDvUyAO0l9Smhh4wrSEd2VLAuP/8tLYSbIDIHM23FR4om
UiRQJ5hzUOA+hyKmPJex6GuVoKSTY8BnPl5/F3AB4F5TWE9BEWyQLKZUi7yOo/ly
z5z8oPJ7Y2Igb1PM+VIm+F2krhcsgnQfEHqsJdSL61TgzpsJBKhNMiF9emrzuaYE
FiDIUmjijGhn/LUxXVL0dCOq+PN4feyyBKeJpA3hoIIa
-----END CERTIFICATE-----
Generated at Wed Jul 1 02:33:59 2026 by rpki-client