Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Qpm98nCU8Cme4JNiVD18klp6yao.roa
File:                     Qpm98nCU8Cme4JNiVD18klp6yao.roa (raw, json)
Hash identifier:          D3zOjYseatw9515zDXXveB7FLC7eoxYnTW29UljQvJs=
Subject key identifier:   42:99:BD:F2:70:94:F0:29:9E:E0:93:62:54:3D:7C:92:5A:7A:C9:AA
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019CE6071B8F554766534089BB4B104B7B3F
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Qpm98nCU8Cme4JNiVD18klp6yao.roa
Signing time:             Fri 13 Mar 2026 07:09:11 +0000
ROA not before:           Fri 13 Mar 2026 07:09:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20929
IP address blocks:        80.96.110.0/24 maxlen: 24
                          217.156.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e6:07:1b:8f:55:47:66:53:40:89:bb:4b:10:4b:7b:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Mar 13 07:09:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4299bdf27094f0299ee09362543d7c925a7ac9aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f2:6f:43:af:87:9b:56:eb:83:f9:87:75:55:
                    2f:ef:51:bb:25:1a:f1:32:f2:63:21:bb:60:f3:99:
                    a0:34:fe:ed:54:3f:ef:bb:50:32:6f:58:78:8e:d6:
                    a8:22:04:db:27:ba:19:3b:81:40:49:19:79:96:0f:
                    80:37:e8:7f:bb:42:94:2d:c1:3f:98:7a:9c:10:6f:
                    99:01:ce:36:d8:49:37:eb:a1:b6:f7:e9:c4:e5:78:
                    1b:3f:3e:26:99:a6:14:22:ca:b2:a6:ce:7a:62:6c:
                    f6:c5:76:23:4d:57:51:0b:64:36:90:e0:2f:5a:cf:
                    56:6b:6b:f2:4e:c5:61:22:f4:37:d7:f4:d5:f2:84:
                    07:14:98:53:1e:9d:64:47:f5:55:32:13:45:38:e4:
                    e9:34:b9:3a:c0:1b:10:a5:b5:da:b1:dd:3a:f9:d3:
                    af:d4:52:1f:43:fe:a6:11:a2:5b:76:82:b8:74:bd:
                    f6:8f:e6:46:ab:00:48:fc:93:57:00:00:6c:86:77:
                    2e:dc:2f:af:7e:c4:ce:31:cf:68:fb:94:34:9b:01:
                    ba:7b:17:71:a0:89:57:7a:92:10:72:7d:11:70:25:
                    13:c4:40:c5:b3:61:f4:8c:ac:4d:1f:f2:b7:94:8e:
                    ea:db:42:0b:53:af:74:9b:aa:4b:ba:eb:97:82:d7:
                    71:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:99:BD:F2:70:94:F0:29:9E:E0:93:62:54:3D:7C:92:5A:7A:C9:AA
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Qpm98nCU8Cme4JNiVD18klp6yao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.96.110.0/24
                  217.156.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:bc:a7:98:0e:55:91:6d:0c:4a:82:8e:75:b4:47:93:ce:27:
         94:dd:28:77:49:ea:7b:e9:3b:ed:38:ad:e9:97:35:66:e5:d1:
         00:aa:61:0d:7a:31:06:da:f6:91:e2:03:85:93:68:21:a8:7c:
         d3:39:24:a5:f6:56:a0:3e:a7:be:05:ca:85:0a:9c:a3:f5:a6:
         b3:0c:1f:f2:8f:1a:0f:83:ef:63:4e:29:75:6e:59:26:ce:8a:
         26:08:e8:bb:0b:6c:47:15:54:0c:d4:f2:f4:0e:c5:ad:90:00:
         9f:7d:6d:b9:28:0c:07:74:29:f6:dd:36:a0:c3:65:8e:c8:be:
         40:d5:93:c8:13:1d:0b:c1:a5:ab:0f:71:cd:62:4e:ec:07:c8:
         3a:5b:2b:31:fd:c5:ff:b4:2b:5b:bc:96:03:da:ea:f1:1a:bf:
         45:f8:ac:97:53:48:d0:0d:5e:6b:64:e5:12:4e:ce:d6:fb:bb:
         6a:77:a0:eb:ac:1c:47:eb:63:ce:2b:1c:7b:cb:cb:65:4f:af:
         b0:fd:41:ec:47:06:86:f8:15:09:74:36:6e:7c:14:01:72:34:
         c6:10:94:9f:38:99:20:af:3d:f2:fa:29:f4:48:bc:bb:0d:ed:
         90:89:22:b9:8c:30:18:7d:29:71:8c:d7:0a:f2:f1:98:65:88:
         c4:46:fc:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzmBxuPVUdmU0CJu0sQS3s/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMzEzMDcwOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mjk5YmRmMjcwOTRmMDI5OWVlMDkzNjI1NDNkN2M5MjVhN2FjOWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/JvQ6+Hm1brg/mHdVUv71G7JRrx
MvJjIbtg85mgNP7tVD/vu1Ayb1h4jtaoIgTbJ7oZO4FASRl5lg+AN+h/u0KULcE/
mHqcEG+ZAc422Ek366G29+nE5XgbPz4mmaYUIsqyps56Ymz2xXYjTVdRC2Q2kOAv
Ws9Wa2vyTsVhIvQ31/TV8oQHFJhTHp1kR/VVMhNFOOTpNLk6wBsQpbXasd06+dOv
1FIfQ/6mEaJbdoK4dL32j+ZGqwBI/JNXAABshncu3C+vfsTOMc9o+5Q0mwG6exdx
oIlXepIQcn0RcCUTxEDFs2H0jKxNH/K3lI7q20ILU690m6pLuuuXgtdx0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEKZvfJwlPApnuCTYlQ9fJJaesmqMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvUXBtOThuQ1U4Q21lNEpOaVZEMThrbHA2eWFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUGBuAwQA
2Zw0MA0GCSqGSIb3DQEBCwUAA4IBAQAfvKeYDlWRbQxKgo51tEeTzieU3Sh3Sep7
6TvtOK3plzVm5dEAqmENejEG2vaR4gOFk2ghqHzTOSSl9lagPqe+BcqFCpyj9aaz
DB/yjxoPg+9jTil1blkmzoomCOi7C2xHFVQM1PL0DsWtkACffW25KAwHdCn23Tag
w2WOyL5A1ZPIEx0LwaWrD3HNYk7sB8g6Wysx/cX/tCtbvJYD2urxGr9F+KyXU0jQ
DV5rZOUSTs7W+7tqd6DrrBxH62POKxx7y8tlT6+w/UHsRwaG+BUJdDZufBQBcjTG
EJSfOJkgrz3y+in0SLy7De2QiSK5jDAYfSlxjNcK8vGYZYjERvxq
-----END CERTIFICATE-----