Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/1-qgEtfD7o34ZK5y_c1RY5TzHJL8.roa
File:                     1-qgEtfD7o34ZK5y_c1RY5TzHJL8.roa (raw, json)
Hash identifier:          X2khWZbYiIgXPJldeRx2uDRFmMi59ge/KSoidBbk1W0=
Subject key identifier:   FA:A8:04:B5:F0:FB:A3:7E:19:2B:9C:BF:73:54:58:E5:3C:C7:24:BF
Certificate issuer:       /CN=086438e9889389829fa5f51b6a210731082eac22
Certificate serial:       019E2FCFEF1DD6450E22D54B16AF5AE73145
Authority key identifier: 08:64:38:E9:88:93:89:82:9F:A5:F5:1B:6A:21:07:31:08:2E:AC:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/1-qgEtfD7o34ZK5y_c1RY5TzHJL8.roa
Signing time:             Sat 16 May 2026 08:03:36 +0000
ROA not before:           Sat 16 May 2026 08:03:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        185.16.0.0/24 maxlen: 24
                          193.57.231.0/24 maxlen: 24
                          194.165.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 May 2026 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2f:cf:ef:1d:d6:45:0e:22:d5:4b:16:af:5a:e7:31:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=086438e9889389829fa5f51b6a210731082eac22
        Validity
            Not Before: May 16 08:03:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=faa804b5f0fba37e192b9cbf735458e53cc724bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:25:01:c0:b0:a7:64:e5:31:3e:89:c1:0c:2c:
                    83:31:cf:bc:ee:d9:2f:f3:a4:ed:65:3b:68:40:4e:
                    7e:62:36:08:5a:74:49:b9:62:23:15:45:bb:60:fb:
                    ce:9e:2b:44:db:50:ab:79:6b:41:9c:63:ff:a6:3d:
                    26:e3:a2:ca:d5:c4:9c:c9:9e:71:90:a0:9c:17:9b:
                    64:fa:17:d0:2e:a1:04:7c:2d:f4:82:fd:f9:dd:d8:
                    04:d6:b9:03:41:cd:70:15:1b:d5:62:28:23:c2:b1:
                    d3:1b:aa:cd:ee:85:ed:22:b5:58:c5:50:44:0a:84:
                    3e:31:87:13:b2:34:76:31:27:0f:b7:dd:4d:9a:7d:
                    99:b6:31:18:6b:ca:a5:3b:7b:d4:43:a0:30:22:3b:
                    9d:ab:20:05:55:01:9d:07:14:db:08:b8:b7:ef:48:
                    30:47:dc:7b:48:d4:5e:27:ea:b0:d0:d5:ab:2b:93:
                    48:e6:d1:30:a9:38:d4:cf:4d:14:96:06:fe:7a:f8:
                    5a:43:d5:9c:42:87:21:fa:7f:4e:e9:bb:a5:78:33:
                    51:c3:e8:85:e6:48:8f:fc:b8:6e:78:64:b0:1c:24:
                    9d:82:13:a1:4d:58:6d:9c:51:a5:c2:8b:b4:e1:06:
                    e0:02:da:69:55:54:8f:8e:8d:2b:b4:4b:39:4d:18:
                    3d:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:A8:04:B5:F0:FB:A3:7E:19:2B:9C:BF:73:54:58:E5:3C:C7:24:BF
            X509v3 Authority Key Identifier:
                keyid:08:64:38:E9:88:93:89:82:9F:A5:F5:1B:6A:21:07:31:08:2E:AC:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/1-qgEtfD7o34ZK5y_c1RY5TzHJL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.16.0.0/24
                  193.57.231.0/24
                  194.165.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:e2:1e:92:49:15:82:2b:f1:6f:9d:5f:90:39:a9:95:ce:e4:
         3b:66:91:e7:47:0d:d8:e3:5b:52:12:58:fb:54:0c:06:ce:a6:
         d2:2b:c9:32:58:3d:28:3f:3f:ee:b4:e2:50:f6:f2:0c:57:f3:
         44:ce:d8:db:2e:4b:b4:ad:a6:17:40:98:d0:ee:b2:d4:dd:0f:
         15:b1:a6:3e:c4:3f:b3:dc:22:8b:97:54:bc:72:12:8e:e0:c1:
         1b:d2:e1:e8:e4:24:fc:93:76:7a:46:5f:86:51:5a:64:0e:b0:
         45:a9:0a:25:83:57:b1:8a:2b:0f:94:a4:b9:22:9c:7d:51:ba:
         f1:b5:b7:8b:41:ab:27:32:32:82:15:5b:64:18:77:8b:ab:97:
         8b:cd:e0:d4:22:fa:e1:f6:cb:4b:12:14:06:e0:b2:f7:9d:46:
         0e:0c:43:42:db:f3:ee:95:ca:53:31:63:4e:e2:c0:7b:e0:63:
         db:69:8a:c5:1b:a4:ad:f7:80:d4:0c:87:65:8b:21:79:1c:42:
         13:a2:47:9e:e2:de:dc:2b:48:a8:e3:00:66:51:3e:2c:de:1f:
         22:cf:26:92:b9:23:f8:ca:76:6c:2d:48:7f:58:f0:7f:a4:3c:
         70:9e:df:43:f5:12:45:6f:e5:04:63:40:d6:bb:03:b9:49:8e:
         35:56:1f:58
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZ4vz+8d1kUOItVLFq9a5zFFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NjQzOGU5ODg5Mzg5ODI5ZmE1ZjUxYjZhMjEwNzMxMDgy
ZWFjMjIwHhcNMjYwNTE2MDgwMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWE4MDRiNWYwZmJhMzdlMTkyYjljYmY3MzU0NThlNTNjYzcyNGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriUBwLCnZOUxPonBDCyDMc+87tkv
86TtZTtoQE5+YjYIWnRJuWIjFUW7YPvOnitE21CreWtBnGP/pj0m46LK1cScyZ5x
kKCcF5tk+hfQLqEEfC30gv353dgE1rkDQc1wFRvVYigjwrHTG6rN7oXtIrVYxVBE
CoQ+MYcTsjR2MScPt91Nmn2ZtjEYa8qlO3vUQ6AwIjudqyAFVQGdBxTbCLi370gw
R9x7SNReJ+qw0NWrK5NI5tEwqTjUz00Ulgb+evhaQ9WcQoch+n9O6buleDNRw+iF
5kiP/LhueGSwHCSdghOhTVhtnFGlwou04QbgAtppVVSPjo0rtEs5TRg9owIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFPqoBLXw+6N+GSucv3NUWOU8xyS/MB8GA1UdIwQY
MBaAFAhkOOmIk4mCn6X1G2ohBzEILqwiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0dRNDZZaVRpWUtmcGZVYmFpRUhNUWd1ckNJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lNDlhZTctYTUxYS00NzY0LTg1Yzgt
YTc4MTBlM2ExYmViLzEvMS1xZ0V0ZkQ3bzM0Wks1eV9jMVJZNVR6SEpMOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzUvZTQ5YWU3LWE1MWEtNDc2NC04NWM4LWE3ODEwZTNhMWJl
Yi8xL0NHUTQ2WWlUaVlLZnBmVWJhaUVITVFndXJDSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEALkQAAME
AME55wMEAMKlJTANBgkqhkiG9w0BAQsFAAOCAQEAYOIekkkVgivxb51fkDmplc7k
O2aR50cN2ONbUhJY+1QMBs6m0ivJMlg9KD8/7rTiUPbyDFfzRM7Y2y5LtK2mF0CY
0O6y1N0PFbGmPsQ/s9wii5dUvHISjuDBG9Lh6OQk/JN2ekZfhlFaZA6wRakKJYNX
sYorD5SkuSKcfVG68bW3i0GrJzIyghVbZBh3i6uXi83g1CL64fbLSxIUBuCy951G
DgxDQtvz7pXKUzFjTuLAe+Bj22mKxRukrfeA1AyHZYsheRxCE6JHnuLe3CtIqOMA
ZlE+LN4fIs8mkrkj+Mp2bC1If1jwf6Q8cJ7fQ/USRW/lBGNA1rsDuUmONVYfWA==
-----END CERTIFICATE-----