Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Q6FW1DasNYFH99g3MLIUH7uHGI8.roa
File:                     Q6FW1DasNYFH99g3MLIUH7uHGI8.roa (raw, json)
Hash identifier:          QkCC3CI2DZwP1yEHIqYS1xvE37mTWw7eJENtpP+u1vo=
Subject key identifier:   43:A1:56:D4:36:AC:35:81:47:F7:D8:37:30:B2:14:1F:BB:87:18:8F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019D447B35E11C3DEC1A19257988725A02EB
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Q6FW1DasNYFH99g3MLIUH7uHGI8.roa
Signing time:             Tue 31 Mar 2026 15:20:18 +0000
ROA not before:           Tue 31 Mar 2026 15:20:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401857
IP address blocks:        81.168.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Apr 2026 20:11:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:44:7b:35:e1:1c:3d:ec:1a:19:25:79:88:72:5a:02:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 31 15:20:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43a156d436ac358147f7d83730b2141fbb87188f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:da:38:a3:5f:72:87:1d:43:3a:bd:e6:4a:21:
                    30:14:b7:e4:cc:67:9b:38:6d:f0:63:bd:9f:39:7d:
                    5b:b0:8a:df:61:d8:16:b7:bf:64:e2:33:e1:1a:ef:
                    8f:83:fa:a5:6e:5a:a7:bb:bc:60:90:0f:e1:b6:0b:
                    55:87:fa:b8:fc:41:8a:a3:5a:7a:c1:cf:23:91:3d:
                    17:03:10:9d:2b:18:66:cd:56:fc:04:b0:87:bd:f6:
                    5b:a6:df:ae:e7:f6:2a:92:c3:45:74:60:2f:82:94:
                    6f:5e:6c:29:9c:8b:d2:0f:1d:e5:15:c2:ad:a3:0c:
                    a0:12:5e:87:f0:ca:62:f6:de:9d:89:bb:f5:e0:2a:
                    b1:54:2f:c5:b3:5d:f0:19:0f:d3:9e:b5:09:12:da:
                    10:64:de:54:7d:c9:63:52:55:cf:30:45:f8:70:74:
                    b7:4d:ef:f4:7a:43:5a:a8:f8:da:60:78:22:49:b7:
                    1b:81:b9:e0:de:d2:06:4c:d7:7e:72:1c:cf:ac:95:
                    6e:2f:34:ef:42:fe:ae:47:69:89:c4:d0:4a:c4:cb:
                    55:70:b4:2e:98:da:55:37:57:5f:95:c2:54:74:13:
                    14:57:d2:a7:b6:86:4d:cd:97:55:bf:31:32:f4:1a:
                    7b:ff:b1:dd:58:c4:4b:05:10:39:27:5f:e7:8a:53:
                    8e:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:A1:56:D4:36:AC:35:81:47:F7:D8:37:30:B2:14:1F:BB:87:18:8F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Q6FW1DasNYFH99g3MLIUH7uHGI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:ec:2c:09:79:8c:d0:41:f7:e8:6c:1c:27:5f:32:be:bb:c1:
         ac:5e:65:61:78:43:78:1e:ee:7e:95:7b:2c:db:a0:3e:b4:b6:
         6c:7b:e6:df:c9:c3:06:78:16:d4:fe:68:c2:e3:a9:23:76:33:
         ad:ff:90:fd:2c:99:8c:ee:2d:12:1f:b9:a1:4f:75:40:26:42:
         90:e2:8c:78:2e:c0:45:42:15:b6:6f:8a:5c:80:d7:88:6e:1c:
         69:d0:c7:36:3e:18:19:42:c8:7e:64:26:1a:b7:d2:80:88:a5:
         fa:87:6b:a3:a8:68:24:66:c1:7b:25:39:85:59:96:b6:90:33:
         77:37:be:e0:47:54:96:9e:25:f5:06:f7:6d:fc:0d:6d:95:c7:
         25:d2:6a:4a:9c:c0:3d:a6:98:43:1d:9e:23:c1:b2:04:ac:f2:
         e8:e7:f9:88:35:26:eb:d7:39:0f:1d:f4:8f:c1:a8:4e:3d:fd:
         25:82:dc:37:45:b6:d5:a0:da:c8:22:5a:29:51:c9:d0:be:cf:
         0f:4e:28:ff:09:e5:5c:bc:80:0b:f6:74:e0:29:2c:25:d2:0a:
         43:74:bc:36:f4:d1:28:87:af:a5:1d:c7:6a:ea:ea:f7:73:81:
         30:af:1a:4a:35:65:b0:20:d8:e0:37:45:a5:46:a1:39:12:36:
         84:b2:03:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1EezXhHD3sGhkleYhyWgLrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMzMxMTUyMDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2ExNTZkNDM2YWMzNTgxNDdmN2Q4MzczMGIyMTQxZmJiODcxODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9o4o19yhx1DOr3mSiEwFLfkzGeb
OG3wY72fOX1bsIrfYdgWt79k4jPhGu+Pg/qlblqnu7xgkA/htgtVh/q4/EGKo1p6
wc8jkT0XAxCdKxhmzVb8BLCHvfZbpt+u5/YqksNFdGAvgpRvXmwpnIvSDx3lFcKt
owygEl6H8Mpi9t6dibv14CqxVC/Fs13wGQ/TnrUJEtoQZN5UfcljUlXPMEX4cHS3
Te/0ekNaqPjaYHgiSbcbgbng3tIGTNd+chzPrJVuLzTvQv6uR2mJxNBKxMtVcLQu
mNpVN1dflcJUdBMUV9KntoZNzZdVvzEy9Bp7/7HdWMRLBRA5J1/nilOOCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOhVtQ2rDWBR/fYNzCyFB+7hxiPMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUTZGVzFEYXNOWUZIOTlnM01MSVVIN3VIR0k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUahPMA0G
CSqGSIb3DQEBCwUAA4IBAQCN7CwJeYzQQffobBwnXzK+u8GsXmVheEN4Hu5+lXss
26A+tLZse+bfycMGeBbU/mjC46kjdjOt/5D9LJmM7i0SH7mhT3VAJkKQ4ox4LsBF
QhW2b4pcgNeIbhxp0Mc2PhgZQsh+ZCYat9KAiKX6h2ujqGgkZsF7JTmFWZa2kDN3
N77gR1SWniX1Bvdt/A1tlccl0mpKnMA9pphDHZ4jwbIErPLo5/mINSbr1zkPHfSP
wahOPf0lgtw3RbbVoNrIIlopUcnQvs8PTij/CeVcvIAL9nTgKSwl0gpDdLw29NEo
h6+lHcdq6ur3c4EwrxpKNWWwINjgN0WlRqE5EjaEsgOr
-----END CERTIFICATE-----