Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/qNp8ahA7AQpar56QcdKxkJZKg7Y.roa
File:                     qNp8ahA7AQpar56QcdKxkJZKg7Y.roa (raw, json)
Hash identifier:          N4ymgnHXQjJX3XM/o6TNcFhyTw/fE/l6XZfGmR2DY2I=
Subject key identifier:   A8:DA:7C:6A:10:3B:01:0A:5A:AF:9E:90:71:D2:B1:90:96:4A:83:B6
Certificate issuer:       /CN=d0b61d1f1d9ccdab6b6d8e1450c2c936d397e670
Certificate serial:       019D3391AB1687AEB204AD6E084A84F9EEDF
Authority key identifier: D0:B6:1D:1F:1D:9C:CD:AB:6B:6D:8E:14:50:C2:C9:36:D3:97:E6:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/qNp8ahA7AQpar56QcdKxkJZKg7Y.roa
Signing time:             Sat 28 Mar 2026 08:31:17 +0000
ROA not before:           Sat 28 Mar 2026 08:31:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34918
IP address blocks:        195.24.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 02:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:33:91:ab:16:87:ae:b2:04:ad:6e:08:4a:84:f9:ee:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0b61d1f1d9ccdab6b6d8e1450c2c936d397e670
        Validity
            Not Before: Mar 28 08:31:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a8da7c6a103b010a5aaf9e9071d2b190964a83b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:33:de:41:1a:7c:d9:b8:84:66:8a:4c:51:d8:
                    2b:6c:1f:9e:9c:42:48:0a:60:3c:0b:f9:42:45:72:
                    56:01:49:b3:77:b5:91:96:10:a2:7c:4f:02:25:1f:
                    34:c9:25:f0:08:03:d5:68:7d:99:11:75:70:de:28:
                    8d:91:3f:05:f3:76:38:bc:5c:11:e5:fe:38:4e:93:
                    00:bf:49:2d:83:b2:de:a4:7c:c5:41:87:a0:aa:0f:
                    41:59:d5:3b:dd:ad:9a:b1:10:ae:0b:3b:81:96:6e:
                    d4:01:43:83:86:57:2e:bc:d4:33:37:14:49:5f:fa:
                    96:fa:7d:9a:05:96:ca:39:5e:03:f8:4b:de:bd:d1:
                    3e:1b:9a:4f:a3:7b:e2:3e:a2:f3:e5:9b:7f:f4:31:
                    07:3f:40:a5:db:25:c3:2c:a5:d4:92:46:79:d1:b4:
                    e9:c2:7d:10:41:88:25:3c:0d:d2:ac:58:e0:e7:3e:
                    33:19:4d:2b:e6:aa:80:0f:4a:9d:95:5f:01:e4:a6:
                    2f:65:78:37:a4:20:f0:4f:44:50:85:09:fe:51:3d:
                    03:cc:83:2f:08:3b:50:27:02:c1:86:dd:8f:7b:05:
                    28:7c:47:e1:ce:a9:b6:ec:af:65:d2:ee:af:a7:16:
                    45:0c:94:2c:c7:cc:60:cd:ba:46:6e:12:49:dd:9a:
                    0e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:DA:7C:6A:10:3B:01:0A:5A:AF:9E:90:71:D2:B1:90:96:4A:83:B6
            X509v3 Authority Key Identifier:
                keyid:D0:B6:1D:1F:1D:9C:CD:AB:6B:6D:8E:14:50:C2:C9:36:D3:97:E6:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/qNp8ahA7AQpar56QcdKxkJZKg7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:3b:01:39:1e:ef:22:0c:fc:e9:9c:08:9f:5a:ed:6d:38:7c:
         4e:6f:6e:f7:37:a5:a9:72:de:97:17:78:81:a6:59:3d:96:be:
         91:95:31:7b:04:a6:03:63:bc:b9:ca:0e:fe:1a:93:eb:a4:cf:
         7a:cd:3e:10:e8:cc:65:dd:24:5a:00:ff:21:4c:80:09:9e:0c:
         c5:58:cc:43:c7:4c:d0:9b:44:3d:81:f1:fa:58:1e:01:5e:fc:
         d7:c1:2d:bf:c9:1a:ff:a3:9f:92:9b:ed:b4:ee:5e:21:6b:4d:
         fc:f0:bb:0a:c7:56:29:db:0c:1a:5b:d9:3e:c7:fb:20:5f:a6:
         2f:60:9f:e4:2b:09:79:a4:0f:fd:04:6c:94:0a:d0:3e:6b:37:
         33:d9:b4:7a:b6:a4:19:b9:a1:45:4d:97:83:1c:26:aa:69:a6:
         dc:be:3b:86:0f:08:3f:64:a6:3a:ce:7a:80:7a:80:2d:37:20:
         83:fd:ac:06:9f:cf:d7:ba:dc:74:e5:6a:7d:8d:1e:e8:23:5c:
         e6:46:96:cd:3f:d9:32:25:6c:2b:c8:67:6f:20:5c:68:81:84:
         9f:0f:5b:e7:3a:ab:25:f8:2f:24:c8:02:f5:04:31:d2:b8:1a:
         73:a2:d6:f0:b9:6c:7d:03:93:6a:7e:f6:54:8a:db:7e:0a:a7:
         97:33:65:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0zkasWh66yBK1uCEqE+e7fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYjYxZDFmMWQ5Y2NkYWI2YjZkOGUxNDUwYzJjOTM2ZDM5
N2U2NzAwHhcNMjYwMzI4MDgzMTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGRhN2M2YTEwM2IwMTBhNWFhZjllOTA3MWQyYjE5MDk2NGE4M2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDPeQRp82biEZopMUdgrbB+enEJI
CmA8C/lCRXJWAUmzd7WRlhCifE8CJR80ySXwCAPVaH2ZEXVw3iiNkT8F83Y4vFwR
5f44TpMAv0ktg7LepHzFQYegqg9BWdU73a2asRCuCzuBlm7UAUODhlcuvNQzNxRJ
X/qW+n2aBZbKOV4D+EvevdE+G5pPo3viPqLz5Zt/9DEHP0Cl2yXDLKXUkkZ50bTp
wn0QQYglPA3SrFjg5z4zGU0r5qqAD0qdlV8B5KYvZXg3pCDwT0RQhQn+UT0DzIMv
CDtQJwLBht2PewUofEfhzqm27K9l0u6vpxZFDJQsx8xgzbpGbhJJ3ZoOtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjafGoQOwEKWq+ekHHSsZCWSoO2MB8GA1UdIwQY
MBaAFNC2HR8dnM2ra22OFFDCyTbTl+ZwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMExZZEh4MmN6YXRyYlk0VVVNTEpOdE9YNW5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8zMTc2MzUtYTkwYS00NzA0LTk2NzIt
MTVmNjJjODkwYWY4LzEvcU5wOGFoQTdBUXBhcjU2UWNkS3hrSlpLZzdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8zMTc2MzUtYTkwYS00NzA0LTk2NzItMTVmNjJjODkwYWY4
LzEvMExZZEh4MmN6YXRyYlk0VVVNTEpOdE9YNW5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxjtMA0G
CSqGSIb3DQEBCwUAA4IBAQBqOwE5Hu8iDPzpnAifWu1tOHxOb273N6Wpct6XF3iB
plk9lr6RlTF7BKYDY7y5yg7+GpPrpM96zT4Q6Mxl3SRaAP8hTIAJngzFWMxDx0zQ
m0Q9gfH6WB4BXvzXwS2/yRr/o5+Sm+207l4ha0388LsKx1Yp2wwaW9k+x/sgX6Yv
YJ/kKwl5pA/9BGyUCtA+azcz2bR6tqQZuaFFTZeDHCaqaabcvjuGDwg/ZKY6znqA
eoAtNyCD/awGn8/Xutx05Wp9jR7oI1zmRpbNP9kyJWwryGdvIFxogYSfD1vnOqsl
+C8kyAL1BDHSuBpzotbwuWx9A5NqfvZUitt+CqeXM2VS
-----END CERTIFICATE-----