Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/QwqY3xCcCgwIwIboEYJaKH-kb2U.roa
File:                     QwqY3xCcCgwIwIboEYJaKH-kb2U.roa (raw, json)
Hash identifier:          o7oLfHZu1x8Ar12k66Qvb38ZRBeIiBIVHglZulHBXqk=
Subject key identifier:   43:0A:98:DF:10:9C:0A:0C:08:C0:86:E8:11:82:5A:28:7F:A4:6F:65
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019DFEAD9831F26389A5FC489D4DEA1D95A6
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/QwqY3xCcCgwIwIboEYJaKH-kb2U.roa
Signing time:             Wed 06 May 2026 19:04:42 +0000
ROA not before:           Wed 06 May 2026 19:04:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        185.5.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fe:ad:98:31:f2:63:89:a5:fc:48:9d:4d:ea:1d:95:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: May  6 19:04:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=430a98df109c0a0c08c086e811825a287fa46f65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d7:24:84:23:7f:28:e8:4a:1c:0a:16:0c:60:
                    71:c1:57:fe:22:26:76:d0:f3:e8:0b:6b:95:63:37:
                    1d:42:51:a7:e9:e5:21:b3:d0:ba:c2:3e:e1:cf:fa:
                    30:31:3d:31:9f:53:2b:69:35:e1:af:a6:2c:4d:0b:
                    01:ae:e5:77:0e:1e:86:67:d0:53:f6:e7:35:ec:cb:
                    86:52:aa:8b:b8:db:27:9a:d9:5e:a8:31:2c:f9:d7:
                    88:1d:bc:d1:83:bd:58:6e:47:6b:e6:0f:31:a5:bc:
                    09:03:80:e5:b4:5f:6d:fc:6d:e1:31:f6:0c:63:c0:
                    b7:0e:1f:bd:7c:a8:d8:d3:ff:f6:66:e7:17:52:0d:
                    ee:43:52:66:2e:29:a9:33:4c:67:f1:22:7a:0b:83:
                    9b:e5:99:e2:49:71:82:b2:70:c0:f7:81:3b:37:49:
                    ab:ec:b0:a0:a7:e8:c2:37:ca:2b:73:ae:c0:b9:85:
                    6a:2e:e1:5e:a3:67:a8:8a:aa:f6:d1:d7:9a:8d:fe:
                    80:5b:84:5c:80:4c:2b:42:61:3f:01:96:3a:14:98:
                    6b:0a:0f:e7:51:bb:f8:5f:4c:4a:b9:e9:49:09:83:
                    e9:f0:07:2a:5b:7f:e1:cd:af:43:f1:a4:d5:cb:b3:
                    be:6f:03:23:36:a8:cf:97:ea:51:13:7e:c3:08:da:
                    03:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:0A:98:DF:10:9C:0A:0C:08:C0:86:E8:11:82:5A:28:7F:A4:6F:65
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/QwqY3xCcCgwIwIboEYJaKH-kb2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:cb:b0:20:2f:85:ae:f1:f6:31:f3:e7:b8:72:fc:43:7a:5e:
         1e:a5:bf:d8:fb:03:2d:3d:c4:25:cd:86:f1:ae:fc:a8:00:f4:
         61:ad:87:b6:f5:50:06:05:f4:da:1e:61:1f:4a:4e:63:de:64:
         9b:ab:53:ff:d7:c8:72:d6:d4:6d:4e:2f:38:4b:97:97:f2:1e:
         56:86:bc:78:1e:11:a0:b7:4d:56:60:83:41:d8:b3:8b:1b:26:
         d6:ed:be:a7:f0:af:8c:02:86:ec:b1:05:59:ef:d1:f1:2e:95:
         3f:3e:00:cb:bb:00:27:ae:c0:0b:ae:ce:14:92:80:1c:cb:b8:
         fd:6b:8d:26:9f:38:53:a4:d5:11:da:c2:65:62:6e:5d:fd:85:
         a1:bb:10:30:c6:11:8c:90:c9:6c:4e:87:6b:ef:c7:cd:4f:7a:
         fe:75:e7:49:d9:7b:99:63:dd:fc:39:31:64:56:fc:7f:39:a9:
         9e:15:3c:74:09:d2:13:3c:77:77:ef:7b:3d:0d:8c:59:82:a1:
         48:ad:b7:94:bc:ea:61:c3:3e:02:39:e2:6b:44:22:2f:c5:07:
         0a:25:7d:58:ff:29:5d:1e:46:84:14:42:f8:27:64:4a:ae:84:
         3e:f4:75:30:ad:40:29:2c:90:9e:85:a9:22:76:74:b7:a0:41:
         36:b7:cf:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3+rZgx8mOJpfxInU3qHZWmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjYwNTA2MTkwNDQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzBhOThkZjEwOWMwYTBjMDhjMDg2ZTgxMTgyNWEyODdmYTQ2ZjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitckhCN/KOhKHAoWDGBxwVf+IiZ2
0PPoC2uVYzcdQlGn6eUhs9C6wj7hz/owMT0xn1MraTXhr6YsTQsBruV3Dh6GZ9BT
9uc17MuGUqqLuNsnmtleqDEs+deIHbzRg71Ybkdr5g8xpbwJA4DltF9t/G3hMfYM
Y8C3Dh+9fKjY0//2ZucXUg3uQ1JmLimpM0xn8SJ6C4Ob5ZniSXGCsnDA94E7N0mr
7LCgp+jCN8orc67AuYVqLuFeo2eoiqr20deajf6AW4RcgEwrQmE/AZY6FJhrCg/n
Ubv4X0xKuelJCYPp8AcqW3/hza9D8aTVy7O+bwMjNqjPl+pRE37DCNoDqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMKmN8QnAoMCMCG6BGCWih/pG9lMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvUXdxWTN4Q2NDZ3dJd0lib0VZSmFLSC1rYjJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQUmMA0G
CSqGSIb3DQEBCwUAA4IBAQCYy7AgL4Wu8fYx8+e4cvxDel4epb/Y+wMtPcQlzYbx
rvyoAPRhrYe29VAGBfTaHmEfSk5j3mSbq1P/18hy1tRtTi84S5eX8h5Whrx4HhGg
t01WYINB2LOLGybW7b6n8K+MAobssQVZ79HxLpU/PgDLuwAnrsALrs4UkoAcy7j9
a40mnzhTpNUR2sJlYm5d/YWhuxAwxhGMkMlsTodr78fNT3r+dedJ2XuZY938OTFk
Vvx/OameFTx0CdITPHd373s9DYxZgqFIrbeUvOphwz4COeJrRCIvxQcKJX1Y/yld
HkaEFEL4J2RKroQ+9HUwrUApLJCehakidnS3oEE2t89t
-----END CERTIFICATE-----