Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/qlU76BiFhhJCVY5gi0gNecZGDlk.roa
File:                     qlU76BiFhhJCVY5gi0gNecZGDlk.roa (raw, json)
Hash identifier:          NkyRc+BbNdv9c7mt+XYquTnIBQnCB74+gBL3MZGFCYU=
Subject key identifier:   AA:55:3B:E8:18:85:86:12:42:55:8E:60:8B:48:0D:79:C6:46:0E:59
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019CFFDEFD41793A594764873637B09AE42A
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/qlU76BiFhhJCVY5gi0gNecZGDlk.roa
Signing time:             Wed 18 Mar 2026 07:35:29 +0000
ROA not before:           Wed 18 Mar 2026 07:35:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216475
IP address blocks:        150.251.155.0/24 maxlen: 24
                          150.251.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 02:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ff:de:fd:41:79:3a:59:47:64:87:36:37:b0:9a:e4:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Mar 18 07:35:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aa553be81885861242558e608b480d79c6460e59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:f3:fa:e4:f5:a9:4f:92:fa:bd:60:a1:da:f8:
                    08:ce:54:58:21:4f:2b:b9:19:70:d3:9c:92:ac:6f:
                    fd:61:6b:a5:8c:d6:40:fb:c1:7d:05:d3:b7:8a:24:
                    56:c0:74:2f:a9:a7:89:8e:6e:39:6a:f3:08:dc:f6:
                    4d:e2:cc:3a:d8:13:d0:ae:bc:43:85:44:ee:f9:6d:
                    33:2a:6b:c1:79:c0:00:d1:0d:b8:c0:43:84:c5:78:
                    c3:73:a9:20:d8:ce:ff:4b:2e:6e:8d:b3:32:e8:d0:
                    9a:8f:36:6e:af:59:56:d8:9f:f4:c6:e0:a5:db:50:
                    a0:86:73:03:f2:ea:56:81:55:12:4a:20:b7:c4:6d:
                    0f:a1:cf:23:73:f7:c3:f4:3f:15:6e:28:9c:69:69:
                    b8:b0:f7:25:5d:b7:c6:7f:5e:c7:92:26:38:80:8d:
                    82:00:8f:5b:7f:d7:63:45:24:f7:7b:2d:fe:19:ae:
                    09:47:27:32:e4:75:6c:af:c9:43:58:6a:2c:f9:2c:
                    b5:d2:5f:ca:27:41:f2:49:ec:ac:77:a8:62:e7:28:
                    51:2c:83:1a:20:9a:5d:a4:20:4a:91:94:4f:ed:c9:
                    00:ff:48:ef:ac:de:40:ce:a3:af:4c:ef:f0:00:3d:
                    1f:ce:7c:74:30:b6:84:c1:ab:a5:8f:8d:6a:73:11:
                    5b:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:55:3B:E8:18:85:86:12:42:55:8E:60:8B:48:0D:79:C6:46:0E:59
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/qlU76BiFhhJCVY5gi0gNecZGDlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.251.155.0-150.251.156.255

    Signature Algorithm: sha256WithRSAEncryption
         37:39:c3:3d:0e:ac:86:3f:d5:f2:41:df:fb:29:63:e4:5d:5e:
         29:d3:f5:a6:f9:e0:f3:3e:ab:03:74:1a:d4:09:1c:7c:5f:11:
         6f:3f:bc:93:d5:a7:bf:0d:cd:61:98:9c:d8:e7:00:95:6e:0a:
         fe:ab:8d:ee:62:03:e9:db:ed:39:9b:6f:52:8c:86:2b:b0:2f:
         df:0b:98:3d:6e:b1:58:32:94:ab:7b:26:e8:1a:18:d2:78:c7:
         24:67:5f:1c:d5:6a:02:76:d8:df:4c:3e:82:26:9a:0d:d5:0f:
         5a:9b:cd:6f:72:f8:2e:4c:27:cf:da:b1:45:38:48:fe:6c:c2:
         cf:cb:e3:40:62:01:58:0c:dd:92:23:73:c1:43:1d:0e:64:e0:
         0f:5c:b7:70:32:b8:bf:53:76:7e:e6:d3:0c:32:91:ff:d3:84:
         fa:bc:d7:3d:31:db:eb:54:d6:68:ae:27:23:0b:d5:7e:e3:a3:
         16:06:e6:c2:b7:74:48:6d:f8:67:37:db:16:6a:ea:2d:92:56:
         20:4e:17:17:36:a6:e1:8c:a1:15:5f:4e:df:8f:b6:bd:2e:e6:
         de:51:e2:e4:44:2f:b7:34:62:68:01:8d:9c:85:1b:86:d1:b2:
         9f:63:e9:61:1c:fe:e4:78:c8:4c:e1:49:c6:65:8b:c8:ee:e8:
         7a:87:b0:33
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZz/3v1BeTpZR2SHNjewmuQqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwMzE4MDczNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTU1M2JlODE4ODU4NjEyNDI1NThlNjA4YjQ4MGQ3OWM2NDYwZTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvP65PWpT5L6vWCh2vgIzlRYIU8r
uRlw05ySrG/9YWuljNZA+8F9BdO3iiRWwHQvqaeJjm45avMI3PZN4sw62BPQrrxD
hUTu+W0zKmvBecAA0Q24wEOExXjDc6kg2M7/Sy5ujbMy6NCajzZur1lW2J/0xuCl
21CghnMD8upWgVUSSiC3xG0Poc8jc/fD9D8VbiicaWm4sPclXbfGf17HkiY4gI2C
AI9bf9djRST3ey3+Ga4JRycy5HVsr8lDWGos+Sy10l/KJ0HySeysd6hi5yhRLIMa
IJpdpCBKkZRP7ckA/0jvrN5AzqOvTO/wAD0fznx0MLaEwaulj41qcxFb3wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKpVO+gYhYYSQlWOYItIDXnGRg5ZMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvcWxVNzZCaUZoaEpDVlk1Z2kwZ05lY1pHRGxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACW+5sD
BACW+5wwDQYJKoZIhvcNAQELBQADggEBADc5wz0OrIY/1fJB3/spY+RdXinT9ab5
4PM+qwN0GtQJHHxfEW8/vJPVp78NzWGYnNjnAJVuCv6rje5iA+nb7Tmbb1KMhiuw
L98LmD1usVgylKt7JugaGNJ4xyRnXxzVagJ22N9MPoImmg3VD1qbzW9y+C5MJ8/a
sUU4SP5sws/L40BiAVgM3ZIjc8FDHQ5k4A9ct3AyuL9Tdn7m0wwykf/ThPq81z0x
2+tU1miuJyML1X7joxYG5sK3dEht+Gc32xZq6i2SViBOFxc2puGMoRVfTt+Ptr0u
5t5R4uREL7c0YmgBjZyFG4bRsp9j6WEc/uR4yEzhScZli8ju6HqHsDM=
-----END CERTIFICATE-----