Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/QTJUWp8ElMdD6npRrAyhQLlPEac.roa
File:                     QTJUWp8ElMdD6npRrAyhQLlPEac.roa (raw, json)
Hash identifier:          EM2H6BAe5icZoKOObCoqZke3f1hZ2DBypi24AvEdyGs=
Subject key identifier:   41:32:54:5A:9F:04:94:C7:43:EA:7A:51:AC:0C:A1:40:B9:4F:11:A7
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       019DC967A75A1E3F98FABA003673631A46B4
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/QTJUWp8ElMdD6npRrAyhQLlPEac.roa
Signing time:             Sun 26 Apr 2026 10:48:26 +0000
ROA not before:           Sun 26 Apr 2026 10:48:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49581
IP address blocks:        91.213.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 04:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c9:67:a7:5a:1e:3f:98:fa:ba:00:36:73:63:1a:46:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Apr 26 10:48:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4132545a9f0494c743ea7a51ac0ca140b94f11a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:84:80:07:d1:c8:38:9b:4a:36:fb:07:18:45:
                    be:69:b4:8f:a4:06:4d:bd:82:50:28:0f:ca:a0:87:
                    97:74:68:f2:4a:df:6a:df:81:7b:70:76:23:b1:7d:
                    2b:74:24:51:5b:45:0e:e8:93:e6:00:62:8e:25:12:
                    ec:65:3a:2c:d8:61:7b:6b:23:37:cb:01:29:f9:92:
                    b6:b8:c6:02:f8:1f:e0:c4:0d:5b:39:42:7b:d5:83:
                    ac:94:7a:46:12:b4:07:37:13:a4:fe:86:61:f5:bd:
                    a9:53:2d:e2:72:0c:e5:bc:a6:71:f9:00:75:4f:26:
                    63:58:1b:1c:11:41:db:d0:c9:6c:66:93:49:66:fe:
                    bc:d2:8f:ef:84:e5:17:2f:91:61:1f:2c:50:b7:a8:
                    11:e4:83:a8:c2:0e:9e:d2:61:b8:b2:9c:0b:72:d4:
                    17:16:30:6b:a4:c6:c3:b2:29:6e:3b:f1:b4:e1:3a:
                    9f:1a:5f:61:3a:7b:6f:15:9a:08:f2:cb:2a:6c:64:
                    83:3a:c5:8d:84:e2:8b:e5:b6:5d:4a:58:3c:df:fd:
                    c3:a1:8f:3c:a3:73:cb:cb:e4:bc:e3:9a:d8:c9:b0:
                    ca:6d:e3:d1:64:c3:d8:fb:89:19:dc:7d:e3:e0:dd:
                    91:76:cf:52:f7:9f:09:f8:2c:ad:c2:5b:f7:c4:45:
                    b1:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:32:54:5A:9F:04:94:C7:43:EA:7A:51:AC:0C:A1:40:B9:4F:11:A7
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/QTJUWp8ElMdD6npRrAyhQLlPEac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:f2:3c:62:28:8c:f8:83:75:3e:b3:c5:bd:24:7f:ae:03:24:
         80:a3:17:9b:69:e4:8f:b7:99:f4:8f:b8:7b:b7:1a:28:b0:7f:
         8d:ec:6c:3b:31:77:9b:70:08:56:cb:d0:fb:b2:4a:e5:28:f0:
         22:42:fb:30:91:03:34:88:a8:6c:73:fd:6b:a4:1d:8f:61:18:
         12:82:d4:d9:86:68:8e:8c:b6:d5:9a:24:21:24:42:ea:9c:41:
         fc:a4:2a:dd:51:7a:29:b6:a1:cf:0e:08:08:99:d1:84:d8:4b:
         f4:73:4a:ed:90:a0:7c:28:a9:e9:a9:32:41:9b:b7:7f:a3:26:
         07:ff:1b:cf:2d:80:86:64:6b:1a:07:97:32:34:0d:a1:aa:a7:
         76:7a:01:53:e1:19:74:d0:d7:e4:5a:dc:c4:92:01:a7:0e:22:
         58:18:28:03:f3:65:8a:e9:83:00:4c:aa:cb:3d:d2:94:6f:04:
         dc:dc:22:57:be:e1:c0:01:70:a2:3a:ef:93:24:76:fb:55:39:
         5b:23:a7:4a:68:39:80:72:63:27:9b:a6:c3:57:ac:2c:eb:04:
         0a:c2:4a:12:7a:15:1d:8d:61:74:e8:94:2c:bb:09:92:76:0a:
         cb:84:a2:12:3e:15:0e:d4:a9:9a:b4:50:53:27:70:87:84:12:
         4d:aa:54:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3JZ6daHj+Y+roANnNjGka0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwNDI2MTA0ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTMyNTQ1YTlmMDQ5NGM3NDNlYTdhNTFhYzBjYTE0MGI5NGYxMWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6oSAB9HIOJtKNvsHGEW+abSPpAZN
vYJQKA/KoIeXdGjySt9q34F7cHYjsX0rdCRRW0UO6JPmAGKOJRLsZTos2GF7ayM3
ywEp+ZK2uMYC+B/gxA1bOUJ71YOslHpGErQHNxOk/oZh9b2pUy3icgzlvKZx+QB1
TyZjWBscEUHb0MlsZpNJZv680o/vhOUXL5FhHyxQt6gR5IOowg6e0mG4spwLctQX
FjBrpMbDsiluO/G04TqfGl9hOntvFZoI8ssqbGSDOsWNhOKL5bZdSlg83/3DoY88
o3PLy+S845rYybDKbePRZMPY+4kZ3H3j4N2Rds9S958J+Cytwlv3xEWxuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEEyVFqfBJTHQ+p6UawMoUC5TxGnMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvUVRKVVdwOEVsTWRENm5wUnJBeWhRTGxQRWFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9WMMA0G
CSqGSIb3DQEBCwUAA4IBAQCE8jxiKIz4g3U+s8W9JH+uAySAoxebaeSPt5n0j7h7
txoosH+N7Gw7MXebcAhWy9D7skrlKPAiQvswkQM0iKhsc/1rpB2PYRgSgtTZhmiO
jLbVmiQhJELqnEH8pCrdUXoptqHPDggImdGE2Ev0c0rtkKB8KKnpqTJBm7d/oyYH
/xvPLYCGZGsaB5cyNA2hqqd2egFT4Rl00NfkWtzEkgGnDiJYGCgD82WK6YMATKrL
PdKUbwTc3CJXvuHAAXCiOu+TJHb7VTlbI6dKaDmAcmMnm6bDV6ws6wQKwkoSehUd
jWF06JQsuwmSdgrLhKISPhUO1KmatFBTJ3CHhBJNqlRi
-----END CERTIFICATE-----