Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/QCpTyIFdDljPGYT7m3LdB_-iQhI.roa
File:                     QCpTyIFdDljPGYT7m3LdB_-iQhI.roa (raw, json)
Hash identifier:          xzvh7tbNPzo7Wi3VB2foK6QSDsmyv9TnvnUDyEsqDCQ=
Subject key identifier:   40:2A:53:C8:81:5D:0E:58:CF:19:84:FB:9B:72:DD:07:FF:A2:42:12
Certificate issuer:       /CN=b6380000fb7e45f8976261a698d418f08e8d67c7
Certificate serial:       019E357A210975C5AFE1D1768D9418070A49
Authority key identifier: B6:38:00:00:FB:7E:45:F8:97:62:61:A6:98:D4:18:F0:8E:8D:67:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/QCpTyIFdDljPGYT7m3LdB_-iQhI.roa
Signing time:             Sun 17 May 2026 10:27:36 +0000
ROA not before:           Sun 17 May 2026 10:27:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3356
IP address blocks:        212.57.192.0/19 maxlen: 19
                          212.57.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 13:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:35:7a:21:09:75:c5:af:e1:d1:76:8d:94:18:07:0a:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6380000fb7e45f8976261a698d418f08e8d67c7
        Validity
            Not Before: May 17 10:27:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=402a53c8815d0e58cf1984fb9b72dd07ffa24212
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:57:7c:27:d6:ed:05:16:33:a1:88:06:2d:48:
                    ed:03:c8:69:36:53:ce:8a:6b:20:bc:98:93:d6:27:
                    78:f0:75:19:f0:f8:0e:39:91:ab:b0:67:6a:fd:ad:
                    c7:7a:4b:d5:a8:d0:54:35:0f:db:6a:a4:02:52:3f:
                    ba:f1:fb:6e:f8:75:4b:a9:db:9b:d0:bc:84:35:ef:
                    ae:8d:72:83:ee:29:6c:e2:ff:1e:7a:58:b6:91:00:
                    d1:97:30:1d:1e:f6:56:cc:50:ec:d1:ac:69:99:e2:
                    83:f0:0b:6a:08:fc:48:ac:25:07:ba:95:c6:44:03:
                    fb:3c:6a:16:59:be:34:4c:c8:d7:25:30:db:a0:de:
                    75:60:2c:65:b3:7c:9b:98:e5:fa:b4:d0:6b:16:cc:
                    82:29:bf:2e:82:71:d8:f6:45:c3:37:a5:a1:4e:1d:
                    ee:ba:2e:6a:0a:79:4a:68:25:fd:10:f3:91:b0:12:
                    f6:40:33:db:e9:9d:5c:99:78:c4:8f:cc:54:5c:8d:
                    9c:07:72:42:e2:60:cb:e9:7d:ea:f3:82:a5:46:36:
                    fa:7c:45:7b:bf:ec:63:4a:ba:56:ff:a3:af:e8:4d:
                    ee:2e:9c:e6:cd:bd:39:00:40:d5:36:bf:65:21:ff:
                    ba:64:d8:99:6f:dd:aa:40:a0:66:9b:6d:67:85:4e:
                    a3:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:2A:53:C8:81:5D:0E:58:CF:19:84:FB:9B:72:DD:07:FF:A2:42:12
            X509v3 Authority Key Identifier:
                keyid:B6:38:00:00:FB:7E:45:F8:97:62:61:A6:98:D4:18:F0:8E:8D:67:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/QCpTyIFdDljPGYT7m3LdB_-iQhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.57.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6c:50:36:89:dd:f6:ff:b9:79:23:65:91:b7:f3:79:31:3d:1c:
         de:6a:a4:73:a1:a0:5a:f7:57:e2:f6:11:38:0e:a3:49:3b:34:
         fd:f8:cb:eb:c5:82:81:5c:b2:d1:c5:2b:2f:0c:3f:c5:0a:7b:
         a1:24:ed:fa:ac:ce:97:42:ae:8d:45:6f:59:30:7f:eb:51:65:
         09:15:04:72:3c:59:d9:fa:ed:98:fa:02:82:11:9f:c7:c8:c3:
         d7:a0:40:98:df:6d:8b:76:b2:bf:17:6b:2c:31:f6:fb:be:78:
         d1:77:33:d3:41:bd:ef:a7:84:fb:f9:52:bf:62:90:a1:26:eb:
         38:40:65:a3:fc:de:95:7d:fc:9e:ef:82:95:19:89:b0:d8:b6:
         00:5a:24:9e:2e:bf:86:20:91:98:14:c2:28:d4:a0:d2:52:40:
         2d:fe:eb:4a:a0:11:44:54:4c:f5:36:62:0e:77:28:79:03:c7:
         b1:c8:f9:ba:a2:38:f7:80:bf:f4:d6:fc:5c:81:b7:fc:bd:6b:
         50:08:30:9a:4e:a6:aa:db:30:d1:4c:dd:33:6a:68:52:de:b5:
         cc:7b:f1:22:9f:87:af:b3:58:e4:4c:87:56:46:36:35:74:3b:
         00:80:e8:e8:55:ae:db:a5:bc:f7:f4:5d:c9:99:63:11:c2:33:
         b0:3c:40:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ41eiEJdcWv4dF2jZQYBwpJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MzgwMDAwZmI3ZTQ1Zjg5NzYyNjFhNjk4ZDQxOGYwOGU4
ZDY3YzcwHhcNMjYwNTE3MTAyNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDJhNTNjODgxNWQwZTU4Y2YxOTg0ZmI5YjcyZGQwN2ZmYTI0MjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1d8J9btBRYzoYgGLUjtA8hpNlPO
imsgvJiT1id48HUZ8PgOOZGrsGdq/a3HekvVqNBUNQ/baqQCUj+68ftu+HVLqdub
0LyENe+ujXKD7ils4v8eeli2kQDRlzAdHvZWzFDs0axpmeKD8AtqCPxIrCUHupXG
RAP7PGoWWb40TMjXJTDboN51YCxls3ybmOX6tNBrFsyCKb8ugnHY9kXDN6WhTh3u
ui5qCnlKaCX9EPORsBL2QDPb6Z1cmXjEj8xUXI2cB3JC4mDL6X3q84KlRjb6fEV7
v+xjSrpW/6Ov6E3uLpzmzb05AEDVNr9lIf+6ZNiZb92qQKBmm21nhU6jhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEAqU8iBXQ5YzxmE+5ty3Qf/okISMB8GA1UdIwQY
MBaAFLY4AAD7fkX4l2JhppjUGPCOjWfHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGpnQUFQdC1SZmlYWW1HbW1OUVk4STZOWjhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi82ZTRlNjgtODdhYS00NzhjLThlNWYt
ZTA2MTc2YWIyNGZiLzEvUUNwVHlJRmREbGpQR1lUN20zTGRCXy1pUWhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi82ZTRlNjgtODdhYS00NzhjLThlNWYtZTA2MTc2YWIyNGZi
LzEvdGpnQUFQdC1SZmlYWW1HbW1OUVk4STZOWjhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1DnAMA0G
CSqGSIb3DQEBCwUAA4IBAQBsUDaJ3fb/uXkjZZG383kxPRzeaqRzoaBa91fi9hE4
DqNJOzT9+MvrxYKBXLLRxSsvDD/FCnuhJO36rM6XQq6NRW9ZMH/rUWUJFQRyPFnZ
+u2Y+gKCEZ/HyMPXoECY322LdrK/F2ssMfb7vnjRdzPTQb3vp4T7+VK/YpChJus4
QGWj/N6Vffye74KVGYmw2LYAWiSeLr+GIJGYFMIo1KDSUkAt/utKoBFEVEz1NmIO
dyh5A8exyPm6ojj3gL/01vxcgbf8vWtQCDCaTqaq2zDRTN0zamhS3rXMe/Ein4ev
s1jkTIdWRjY1dDsAgOjoVa7bpbz39F3JmWMRwjOwPEDo
-----END CERTIFICATE-----