Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/f5634f-c49f-4d9a-9534-1756887dd4cb/1/901QMZpj9kYGQic0ByuIClQsnbM.roa
File:                     901QMZpj9kYGQic0ByuIClQsnbM.roa (raw, json)
Hash identifier:          eHYj3OQYCMndtclY/uYQGqhf0cxoZxOoh8ZvXynsiaw=
Subject key identifier:   F7:4D:50:31:9A:63:F6:46:06:42:27:34:07:2B:88:0A:54:2C:9D:B3
Certificate issuer:       /CN=ac82c9dd9d6ccfb38ca11640e102f751ae274927
Certificate serial:       019CDC47ACBFFA905797C62454F74894DE73
Authority key identifier: AC:82:C9:DD:9D:6C:CF:B3:8C:A1:16:40:E1:02:F7:51:AE:27:49:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rILJ3Z1sz7OMoRZA4QL3Ua4nSSc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/f5634f-c49f-4d9a-9534-1756887dd4cb/1/901QMZpj9kYGQic0ByuIClQsnbM.roa
Signing time:             Wed 11 Mar 2026 09:43:30 +0000
ROA not before:           Wed 11 Mar 2026 09:43:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29119
IP address blocks:        81.172.112.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/f5634f-c49f-4d9a-9534-1756887dd4cb/1/rILJ3Z1sz7OMoRZA4QL3Ua4nSSc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/f5634f-c49f-4d9a-9534-1756887dd4cb/1/rILJ3Z1sz7OMoRZA4QL3Ua4nSSc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rILJ3Z1sz7OMoRZA4QL3Ua4nSSc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 21:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dc:47:ac:bf:fa:90:57:97:c6:24:54:f7:48:94:de:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac82c9dd9d6ccfb38ca11640e102f751ae274927
        Validity
            Not Before: Mar 11 09:43:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f74d50319a63f64606422734072b880a542c9db3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:be:cd:27:6a:86:ba:a5:56:4b:c4:35:2f:2b:
                    9f:65:13:e1:70:e2:fd:7a:84:fc:d8:e0:16:e1:dd:
                    4e:ef:f2:65:ca:0b:f6:b8:24:91:be:6c:0a:dc:2f:
                    6c:b2:22:10:da:33:98:8a:81:e7:a1:5e:dd:77:51:
                    f8:03:75:ee:d7:a7:52:a6:57:1c:3f:57:0f:37:c5:
                    d0:15:d3:3c:90:f8:89:3d:f6:58:76:a1:6a:f8:c6:
                    74:d0:3f:4c:54:84:b6:c1:4d:29:15:01:0a:85:3c:
                    c9:fe:a3:74:ba:20:75:91:61:fa:fe:9c:8d:ac:ca:
                    5b:9b:e4:b5:5a:c2:e1:1a:95:16:9a:c7:2f:b8:09:
                    d9:7c:84:8e:28:a0:a0:16:2e:95:ac:f0:f6:18:37:
                    cf:9f:f6:7e:de:a9:1e:cf:84:c2:cb:57:44:b3:70:
                    60:34:88:05:99:ca:0f:e5:06:d3:31:7c:88:ac:a2:
                    58:40:ef:04:6d:e1:98:d3:c8:b2:10:b3:b3:02:f6:
                    a6:1d:44:f3:ea:6c:ad:ef:a8:0c:8d:6d:c9:4d:46:
                    ef:bd:bd:74:7a:20:9c:1d:6e:44:0a:2e:ab:68:e6:
                    d7:14:8f:8c:4e:10:70:87:36:1d:29:86:33:ff:75:
                    32:e4:19:7d:32:21:9d:29:44:6b:93:73:b1:1a:29:
                    40:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:4D:50:31:9A:63:F6:46:06:42:27:34:07:2B:88:0A:54:2C:9D:B3
            X509v3 Authority Key Identifier:
                keyid:AC:82:C9:DD:9D:6C:CF:B3:8C:A1:16:40:E1:02:F7:51:AE:27:49:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rILJ3Z1sz7OMoRZA4QL3Ua4nSSc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/f5634f-c49f-4d9a-9534-1756887dd4cb/1/901QMZpj9kYGQic0ByuIClQsnbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/f5634f-c49f-4d9a-9534-1756887dd4cb/1/rILJ3Z1sz7OMoRZA4QL3Ua4nSSc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.172.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:33:34:e6:90:2d:a0:32:f3:2d:d8:11:6b:d1:3f:b7:21:f9:
         6c:d4:46:8c:ac:2c:c8:28:d2:ad:79:c5:a7:8f:89:c4:14:a6:
         de:26:44:ee:57:bf:90:b7:41:3b:91:93:57:dd:2d:94:59:f4:
         0d:c6:a0:d1:ca:cc:e7:e8:d1:3c:dc:76:55:a3:37:88:23:f9:
         a1:e2:a2:6a:de:38:37:4a:21:24:e5:3e:2a:b1:6a:79:8c:77:
         e6:84:d7:44:87:23:c9:2b:8d:07:18:cf:09:2b:5f:b8:5e:44:
         40:38:45:e9:8e:2c:e6:c7:ae:01:fc:1d:06:3f:5c:cf:d1:24:
         10:5b:9f:36:de:01:2b:a8:8a:6d:27:20:db:01:35:df:2f:3b:
         c6:00:8e:23:8f:98:b9:ab:5f:3b:95:5c:9d:91:a8:f3:73:9c:
         76:fd:b1:96:05:b4:52:ce:0b:1d:45:cd:5f:a7:b4:b4:94:69:
         5d:2e:3a:d3:49:46:0b:dd:69:d4:f6:f6:1d:67:19:ab:0b:b8:
         63:48:2b:f8:08:36:5d:c9:c4:eb:1a:a6:ce:73:be:e1:61:9a:
         3b:93:77:25:8e:ef:8d:a3:0a:2b:4f:88:94:b4:86:b2:fc:9f:
         e8:97:15:2f:1e:e5:54:76:5c:ec:f4:1a:01:95:bc:7c:6f:2a:
         65:b0:a4:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzcR6y/+pBXl8YkVPdIlN5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjODJjOWRkOWQ2Y2NmYjM4Y2ExMTY0MGUxMDJmNzUxYWUy
NzQ5MjcwHhcNMjYwMzExMDk0MzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzRkNTAzMTlhNjNmNjQ2MDY0MjI3MzQwNzJiODgwYTU0MmM5ZGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnr7NJ2qGuqVWS8Q1LyufZRPhcOL9
eoT82OAW4d1O7/Jlygv2uCSRvmwK3C9ssiIQ2jOYioHnoV7dd1H4A3Xu16dSplcc
P1cPN8XQFdM8kPiJPfZYdqFq+MZ00D9MVIS2wU0pFQEKhTzJ/qN0uiB1kWH6/pyN
rMpbm+S1WsLhGpUWmscvuAnZfISOKKCgFi6VrPD2GDfPn/Z+3qkez4TCy1dEs3Bg
NIgFmcoP5QbTMXyIrKJYQO8EbeGY08iyELOzAvamHUTz6myt76gMjW3JTUbvvb10
eiCcHW5ECi6raObXFI+MThBwhzYdKYYz/3Uy5Bl9MiGdKURrk3OxGilAYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPdNUDGaY/ZGBkInNAcriApULJ2zMB8GA1UdIwQY
MBaAFKyCyd2dbM+zjKEWQOEC91GuJ0knMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcklMSjNaMXN6N09Nb1JaQTRRTDNVYTRuU1NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mNTYzNGYtYzQ5Zi00ZDlhLTk1MzQt
MTc1Njg4N2RkNGNiLzEvOTAxUU1acGo5a1lHUWljMEJ5dUlDbFFzbmJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mNTYzNGYtYzQ5Zi00ZDlhLTk1MzQtMTc1Njg4N2RkNGNi
LzEvcklMSjNaMXN6N09Nb1JaQTRRTDNVYTRuU1NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUaxwMA0G
CSqGSIb3DQEBCwUAA4IBAQA1MzTmkC2gMvMt2BFr0T+3Ifls1EaMrCzIKNKtecWn
j4nEFKbeJkTuV7+Qt0E7kZNX3S2UWfQNxqDRyszn6NE83HZVozeII/mh4qJq3jg3
SiEk5T4qsWp5jHfmhNdEhyPJK40HGM8JK1+4XkRAOEXpjizmx64B/B0GP1zP0SQQ
W5823gErqIptJyDbATXfLzvGAI4jj5i5q187lVydkajzc5x2/bGWBbRSzgsdRc1f
p7S0lGldLjrTSUYL3WnU9vYdZxmrC7hjSCv4CDZdycTrGqbOc77hYZo7k3clju+N
oworT4iUtIay/J/olxUvHuVUdlzs9BoBlbx8byplsKRd
-----END CERTIFICATE-----