Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/3f243a-4a13-4f5b-9695-27bf74145b9f/1/q5CtvN_l8nCryQtPwFsCoYSMCbU.roa
File:                     q5CtvN_l8nCryQtPwFsCoYSMCbU.roa (raw, json)
Hash identifier:          Y06PYVQHlvVSUgvLJexpCXix3AkNf9Q2yjfvtoBfjaQ=
Subject key identifier:   AB:90:AD:BC:DF:E5:F2:70:AB:C9:0B:4F:C0:5B:02:A1:84:8C:09:B5
Certificate issuer:       /CN=4fac4db74c42de2b14de2f17ebe05cd0ae1657a7
Certificate serial:       019C8F0CCDE840D44D5E2DD002F932041F5F
Authority key identifier: 4F:AC:4D:B7:4C:42:DE:2B:14:DE:2F:17:EB:E0:5C:D0:AE:16:57:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T6xNt0xC3isU3i8X6-Bc0K4WV6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/3f243a-4a13-4f5b-9695-27bf74145b9f/1/q5CtvN_l8nCryQtPwFsCoYSMCbU.roa
Signing time:             Tue 24 Feb 2026 09:48:26 +0000
ROA not before:           Tue 24 Feb 2026 09:48:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200710
IP address blocks:        131.222.237.0/24 maxlen: 27
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/3f243a-4a13-4f5b-9695-27bf74145b9f/1/T6xNt0xC3isU3i8X6-Bc0K4WV6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/3f243a-4a13-4f5b-9695-27bf74145b9f/1/T6xNt0xC3isU3i8X6-Bc0K4WV6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T6xNt0xC3isU3i8X6-Bc0K4WV6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:0c:cd:e8:40:d4:4d:5e:2d:d0:02:f9:32:04:1f:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fac4db74c42de2b14de2f17ebe05cd0ae1657a7
        Validity
            Not Before: Feb 24 09:48:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab90adbcdfe5f270abc90b4fc05b02a1848c09b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:81:51:01:db:75:71:15:5f:d3:fc:36:b5:37:
                    12:a9:b8:40:01:d2:9b:e0:a7:0e:6e:17:e1:34:3e:
                    2a:5c:11:8e:5f:d6:93:15:04:b4:83:74:6c:98:93:
                    15:52:ed:52:56:26:37:02:c6:2d:c4:9e:84:fc:c2:
                    05:24:a1:9f:fb:b0:a6:3d:7a:a1:c6:2c:71:dd:19:
                    87:49:c9:2d:b0:3e:52:d8:75:be:bc:26:e3:ff:50:
                    a6:2e:5c:51:3b:60:a5:33:2f:b9:7e:b8:ef:5e:31:
                    5f:72:31:9e:f8:de:7f:d9:92:11:3e:d5:ac:f9:03:
                    ba:65:0b:cc:39:4d:2b:6e:62:a9:d8:4b:a1:5c:0e:
                    7c:46:45:8d:6c:5d:f7:60:1c:b4:cc:50:11:1d:94:
                    d2:a9:8b:d6:1a:c4:2a:13:3a:d7:2c:55:14:de:26:
                    dd:0d:62:9b:27:3b:89:7d:a7:72:3f:de:c9:71:2a:
                    e0:43:7f:9d:17:17:c8:f3:48:cb:92:2b:94:02:1e:
                    f0:29:b8:b1:d5:a7:06:49:d4:b8:ac:d7:32:6b:35:
                    20:f5:d1:27:40:98:ea:e2:3a:78:ed:20:ef:b6:f1:
                    3a:e2:cb:94:1d:6a:eb:d0:ac:2f:6b:03:32:cf:b3:
                    1b:d9:bf:5f:4c:4f:25:f4:34:84:b7:94:75:2d:4e:
                    be:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:90:AD:BC:DF:E5:F2:70:AB:C9:0B:4F:C0:5B:02:A1:84:8C:09:B5
            X509v3 Authority Key Identifier:
                keyid:4F:AC:4D:B7:4C:42:DE:2B:14:DE:2F:17:EB:E0:5C:D0:AE:16:57:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T6xNt0xC3isU3i8X6-Bc0K4WV6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/3f243a-4a13-4f5b-9695-27bf74145b9f/1/q5CtvN_l8nCryQtPwFsCoYSMCbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/3f243a-4a13-4f5b-9695-27bf74145b9f/1/T6xNt0xC3isU3i8X6-Bc0K4WV6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.222.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:ff:85:12:e8:50:0a:6b:38:b0:8c:f8:54:f2:cf:e7:b5:1c:
         94:88:1f:84:a9:82:87:3f:86:00:2a:32:a5:32:f4:cb:5b:24:
         88:69:13:12:bb:50:61:85:ab:c0:0f:9e:98:fd:e6:de:4e:cb:
         44:72:12:8e:69:07:a0:97:28:e7:9c:1c:fe:54:dd:b3:e7:bf:
         e3:a6:82:f3:a5:ca:35:b2:84:9e:e8:1d:cb:f7:2e:b9:51:4a:
         ef:05:af:c8:40:13:ab:7b:35:61:bb:3f:0b:df:09:6b:e3:89:
         cb:a5:ba:c2:eb:94:f2:7e:f4:c6:17:2d:c4:50:84:5e:c9:b9:
         c2:3a:b6:0e:38:91:2c:7c:68:0c:a8:0e:53:3d:ef:3d:dc:3d:
         d7:a4:e7:b2:5d:d7:9f:cd:f8:d6:0d:a8:08:f0:8e:86:79:af:
         00:86:0f:82:97:7a:32:e7:0e:dc:eb:64:1b:b6:6a:f1:dd:ad:
         32:20:f2:39:cd:76:5f:87:49:ff:46:8b:80:7f:30:aa:1c:63:
         1a:75:47:4b:af:da:0f:7a:9f:2a:63:66:1b:09:bc:0d:1e:d4:
         41:6d:b7:cb:ba:1d:be:cd:26:e6:4f:b5:3f:c0:57:19:04:43:
         70:19:7a:15:17:ec:c3:20:8d:0e:b0:59:1a:2f:96:ea:fa:50:
         0f:c5:6e:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyPDM3oQNRNXi3QAvkyBB9fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYWM0ZGI3NGM0MmRlMmIxNGRlMmYxN2ViZTA1Y2QwYWUx
NjU3YTcwHhcNMjYwMjI0MDk0ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjkwYWRiY2RmZTVmMjcwYWJjOTBiNGZjMDViMDJhMTg0OGMwOWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4FRAdt1cRVf0/w2tTcSqbhAAdKb
4KcObhfhND4qXBGOX9aTFQS0g3RsmJMVUu1SViY3AsYtxJ6E/MIFJKGf+7CmPXqh
xixx3RmHScktsD5S2HW+vCbj/1CmLlxRO2ClMy+5frjvXjFfcjGe+N5/2ZIRPtWs
+QO6ZQvMOU0rbmKp2EuhXA58RkWNbF33YBy0zFARHZTSqYvWGsQqEzrXLFUU3ibd
DWKbJzuJfadyP97JcSrgQ3+dFxfI80jLkiuUAh7wKbix1acGSdS4rNcyazUg9dEn
QJjq4jp47SDvtvE64suUHWrr0KwvawMyz7Mb2b9fTE8l9DSEt5R1LU6+JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKuQrbzf5fJwq8kLT8BbAqGEjAm1MB8GA1UdIwQY
MBaAFE+sTbdMQt4rFN4vF+vgXNCuFlenMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDZ4TnQweEMzaXNVM2k4WDYtQmMwSzRXVjZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zZjI0M2EtNGExMy00ZjViLTk2OTUt
MjdiZjc0MTQ1YjlmLzEvcTVDdHZOX2w4bkNyeVF0UHdGc0NvWVNNQ2JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zZjI0M2EtNGExMy00ZjViLTk2OTUtMjdiZjc0MTQ1Yjlm
LzEvVDZ4TnQweEMzaXNVM2k4WDYtQmMwSzRXVjZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAg97tMA0G
CSqGSIb3DQEBCwUAA4IBAQB+/4US6FAKaziwjPhU8s/ntRyUiB+EqYKHP4YAKjKl
MvTLWySIaRMSu1BhhavAD56Y/ebeTstEchKOaQeglyjnnBz+VN2z57/jpoLzpco1
soSe6B3L9y65UUrvBa/IQBOrezVhuz8L3wlr44nLpbrC65TyfvTGFy3EUIReybnC
OrYOOJEsfGgMqA5TPe893D3XpOeyXdefzfjWDagI8I6Gea8Ahg+Cl3oy5w7c62Qb
tmrx3a0yIPI5zXZfh0n/RouAfzCqHGMadUdLr9oPep8qY2YbCbwNHtRBbbfLuh2+
zSbmT7U/wFcZBENwGXoVF+zDII0OsFkaL5bq+lAPxW4H
-----END CERTIFICATE-----