Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/QwCOKdbePnvsbjZvbr8oTKEBsxc.roa
File:                     QwCOKdbePnvsbjZvbr8oTKEBsxc.roa (raw, json)
Hash identifier:          8AV8DmzA8AEomAqDKifpPNjwCJakRLYpNDSFvcMb0w4=
Subject key identifier:   43:00:8E:29:D6:DE:3E:7B:EC:6E:36:6F:6E:BF:28:4C:A1:01:B3:17
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       019DE41A69196B7C10A34BC66BB6206AF400
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/QwCOKdbePnvsbjZvbr8oTKEBsxc.roa
Signing time:             Fri 01 May 2026 15:13:49 +0000
ROA not before:           Fri 01 May 2026 15:13:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198082
IP address blocks:        85.137.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 21:44:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e4:1a:69:19:6b:7c:10:a3:4b:c6:6b:b6:20:6a:f4:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: May  1 15:13:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43008e29d6de3e7bec6e366f6ebf284ca101b317
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6a:1d:6f:94:f4:25:32:f5:94:45:10:94:e6:
                    6b:83:cb:37:2a:3b:7e:77:c0:8b:71:39:fe:01:15:
                    35:3a:e2:2d:fc:2e:da:98:35:1e:eb:ed:64:dc:3c:
                    35:ed:11:21:5d:06:49:45:fc:33:00:2c:2f:62:75:
                    78:5a:d9:9b:b7:c7:fe:c2:90:14:0c:0a:f2:ee:44:
                    4d:cc:77:9e:62:09:87:bc:68:09:15:33:7d:29:fa:
                    ec:5d:08:67:5a:59:0a:0e:12:5b:bd:70:d3:5c:a4:
                    13:15:4a:ea:dd:a4:e4:17:99:33:59:7d:ab:2e:89:
                    b3:6e:03:cf:57:0a:80:7d:e7:09:0a:be:da:3a:fa:
                    52:0e:bb:cb:46:0a:30:3e:94:82:ed:82:91:c2:75:
                    b4:f6:51:20:a4:76:95:4f:52:6d:45:65:2e:f9:7c:
                    72:f7:89:41:dc:b1:3e:a7:b4:d4:c5:ee:62:9d:22:
                    af:b2:7d:4c:83:12:64:ec:a3:cc:77:29:b4:a4:34:
                    1e:7f:53:04:ab:1b:d2:f3:11:0c:8f:2c:5c:e7:ff:
                    3f:e3:bf:35:89:eb:cc:07:84:6d:06:8d:65:24:cb:
                    18:76:d8:2a:e2:93:59:67:ff:aa:dc:01:03:df:f1:
                    50:a6:3c:98:5d:56:01:38:30:4d:3c:c6:19:3f:6c:
                    82:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:00:8E:29:D6:DE:3E:7B:EC:6E:36:6F:6E:BF:28:4C:A1:01:B3:17
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/QwCOKdbePnvsbjZvbr8oTKEBsxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.137.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:58:fd:3f:62:cc:74:37:21:68:58:5b:43:ec:dd:b5:f0:a0:
         f5:e6:7d:28:e6:95:5f:18:2a:21:f7:59:00:e9:db:41:71:03:
         d4:cc:6f:45:a5:ee:51:62:a4:00:e7:ad:60:1c:03:5f:3e:54:
         14:49:0c:db:cb:c9:49:5f:19:a9:66:3b:72:0a:b5:57:0e:9c:
         04:dd:3f:96:ba:ab:14:e0:a7:37:4c:6f:3a:d9:3d:50:91:62:
         ee:60:70:a0:fa:f9:e9:41:de:a0:92:bf:15:60:1d:61:78:56:
         c9:cd:a5:f4:9d:ea:ef:80:3f:4c:3b:8c:72:dd:c0:2d:6f:a6:
         2c:fb:ac:1e:a0:a1:90:0b:dd:38:07:35:2c:ed:ec:52:bc:43:
         d8:c8:1e:81:d9:69:8a:11:fe:d0:e9:8a:a9:78:54:c2:16:1d:
         e3:80:9c:92:9a:91:7f:80:2b:e9:4e:f5:00:af:6a:7f:e1:83:
         07:11:26:15:d8:2a:67:43:e4:e7:8c:72:42:00:45:5d:04:c9:
         81:2d:fa:37:ca:8e:c7:08:2f:eb:af:c3:f1:b6:27:48:d3:0e:
         b3:60:05:00:5a:62:e1:c1:ae:ff:c7:50:72:4e:78:bf:e8:0c:
         29:68:73:1d:86:2f:6d:45:54:cf:ad:1c:06:cd:00:6a:28:bd:
         cb:1d:d8:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3kGmkZa3wQo0vGa7YgavQAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjYwNTAxMTUxMzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzAwOGUyOWQ2ZGUzZTdiZWM2ZTM2NmY2ZWJmMjg0Y2ExMDFiMzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGodb5T0JTL1lEUQlOZrg8s3Kjt+
d8CLcTn+ARU1OuIt/C7amDUe6+1k3Dw17REhXQZJRfwzACwvYnV4Wtmbt8f+wpAU
DAry7kRNzHeeYgmHvGgJFTN9KfrsXQhnWlkKDhJbvXDTXKQTFUrq3aTkF5kzWX2r
LomzbgPPVwqAfecJCr7aOvpSDrvLRgowPpSC7YKRwnW09lEgpHaVT1JtRWUu+Xxy
94lB3LE+p7TUxe5inSKvsn1MgxJk7KPMdym0pDQef1MEqxvS8xEMjyxc5/8/4781
ievMB4RtBo1lJMsYdtgq4pNZZ/+q3AED3/FQpjyYXVYBODBNPMYZP2yC/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMAjinW3j577G42b26/KEyhAbMXMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvUXdDT0tkYmVQbnZzYmpadmJyOG9US0VCc3hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYn9MA0G
CSqGSIb3DQEBCwUAA4IBAQBDWP0/Ysx0NyFoWFtD7N218KD15n0o5pVfGCoh91kA
6dtBcQPUzG9Fpe5RYqQA561gHANfPlQUSQzby8lJXxmpZjtyCrVXDpwE3T+WuqsU
4Kc3TG862T1QkWLuYHCg+vnpQd6gkr8VYB1heFbJzaX0nervgD9MO4xy3cAtb6Ys
+6weoKGQC904BzUs7exSvEPYyB6B2WmKEf7Q6YqpeFTCFh3jgJySmpF/gCvpTvUA
r2p/4YMHESYV2CpnQ+TnjHJCAEVdBMmBLfo3yo7HCC/rr8PxtidI0w6zYAUAWmLh
wa7/x1ByTni/6AwpaHMdhi9tRVTPrRwGzQBqKL3LHdhi
-----END CERTIFICATE-----