Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/QigmVL9RdKBrOmb9TPbEmGlKGvI.roa
File:                     QigmVL9RdKBrOmb9TPbEmGlKGvI.roa (raw, json)
Hash identifier:          aKzMVPifV/PQNyojx6n88SRwR1h+51YRrN3o4ao5DFk=
Subject key identifier:   42:28:26:54:BF:51:74:A0:6B:3A:66:FD:4C:F6:C4:98:69:4A:1A:F2
Certificate issuer:       /CN=993e814676f32f264771c7ad767a4df87d3c63e2
Certificate serial:       019D699C3C66A5058D472F5BD98DCDDCF745
Authority key identifier: 99:3E:81:46:76:F3:2F:26:47:71:C7:AD:76:7A:4D:F8:7D:3C:63:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mT6BRnbzLyZHccetdnpN-H08Y-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/QigmVL9RdKBrOmb9TPbEmGlKGvI.roa
Signing time:             Tue 07 Apr 2026 20:22:19 +0000
ROA not before:           Tue 07 Apr 2026 20:22:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58015
IP address blocks:        2a0d:b080::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/mT6BRnbzLyZHccetdnpN-H08Y-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/mT6BRnbzLyZHccetdnpN-H08Y-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mT6BRnbzLyZHccetdnpN-H08Y-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 00:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:69:9c:3c:66:a5:05:8d:47:2f:5b:d9:8d:cd:dc:f7:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=993e814676f32f264771c7ad767a4df87d3c63e2
        Validity
            Not Before: Apr  7 20:22:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=42282654bf5174a06b3a66fd4cf6c498694a1af2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c1:5d:43:e7:94:18:41:5c:03:53:ef:7c:d2:
                    0c:69:21:ee:d8:ee:ec:16:50:7f:3f:84:3c:db:0f:
                    f6:dd:07:10:5a:e6:50:a8:bc:88:9f:26:ba:00:fc:
                    d1:d6:1b:b7:b1:da:a6:33:1d:d9:64:6a:db:86:be:
                    77:97:3f:61:72:eb:21:41:14:f8:02:a5:c2:d1:6d:
                    12:04:3d:20:55:f2:0b:69:c8:2e:5a:0e:f2:6b:e9:
                    4d:a7:82:db:e0:d0:84:4b:cf:36:d5:c7:7d:bd:06:
                    35:bd:7b:8b:4e:a6:b4:27:b6:56:87:3a:81:7e:83:
                    44:99:5b:8d:e3:83:2f:e4:3e:87:89:7b:44:a1:a9:
                    fd:71:f4:59:29:20:90:a5:0f:52:53:5e:86:2f:9a:
                    4f:9d:9d:fe:da:33:88:63:fb:03:74:85:b5:e4:96:
                    f1:b8:e1:e0:b0:53:cb:3e:d8:ec:f0:06:4e:a1:4e:
                    aa:a8:79:ea:d0:2f:d3:51:0a:fe:d6:e2:81:47:a8:
                    36:6f:df:5f:3b:62:45:61:4e:72:0d:45:f0:a2:a7:
                    29:04:fd:99:bf:0c:f0:b4:d4:bb:b5:e0:bd:f8:0d:
                    44:0a:af:77:29:a1:28:24:c0:1f:af:0d:68:1b:86:
                    ca:4b:06:5b:ed:09:be:dd:10:b3:d9:4e:c0:bd:29:
                    a0:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:28:26:54:BF:51:74:A0:6B:3A:66:FD:4C:F6:C4:98:69:4A:1A:F2
            X509v3 Authority Key Identifier:
                keyid:99:3E:81:46:76:F3:2F:26:47:71:C7:AD:76:7A:4D:F8:7D:3C:63:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mT6BRnbzLyZHccetdnpN-H08Y-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/QigmVL9RdKBrOmb9TPbEmGlKGvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/mT6BRnbzLyZHccetdnpN-H08Y-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:b080::/29

    Signature Algorithm: sha256WithRSAEncryption
         a0:67:12:40:05:57:c4:c4:dc:73:2e:69:df:91:fd:f4:bb:6e:
         93:3f:2a:de:05:c7:22:a4:5e:9c:42:dd:7f:51:0c:52:c6:a3:
         8e:f4:05:99:14:36:a0:27:f2:d9:11:72:90:8f:5a:90:0c:67:
         f6:6f:0f:a3:98:90:54:e2:51:45:6e:7c:46:da:84:02:e9:37:
         bb:12:07:33:ff:66:ef:58:9f:59:9a:7f:30:9e:dd:1c:aa:44:
         41:a3:2f:96:c6:3b:80:23:61:fd:1b:b4:f5:28:be:64:af:c9:
         64:b2:41:e8:58:ca:18:a9:97:3b:69:67:60:c5:23:49:29:9f:
         d8:46:90:2a:96:52:0c:b7:a8:de:20:5d:21:a6:ed:36:8b:52:
         dc:ce:46:aa:a9:1c:22:f2:83:6c:48:0d:b8:9a:0a:9f:1a:d9:
         86:68:58:5b:75:e7:f1:ee:14:d8:fa:38:38:b7:00:e3:eb:9b:
         6e:5a:d8:f5:46:80:df:4d:9a:9a:9f:3d:93:27:f4:96:02:e1:
         fa:ae:25:30:54:0e:9a:1a:80:24:e7:ea:b4:93:e7:8e:e5:4f:
         5b:b4:84:92:fb:c1:77:f8:c0:bb:72:fd:ef:7a:7c:c9:d8:a6:
         9c:20:44:b6:45:56:14:59:11:a2:d2:78:58:4d:fd:6f:a4:e0:
         57:bc:88:2e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ1pnDxmpQWNRy9b2Y3N3PdFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5M2U4MTQ2NzZmMzJmMjY0NzcxYzdhZDc2N2E0ZGY4N2Qz
YzYzZTIwHhcNMjYwNDA3MjAyMjE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjI4MjY1NGJmNTE3NGEwNmIzYTY2ZmQ0Y2Y2YzQ5ODY5NGExYWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MFdQ+eUGEFcA1PvfNIMaSHu2O7s
FlB/P4Q82w/23QcQWuZQqLyInya6APzR1hu3sdqmMx3ZZGrbhr53lz9hcushQRT4
AqXC0W0SBD0gVfILacguWg7ya+lNp4Lb4NCES8821cd9vQY1vXuLTqa0J7ZWhzqB
foNEmVuN44Mv5D6HiXtEoan9cfRZKSCQpQ9SU16GL5pPnZ3+2jOIY/sDdIW15Jbx
uOHgsFPLPtjs8AZOoU6qqHnq0C/TUQr+1uKBR6g2b99fO2JFYU5yDUXwoqcpBP2Z
vwzwtNS7teC9+A1ECq93KaEoJMAfrw1oG4bKSwZb7Qm+3RCz2U7AvSmgTwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEIoJlS/UXSgazpm/Uz2xJhpShryMB8GA1UdIwQY
MBaAFJk+gUZ28y8mR3HHrXZ6Tfh9PGPiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVQ2QlJuYnpMeVpIY2NldGRucE4tSDA4WS1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9jMzIxZjUtZDYxMS00MjE4LWFmMWYt
NDhjYjBmY2I5MGMzLzEvUWlnbVZMOVJkS0JyT21iOVRQYkVtR2xLR3ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9jMzIxZjUtZDYxMS00MjE4LWFmMWYtNDhjYjBmY2I5MGMz
LzEvbVQ2QlJuYnpMeVpIY2NldGRucE4tSDA4WS1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg2wgDAN
BgkqhkiG9w0BAQsFAAOCAQEAoGcSQAVXxMTccy5p35H99Ltukz8q3gXHIqRenELd
f1EMUsajjvQFmRQ2oCfy2RFykI9akAxn9m8Po5iQVOJRRW58RtqEAuk3uxIHM/9m
71ifWZp/MJ7dHKpEQaMvlsY7gCNh/Ru09Si+ZK/JZLJB6FjKGKmXO2lnYMUjSSmf
2EaQKpZSDLeo3iBdIabtNotS3M5GqqkcIvKDbEgNuJoKnxrZhmhYW3Xn8e4U2Po4
OLcA4+ubblrY9UaA302amp89kyf0lgLh+q4lMFQOmhqAJOfqtJPnjuVPW7SEkvvB
d/jAu3L973p8ydimnCBEtkVWFFkRotJ4WE39b6TgV7yILg==
-----END CERTIFICATE-----