Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Qct32tpK2IKmILAyS1vyCC2V1fY.roa
File:                     Qct32tpK2IKmILAyS1vyCC2V1fY.roa (raw, json)
Hash identifier:          XNQ3M2k4CCpWq11DJeGpO2s3q8F/Emtu3wSN2IJ0AMQ=
Subject key identifier:   41:CB:77:DA:DA:4A:D8:82:A6:20:B0:32:4B:5B:F2:08:2D:95:D5:F6
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019CC2CC7D48A0510D359A403F479B050BBC
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Qct32tpK2IKmILAyS1vyCC2V1fY.roa
Signing time:             Fri 06 Mar 2026 10:58:27 +0000
ROA not before:           Fri 06 Mar 2026 10:58:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5065
IP address blocks:        62.192.110.0/24 maxlen: 24
                          217.8.216.0/24 maxlen: 24
                          217.8.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 15:04:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c2:cc:7d:48:a0:51:0d:35:9a:40:3f:47:9b:05:0b:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Mar  6 10:58:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=41cb77dada4ad882a620b0324b5bf2082d95d5f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:24:c5:b2:1b:4e:e0:9b:fa:0a:5d:4f:e2:78:
                    40:a2:1d:78:23:09:7b:4d:5b:b0:9e:1c:3e:07:2c:
                    01:fd:f8:74:15:b6:5d:92:d4:d4:f8:53:4a:fc:25:
                    37:14:82:03:67:aa:fc:38:bf:76:16:9c:7e:83:7e:
                    ce:da:6c:b5:29:7c:ee:fa:6c:3e:59:43:fe:5c:80:
                    06:be:44:dd:00:88:41:9f:fd:a8:79:0b:01:08:65:
                    92:82:a1:37:fe:63:e1:49:f7:9f:96:57:4c:c0:00:
                    c6:c1:e5:18:e5:f2:94:3c:d5:ce:ac:4e:42:36:a2:
                    db:a0:25:ce:6a:31:36:dc:bb:69:59:a6:bf:1d:0a:
                    df:3d:3f:94:fa:53:00:c3:66:e7:ca:3a:43:cc:e7:
                    b2:f4:0d:9b:cc:15:a5:98:7c:80:75:e2:d7:c0:db:
                    04:88:a7:0f:c2:9b:19:d6:f1:c3:a1:d6:8a:47:3c:
                    0e:ef:8f:2a:1a:64:b8:1e:ad:bc:4e:f4:51:08:f5:
                    b5:bb:50:a3:8e:03:5d:fd:8b:30:bc:da:2b:f8:70:
                    2b:0b:ec:fd:f6:52:9b:35:5c:24:f1:22:99:bb:6a:
                    3a:9d:ef:f6:06:c5:1b:5a:bb:83:25:27:80:7c:c3:
                    3b:ce:0a:c2:83:33:1d:12:e3:b1:07:cb:bd:96:1e:
                    e3:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:CB:77:DA:DA:4A:D8:82:A6:20:B0:32:4B:5B:F2:08:2D:95:D5:F6
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Qct32tpK2IKmILAyS1vyCC2V1fY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.192.110.0/24
                  217.8.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:08:19:a1:86:0b:62:af:07:5d:5c:9b:20:eb:d9:24:f3:58:
         e5:ed:3c:e0:10:4b:ae:55:ef:55:75:10:23:bb:80:8b:32:4b:
         be:b2:2f:0e:32:83:83:68:98:7e:50:71:d2:bb:cf:2e:51:3c:
         fe:0b:74:f2:08:c3:6c:e0:cb:b3:00:67:25:e9:4e:71:46:55:
         b3:c7:c8:d1:73:b0:0b:0d:a7:77:b7:1e:7c:46:7f:7c:4b:f7:
         f6:a4:08:fa:b4:dc:22:36:2f:f6:fb:dd:69:0f:e9:9c:be:61:
         9f:01:02:4f:51:22:a1:7b:aa:a1:12:1d:33:fe:5d:bf:b8:ea:
         66:d5:6a:1e:70:c8:1a:61:06:ab:46:80:b8:f2:ab:db:f1:f4:
         9a:c2:e0:46:a5:7e:f8:44:d7:3f:c6:2b:ab:ec:0b:57:94:01:
         9b:1d:13:43:29:07:7c:9d:d4:52:e0:03:5e:82:aa:52:02:cd:
         e2:e3:fb:04:7b:c8:ba:ad:20:f2:09:14:13:a2:77:d4:04:49:
         af:5c:47:d4:0c:37:e5:10:0a:a2:10:25:c0:09:b4:88:59:a2:
         72:84:e8:69:65:51:3a:43:10:4a:95:f4:a6:4e:3b:cf:81:bc:
         ce:9e:ee:be:24:bc:5d:16:46:14:58:34:b7:10:cd:57:b2:aa:
         74:73:3c:94
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzCzH1IoFENNZpAP0ebBQu8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMzA2MTA1ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWNiNzdkYWRhNGFkODgyYTYyMGIwMzI0YjViZjIwODJkOTVkNWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSTFshtO4Jv6Cl1P4nhAoh14Iwl7
TVuwnhw+BywB/fh0FbZdktTU+FNK/CU3FIIDZ6r8OL92Fpx+g37O2my1KXzu+mw+
WUP+XIAGvkTdAIhBn/2oeQsBCGWSgqE3/mPhSfeflldMwADGweUY5fKUPNXOrE5C
NqLboCXOajE23LtpWaa/HQrfPT+U+lMAw2bnyjpDzOey9A2bzBWlmHyAdeLXwNsE
iKcPwpsZ1vHDodaKRzwO748qGmS4Hq28TvRRCPW1u1CjjgNd/YswvNor+HArC+z9
9lKbNVwk8SKZu2o6ne/2BsUbWruDJSeAfMM7zgrCgzMdEuOxB8u9lh7jRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEHLd9raStiCpiCwMktb8ggtldX2MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvUWN0MzJ0cEsySUttSUxBeVMxdnlDQzJWMWZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPsBuAwQB
2QjYMA0GCSqGSIb3DQEBCwUAA4IBAQBgCBmhhgtirwddXJsg69kk81jl7TzgEEuu
Ve9VdRAju4CLMku+si8OMoODaJh+UHHSu88uUTz+C3TyCMNs4MuzAGcl6U5xRlWz
x8jRc7ALDad3tx58Rn98S/f2pAj6tNwiNi/2+91pD+mcvmGfAQJPUSKhe6qhEh0z
/l2/uOpm1WoecMgaYQarRoC48qvb8fSawuBGpX74RNc/xiur7AtXlAGbHRNDKQd8
ndRS4ANegqpSAs3i4/sEe8i6rSDyCRQTonfUBEmvXEfUDDflEAqiECXACbSIWaJy
hOhpZVE6QxBKlfSmTjvPgbzOnu6+JLxdFkYUWDS3EM1Xsqp0czyU
-----END CERTIFICATE-----