Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/Q_kARCmCZXVPZBoS-gG2Akeu_NY.roa
File:                     Q_kARCmCZXVPZBoS-gG2Akeu_NY.roa (raw, json)
Hash identifier:          w5X8o0rvBQ7N+Nwx+GSckj+GHOb6OY3gyE4okM+dEFY=
Subject key identifier:   43:F9:00:44:29:82:65:75:4F:64:1A:12:FA:01:B6:02:47:AE:FC:D6
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019E8937F956164AF372F029F240DC0A6DC2
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/Q_kARCmCZXVPZBoS-gG2Akeu_NY.roa
Signing time:             Tue 02 Jun 2026 16:43:27 +0000
ROA not before:           Tue 02 Jun 2026 16:43:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56529
IP address blocks:        45.148.243.0/24 maxlen: 24
                          192.144.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 04:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:89:37:f9:56:16:4a:f3:72:f0:29:f2:40:dc:0a:6d:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jun  2 16:43:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43f90044298265754f641a12fa01b60247aefcd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e9:41:41:67:c4:cf:99:2e:04:d5:91:33:7c:
                    09:b2:10:56:b3:ba:e5:29:20:3f:ab:07:dc:57:08:
                    b7:9f:b8:ce:22:13:53:c2:b2:a0:d8:40:5a:cd:4c:
                    dd:f8:e0:57:f4:08:33:c9:d4:8d:b4:90:13:bc:b2:
                    4f:90:81:38:9f:2b:eb:14:e9:04:23:22:e2:1c:0a:
                    db:e0:16:67:53:a4:d3:bd:8f:16:a8:f5:df:f1:eb:
                    f1:0d:f9:ed:7a:66:fc:1f:3d:bb:bd:d8:11:a7:f7:
                    dd:26:1e:ae:e5:50:c0:2a:d7:0a:e9:71:b6:da:75:
                    ca:13:0e:80:cb:51:54:69:6c:d3:43:de:8a:8c:ca:
                    9a:a2:49:c9:3f:f0:fb:ba:12:f7:40:84:f6:db:10:
                    39:92:03:7e:e5:59:a8:12:8a:f6:2f:48:b8:8b:31:
                    ad:20:0e:dc:d6:10:4a:84:45:9b:fd:ee:51:e0:91:
                    bf:0e:fe:2d:31:36:c7:8b:13:4d:68:1a:42:14:80:
                    b8:e4:20:d3:29:46:e8:75:f2:38:57:99:3a:f2:c4:
                    4c:d6:e6:57:5b:e6:2c:0e:80:e9:53:5f:98:54:47:
                    97:a7:fd:0e:08:96:27:4a:7c:d6:a2:21:8c:d5:94:
                    75:ef:dd:40:48:c7:32:0f:7e:0f:c5:f1:96:45:23:
                    66:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:F9:00:44:29:82:65:75:4F:64:1A:12:FA:01:B6:02:47:AE:FC:D6
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/Q_kARCmCZXVPZBoS-gG2Akeu_NY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.243.0/24
                  192.144.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:76:eb:cc:b3:8b:35:dd:17:63:5f:37:27:0c:fd:3f:a2:ec:
         bb:ee:9d:8e:c2:a8:88:34:09:59:5b:df:f9:d0:1e:03:73:04:
         f8:76:f4:94:41:63:6a:69:d1:78:68:ca:b6:2e:89:57:24:d7:
         e7:c5:6d:4e:08:2b:85:66:26:d1:aa:c5:19:5f:bc:10:cb:76:
         e4:6e:8f:30:ee:a2:02:09:cf:15:11:b8:cc:3f:d7:e9:08:85:
         c6:ad:4c:72:da:31:35:38:45:8e:0f:2f:c4:44:db:76:07:79:
         15:b5:76:5b:9f:72:71:aa:34:f4:a9:40:9e:08:eb:8d:7d:97:
         d3:8b:ec:ac:e1:2c:b3:9a:ed:5e:92:36:a2:28:b0:b8:56:24:
         92:78:9f:19:82:78:87:1e:a7:23:a9:87:44:77:04:63:3e:fc:
         4b:d1:0e:cb:bf:81:ab:a5:5b:ef:90:a7:e0:b7:3b:b1:14:8c:
         2f:0d:f5:c7:ac:10:24:cc:7c:c5:f8:e3:7c:dc:b4:d1:b7:cd:
         08:ce:c8:1c:c3:da:8c:29:c4:1d:00:e1:56:27:3f:fd:c9:ca:
         59:f2:83:ff:a9:fb:9c:2e:34:82:87:22:67:22:2a:2b:5f:98:
         2b:19:8a:12:2b:45:d4:07:fa:cf:17:36:b3:67:a1:29:a0:65:
         da:8d:70:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6JN/lWFkrzcvAp8kDcCm3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwNjAyMTY0MzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2Y5MDA0NDI5ODI2NTc1NGY2NDFhMTJmYTAxYjYwMjQ3YWVmY2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOlBQWfEz5kuBNWRM3wJshBWs7rl
KSA/qwfcVwi3n7jOIhNTwrKg2EBazUzd+OBX9AgzydSNtJATvLJPkIE4nyvrFOkE
IyLiHArb4BZnU6TTvY8WqPXf8evxDfntemb8Hz27vdgRp/fdJh6u5VDAKtcK6XG2
2nXKEw6Ay1FUaWzTQ96KjMqaoknJP/D7uhL3QIT22xA5kgN+5VmoEor2L0i4izGt
IA7c1hBKhEWb/e5R4JG/Dv4tMTbHixNNaBpCFIC45CDTKUbodfI4V5k68sRM1uZX
W+YsDoDpU1+YVEeXp/0OCJYnSnzWoiGM1ZR1791ASMcyD34PxfGWRSNmIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEP5AEQpgmV1T2QaEvoBtgJHrvzWMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvUV9rQVJDbUNaWFZQWkJvUy1nRzJBa2V1X05ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZTzAwQA
wJAEMA0GCSqGSIb3DQEBCwUAA4IBAQCuduvMs4s13RdjXzcnDP0/ouy77p2OwqiI
NAlZW9/50B4DcwT4dvSUQWNqadF4aMq2LolXJNfnxW1OCCuFZibRqsUZX7wQy3bk
bo8w7qICCc8VEbjMP9fpCIXGrUxy2jE1OEWODy/ERNt2B3kVtXZbn3JxqjT0qUCe
COuNfZfTi+ys4Syzmu1ekjaiKLC4ViSSeJ8ZgniHHqcjqYdEdwRjPvxL0Q7Lv4Gr
pVvvkKfgtzuxFIwvDfXHrBAkzHzF+ON83LTRt80Izsgcw9qMKcQdAOFWJz/9ycpZ
8oP/qfucLjSChyJnIiorX5grGYoSK0XUB/rPFzazZ6EpoGXajXB5
-----END CERTIFICATE-----