Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/qo3RmaJil-tmg6e3jCPqKh_xFAo.roa
File:                     qo3RmaJil-tmg6e3jCPqKh_xFAo.roa (raw, json)
Hash identifier:          DLtprsoHKdJkHToMaxiYCDgKpyQfT89HL7h3BW0fsgI=
Subject key identifier:   AA:8D:D1:99:A2:62:97:EB:66:83:A7:B7:8C:23:EA:2A:1F:F1:14:0A
Certificate issuer:       /CN=86170339c2bc664d600fa98b8061269d48e4f2c6
Certificate serial:       019E259BEEF7CDA8193EABE44EA87489CF6C
Authority key identifier: 86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/qo3RmaJil-tmg6e3jCPqKh_xFAo.roa
Signing time:             Thu 14 May 2026 08:30:36 +0000
ROA not before:           Thu 14 May 2026 08:30:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     151407
IP address blocks:        141.98.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 12:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:25:9b:ee:f7:cd:a8:19:3e:ab:e4:4e:a8:74:89:cf:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86170339c2bc664d600fa98b8061269d48e4f2c6
        Validity
            Not Before: May 14 08:30:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aa8dd199a26297eb6683a7b78c23ea2a1ff1140a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:13:c5:4b:30:a8:61:99:e1:bf:b6:87:60:84:
                    3b:ca:6f:67:e7:e9:55:13:e5:19:fc:eb:e7:b1:ef:
                    f4:ab:a3:45:a4:f5:93:3a:93:da:da:33:06:97:27:
                    46:47:91:78:d4:45:91:89:16:59:3a:1c:05:28:4f:
                    6d:97:ac:ea:75:9c:33:c1:5c:15:13:31:63:28:9f:
                    90:69:c6:14:47:e0:46:56:6e:a4:86:ee:a0:3f:61:
                    a6:4e:15:3a:51:81:68:a6:7d:75:15:71:1b:e4:f5:
                    31:49:ff:78:53:63:bc:ad:3d:a8:c7:97:33:0b:00:
                    bf:2a:b1:a7:cd:b9:ab:12:a4:90:c9:b6:cd:32:ae:
                    9e:59:e9:65:95:d5:2c:ae:d3:11:47:24:43:6f:fc:
                    f3:d2:f7:79:2b:39:12:fa:ad:fb:47:e0:d6:a1:2a:
                    69:45:2e:f9:9a:0a:d0:21:b1:32:cb:aa:7f:75:d0:
                    19:15:c0:93:ac:99:08:92:34:83:a2:d0:ac:35:81:
                    86:52:1e:f9:2c:fc:46:03:b7:fc:41:ad:b7:39:4e:
                    83:85:72:96:f5:02:9a:89:2e:8c:f8:54:44:ad:a4:
                    bc:f1:9e:cf:98:c5:50:1b:a3:35:ba:7f:a2:4a:02:
                    bc:08:7b:1e:34:c4:ae:64:a5:4e:e0:1c:33:46:41:
                    6f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:8D:D1:99:A2:62:97:EB:66:83:A7:B7:8C:23:EA:2A:1F:F1:14:0A
            X509v3 Authority Key Identifier:
                keyid:86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/qo3RmaJil-tmg6e3jCPqKh_xFAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:e7:21:6b:12:fc:56:75:dd:5f:9d:bf:6b:60:ed:43:40:0e:
         2e:c4:5f:84:a2:b6:f3:ea:1a:5b:7d:c9:f5:0b:29:01:8f:40:
         f0:01:53:83:23:d9:d1:c3:6a:5f:93:4a:64:d2:5b:ac:71:9e:
         5a:4e:ab:dd:33:89:16:92:11:ca:84:fd:a8:b4:77:f3:42:2c:
         e7:ab:2d:c8:67:93:49:b7:e4:b7:8f:fd:8a:3c:48:16:64:d7:
         8a:d6:4e:45:be:bc:e9:58:af:f1:d4:ae:e2:e0:0e:2f:8a:4b:
         5c:d9:7a:54:db:bf:12:21:d1:b4:af:24:35:1f:e3:d1:16:81:
         53:9f:bc:af:04:90:45:ed:15:17:80:5a:fe:84:33:e8:7b:b4:
         cc:15:64:f7:37:73:28:28:67:ce:ad:96:34:36:34:a3:fb:95:
         7e:85:87:ac:68:6c:fe:ee:c0:55:67:25:7a:1c:43:2a:66:60:
         23:5d:74:fa:bd:cb:a6:6b:09:87:c1:7b:60:32:ae:a9:e0:1d:
         51:74:42:70:3f:e8:c9:f1:a2:9b:99:25:3e:1e:45:f8:73:2d:
         db:89:d7:83:d3:c7:05:d3:c9:8a:af:f7:ee:56:54:27:62:b0:
         ca:db:49:87:91:e4:0e:6b:ce:14:07:a3:12:f3:6b:f3:0e:b8:
         08:a5:20:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4lm+73zagZPqvkTqh0ic9sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MTcwMzM5YzJiYzY2NGQ2MDBmYTk4YjgwNjEyNjlkNDhl
NGYyYzYwHhcNMjYwNTE0MDgzMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYThkZDE5OWEyNjI5N2ViNjY4M2E3Yjc4YzIzZWEyYTFmZjExNDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBPFSzCoYZnhv7aHYIQ7ym9n5+lV
E+UZ/Ovnse/0q6NFpPWTOpPa2jMGlydGR5F41EWRiRZZOhwFKE9tl6zqdZwzwVwV
EzFjKJ+QacYUR+BGVm6khu6gP2GmThU6UYFopn11FXEb5PUxSf94U2O8rT2ox5cz
CwC/KrGnzbmrEqSQybbNMq6eWellldUsrtMRRyRDb/zz0vd5KzkS+q37R+DWoSpp
RS75mgrQIbEyy6p/ddAZFcCTrJkIkjSDotCsNYGGUh75LPxGA7f8Qa23OU6DhXKW
9QKaiS6M+FREraS88Z7PmMVQG6M1un+iSgK8CHseNMSuZKVO4BwzRkFv5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqN0ZmiYpfrZoOnt4wj6iof8RQKMB8GA1UdIwQY
MBaAFIYXAznCvGZNYA+pi4BhJp1I5PLGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMt
NzRkOTFjZGJlMTk1LzEvcW8zUm1hSmlsLXRtZzZlM2pDUHFLaF94RkFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMtNzRkOTFjZGJlMTk1
LzEvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWIBMA0G
CSqGSIb3DQEBCwUAA4IBAQBs5yFrEvxWdd1fnb9rYO1DQA4uxF+Eorbz6hpbfcn1
CykBj0DwAVODI9nRw2pfk0pk0luscZ5aTqvdM4kWkhHKhP2otHfzQiznqy3IZ5NJ
t+S3j/2KPEgWZNeK1k5FvrzpWK/x1K7i4A4viktc2XpU278SIdG0ryQ1H+PRFoFT
n7yvBJBF7RUXgFr+hDPoe7TMFWT3N3MoKGfOrZY0NjSj+5V+hYesaGz+7sBVZyV6
HEMqZmAjXXT6vcumawmHwXtgMq6p4B1RdEJwP+jJ8aKbmSU+HkX4cy3bideD08cF
08mKr/fuVlQnYrDK20mHkeQOa84UB6MS82vzDrgIpSD0
-----END CERTIFICATE-----