Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/ceb578-71d8-449e-a2c9-c85963c718fb/1/qcXXlS_rHE9ouJsEbCmmlq5R8Ug.roa
File:                     qcXXlS_rHE9ouJsEbCmmlq5R8Ug.roa (raw, json)
Hash identifier:          1unAuaM5VTHoo8Otio/wEUldD3aBxQgm3lHyPoQMCYs=
Subject key identifier:   A9:C5:D7:95:2F:EB:1C:4F:68:B8:9B:04:6C:29:A6:96:AE:51:F1:48
Certificate issuer:       /CN=d6ce59c56b1ca1b63026cc29c3e7adcf3414663c
Certificate serial:       019DCEA8916E7D97119F55433A75E4F6C1D9
Authority key identifier: D6:CE:59:C5:6B:1C:A1:B6:30:26:CC:29:C3:E7:AD:CF:34:14:66:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1s5ZxWscobYwJswpw-etzzQUZjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/ceb578-71d8-449e-a2c9-c85963c718fb/1/qcXXlS_rHE9ouJsEbCmmlq5R8Ug.roa
Signing time:             Mon 27 Apr 2026 11:17:26 +0000
ROA not before:           Mon 27 Apr 2026 11:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35160
IP address blocks:        194.117.56.0/24 maxlen: 24
                          194.117.57.0/24 maxlen: 24
                          194.117.59.0/24 maxlen: 24
                          194.117.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/ceb578-71d8-449e-a2c9-c85963c718fb/1/1s5ZxWscobYwJswpw-etzzQUZjw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/ceb578-71d8-449e-a2c9-c85963c718fb/1/1s5ZxWscobYwJswpw-etzzQUZjw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1s5ZxWscobYwJswpw-etzzQUZjw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 03:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:a8:91:6e:7d:97:11:9f:55:43:3a:75:e4:f6:c1:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6ce59c56b1ca1b63026cc29c3e7adcf3414663c
        Validity
            Not Before: Apr 27 11:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a9c5d7952feb1c4f68b89b046c29a696ae51f148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:bd:21:00:19:e7:eb:1e:07:00:ef:6b:05:05:
                    c2:d1:b8:9b:4b:3c:61:d9:eb:ef:15:15:ca:97:20:
                    2f:d6:15:66:cc:1d:ae:5e:3a:e7:56:85:37:5e:af:
                    89:30:d3:09:4b:e8:b8:d7:49:bd:9c:63:06:fe:8e:
                    22:64:52:5c:d3:2e:62:b0:74:54:d7:36:75:e9:c3:
                    84:e9:67:bf:60:22:89:01:f9:7b:94:b0:d0:91:d0:
                    44:fe:7f:b5:7a:e3:49:e1:36:10:dd:80:33:a7:45:
                    58:fb:0e:b3:1e:14:33:c8:9e:2f:b6:b4:85:ed:44:
                    9a:89:15:38:f5:6b:9d:0b:f1:68:ae:5d:6c:6d:bb:
                    ac:a4:02:c9:7c:30:e5:08:c6:65:02:91:d3:90:6b:
                    73:0b:9c:7f:43:b8:e3:46:e3:d4:74:03:14:dc:1a:
                    91:5e:e7:e5:7f:5a:ce:46:d5:a2:3b:69:20:73:f3:
                    c9:66:8b:d6:67:a0:80:a4:3c:bd:49:7a:18:28:38:
                    14:3d:1c:3e:2a:76:54:a2:c8:f7:71:44:1c:5c:b8:
                    02:fd:5c:6a:ad:b4:fb:96:6f:63:ed:dc:94:bf:4a:
                    dc:ab:db:62:dd:9b:bb:1d:7e:f6:dc:f6:0f:58:78:
                    eb:ae:54:e0:3b:69:1c:b6:cc:c1:4b:f8:bd:4c:c1:
                    b1:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:C5:D7:95:2F:EB:1C:4F:68:B8:9B:04:6C:29:A6:96:AE:51:F1:48
            X509v3 Authority Key Identifier:
                keyid:D6:CE:59:C5:6B:1C:A1:B6:30:26:CC:29:C3:E7:AD:CF:34:14:66:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1s5ZxWscobYwJswpw-etzzQUZjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/ceb578-71d8-449e-a2c9-c85963c718fb/1/qcXXlS_rHE9ouJsEbCmmlq5R8Ug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/ceb578-71d8-449e-a2c9-c85963c718fb/1/1s5ZxWscobYwJswpw-etzzQUZjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.117.56.0/23
                  194.117.59.0-194.117.60.255

    Signature Algorithm: sha256WithRSAEncryption
         8e:74:3c:ed:d8:25:64:be:d0:e6:bf:b4:f4:e8:a2:cc:5f:8c:
         5a:7b:ac:f9:13:60:df:93:0d:73:b5:88:93:97:3c:3e:4f:f3:
         dc:e8:ba:cd:e2:eb:df:33:de:33:49:21:56:68:fe:31:44:ea:
         cc:b5:3b:db:0b:be:1b:40:23:81:94:99:6c:55:74:2e:b5:3c:
         60:64:03:90:5c:db:4a:60:ba:05:ee:69:6c:21:e5:92:3f:24:
         4c:9c:26:d2:48:ac:e8:df:79:76:c2:9f:56:cb:0b:7b:0c:c5:
         2d:5d:99:b2:e8:25:a6:db:61:62:f2:04:01:f5:2d:88:81:41:
         d0:0d:f9:ab:bf:ee:78:66:40:ce:66:c8:45:e0:21:94:d9:d4:
         85:52:4e:dc:d6:cb:34:9f:2a:52:51:be:99:df:06:6d:39:46:
         36:9a:a9:49:25:71:7f:fe:2e:a2:ae:0f:fa:e1:1f:be:90:00:
         07:d5:55:b3:97:3d:44:9f:41:83:92:94:53:04:13:21:1b:f2:
         32:2a:d3:c1:ef:22:5b:4d:ce:bc:fc:2d:2e:96:a0:87:89:26:
         3e:76:0f:81:9c:9b:0a:82:a8:d9:36:d6:e8:a3:37:f4:6b:76:
         6c:34:93:c7:98:42:4d:46:11:71:ec:cb:4d:37:cc:ea:b0:e0:
         f5:2a:b4:94
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ3OqJFufZcRn1VDOnXk9sHZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2Y2U1OWM1NmIxY2ExYjYzMDI2Y2MyOWMzZTdhZGNmMzQx
NDY2M2MwHhcNMjYwNDI3MTExNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWM1ZDc5NTJmZWIxYzRmNjhiODliMDQ2YzI5YTY5NmFlNTFmMTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxr0hABnn6x4HAO9rBQXC0bibSzxh
2evvFRXKlyAv1hVmzB2uXjrnVoU3Xq+JMNMJS+i410m9nGMG/o4iZFJc0y5isHRU
1zZ16cOE6We/YCKJAfl7lLDQkdBE/n+1euNJ4TYQ3YAzp0VY+w6zHhQzyJ4vtrSF
7USaiRU49WudC/Forl1sbbuspALJfDDlCMZlApHTkGtzC5x/Q7jjRuPUdAMU3BqR
Xuflf1rORtWiO2kgc/PJZovWZ6CApDy9SXoYKDgUPRw+KnZUosj3cUQcXLgC/Vxq
rbT7lm9j7dyUv0rcq9ti3Zu7HX723PYPWHjrrlTgO2kctszBS/i9TMGxwwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKnF15Uv6xxPaLibBGwpppauUfFIMB8GA1UdIwQY
MBaAFNbOWcVrHKG2MCbMKcPnrc80FGY8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXM1WnhXc2NvYll3SnN3cHctZXR6elFVWmp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9jZWI1NzgtNzFkOC00NDllLWEyYzkt
Yzg1OTYzYzcxOGZiLzEvcWNYWGxTX3JIRTlvdUpzRWJDbW1scTVSOFVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9jZWI1NzgtNzFkOC00NDllLWEyYzktYzg1OTYzYzcxOGZi
LzEvMXM1WnhXc2NvYll3SnN3cHctZXR6elFVWmp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBwnU4MAwD
BADCdTsDBADCdTwwDQYJKoZIhvcNAQELBQADggEBAI50PO3YJWS+0Oa/tPToosxf
jFp7rPkTYN+TDXO1iJOXPD5P89zous3i698z3jNJIVZo/jFE6sy1O9sLvhtAI4GU
mWxVdC61PGBkA5Bc20pgugXuaWwh5ZI/JEycJtJIrOjfeXbCn1bLC3sMxS1dmbLo
JabbYWLyBAH1LYiBQdAN+au/7nhmQM5myEXgIZTZ1IVSTtzWyzSfKlJRvpnfBm05
RjaaqUklcX/+LqKuD/rhH76QAAfVVbOXPUSfQYOSlFMEEyEb8jIq08HvIltNzrz8
LS6WoIeJJj52D4GcmwqCqNk21uijN/Rrdmw0k8eYQk1GEXHsy003zOqw4PUqtJQ=
-----END CERTIFICATE-----