Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/QN2IS7jl-LcNC_89hbTepg87z7g.roa
File:                     QN2IS7jl-LcNC_89hbTepg87z7g.roa (raw, json)
Hash identifier:          nsgT5Jtznt+QVRimJBD3XpJw7Oroh+m9fKjRCOYtmto=
Subject key identifier:   40:DD:88:4B:B8:E5:F8:B7:0D:0B:FF:3D:85:B4:DE:A6:0F:3B:CF:B8
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019D0213DEBF40788C37EC13B7A9F22039DB
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/QN2IS7jl-LcNC_89hbTepg87z7g.roa
Signing time:             Wed 18 Mar 2026 17:52:29 +0000
ROA not before:           Wed 18 Mar 2026 17:52:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51076
IP address blocks:        91.192.94.0/24 maxlen: 24
                          138.249.18.0/24 maxlen: 24
                          170.168.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 20:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:02:13:de:bf:40:78:8c:37:ec:13:b7:a9:f2:20:39:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Mar 18 17:52:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=40dd884bb8e5f8b70d0bff3d85b4dea60f3bcfb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e1:b4:bf:40:f7:a9:ae:97:8d:03:70:b1:17:
                    6d:1f:21:0d:8e:9b:51:c9:eb:92:26:3c:fc:91:0e:
                    20:69:73:5b:58:80:e9:15:aa:bf:ba:d9:73:eb:3d:
                    f2:01:78:1e:a4:5b:ca:07:86:01:9c:3a:81:d2:89:
                    31:de:56:76:24:b4:4f:c2:c7:c1:28:8b:94:a1:03:
                    ee:73:bd:1e:7f:81:ab:98:ae:5a:73:f6:07:c6:9a:
                    e9:b4:61:8a:3f:19:a9:b4:b1:97:2c:1a:64:7a:a4:
                    b6:9a:41:f5:80:69:82:13:e2:f8:12:38:8f:40:c0:
                    b5:07:8a:66:d4:32:84:a0:5b:f6:1a:2c:21:06:14:
                    1f:fa:88:99:9c:ab:d7:28:02:85:4a:7c:6f:cc:50:
                    af:ff:32:9c:80:c3:28:75:2e:cc:25:e3:d1:6a:b4:
                    c0:80:51:93:c0:72:cc:f4:ac:b4:03:04:99:55:7d:
                    c9:bf:e2:80:a1:cf:ef:98:8c:62:ad:4e:11:5f:9e:
                    af:4d:9b:f9:f9:e8:83:6e:1d:7a:c4:cc:e9:d8:3f:
                    92:5a:d8:5a:0a:2c:26:20:e2:f0:25:c8:7a:b7:a3:
                    8c:b6:75:fa:2d:6f:16:bd:9a:dd:74:1e:43:94:e6:
                    6b:3a:82:94:8f:4b:8e:03:9f:84:77:a7:cb:65:68:
                    c8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:DD:88:4B:B8:E5:F8:B7:0D:0B:FF:3D:85:B4:DE:A6:0F:3B:CF:B8
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/QN2IS7jl-LcNC_89hbTepg87z7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.94.0/24
                  138.249.18.0/24
                  170.168.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:4b:3f:76:2d:d4:61:58:9a:fd:32:07:01:5a:24:21:71:a6:
         77:53:2e:dc:9e:76:d6:76:52:82:59:f6:b7:30:89:05:27:6a:
         e3:b3:c0:29:2f:65:50:1d:80:40:df:fc:b8:e0:36:9c:13:70:
         7b:93:80:90:f9:a2:60:c4:e9:92:a6:58:68:00:4b:41:ee:ce:
         9d:0b:02:43:fe:1c:9a:43:e5:84:66:b8:03:2a:58:b4:5f:de:
         e1:18:fe:16:b5:86:cf:26:e1:48:93:e6:4b:f1:da:34:7e:f1:
         bb:34:3c:54:79:33:60:5d:22:49:e7:4d:df:90:fd:b2:35:ac:
         aa:c0:d1:e5:81:79:3b:c7:19:dd:85:6c:8c:b5:a1:66:76:54:
         34:e0:98:16:1b:6f:6e:cb:9b:06:55:bd:b3:a2:6e:47:cb:36:
         9e:85:94:96:9b:40:30:90:b1:21:60:b2:78:b5:7b:ea:f4:eb:
         03:1c:31:c4:5a:7b:f0:44:69:9c:48:56:e4:aa:49:5c:cd:ab:
         d9:82:ed:73:d4:db:dc:25:6f:22:05:5b:b2:e5:dc:c8:e0:5d:
         77:11:25:8f:66:75:36:e9:88:32:55:96:6c:0b:64:ff:ab:65:
         e6:03:07:7f:70:81:ec:cc:f2:a1:0b:31:bf:c9:75:db:2a:06:
         d4:c6:f1:d1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0CE96/QHiMN+wTt6nyIDnbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwMzE4MTc1MjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGRkODg0YmI4ZTVmOGI3MGQwYmZmM2Q4NWI0ZGVhNjBmM2JjZmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+G0v0D3qa6XjQNwsRdtHyENjptR
yeuSJjz8kQ4gaXNbWIDpFaq/utlz6z3yAXgepFvKB4YBnDqB0okx3lZ2JLRPwsfB
KIuUoQPuc70ef4GrmK5ac/YHxprptGGKPxmptLGXLBpkeqS2mkH1gGmCE+L4EjiP
QMC1B4pm1DKEoFv2GiwhBhQf+oiZnKvXKAKFSnxvzFCv/zKcgMModS7MJePRarTA
gFGTwHLM9Ky0AwSZVX3Jv+KAoc/vmIxirU4RX56vTZv5+eiDbh16xMzp2D+SWtha
CiwmIOLwJch6t6OMtnX6LW8WvZrddB5DlOZrOoKUj0uOA5+Ed6fLZWjI7wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEDdiEu45fi3DQv/PYW03qYPO8+4MB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvUU4ySVM3amwtTGNOQ184OWhiVGVwZzg3ejdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW8BeAwQA
ivkSAwQAqqgQMA0GCSqGSIb3DQEBCwUAA4IBAQCASz92LdRhWJr9MgcBWiQhcaZ3
Uy7cnnbWdlKCWfa3MIkFJ2rjs8ApL2VQHYBA3/y44DacE3B7k4CQ+aJgxOmSplho
AEtB7s6dCwJD/hyaQ+WEZrgDKli0X97hGP4WtYbPJuFIk+ZL8do0fvG7NDxUeTNg
XSJJ503fkP2yNayqwNHlgXk7xxndhWyMtaFmdlQ04JgWG29uy5sGVb2zom5Hyzae
hZSWm0AwkLEhYLJ4tXvq9OsDHDHEWnvwRGmcSFbkqklczavZgu1z1NvcJW8iBVuy
5dzI4F13ESWPZnU26YgyVZZsC2T/q2XmAwd/cIHszPKhCzG/yXXbKgbUxvHR
-----END CERTIFICATE-----