Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/QWQzSQz2V6lQKwS5w_B7gdQ0YOo.roa
File:                     QWQzSQz2V6lQKwS5w_B7gdQ0YOo.roa (raw, json)
Hash identifier:          yE2uYXhDEG79dZrAksSgkow9Cy2/lssGdxe0iEuUEIw=
Subject key identifier:   41:64:33:49:0C:F6:57:A9:50:2B:04:B9:C3:F0:7B:81:D4:34:60:EA
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019D6BDDEFBE25A8318662675EA51DD9D7CA
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/QWQzSQz2V6lQKwS5w_B7gdQ0YOo.roa
Signing time:             Wed 08 Apr 2026 06:53:20 +0000
ROA not before:           Wed 08 Apr 2026 06:53:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40352
IP address blocks:        216.236.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 17:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6b:dd:ef:be:25:a8:31:86:62:67:5e:a5:1d:d9:d7:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Apr  8 06:53:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=416433490cf657a9502b04b9c3f07b81d43460ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:dc:f2:9c:ff:b7:88:ab:2d:77:d3:53:30:08:
                    c0:10:1b:a8:92:50:f5:1b:9d:88:42:28:4f:ae:47:
                    ef:ee:5c:90:49:fc:f0:86:23:1f:7a:4a:c1:28:8f:
                    8d:df:92:39:55:0b:f7:13:8c:f9:c5:11:56:05:48:
                    db:9e:c9:be:7a:0a:1f:8b:09:5b:da:03:63:52:03:
                    8a:fe:f2:96:03:4e:28:aa:a4:16:7d:2e:bb:56:13:
                    da:89:38:72:25:bf:b2:a3:a6:bf:71:b6:83:80:61:
                    d3:22:e3:43:af:ef:c3:07:33:9d:ef:bd:b9:79:5f:
                    ba:9c:a1:33:40:68:11:aa:04:43:b3:94:44:9d:a7:
                    32:e7:3d:75:3f:94:35:ce:51:cd:19:ea:87:fb:58:
                    ff:f2:8a:ed:62:e5:73:f4:b3:35:c6:2e:96:35:2b:
                    e5:0e:75:fb:51:6e:c3:ef:86:17:f6:4c:9a:5b:22:
                    98:5c:2a:35:00:2c:dc:50:5a:8c:e6:8c:fd:14:a8:
                    76:de:02:81:73:a1:4c:98:db:63:8a:15:46:fc:41:
                    d3:01:d0:73:e6:8f:26:aa:1e:a8:f1:51:08:3b:cd:
                    85:a1:c2:18:bb:26:87:cb:0a:01:3c:89:d7:74:b3:
                    bb:e2:63:b5:4d:42:72:de:1d:90:c0:55:17:c6:4b:
                    be:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:64:33:49:0C:F6:57:A9:50:2B:04:B9:C3:F0:7B:81:D4:34:60:EA
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/QWQzSQz2V6lQKwS5w_B7gdQ0YOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.236.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:3c:1a:14:9a:53:43:6b:88:bd:4a:15:49:9e:61:c3:e4:ed:
         28:4f:28:cf:e8:4e:18:b2:c5:fb:7c:8d:5c:e4:7a:c0:ea:c4:
         d3:45:5d:d9:86:f7:83:b5:a6:d2:64:f0:6e:07:da:d3:1e:14:
         22:b0:1e:ce:2f:16:64:c9:19:b8:5f:1c:3b:91:c4:69:ed:e9:
         91:02:ce:f4:aa:1c:c6:24:db:a0:98:8a:c0:96:0a:e5:16:27:
         5d:6e:f0:79:f4:89:ab:8c:d0:f0:05:43:bd:d1:c0:7b:fa:67:
         ed:dc:c8:72:c1:af:27:6d:cc:47:4b:d1:0f:3b:f8:a7:53:50:
         47:1c:02:24:cc:a4:3a:4d:e9:34:b1:16:03:19:ad:32:4d:bc:
         8d:ee:fc:91:86:b8:cb:df:80:72:d0:03:fd:9a:f0:24:a1:8a:
         30:d2:4a:a8:2b:12:43:2d:3c:f5:21:1f:c0:29:30:19:30:18:
         27:4e:5d:bb:58:12:e9:a0:bc:96:0d:9c:40:fa:b8:fe:b5:ca:
         95:e3:77:6c:03:d5:33:cb:95:b3:0e:a5:fe:be:f3:4d:cb:e2:
         51:d0:e9:79:7f:f1:8e:8d:93:4e:39:22:5c:ab:95:e4:71:11:
         bd:fe:2a:f3:4a:f0:a9:5d:ca:22:bd:b4:d9:85:05:c3:68:5f:
         5a:e8:13:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1r3e++JagxhmJnXqUd2dfKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNDA4MDY1MzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTY0MzM0OTBjZjY1N2E5NTAyYjA0YjljM2YwN2I4MWQ0MzQ2MGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9dzynP+3iKstd9NTMAjAEBuoklD1
G52IQihPrkfv7lyQSfzwhiMfekrBKI+N35I5VQv3E4z5xRFWBUjbnsm+egofiwlb
2gNjUgOK/vKWA04oqqQWfS67VhPaiThyJb+yo6a/cbaDgGHTIuNDr+/DBzOd7725
eV+6nKEzQGgRqgRDs5REnacy5z11P5Q1zlHNGeqH+1j/8ortYuVz9LM1xi6WNSvl
DnX7UW7D74YX9kyaWyKYXCo1ACzcUFqM5oz9FKh23gKBc6FMmNtjihVG/EHTAdBz
5o8mqh6o8VEIO82FocIYuyaHywoBPInXdLO74mO1TUJy3h2QwFUXxku+JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFkM0kM9lepUCsEucPwe4HUNGDqMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvUVdRelNRejJWNmxRS3dTNXdfQjdnZFEwWU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2OwzMA0G
CSqGSIb3DQEBCwUAA4IBAQBxPBoUmlNDa4i9ShVJnmHD5O0oTyjP6E4YssX7fI1c
5HrA6sTTRV3ZhveDtabSZPBuB9rTHhQisB7OLxZkyRm4Xxw7kcRp7emRAs70qhzG
JNugmIrAlgrlFiddbvB59ImrjNDwBUO90cB7+mft3Mhywa8nbcxHS9EPO/inU1BH
HAIkzKQ6Tek0sRYDGa0yTbyN7vyRhrjL34By0AP9mvAkoYow0kqoKxJDLTz1IR/A
KTAZMBgnTl27WBLpoLyWDZxA+rj+tcqV43dsA9Uzy5WzDqX+vvNNy+JR0Ol5f/GO
jZNOOSJcq5XkcRG9/irzSvCpXcoivbTZhQXDaF9a6BNa
-----END CERTIFICATE-----