Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/QhR_79csT9O5oeIFdHW8gjPKFdQ.roa
File:                     QhR_79csT9O5oeIFdHW8gjPKFdQ.roa (raw, json)
Hash identifier:          23ArOcO4LB9jNTgcelJzPDcJ4dVoSawShlKbhyVD/Eo=
Subject key identifier:   42:14:7F:EF:D7:2C:4F:D3:B9:A1:E2:05:74:75:BC:82:33:CA:15:D4
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019E2B377B57E34FC80AE90EBD28A64D36EE
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/QhR_79csT9O5oeIFdHW8gjPKFdQ.roa
Signing time:             Fri 15 May 2026 10:38:36 +0000
ROA not before:           Fri 15 May 2026 10:38:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199019
IP address blocks:        2a13:a440:1::/48 maxlen: 48
                          2a13:a440:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2b:37:7b:57:e3:4f:c8:0a:e9:0e:bd:28:a6:4d:36:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: May 15 10:38:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=42147fefd72c4fd3b9a1e2057475bc8233ca15d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:cd:3d:42:1c:64:50:5b:dc:b3:e8:49:3b:44:
                    d8:5f:85:80:1e:85:b4:77:57:7a:dd:d6:84:8f:91:
                    36:44:8b:e7:42:0a:1f:98:f8:0c:53:aa:ed:67:e9:
                    57:53:e7:26:60:c9:1d:68:0e:8f:25:3b:29:a8:c1:
                    60:63:e7:b9:f3:5f:32:0f:34:7d:07:c3:79:98:11:
                    d4:f3:9e:d1:6f:fe:be:e2:99:1d:47:4b:98:d6:5f:
                    8a:88:fb:7f:ab:4b:0b:87:46:69:c5:21:67:ae:42:
                    e4:6c:43:07:df:a0:ea:8b:95:25:b8:35:8a:6d:56:
                    05:e6:a5:a0:fd:ce:5d:41:e2:95:15:23:e6:4e:f7:
                    55:9f:0b:6d:da:38:be:32:36:a9:b6:7e:d5:be:ce:
                    5e:87:52:28:84:f8:1e:d7:83:67:a0:b6:11:c8:e3:
                    78:26:fa:bb:c2:7e:b2:15:cf:fa:5e:1b:b1:2d:6d:
                    b8:ea:33:2a:5c:34:e9:e4:ae:f7:32:53:82:c6:74:
                    3f:80:8b:1d:90:38:2a:63:92:17:0c:03:eb:2a:cc:
                    18:fc:8b:b0:3c:be:dc:86:5b:c2:36:e1:25:e6:ea:
                    eb:99:2c:73:4a:b3:80:ec:a6:21:af:45:a9:95:fa:
                    08:10:3b:23:fd:07:92:30:1c:df:6c:87:c1:ca:5c:
                    6c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:14:7F:EF:D7:2C:4F:D3:B9:A1:E2:05:74:75:BC:82:33:CA:15:D4
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/QhR_79csT9O5oeIFdHW8gjPKFdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a440:1::-2a13:a440:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         4f:77:ea:c4:20:84:bc:6f:dc:1f:03:d0:d8:b9:d3:5c:00:e7:
         92:a9:c8:a9:3a:b9:47:ac:e7:11:37:9f:f4:59:c5:0d:b8:b8:
         e7:4e:43:00:df:33:49:df:77:7a:57:83:cf:bc:1a:90:3b:51:
         01:c7:5a:66:81:d7:08:69:af:1f:78:a1:05:ce:55:0a:ca:6c:
         1b:f1:55:b3:6a:b9:4b:47:15:a6:5e:b2:db:8f:3c:d0:de:70:
         12:dc:c4:0c:f3:27:26:6d:9d:c9:3f:5f:45:a4:94:d9:4e:5c:
         44:ed:0c:f6:e3:21:3d:8f:d0:e8:40:f2:13:0a:d8:af:da:8d:
         ce:29:b6:7a:84:35:b0:83:3c:b9:c3:a4:be:32:58:31:8a:ae:
         bc:f5:2f:0a:68:7d:7a:b8:c4:fa:87:91:85:28:60:7e:fb:1b:
         0e:38:f6:3f:4b:d0:46:70:10:4c:fd:df:1b:d5:0b:65:14:da:
         01:f1:a9:cf:da:de:f4:db:ad:65:4b:2f:95:01:0f:26:9c:85:
         4c:a3:a5:bd:8e:d2:0f:bf:0b:c7:cc:54:de:bf:d0:49:26:30:
         10:cf:f8:63:c5:b8:7e:7d:80:77:cb:43:cd:6c:d5:6f:10:66:
         7f:07:18:b6:1e:d8:f2:a9:69:7e:25:0b:1c:90:c5:01:b5:98:
         dd:5c:de:e8
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ4rN3tX40/ICukOvSimTTbuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwNTE1MTAzODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjE0N2ZlZmQ3MmM0ZmQzYjlhMWUyMDU3NDc1YmM4MjMzY2ExNWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAms09QhxkUFvcs+hJO0TYX4WAHoW0
d1d63daEj5E2RIvnQgofmPgMU6rtZ+lXU+cmYMkdaA6PJTspqMFgY+e5818yDzR9
B8N5mBHU857Rb/6+4pkdR0uY1l+KiPt/q0sLh0ZpxSFnrkLkbEMH36Dqi5UluDWK
bVYF5qWg/c5dQeKVFSPmTvdVnwtt2ji+Mjaptn7Vvs5eh1IohPge14NnoLYRyON4
Jvq7wn6yFc/6XhuxLW246jMqXDTp5K73MlOCxnQ/gIsdkDgqY5IXDAPrKswY/Iuw
PL7chlvCNuEl5urrmSxzSrOA7KYhr0WplfoIEDsj/QeSMBzfbIfBylxsFwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFEIUf+/XLE/TuaHiBXR1vIIzyhXUMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvUWhSXzc5Y3NUOU81b2VJRmRIVzhnalBLRmRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqE6RA
AAEDBwAqE6RAAAIwDQYJKoZIhvcNAQELBQADggEBAE936sQghLxv3B8D0Ni501wA
55KpyKk6uUes5xE3n/RZxQ24uOdOQwDfM0nfd3pXg8+8GpA7UQHHWmaB1whprx94
oQXOVQrKbBvxVbNquUtHFaZestuPPNDecBLcxAzzJyZtnck/X0WklNlOXETtDPbj
IT2P0OhA8hMK2K/ajc4ptnqENbCDPLnDpL4yWDGKrrz1LwpofXq4xPqHkYUoYH77
Gw449j9L0EZwEEz93xvVC2UU2gHxqc/a3vTbrWVLL5UBDyachUyjpb2O0g+/C8fM
VN6/0EkmMBDP+GPFuH59gHfLQ81s1W8QZn8HGLYe2PKpaX4lCxyQxQG1mN1c3ug=
-----END CERTIFICATE-----