Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/QGcED9nMBFNEcLIYKfsWpbPgFeo.roa
File:                     QGcED9nMBFNEcLIYKfsWpbPgFeo.roa (raw, json)
Hash identifier:          ZoZ5qhejcJ2eD+U6g8CGcswJ1q+2gIH8nSKoh9/Kbps=
Subject key identifier:   40:67:04:0F:D9:CC:04:53:44:70:B2:18:29:FB:16:A5:B3:E0:15:EA
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019CB2F59D8B748981DB863D0C25B62A2693
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/QGcED9nMBFNEcLIYKfsWpbPgFeo.roa
Signing time:             Tue 03 Mar 2026 09:09:26 +0000
ROA not before:           Tue 03 Mar 2026 09:09:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206435
IP address blocks:        185.120.57.0/24 maxlen: 24
                          185.126.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 10:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b2:f5:9d:8b:74:89:81:db:86:3d:0c:25:b6:2a:26:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Mar  3 09:09:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4067040fd9cc04534470b21829fb16a5b3e015ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f6:b0:0e:e6:94:74:df:7f:a4:dc:10:50:fa:
                    66:67:41:68:73:6c:0b:a7:cc:60:c6:a8:d8:33:6e:
                    52:91:ca:3a:ab:66:16:0c:93:5d:c6:c0:2b:1b:e5:
                    d8:e5:7c:09:ad:fb:79:1e:72:5b:16:a5:4d:68:f9:
                    60:49:c3:83:e1:ef:11:4e:66:2d:d9:e7:53:fa:51:
                    64:2c:81:57:f0:95:63:8b:23:b9:dc:66:87:3a:cd:
                    ca:ec:ee:83:67:1d:41:fe:52:4a:a4:93:6d:a1:bb:
                    04:35:bd:76:96:67:7a:7f:74:f8:7b:9d:86:58:bf:
                    14:94:95:a1:c6:74:58:ab:a3:ec:4b:b1:8c:ec:fa:
                    5d:50:20:94:de:77:51:bb:6b:41:00:55:d0:ef:a6:
                    a1:33:cd:5d:e1:81:a6:7c:e6:07:0c:df:ee:53:56:
                    1a:11:6e:a8:08:45:ce:d8:7c:fe:bf:4a:3f:ba:86:
                    ed:39:6c:db:8b:70:93:64:0b:f0:96:72:96:18:5b:
                    da:a1:4c:01:37:7e:1b:83:cb:1f:22:e4:be:c3:a0:
                    db:83:7c:70:a2:e7:72:14:d4:42:7a:bb:c3:44:5c:
                    2e:a5:21:6f:94:b1:1a:85:98:94:da:86:a9:0c:a8:
                    03:89:1b:77:5b:5b:42:c2:4e:3a:53:5d:80:c1:93:
                    30:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:67:04:0F:D9:CC:04:53:44:70:B2:18:29:FB:16:A5:B3:E0:15:EA
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/QGcED9nMBFNEcLIYKfsWpbPgFeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.57.0/24
                  185.126.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:ee:bc:5e:13:4f:69:be:cc:15:06:14:94:6b:c7:bd:b1:01:
         e8:ee:d0:f6:cf:76:06:35:ad:81:bc:e1:a1:a1:b0:9b:cb:96:
         9a:88:d8:e2:f5:13:87:fe:55:33:8c:45:2b:da:9e:f4:00:d5:
         e2:9a:b4:5a:82:a7:5e:2b:8a:6d:90:97:04:62:c5:fb:85:22:
         7f:a4:4f:e6:5e:97:7f:03:df:85:63:60:7a:f2:a9:20:66:bf:
         3f:03:45:e5:8d:4a:3c:f7:b7:39:e4:47:48:f1:9c:07:d4:69:
         c5:2c:72:89:59:1a:24:a0:ec:2d:70:42:e5:93:21:47:6b:26:
         d8:12:07:c0:04:d6:8d:89:bd:f7:cd:94:f9:72:a9:08:77:10:
         41:59:b1:63:8b:53:45:e0:35:32:d5:31:c2:23:e2:60:21:57:
         73:46:3b:c4:94:e2:3b:ea:3e:04:d2:e9:f0:31:26:11:39:ca:
         7c:36:72:07:39:de:cb:db:5f:5d:11:02:20:d3:51:14:4c:f2:
         57:e0:3e:df:31:48:90:fe:fd:68:88:56:7a:65:07:87:41:36:
         e5:0c:7a:5d:d4:14:05:14:65:17:78:93:f4:23:9f:47:b9:6f:
         cd:4d:8a:05:74:54:b6:7a:78:22:be:39:dc:af:f4:17:46:e0:
         85:29:b1:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyy9Z2LdImB24Y9DCW2KiaTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjYwMzAzMDkwOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDY3MDQwZmQ5Y2MwNDUzNDQ3MGIyMTgyOWZiMTZhNWIzZTAxNWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/awDuaUdN9/pNwQUPpmZ0Foc2wL
p8xgxqjYM25Skco6q2YWDJNdxsArG+XY5XwJrft5HnJbFqVNaPlgScOD4e8RTmYt
2edT+lFkLIFX8JVjiyO53GaHOs3K7O6DZx1B/lJKpJNtobsENb12lmd6f3T4e52G
WL8UlJWhxnRYq6PsS7GM7PpdUCCU3ndRu2tBAFXQ76ahM81d4YGmfOYHDN/uU1Ya
EW6oCEXO2Hz+v0o/uobtOWzbi3CTZAvwlnKWGFvaoUwBN34bg8sfIuS+w6Dbg3xw
oudyFNRCervDRFwupSFvlLEahZiU2oapDKgDiRt3W1tCwk46U12AwZMwgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEBnBA/ZzARTRHCyGCn7FqWz4BXqMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvUUdjRUQ5bk1CRk5FY0xJWUtmc1dwYlBnRmVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuXg5AwQA
uX60MA0GCSqGSIb3DQEBCwUAA4IBAQAs7rxeE09pvswVBhSUa8e9sQHo7tD2z3YG
Na2BvOGhobCby5aaiNji9ROH/lUzjEUr2p70ANXimrRagqdeK4ptkJcEYsX7hSJ/
pE/mXpd/A9+FY2B68qkgZr8/A0XljUo897c55EdI8ZwH1GnFLHKJWRokoOwtcELl
kyFHaybYEgfABNaNib33zZT5cqkIdxBBWbFji1NF4DUy1THCI+JgIVdzRjvElOI7
6j4E0unwMSYROcp8NnIHOd7L219dEQIg01EUTPJX4D7fMUiQ/v1oiFZ6ZQeHQTbl
DHpd1BQFFGUXeJP0I59HuW/NTYoFdFS2engivjncr/QXRuCFKbG1
-----END CERTIFICATE-----