Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/qbUtGSmF4OJDy4q4dlRGp4OciDs.roa
File:                     qbUtGSmF4OJDy4q4dlRGp4OciDs.roa (raw, json)
Hash identifier:          VVCFN7s9B67WrTXffUSFAE1mRjFGjdVcuJGLxmq/AY8=
Subject key identifier:   A9:B5:2D:19:29:85:E0:E2:43:CB:8A:B8:76:54:46:A7:83:9C:88:3B
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       019E3F39DB81FB1BAA02DEEB651F810B0B80
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/qbUtGSmF4OJDy4q4dlRGp4OciDs.roa
Signing time:             Tue 19 May 2026 07:53:36 +0000
ROA not before:           Tue 19 May 2026 07:53:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402319
IP address blocks:        85.149.216.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3f:39:db:81:fb:1b:aa:02:de:eb:65:1f:81:0b:0b:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: May 19 07:53:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a9b52d192985e0e243cb8ab8765446a7839c883b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:99:5b:2e:52:c7:7f:3f:85:2a:e4:1d:12:eb:
                    ae:68:aa:37:20:2f:0b:dc:28:ab:b4:32:45:3d:3a:
                    57:1c:1f:c7:4d:2b:f8:a8:b2:83:4b:d3:ba:70:6b:
                    23:58:3f:8e:9b:b4:47:a7:6f:ef:32:e1:f4:27:b9:
                    12:af:26:9e:ee:a7:2d:80:b1:44:17:1b:ce:8e:16:
                    be:6d:c1:39:ee:7c:7d:00:4c:b8:22:cb:68:bf:12:
                    f7:2b:f8:60:bb:5b:3c:ef:95:ca:ef:ec:83:75:28:
                    80:d3:ec:9c:77:30:14:ce:cd:b7:8b:03:26:57:62:
                    b7:dc:e1:23:31:84:d6:d5:2e:e8:58:fa:36:ef:05:
                    4d:db:75:8d:0c:71:1d:24:31:fd:f7:e4:3f:a5:8a:
                    22:c4:9e:29:d1:33:13:82:b2:89:1b:14:03:82:f9:
                    f5:82:a9:ef:f1:56:d7:9f:97:e8:aa:d4:d3:5c:20:
                    de:b7:02:cc:48:fb:e5:45:4c:77:4b:38:16:53:d2:
                    81:e4:a3:5b:94:8f:bd:19:67:a3:5b:e4:39:4b:ae:
                    ce:7f:e6:83:e5:ad:63:e2:d4:bd:7d:78:37:f4:99:
                    21:87:28:81:18:3c:e8:64:1b:89:40:b9:d1:70:e3:
                    89:cd:9e:4b:30:40:7f:f5:8f:2f:f1:e7:ee:a0:82:
                    c3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:B5:2D:19:29:85:E0:E2:43:CB:8A:B8:76:54:46:A7:83:9C:88:3B
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/qbUtGSmF4OJDy4q4dlRGp4OciDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.149.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:e2:30:e8:62:65:33:fc:96:30:ac:65:6e:4d:1c:58:41:dc:
         67:06:da:f9:4a:ea:6a:d5:a4:c3:c4:15:40:cc:c2:7c:3f:00:
         49:82:9f:80:03:ae:8c:a5:8e:03:ac:81:38:3c:28:23:f4:26:
         28:f0:0a:14:38:78:18:69:34:80:70:de:93:9c:a0:cb:ea:5a:
         1f:35:7a:f7:ff:1f:8a:00:77:5f:38:6a:30:ab:c5:04:c3:1f:
         81:10:01:bc:05:39:26:8a:b4:6f:f8:05:93:4b:ab:b7:51:c1:
         c4:c6:68:bc:8a:36:df:31:50:64:13:c6:be:45:a9:e2:f7:69:
         56:07:ee:6b:e6:75:dd:98:a1:14:38:d4:e3:98:3c:9f:d5:53:
         54:95:04:0b:fa:df:b0:09:58:8f:3f:55:c1:ac:76:7a:93:48:
         df:17:c1:98:dd:82:39:50:a6:06:ee:ac:30:8f:cf:7a:64:ed:
         b1:14:2b:6f:53:e7:fd:da:b5:16:28:b9:30:41:4d:5e:e2:a8:
         bf:e2:74:c2:d7:47:36:08:02:3d:15:46:3f:5a:61:a7:69:86:
         24:1d:8f:4d:c4:7d:a2:e2:7a:82:47:79:2d:be:9f:21:3a:91:
         4d:52:bd:87:5c:a1:60:7b:84:94:d3:1a:69:30:7d:a6:7e:59:
         2e:de:05:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4/OduB+xuqAt7rZR+BCwuAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjYwNTE5MDc1MzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWI1MmQxOTI5ODVlMGUyNDNjYjhhYjg3NjU0NDZhNzgzOWM4ODNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJlbLlLHfz+FKuQdEuuuaKo3IC8L
3CirtDJFPTpXHB/HTSv4qLKDS9O6cGsjWD+Om7RHp2/vMuH0J7kSryae7qctgLFE
FxvOjha+bcE57nx9AEy4IstovxL3K/hgu1s875XK7+yDdSiA0+ycdzAUzs23iwMm
V2K33OEjMYTW1S7oWPo27wVN23WNDHEdJDH99+Q/pYoixJ4p0TMTgrKJGxQDgvn1
gqnv8VbXn5foqtTTXCDetwLMSPvlRUx3SzgWU9KB5KNblI+9GWejW+Q5S67Of+aD
5a1j4tS9fXg39JkhhyiBGDzoZBuJQLnRcOOJzZ5LMEB/9Y8v8efuoILDzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKm1LRkpheDiQ8uKuHZURqeDnIg7MB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEvcWJVdEdTbUY0T0pEeTRxNGRsUkdwNE9jaURzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVZXYMA0G
CSqGSIb3DQEBCwUAA4IBAQAV4jDoYmUz/JYwrGVuTRxYQdxnBtr5Supq1aTDxBVA
zMJ8PwBJgp+AA66MpY4DrIE4PCgj9CYo8AoUOHgYaTSAcN6TnKDL6lofNXr3/x+K
AHdfOGowq8UEwx+BEAG8BTkmirRv+AWTS6u3UcHExmi8ijbfMVBkE8a+Rani92lW
B+5r5nXdmKEUONTjmDyf1VNUlQQL+t+wCViPP1XBrHZ6k0jfF8GY3YI5UKYG7qww
j896ZO2xFCtvU+f92rUWKLkwQU1e4qi/4nTC10c2CAI9FUY/WmGnaYYkHY9NxH2i
4nqCR3ktvp8hOpFNUr2HXKFge4SU0xppMH2mflku3gWP
-----END CERTIFICATE-----