Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qlx5vqALD5QlPGcZ2f1IEUXwP8g.roa
File:                     qlx5vqALD5QlPGcZ2f1IEUXwP8g.roa (raw, json)
Hash identifier:          gIXK6QyIa6mlUU+dRLk1czInQ6ukXyDmEGnY2gj6iiY=
Subject key identifier:   AA:5C:79:BE:A0:0B:0F:94:25:3C:67:19:D9:FD:48:11:45:F0:3F:C8
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019C8026BF567A7C46B8173CD464398AB944
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qlx5vqALD5QlPGcZ2f1IEUXwP8g.roa
Signing time:             Sat 21 Feb 2026 12:22:28 +0000
ROA not before:           Sat 21 Feb 2026 12:22:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        151.244.194.0/24 maxlen: 24
                          151.244.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:80:26:bf:56:7a:7c:46:b8:17:3c:d4:64:39:8a:b9:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Feb 21 12:22:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aa5c79bea00b0f94253c6719d9fd481145f03fc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f7:ff:44:f1:1d:db:6b:aa:84:30:16:0d:f2:
                    e0:c6:0a:29:aa:bf:12:2d:ea:7d:c3:f5:71:b7:1d:
                    bc:7a:06:f6:87:11:51:11:46:fa:de:a6:7e:c5:e3:
                    1a:76:44:4b:81:e2:c7:b1:66:e5:69:95:56:30:a3:
                    20:39:26:91:fa:12:12:1f:44:42:df:f1:ce:ed:09:
                    49:33:7a:04:e2:88:56:18:47:92:5c:2d:c7:c4:9b:
                    80:33:ed:64:60:a0:5d:47:e2:18:c7:33:ff:d9:2d:
                    c4:fb:23:05:9a:6c:02:3c:92:ea:b3:ff:07:d8:26:
                    4a:ec:fd:7a:61:61:c1:9a:da:3d:95:b9:66:f6:6d:
                    d2:69:0d:26:b5:ec:99:fa:59:6d:48:02:e1:6c:9a:
                    44:f3:5a:c4:12:ac:ed:a0:ca:f6:46:b4:5a:f6:bf:
                    cd:93:a4:d1:00:40:d9:d8:41:7b:63:6d:4c:3d:8c:
                    d5:30:ec:93:b9:0b:84:6e:3a:19:af:da:82:12:29:
                    87:ae:98:0b:86:de:55:53:b2:c3:d7:4f:fb:95:e5:
                    77:38:38:b6:70:02:da:d9:17:13:52:43:19:ee:52:
                    fe:10:c0:6c:01:0d:e5:cf:8d:ff:d5:c7:07:34:64:
                    90:73:13:b3:c5:db:7a:cc:b6:63:22:90:9c:c2:5e:
                    5a:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:5C:79:BE:A0:0B:0F:94:25:3C:67:19:D9:FD:48:11:45:F0:3F:C8
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qlx5vqALD5QlPGcZ2f1IEUXwP8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:e4:fa:bd:18:60:ea:70:19:af:b2:72:7e:6f:e5:19:83:d8:
         bf:ab:2a:2e:0f:03:d0:46:7f:cb:d1:25:3e:2f:aa:08:ff:aa:
         64:1d:ec:4a:b7:f9:2b:71:ce:bc:15:db:9b:7a:3d:18:3c:1e:
         b8:9d:ed:1f:55:11:f4:77:62:d0:a8:35:9b:7c:a9:47:d7:49:
         bc:01:58:d8:1d:12:8d:68:70:4a:ac:19:b1:bc:dd:ad:e0:c4:
         56:64:83:02:43:9b:1f:f9:be:78:bd:e6:eb:e6:a3:32:e8:5a:
         57:8b:d5:67:64:fd:45:b0:a1:b6:46:56:c3:3a:06:c8:40:02:
         c0:f6:1d:b6:90:0b:41:1f:79:77:d0:19:b7:4a:7f:b1:04:37:
         a2:9c:a2:38:ee:f3:10:a3:7a:81:4d:d6:b9:78:2d:9a:86:62:
         2c:5c:7c:6f:b9:24:ea:d2:cb:e4:2c:05:4e:98:a3:60:c1:bc:
         db:22:a5:df:ef:54:08:22:dd:a3:79:02:ed:ab:59:c1:45:62:
         3c:46:b4:f3:54:45:67:17:92:f8:22:6f:2e:0d:59:b3:19:3c:
         9f:e4:29:90:4b:4f:63:71:1f:e7:66:4d:9c:9e:76:09:5b:a3:
         93:12:57:12:72:a7:98:1c:c9:7d:93:82:8b:39:6b:9b:7a:44:
         a1:2b:1f:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyAJr9WenxGuBc81GQ5irlEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMjIxMTIyMjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTVjNzliZWEwMGIwZjk0MjUzYzY3MTlkOWZkNDgxMTQ1ZjAzZmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPf/RPEd22uqhDAWDfLgxgopqr8S
Lep9w/Vxtx28egb2hxFREUb63qZ+xeMadkRLgeLHsWblaZVWMKMgOSaR+hISH0RC
3/HO7QlJM3oE4ohWGEeSXC3HxJuAM+1kYKBdR+IYxzP/2S3E+yMFmmwCPJLqs/8H
2CZK7P16YWHBmto9lblm9m3SaQ0mteyZ+lltSALhbJpE81rEEqztoMr2RrRa9r/N
k6TRAEDZ2EF7Y21MPYzVMOyTuQuEbjoZr9qCEimHrpgLht5VU7LD10/7leV3ODi2
cALa2RcTUkMZ7lL+EMBsAQ3lz43/1ccHNGSQcxOzxdt6zLZjIpCcwl5aDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKpceb6gCw+UJTxnGdn9SBFF8D/IMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcWx4NXZxQUxENVFsUEdjWjJmMUlFVVh3UDhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBl/TCMA0G
CSqGSIb3DQEBCwUAA4IBAQBj5Pq9GGDqcBmvsnJ+b+UZg9i/qyouDwPQRn/L0SU+
L6oI/6pkHexKt/krcc68Fdubej0YPB64ne0fVRH0d2LQqDWbfKlH10m8AVjYHRKN
aHBKrBmxvN2t4MRWZIMCQ5sf+b54vebr5qMy6FpXi9VnZP1FsKG2RlbDOgbIQALA
9h22kAtBH3l30Bm3Sn+xBDeinKI47vMQo3qBTda5eC2ahmIsXHxvuSTq0svkLAVO
mKNgwbzbIqXf71QIIt2jeQLtq1nBRWI8RrTzVEVnF5L4Im8uDVmzGTyf5CmQS09j
cR/nZk2cnnYJW6OTElcScqeYHMl9k4KLOWubekShKx8y
-----END CERTIFICATE-----