Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/bqKa0YRsYxH7tFUT4rHgcN42asw.roa
File:                     bqKa0YRsYxH7tFUT4rHgcN42asw.roa (raw, json)
Hash identifier:          8oWhUO/dKOps3lszSUNTka8Z4cLC6TKDR/CwR798z8A=
Subject key identifier:   6E:A2:9A:D1:84:6C:63:11:FB:B4:55:13:E2:B1:E0:70:DE:36:6A:CC
Certificate issuer:       /CN=ad243dcff0cb38211f7fe7db3f913169b44cf456
Certificate serial:       019E0280343A146900AD9E7F35E8682D65EA
Authority key identifier: AD:24:3D:CF:F0:CB:38:21:1F:7F:E7:DB:3F:91:31:69:B4:4C:F4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rSQ9z_DLOCEff-fbP5ExabRM9FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/bqKa0YRsYxH7tFUT4rHgcN42asw.roa
Signing time:             Thu 07 May 2026 12:53:36 +0000
ROA not before:           Thu 07 May 2026 12:53:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41164
IP address blocks:        109.108.216.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/rSQ9z_DLOCEff-fbP5ExabRM9FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/rSQ9z_DLOCEff-fbP5ExabRM9FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rSQ9z_DLOCEff-fbP5ExabRM9FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:02:80:34:3a:14:69:00:ad:9e:7f:35:e8:68:2d:65:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad243dcff0cb38211f7fe7db3f913169b44cf456
        Validity
            Not Before: May  7 12:53:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ea29ad1846c6311fbb45513e2b1e070de366acc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:64:98:05:a5:bc:e4:bd:05:b9:93:55:18:97:
                    3f:64:aa:ba:5a:2d:36:2d:d5:6c:f4:06:0a:bb:95:
                    53:2d:20:3f:c1:08:57:78:14:c6:4f:02:9d:6b:b2:
                    70:e3:6a:f3:0c:59:0a:2c:37:e6:b5:2c:69:ff:14:
                    49:1a:be:0b:4f:0d:b8:3f:87:ea:e7:99:0e:66:3c:
                    7e:ef:6a:61:3e:45:05:05:db:6a:84:af:f2:3a:ed:
                    b9:90:73:eb:b6:bf:f2:56:a5:32:ee:7c:a8:c4:86:
                    fa:57:66:eb:d8:ba:16:6d:5b:27:78:43:d2:36:df:
                    70:d1:32:95:f4:ca:06:4c:b9:29:e7:cf:60:c1:68:
                    d0:b6:c2:63:13:99:3a:df:ad:72:e5:36:e6:a9:48:
                    ab:55:a2:8b:a6:85:38:83:bc:10:6a:18:f5:73:f8:
                    5b:85:c6:29:f7:78:20:40:47:fd:c7:29:9a:e4:19:
                    c6:b6:29:69:90:36:e7:4d:80:48:90:10:82:70:ad:
                    4f:fb:20:63:65:51:f0:2f:e7:60:f9:8b:2b:2f:0e:
                    f0:87:eb:89:9f:43:76:97:b1:dd:ea:44:62:b4:4f:
                    89:57:e7:dc:f0:70:c3:65:97:6d:9c:fd:13:ee:58:
                    ce:99:95:c4:58:47:c9:2b:e3:15:84:3b:04:83:82:
                    06:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:A2:9A:D1:84:6C:63:11:FB:B4:55:13:E2:B1:E0:70:DE:36:6A:CC
            X509v3 Authority Key Identifier:
                keyid:AD:24:3D:CF:F0:CB:38:21:1F:7F:E7:DB:3F:91:31:69:B4:4C:F4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rSQ9z_DLOCEff-fbP5ExabRM9FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/bqKa0YRsYxH7tFUT4rHgcN42asw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/rSQ9z_DLOCEff-fbP5ExabRM9FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.108.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9b:32:d0:3f:39:11:b3:52:69:ff:a7:ee:c4:ec:23:74:3a:51:
         6f:06:f5:22:1c:88:67:21:39:01:c1:71:5d:6e:5f:ae:63:fa:
         6c:c6:58:9f:75:84:0b:b6:6a:8f:10:a8:4e:30:45:2e:99:64:
         ce:1c:73:7a:3d:af:16:b9:50:74:bf:4f:ff:c8:db:2b:25:3c:
         3e:ee:d6:c2:0a:80:a8:d2:39:8d:d8:c4:0e:4e:27:b2:30:c6:
         9a:ab:dd:80:d3:2e:61:60:d8:5e:51:99:9b:9b:1f:03:97:4e:
         c9:0d:72:dc:33:e3:45:4d:35:85:73:0e:aa:55:7f:c6:c3:ec:
         39:5f:b8:4f:59:d7:4d:c9:f8:b4:aa:e5:ef:cc:e5:e8:aa:62:
         ca:fa:40:f7:02:b6:85:a3:f2:9e:5d:ba:bb:d4:c0:e7:97:f0:
         55:94:1e:a0:18:7e:42:a8:e3:69:5f:d6:40:1d:1f:8a:76:ca:
         b5:24:e5:bc:7b:89:94:b3:ea:1e:85:5d:67:a3:76:a4:af:af:
         28:b4:5a:c9:b2:36:1d:c3:02:cb:e1:93:dc:51:c2:a6:ef:88:
         6d:db:21:3c:2a:8b:df:5b:55:00:2a:a3:1f:81:c1:ec:35:a3:
         d4:c7:70:df:a5:db:46:16:55:31:87:b9:95:48:5e:bc:2d:69:
         4a:a5:18:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4CgDQ6FGkArZ5/NehoLWXqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMjQzZGNmZjBjYjM4MjExZjdmZTdkYjNmOTEzMTY5YjQ0
Y2Y0NTYwHhcNMjYwNTA3MTI1MzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWEyOWFkMTg0NmM2MzExZmJiNDU1MTNlMmIxZTA3MGRlMzY2YWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1mSYBaW85L0FuZNVGJc/ZKq6Wi02
LdVs9AYKu5VTLSA/wQhXeBTGTwKda7Jw42rzDFkKLDfmtSxp/xRJGr4LTw24P4fq
55kOZjx+72phPkUFBdtqhK/yOu25kHPrtr/yVqUy7nyoxIb6V2br2LoWbVsneEPS
Nt9w0TKV9MoGTLkp589gwWjQtsJjE5k6361y5TbmqUirVaKLpoU4g7wQahj1c/hb
hcYp93ggQEf9xyma5BnGtilpkDbnTYBIkBCCcK1P+yBjZVHwL+dg+YsrLw7wh+uJ
n0N2l7Hd6kRitE+JV+fc8HDDZZdtnP0T7ljOmZXEWEfJK+MVhDsEg4IGqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6imtGEbGMR+7RVE+Kx4HDeNmrMMB8GA1UdIwQY
MBaAFK0kPc/wyzghH3/n2z+RMWm0TPRWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclNROXpfRExPQ0VmZi1mYlA1RXhhYlJNOUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9hNWQyN2ItMjZjMC00ZWIzLTg5YmMt
YjlmMjk4YTc5OGU0LzEvYnFLYTBZUnNZeEg3dEZVVDRySGdjTjQyYXN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9hNWQyN2ItMjZjMC00ZWIzLTg5YmMtYjlmMjk4YTc5OGU0
LzEvclNROXpfRExPQ0VmZi1mYlA1RXhhYlJNOUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbWzYMA0G
CSqGSIb3DQEBCwUAA4IBAQCbMtA/ORGzUmn/p+7E7CN0OlFvBvUiHIhnITkBwXFd
bl+uY/psxlifdYQLtmqPEKhOMEUumWTOHHN6Pa8WuVB0v0//yNsrJTw+7tbCCoCo
0jmN2MQOTieyMMaaq92A0y5hYNheUZmbmx8Dl07JDXLcM+NFTTWFcw6qVX/Gw+w5
X7hPWddNyfi0quXvzOXoqmLK+kD3AraFo/KeXbq71MDnl/BVlB6gGH5CqONpX9ZA
HR+Kdsq1JOW8e4mUs+oehV1no3akr68otFrJsjYdwwLL4ZPcUcKm74ht2yE8Kovf
W1UAKqMfgcHsNaPUx3DfpdtGFlUxh7mVSF68LWlKpRgl
-----END CERTIFICATE-----