Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/QTT2wXwHxS4gRsddiekPO2vvhUY.roa
File:                     QTT2wXwHxS4gRsddiekPO2vvhUY.roa (raw, json)
Hash identifier:          xPfnnKyAlXKJv7SKJSNDHLhI67SBSDzPfF3DXX7sDAI=
Subject key identifier:   41:34:F6:C1:7C:07:C5:2E:20:46:C7:5D:89:E9:0F:3B:6B:EF:85:46
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019D4A9D760EA3194D0DBEA8C456FF7648B4
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/QTT2wXwHxS4gRsddiekPO2vvhUY.roa
Signing time:             Wed 01 Apr 2026 19:55:26 +0000
ROA not before:           Wed 01 Apr 2026 19:55:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399486
IP address blocks:        2a13:c3c0::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 Apr 2026 15:13:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4a:9d:76:0e:a3:19:4d:0d:be:a8:c4:56:ff:76:48:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr  1 19:55:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4134f6c17c07c52e2046c75d89e90f3b6bef8546
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:93:5b:1e:5d:19:38:c9:8f:60:a0:27:f9:ca:
                    e1:e1:17:f4:a7:69:6e:7f:d2:37:0f:73:36:aa:08:
                    75:66:3c:c6:90:23:54:b2:ab:97:a9:da:4f:39:25:
                    6e:ed:8b:17:3a:06:a2:73:0e:45:21:20:6c:ff:16:
                    97:b2:4a:92:2d:fb:ca:10:2b:cb:a6:c7:70:dc:cf:
                    3c:bc:2a:9f:12:8d:f8:30:22:c2:96:ad:45:1e:c8:
                    9c:90:e7:51:17:e9:7d:8a:b1:5e:08:df:a9:cf:04:
                    cc:24:68:f4:fb:14:d0:fc:d8:38:ee:47:e4:04:9c:
                    e8:c6:48:94:3c:f6:1e:c0:4e:b8:99:78:5b:63:46:
                    7a:9f:ae:d6:81:36:23:22:1e:28:33:43:c6:0b:b9:
                    68:ab:c0:54:13:a7:c6:17:b0:ee:34:81:fe:ba:13:
                    2a:c0:cf:02:de:de:8e:5d:ab:14:15:29:e1:0d:e6:
                    b1:76:2f:5e:3a:81:2a:79:92:bf:40:75:6b:d8:fd:
                    aa:48:92:34:0f:8f:ce:9b:bd:3c:79:e1:a9:7c:e1:
                    42:bc:6a:8c:d9:05:5b:a4:98:28:32:be:ae:e7:6b:
                    84:bc:2c:3d:ea:1f:b7:35:00:0d:18:e8:ee:c7:38:
                    a2:68:ae:ef:cc:1e:f7:5a:76:09:92:ff:a1:b2:12:
                    a6:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:34:F6:C1:7C:07:C5:2E:20:46:C7:5D:89:E9:0F:3B:6B:EF:85:46
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/QTT2wXwHxS4gRsddiekPO2vvhUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c3c0::/30

    Signature Algorithm: sha256WithRSAEncryption
         45:6b:a6:1a:dd:5b:2c:08:51:bb:35:71:f1:aa:f6:92:f2:90:
         2b:e6:83:64:bd:6f:d5:1f:a4:3d:5a:f9:10:48:b2:aa:5e:56:
         fe:bb:ef:61:6f:cf:a1:81:b1:cc:10:38:72:80:1b:37:4e:86:
         34:cd:bd:82:d2:2a:bd:bb:a7:5f:5f:5a:b9:cc:a6:f9:5f:5a:
         37:1f:03:44:92:e7:14:fd:84:25:5c:2f:6e:22:22:06:f2:b9:
         29:44:39:17:13:b8:09:55:65:71:76:75:ac:75:49:26:8c:b2:
         9e:48:f9:f8:84:39:2d:68:57:b6:60:09:b4:c5:ea:d4:0e:73:
         a5:93:81:2b:5f:6c:a6:9f:c3:5a:a1:66:b3:55:06:d6:4f:f9:
         ce:f3:ae:96:3e:30:05:5d:46:c4:c0:12:fd:02:14:70:43:9d:
         54:e2:d5:24:2d:65:19:1a:d1:73:f2:e9:28:b3:14:69:25:75:
         e3:5c:a0:d3:15:74:ce:84:31:c8:a3:14:d0:bd:69:1f:56:05:
         1e:8b:ef:26:84:f4:16:b9:13:c5:82:c7:bb:3b:96:3f:97:5c:
         94:6f:2f:04:a6:ac:ae:0d:62:ca:18:64:b7:38:8c:24:ae:7b:
         23:51:7d:b8:b1:e2:43:49:4b:3e:49:25:a1:6c:3b:6f:0f:49:
         c0:a2:ff:02
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ1KnXYOoxlNDb6oxFb/dki0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNDAxMTk1NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTM0ZjZjMTdjMDdjNTJlMjA0NmM3NWQ4OWU5MGYzYjZiZWY4NTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZNbHl0ZOMmPYKAn+crh4Rf0p2lu
f9I3D3M2qgh1ZjzGkCNUsquXqdpPOSVu7YsXOgaicw5FISBs/xaXskqSLfvKECvL
psdw3M88vCqfEo34MCLClq1FHsickOdRF+l9irFeCN+pzwTMJGj0+xTQ/Ng47kfk
BJzoxkiUPPYewE64mXhbY0Z6n67WgTYjIh4oM0PGC7loq8BUE6fGF7DuNIH+uhMq
wM8C3t6OXasUFSnhDeaxdi9eOoEqeZK/QHVr2P2qSJI0D4/Om708eeGpfOFCvGqM
2QVbpJgoMr6u52uEvCw96h+3NQANGOjuxziiaK7vzB73WnYJkv+hshKmtwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEE09sF8B8UuIEbHXYnpDztr74VGMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvUVRUMndYd0h4UzRnUnNkZGlla1BPMnZ2aFVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUCKhPDwDAN
BgkqhkiG9w0BAQsFAAOCAQEARWumGt1bLAhRuzVx8ar2kvKQK+aDZL1v1R+kPVr5
EEiyql5W/rvvYW/PoYGxzBA4coAbN06GNM29gtIqvbunX19aucym+V9aNx8DRJLn
FP2EJVwvbiIiBvK5KUQ5FxO4CVVlcXZ1rHVJJoyynkj5+IQ5LWhXtmAJtMXq1A5z
pZOBK19spp/DWqFms1UG1k/5zvOulj4wBV1GxMAS/QIUcEOdVOLVJC1lGRrRc/Lp
KLMUaSV141yg0xV0zoQxyKMU0L1pH1YFHovvJoT0FrkTxYLHuzuWP5dclG8vBKas
rg1iyhhktziMJK57I1F9uLHiQ0lLPkkloWw7bw9JwKL/Ag==
-----END CERTIFICATE-----