Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/QVJOL9qPifwA6UNyI8JoaqtJmXI.roa
File:                     QVJOL9qPifwA6UNyI8JoaqtJmXI.roa (raw, json)
Hash identifier:          zEKAPaR6GPF0HB+1MB1CT7OwiDaLZ6O+x3dFWcwXGQo=
Subject key identifier:   41:52:4E:2F:DA:8F:89:FC:00:E9:43:72:23:C2:68:6A:AB:49:99:72
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019D008249E0E6C723E0C3A917D15F184B5B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/QVJOL9qPifwA6UNyI8JoaqtJmXI.roa
Signing time:             Wed 18 Mar 2026 10:33:51 +0000
ROA not before:           Wed 18 Mar 2026 10:33:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199962
IP address blocks:        2a0c:b641:a90::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:82:49:e0:e6:c7:23:e0:c3:a9:17:d1:5f:18:4b:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Mar 18 10:33:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=41524e2fda8f89fc00e9437223c2686aab499972
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ed:dd:84:98:8d:c5:23:84:2c:09:d1:1b:50:
                    98:d5:78:ae:fd:9c:2c:ad:14:34:dd:61:8c:b7:97:
                    97:5b:e2:dd:c0:d0:24:e2:42:9c:60:74:95:46:08:
                    38:80:1b:e8:cd:98:72:fa:c4:b2:3a:c7:53:37:9a:
                    22:60:2e:66:4b:fa:6c:00:f2:d3:f3:fb:1a:83:f0:
                    a0:bf:50:e7:c4:af:d2:8b:90:f9:7c:78:d4:46:3d:
                    b1:69:69:77:e9:1d:bb:4a:89:a4:1a:48:18:a0:de:
                    10:8e:5c:ab:98:83:db:de:4b:70:bd:82:6b:32:24:
                    16:af:09:6e:2d:a5:69:9a:39:1c:01:ad:e7:ec:dc:
                    0e:bf:f7:ed:ca:25:89:7e:9a:c8:a2:c2:ba:42:ec:
                    db:e7:86:d2:b4:76:cb:e0:f8:ac:ee:29:20:a4:88:
                    1e:06:2f:21:0b:09:c8:05:f4:55:9f:b9:0f:e8:a0:
                    3a:b0:66:53:5b:d6:35:a8:32:f0:23:9f:0a:44:aa:
                    67:98:27:51:18:e6:7b:46:b2:2a:3c:be:3e:ce:1a:
                    3a:39:7b:32:27:15:db:b9:8d:72:89:21:76:4c:87:
                    22:44:22:b0:c5:a3:35:70:92:a8:4d:42:e6:41:95:
                    fd:f1:75:0a:d0:df:3f:f4:13:4e:27:78:45:29:b6:
                    85:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:52:4E:2F:DA:8F:89:FC:00:E9:43:72:23:C2:68:6A:AB:49:99:72
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/QVJOL9qPifwA6UNyI8JoaqtJmXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:a90::/44

    Signature Algorithm: sha256WithRSAEncryption
         49:e0:7d:9e:32:58:fd:01:c3:11:0d:91:ac:dd:65:db:2e:71:
         b0:5d:cd:e8:0e:c4:83:36:33:c4:4e:a1:f7:2d:cb:d9:03:a0:
         5d:d9:7b:86:f2:89:14:34:51:91:40:d2:cd:bf:f1:0e:e3:ca:
         88:e6:c0:8f:0a:2e:49:2b:5b:55:18:a8:cf:2c:1e:b2:c5:da:
         c9:5f:1c:81:e2:89:65:4d:be:61:cf:23:51:2f:7d:0a:e5:04:
         b9:d6:22:f1:b1:ac:c7:27:80:af:bc:b7:3d:70:14:e4:0a:49:
         38:4e:41:55:e8:ef:23:b3:0c:4d:42:48:e7:16:e9:95:df:2e:
         db:3f:5a:44:9f:d4:35:9d:2f:1e:a1:56:38:dd:83:d2:0a:0f:
         9b:60:8a:47:85:6f:b2:88:1f:a6:dc:02:39:04:9b:4a:fd:b6:
         d8:e5:1d:4f:7c:49:fc:54:a1:bd:f8:74:e4:82:f4:ef:46:1b:
         8d:58:29:13:fc:fd:07:12:cd:fe:57:f0:3e:46:98:dd:55:d4:
         ad:6a:a6:c2:20:b4:86:b1:f2:8d:d7:01:0b:6f:bd:6b:d5:d8:
         3e:21:f7:84:0f:97:49:44:ab:31:ca:fd:e0:38:72:58:56:7f:
         03:32:ed:a5:2a:6a:13:a8:5a:bf:91:95:f3:1a:a9:0e:dc:73:
         36:9a:6a:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0Agkng5scj4MOpF9FfGEtbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMzE4MTAzMzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTUyNGUyZmRhOGY4OWZjMDBlOTQzNzIyM2MyNjg2YWFiNDk5OTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsu3dhJiNxSOELAnRG1CY1Xiu/Zws
rRQ03WGMt5eXW+LdwNAk4kKcYHSVRgg4gBvozZhy+sSyOsdTN5oiYC5mS/psAPLT
8/sag/Cgv1DnxK/Si5D5fHjURj2xaWl36R27SomkGkgYoN4QjlyrmIPb3ktwvYJr
MiQWrwluLaVpmjkcAa3n7NwOv/ftyiWJfprIosK6Quzb54bStHbL4Pis7ikgpIge
Bi8hCwnIBfRVn7kP6KA6sGZTW9Y1qDLwI58KRKpnmCdRGOZ7RrIqPL4+zho6OXsy
JxXbuY1yiSF2TIciRCKwxaM1cJKoTULmQZX98XUK0N8/9BNOJ3hFKbaFlwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEFSTi/aj4n8AOlDciPCaGqrSZlyMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvUVZKT0w5cVBpZndBNlVOeUk4Sm9hcXRKbVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQqQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBJ4H2eMlj9AcMRDZGs3WXbLnGwXc3oDsSDNjPE
TqH3LcvZA6Bd2XuG8okUNFGRQNLNv/EO48qI5sCPCi5JK1tVGKjPLB6yxdrJXxyB
4ollTb5hzyNRL30K5QS51iLxsazHJ4CvvLc9cBTkCkk4TkFV6O8jswxNQkjnFumV
3y7bP1pEn9Q1nS8eoVY43YPSCg+bYIpHhW+yiB+m3AI5BJtK/bbY5R1PfEn8VKG9
+HTkgvTvRhuNWCkT/P0HEs3+V/A+RpjdVdStaqbCILSGsfKN1wELb71r1dg+IfeE
D5dJRKsxyv3gOHJYVn8DMu2lKmoTqFq/kZXzGqkO3HM2mmpy
-----END CERTIFICATE-----