Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/QYmlQUAnB-0RA7OiPmhnGtJDWRg.roa
File:                     QYmlQUAnB-0RA7OiPmhnGtJDWRg.roa (raw, json)
Hash identifier:          9MlbxaPMBipZRlyW5FOSHulBh31JEbALxF1O0eX7spY=
Subject key identifier:   41:89:A5:41:40:27:07:ED:11:03:B3:A2:3E:68:67:1A:D2:43:59:18
Certificate issuer:       /CN=de0d9d6b697ca1c86570c256862e6858b4799c85
Certificate serial:       019DD5A7AE4B61372807E138F496B35534C7
Authority key identifier: DE:0D:9D:6B:69:7C:A1:C8:65:70:C2:56:86:2E:68:58:B4:79:9C:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3g2da2l8ochlcMJWhi5oWLR5nIU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/QYmlQUAnB-0RA7OiPmhnGtJDWRg.roa
Signing time:             Tue 28 Apr 2026 19:53:49 +0000
ROA not before:           Tue 28 Apr 2026 19:53:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        185.54.229.0/24 maxlen: 24
                          185.54.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/3g2da2l8ochlcMJWhi5oWLR5nIU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/3g2da2l8ochlcMJWhi5oWLR5nIU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3g2da2l8ochlcMJWhi5oWLR5nIU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 13:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d5:a7:ae:4b:61:37:28:07:e1:38:f4:96:b3:55:34:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de0d9d6b697ca1c86570c256862e6858b4799c85
        Validity
            Not Before: Apr 28 19:53:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4189a541402707ed1103b3a23e68671ad2435918
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:5b:37:cf:8b:44:fb:d9:27:32:65:85:92:61:
                    10:a3:cf:72:28:e9:13:60:c9:d8:79:e1:ee:52:fa:
                    4a:c3:aa:f5:c7:d9:37:9e:7b:a0:83:12:35:66:2a:
                    e5:53:a3:7f:8f:b2:a4:77:8c:42:f2:c4:04:c6:4d:
                    44:56:f5:9e:f1:23:c3:48:28:d2:32:d2:6b:94:de:
                    5c:6a:de:3c:05:c9:34:b0:e6:dd:6c:ea:ff:c9:fb:
                    da:d1:19:d8:d4:87:5a:ca:58:48:88:ff:eb:e5:51:
                    41:d9:3d:cf:55:71:0b:0d:a3:83:4d:f0:60:b3:b3:
                    aa:57:b4:5a:30:16:c0:58:3d:d8:27:0c:16:6f:f4:
                    fb:28:3a:ce:bd:30:ec:62:91:24:6e:f1:2e:7d:6f:
                    f4:50:af:e8:f5:ca:58:df:9e:5c:2d:4e:05:c9:b0:
                    36:16:cc:5a:fa:33:2e:5f:f5:84:b3:6d:dd:b5:96:
                    13:fa:3a:54:4a:37:a5:26:7c:ca:20:b5:9d:90:3d:
                    ec:d5:7a:97:2e:b7:03:1c:f4:07:6c:ed:91:b9:ad:
                    c3:ee:db:bf:97:29:e7:9f:c0:26:33:29:80:59:fa:
                    a5:96:01:b5:ac:2b:a1:ae:81:6d:01:b2:b9:c0:9b:
                    70:b4:c6:b6:d6:f3:4d:ad:92:6b:20:ad:cb:d7:55:
                    29:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:89:A5:41:40:27:07:ED:11:03:B3:A2:3E:68:67:1A:D2:43:59:18
            X509v3 Authority Key Identifier:
                keyid:DE:0D:9D:6B:69:7C:A1:C8:65:70:C2:56:86:2E:68:58:B4:79:9C:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3g2da2l8ochlcMJWhi5oWLR5nIU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/QYmlQUAnB-0RA7OiPmhnGtJDWRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/3g2da2l8ochlcMJWhi5oWLR5nIU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.229.0/24
                  185.54.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:7c:be:ea:f5:04:56:43:40:a0:65:b2:79:2b:2f:67:35:10:
         af:79:af:74:dd:1a:ed:c0:46:e1:49:46:32:bc:ef:0d:8f:30:
         4e:b0:d9:69:78:74:53:21:e0:2a:4f:e8:77:42:6d:05:ff:1e:
         b5:50:08:ba:12:05:ad:18:bb:a7:c0:09:f6:d6:06:34:ab:8d:
         c8:41:55:45:11:85:a2:47:43:15:15:8c:c3:93:f1:32:39:5b:
         b1:23:20:0b:34:bd:b4:4b:7f:78:28:3a:30:50:80:99:24:6c:
         20:5d:bb:4d:e3:f2:9d:88:6c:7b:9d:db:eb:be:44:40:82:13:
         b6:e6:60:43:c9:a6:8f:cf:69:cb:6e:b5:b7:54:91:54:e0:09:
         b5:b3:6c:63:e8:cd:0f:21:f6:a0:36:3a:2b:2f:f4:43:2f:cf:
         0a:24:ec:27:57:69:ca:73:4f:2e:ce:7c:0b:55:73:22:b2:57:
         db:1f:25:0e:5f:68:9d:c4:ee:1e:09:0b:a9:7e:c7:c1:c5:87:
         ae:c3:7c:05:ac:61:a1:0e:f4:b8:a2:75:39:c0:0f:de:8d:b9:
         7e:2a:bc:dd:d7:df:5c:a7:b1:4b:23:c6:64:46:05:d9:3d:df:
         59:01:9b:42:e8:40:d3:84:ac:2d:ed:75:ad:24:b2:7d:bd:2a:
         37:78:c1:db
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3Vp65LYTcoB+E49JazVTTHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMGQ5ZDZiNjk3Y2ExYzg2NTcwYzI1Njg2MmU2ODU4YjQ3
OTljODUwHhcNMjYwNDI4MTk1MzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTg5YTU0MTQwMjcwN2VkMTEwM2IzYTIzZTY4NjcxYWQyNDM1OTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVs3z4tE+9knMmWFkmEQo89yKOkT
YMnYeeHuUvpKw6r1x9k3nnuggxI1ZirlU6N/j7Kkd4xC8sQExk1EVvWe8SPDSCjS
MtJrlN5cat48Bck0sObdbOr/yfva0RnY1IdaylhIiP/r5VFB2T3PVXELDaODTfBg
s7OqV7RaMBbAWD3YJwwWb/T7KDrOvTDsYpEkbvEufW/0UK/o9cpY355cLU4FybA2
Fsxa+jMuX/WEs23dtZYT+jpUSjelJnzKILWdkD3s1XqXLrcDHPQHbO2Rua3D7tu/
lynnn8AmMymAWfqllgG1rCuhroFtAbK5wJtwtMa21vNNrZJrIK3L11UpNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEGJpUFAJwftEQOzoj5oZxrSQ1kYMB8GA1UdIwQY
MBaAFN4NnWtpfKHIZXDCVoYuaFi0eZyFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2cyZGEybDhvY2hsY01KV2hpNW9XTFI1bklVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy82OGRjM2MtZGYyZS00NDYxLWI3YTYt
MDFjYmZjMGU5NGU3LzEvUVltbFFVQW5CLTBSQTdPaVBtaG5HdEpEV1JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy82OGRjM2MtZGYyZS00NDYxLWI3YTYtMDFjYmZjMGU5NGU3
LzEvM2cyZGEybDhvY2hsY01KV2hpNW9XTFI1bklVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuTblAwQA
uTbnMA0GCSqGSIb3DQEBCwUAA4IBAQCIfL7q9QRWQ0CgZbJ5Ky9nNRCvea903Rrt
wEbhSUYyvO8NjzBOsNlpeHRTIeAqT+h3Qm0F/x61UAi6EgWtGLunwAn21gY0q43I
QVVFEYWiR0MVFYzDk/EyOVuxIyALNL20S394KDowUICZJGwgXbtN4/KdiGx7ndvr
vkRAghO25mBDyaaPz2nLbrW3VJFU4Am1s2xj6M0PIfagNjorL/RDL88KJOwnV2nK
c08uznwLVXMislfbHyUOX2idxO4eCQupfsfBxYeuw3wFrGGhDvS4onU5wA/ejbl+
Krzd199cp7FLI8ZkRgXZPd9ZAZtC6EDThKwt7XWtJLJ9vSo3eMHb
-----END CERTIFICATE-----