Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/Q8LbMVAHxWAfxQJcRhdFiRYCp4w.roa
File:                     Q8LbMVAHxWAfxQJcRhdFiRYCp4w.roa (raw, json)
Hash identifier:          tdLoVEqLTBIEvnLCawqPyA2B1G/W68at8ZFosy/1Cnw=
Subject key identifier:   43:C2:DB:31:50:07:C5:60:1F:C5:02:5C:46:17:45:89:16:02:A7:8C
Certificate issuer:       /CN=2eeec5231d212b310579d78fc41479ca6ec2aa07
Certificate serial:       019D47B500318D6ECAD0BDD791C67D44C6D7
Authority key identifier: 2E:EE:C5:23:1D:21:2B:31:05:79:D7:8F:C4:14:79:CA:6E:C2:AA:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lu7FIx0hKzEFedePxBR5ym7Cqgc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/Q8LbMVAHxWAfxQJcRhdFiRYCp4w.roa
Signing time:             Wed 01 Apr 2026 06:22:17 +0000
ROA not before:           Wed 01 Apr 2026 06:22:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48475
IP address blocks:        92.241.28.0/24 maxlen: 24
                          92.241.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/Lu7FIx0hKzEFedePxBR5ym7Cqgc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/Lu7FIx0hKzEFedePxBR5ym7Cqgc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lu7FIx0hKzEFedePxBR5ym7Cqgc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 10:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:47:b5:00:31:8d:6e:ca:d0:bd:d7:91:c6:7d:44:c6:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2eeec5231d212b310579d78fc41479ca6ec2aa07
        Validity
            Not Before: Apr  1 06:22:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43c2db315007c5601fc5025c461745891602a78c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:aa:d0:27:52:9f:b9:c3:ba:c3:f8:fb:28:d0:
                    f1:10:a4:ad:0d:73:ed:57:e0:ff:21:d4:86:1d:a9:
                    d3:94:d4:d5:fb:bc:87:03:8a:5e:b6:b7:70:61:ba:
                    90:11:66:d8:58:c8:c2:a4:2e:03:62:d9:78:91:0c:
                    b0:d6:d6:f8:d6:91:aa:12:65:0a:53:28:78:c1:ab:
                    84:bf:f9:be:ea:51:36:27:94:8d:41:06:8c:56:de:
                    dd:f4:5b:7b:32:23:4f:21:41:d4:66:ac:36:a5:e3:
                    97:8b:a7:22:a3:95:5e:3e:dd:d5:a8:05:71:88:3e:
                    fc:4b:8c:f3:fa:58:8d:30:95:4c:1b:73:c0:1c:9c:
                    52:d9:c4:a8:12:db:5f:0a:b3:f7:de:eb:97:71:82:
                    43:e4:2c:d1:62:52:36:62:83:42:39:32:fc:ac:6a:
                    cf:a6:72:ea:51:37:41:08:3d:45:89:56:3d:ae:db:
                    36:34:46:e0:8f:7b:26:ae:ee:af:fe:15:4f:f7:7e:
                    5b:b3:a3:4f:6c:d7:03:55:eb:13:a5:99:38:7c:86:
                    b9:86:5a:9f:06:2b:f3:53:45:8e:92:07:5e:04:16:
                    00:99:4a:5f:aa:aa:2a:a2:2a:2e:67:77:9f:56:38:
                    d8:94:0b:4a:fb:88:be:41:96:0b:79:b5:6b:2b:ce:
                    6b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:C2:DB:31:50:07:C5:60:1F:C5:02:5C:46:17:45:89:16:02:A7:8C
            X509v3 Authority Key Identifier:
                keyid:2E:EE:C5:23:1D:21:2B:31:05:79:D7:8F:C4:14:79:CA:6E:C2:AA:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lu7FIx0hKzEFedePxBR5ym7Cqgc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/Q8LbMVAHxWAfxQJcRhdFiRYCp4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/8b856a-38ae-4cfb-81d2-271a9576eae7/1/Lu7FIx0hKzEFedePxBR5ym7Cqgc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.241.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:2b:9a:bb:cd:c0:dc:91:be:81:af:06:78:95:eb:dd:03:12:
         79:c9:e9:46:6c:e4:11:38:aa:80:d2:8b:6b:e6:f4:90:c2:79:
         8b:55:f5:1c:42:0c:bd:20:59:07:76:89:45:4a:31:0f:aa:e9:
         b2:3f:c6:03:9e:09:0b:70:6b:ad:ed:a4:62:b2:22:46:a5:7b:
         23:d4:ee:22:ab:9c:fa:ac:2c:dd:c3:0d:84:19:7e:92:03:05:
         3a:47:97:89:0c:81:0c:25:d9:55:58:9d:7e:a1:61:f6:38:23:
         ef:f0:00:83:a7:e6:ec:77:67:60:1b:4f:65:98:b3:6f:5a:ad:
         12:ab:3b:ea:95:1c:7c:a7:4a:3b:55:a5:ab:e5:3f:f2:35:50:
         55:4e:f3:4b:ef:bb:59:14:fa:bf:1f:db:5a:9e:67:a8:43:70:
         4e:39:d1:e8:d9:70:34:25:59:c3:ff:24:d0:fd:9d:76:4b:d2:
         ac:26:6f:66:c9:54:bf:f9:9d:f2:1a:3f:33:8e:cc:db:b9:16:
         87:a3:10:97:b3:a0:e9:e3:d9:84:a4:e4:88:47:16:65:3e:49:
         bb:e9:f7:8e:d9:ff:ae:df:4f:7e:34:dd:fb:db:23:d1:4c:c6:
         b0:f8:c4:84:22:6f:08:6d:57:f2:ec:31:d3:32:df:c8:74:bb:
         aa:22:5f:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1HtQAxjW7K0L3XkcZ9RMbXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZWVjNTIzMWQyMTJiMzEwNTc5ZDc4ZmM0MTQ3OWNhNmVj
MmFhMDcwHhcNMjYwNDAxMDYyMjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2MyZGIzMTUwMDdjNTYwMWZjNTAyNWM0NjE3NDU4OTE2MDJhNzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5qrQJ1KfucO6w/j7KNDxEKStDXPt
V+D/IdSGHanTlNTV+7yHA4petrdwYbqQEWbYWMjCpC4DYtl4kQyw1tb41pGqEmUK
Uyh4wauEv/m+6lE2J5SNQQaMVt7d9Ft7MiNPIUHUZqw2peOXi6cio5VePt3VqAVx
iD78S4zz+liNMJVMG3PAHJxS2cSoEttfCrP33uuXcYJD5CzRYlI2YoNCOTL8rGrP
pnLqUTdBCD1FiVY9rts2NEbgj3smru6v/hVP935bs6NPbNcDVesTpZk4fIa5hlqf
BivzU0WOkgdeBBYAmUpfqqoqoiouZ3efVjjYlAtK+4i+QZYLebVrK85rCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPC2zFQB8VgH8UCXEYXRYkWAqeMMB8GA1UdIwQY
MBaAFC7uxSMdISsxBXnXj8QUecpuwqoHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHU3Rkl4MGhLekVGZWRlUHhCUjV5bTdDcWdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84Yjg1NmEtMzhhZS00Y2ZiLTgxZDIt
MjcxYTk1NzZlYWU3LzEvUThMYk1WQUh4V0FmeFFKY1JoZEZpUllDcDR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84Yjg1NmEtMzhhZS00Y2ZiLTgxZDItMjcxYTk1NzZlYWU3
LzEvTHU3Rkl4MGhLekVGZWRlUHhCUjV5bTdDcWdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXPEcMA0G
CSqGSIb3DQEBCwUAA4IBAQAvK5q7zcDckb6BrwZ4levdAxJ5yelGbOQROKqA0otr
5vSQwnmLVfUcQgy9IFkHdolFSjEPqumyP8YDngkLcGut7aRisiJGpXsj1O4iq5z6
rCzdww2EGX6SAwU6R5eJDIEMJdlVWJ1+oWH2OCPv8ACDp+bsd2dgG09lmLNvWq0S
qzvqlRx8p0o7VaWr5T/yNVBVTvNL77tZFPq/H9tanmeoQ3BOOdHo2XA0JVnD/yTQ
/Z12S9KsJm9myVS/+Z3yGj8zjszbuRaHoxCXs6Dp49mEpOSIRxZlPkm76feO2f+u
309+NN372yPRTMaw+MSEIm8IbVfy7DHTMt/IdLuqIl+e
-----END CERTIFICATE-----