Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/3b80a8-24b5-458d-b173-8db6ae2a46fc/1/CQs1UTNUfaUBaVxbf6xQS277dlw.roa
File:                     CQs1UTNUfaUBaVxbf6xQS277dlw.roa (raw, json)
Hash identifier:          T0NoNtVdfhrQcQ8RZ4b3NYCt5Ti281b11SoeG0yzMHA=
Subject key identifier:   09:0B:35:51:33:54:7D:A5:01:69:5C:5B:7F:AC:50:4B:6E:FB:76:5C
Certificate issuer:       /CN=34ab95918c7f89230090dfc2892c203b55f9a383
Certificate serial:       019D2A2204B6EEB110AD7F96F257F919DDDC
Authority key identifier: 34:AB:95:91:8C:7F:89:23:00:90:DF:C2:89:2C:20:3B:55:F9:A3:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NKuVkYx_iSMAkN_CiSwgO1X5o4M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/3b80a8-24b5-458d-b173-8db6ae2a46fc/1/CQs1UTNUfaUBaVxbf6xQS277dlw.roa
Signing time:             Thu 26 Mar 2026 12:32:45 +0000
ROA not before:           Thu 26 Mar 2026 12:32:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59648
IP address blocks:        91.246.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/3b80a8-24b5-458d-b173-8db6ae2a46fc/1/NKuVkYx_iSMAkN_CiSwgO1X5o4M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/3b80a8-24b5-458d-b173-8db6ae2a46fc/1/NKuVkYx_iSMAkN_CiSwgO1X5o4M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NKuVkYx_iSMAkN_CiSwgO1X5o4M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 12:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:22:04:b6:ee:b1:10:ad:7f:96:f2:57:f9:19:dd:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34ab95918c7f89230090dfc2892c203b55f9a383
        Validity
            Not Before: Mar 26 12:32:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=090b355133547da501695c5b7fac504b6efb765c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a7:97:2f:44:f6:8e:df:03:6c:99:8f:c2:90:
                    06:48:3b:42:ef:d5:2d:0b:78:a3:09:63:33:a4:86:
                    b3:1e:6d:6d:e1:64:9a:35:b1:6f:f2:f4:c5:aa:db:
                    e4:b0:96:5d:e8:09:c8:18:aa:5b:49:92:91:9f:ae:
                    cc:56:04:c3:fc:36:36:01:fa:3c:2a:bb:4d:cd:ab:
                    de:d1:a1:9f:e1:1b:80:a3:25:17:ae:cf:8f:b1:75:
                    b5:5e:83:bf:82:16:f9:91:19:ff:09:bc:78:f6:87:
                    e2:ab:eb:6c:35:a9:0d:25:d5:a9:18:40:9a:ac:18:
                    39:3a:bd:a5:d2:09:66:cf:d1:e2:82:d3:7b:e4:b3:
                    1f:5b:52:40:37:b3:03:06:2a:0e:24:e7:64:ba:a9:
                    ea:97:ea:f8:ba:93:c3:62:f5:24:82:53:c5:2b:4c:
                    7e:22:a6:d1:bf:45:da:e5:34:68:e6:4d:b5:15:f4:
                    22:58:08:99:36:6a:aa:3c:76:b3:18:35:45:9f:1d:
                    ed:63:d1:6f:7f:f6:b6:5f:a6:46:7a:f3:f1:ac:22:
                    bc:d9:c9:04:84:35:de:3e:65:57:6f:c6:e4:0a:66:
                    19:1a:79:37:80:40:56:70:a5:92:7c:c1:c9:f7:21:
                    3c:1f:61:25:81:82:8e:9f:0b:68:e3:89:0e:21:23:
                    45:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:0B:35:51:33:54:7D:A5:01:69:5C:5B:7F:AC:50:4B:6E:FB:76:5C
            X509v3 Authority Key Identifier:
                keyid:34:AB:95:91:8C:7F:89:23:00:90:DF:C2:89:2C:20:3B:55:F9:A3:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NKuVkYx_iSMAkN_CiSwgO1X5o4M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/3b80a8-24b5-458d-b173-8db6ae2a46fc/1/CQs1UTNUfaUBaVxbf6xQS277dlw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/3b80a8-24b5-458d-b173-8db6ae2a46fc/1/NKuVkYx_iSMAkN_CiSwgO1X5o4M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.246.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:52:e7:3f:86:75:3a:c4:83:32:8a:58:13:c0:33:bf:fc:a4:
         35:f4:1f:19:4d:0a:8e:d8:e0:ae:47:80:e5:7b:d5:92:64:f0:
         ea:5f:d7:fd:bd:f9:7b:6a:0c:74:78:8c:b2:10:ea:2b:87:cd:
         d9:ca:85:df:26:a7:14:42:26:dc:c7:62:65:e5:ab:ea:75:ed:
         db:19:50:f5:21:7d:29:56:a9:86:37:a6:cc:0c:af:47:49:1e:
         2e:a8:97:cb:97:25:ff:00:ef:f3:32:81:a0:31:aa:93:d1:99:
         5f:47:7f:6a:f3:33:76:00:61:c6:76:12:ab:23:ac:77:6a:a8:
         41:0e:98:20:3d:41:2d:fe:87:d2:c2:50:71:73:5b:22:67:99:
         6d:89:25:63:27:a3:75:1d:c3:19:82:22:2e:f9:4a:e0:f8:18:
         6d:80:77:22:09:ac:4e:f9:83:09:79:86:a0:9d:0c:f3:98:d0:
         f6:69:bb:45:1a:f5:36:5d:e4:6b:ad:83:2a:59:3c:0f:e8:7c:
         d8:db:e1:c1:1b:e0:f7:4c:82:22:ab:cd:14:c6:46:d4:64:01:
         36:20:23:b5:bd:b0:42:ec:38:2e:a5:b1:bd:c2:c0:ac:34:44:
         7f:b9:f1:08:34:be:2d:0e:f8:a8:ce:fe:a6:ec:33:bf:d0:70:
         e6:7a:51:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0qIgS27rEQrX+W8lf5Gd3cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0YWI5NTkxOGM3Zjg5MjMwMDkwZGZjMjg5MmMyMDNiNTVm
OWEzODMwHhcNMjYwMzI2MTIzMjQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTBiMzU1MTMzNTQ3ZGE1MDE2OTVjNWI3ZmFjNTA0YjZlZmI3NjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqeXL0T2jt8DbJmPwpAGSDtC79Ut
C3ijCWMzpIazHm1t4WSaNbFv8vTFqtvksJZd6AnIGKpbSZKRn67MVgTD/DY2Afo8
KrtNzave0aGf4RuAoyUXrs+PsXW1XoO/ghb5kRn/Cbx49ofiq+tsNakNJdWpGECa
rBg5Or2l0glmz9HigtN75LMfW1JAN7MDBioOJOdkuqnql+r4upPDYvUkglPFK0x+
IqbRv0Xa5TRo5k21FfQiWAiZNmqqPHazGDVFnx3tY9Fvf/a2X6ZGevPxrCK82ckE
hDXePmVXb8bkCmYZGnk3gEBWcKWSfMHJ9yE8H2ElgYKOnwto44kOISNFUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkLNVEzVH2lAWlcW3+sUEtu+3ZcMB8GA1UdIwQY
MBaAFDSrlZGMf4kjAJDfwoksIDtV+aODMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkt1VmtZeF9pU01Ba05fQ2lTd2dPMVg1bzRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8zYjgwYTgtMjRiNS00NThkLWIxNzMt
OGRiNmFlMmE0NmZjLzEvQ1FzMVVUTlVmYVVCYVZ4YmY2eFFTMjc3ZGx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8zYjgwYTgtMjRiNS00NThkLWIxNzMtOGRiNmFlMmE0NmZj
LzEvTkt1VmtZeF9pU01Ba05fQ2lTd2dPMVg1bzRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/baMA0G
CSqGSIb3DQEBCwUAA4IBAQCfUuc/hnU6xIMyilgTwDO//KQ19B8ZTQqO2OCuR4Dl
e9WSZPDqX9f9vfl7agx0eIyyEOorh83ZyoXfJqcUQibcx2Jl5avqde3bGVD1IX0p
VqmGN6bMDK9HSR4uqJfLlyX/AO/zMoGgMaqT0ZlfR39q8zN2AGHGdhKrI6x3aqhB
DpggPUEt/ofSwlBxc1siZ5ltiSVjJ6N1HcMZgiIu+Urg+BhtgHciCaxO+YMJeYag
nQzzmND2abtFGvU2XeRrrYMqWTwP6HzY2+HBG+D3TIIiq80UxkbUZAE2ICO1vbBC
7DgupbG9wsCsNER/ufEINL4tDviozv6m7DO/0HDmelFy
-----END CERTIFICATE-----