Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/36190d-1c6c-48c6-a414-2fbb208ad182/1/qFql76UYRJ7MqINcpO2JRQNjZJk.roa
File:                     qFql76UYRJ7MqINcpO2JRQNjZJk.roa (raw, json)
Hash identifier:          b3XQyMMRxs2maOmxKWw8Mo7+dtT/HrPvRDYI0jww5Lg=
Subject key identifier:   A8:5A:A5:EF:A5:18:44:9E:CC:A8:83:5C:A4:ED:89:45:03:63:64:99
Certificate issuer:       /CN=f9c9e0305cfed5794448732a8b0bd8427450d813
Certificate serial:       019D1ADF38FAD94A450AB39BF08D8F637A59
Authority key identifier: F9:C9:E0:30:5C:FE:D5:79:44:48:73:2A:8B:0B:D8:42:74:50:D8:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-cngMFz-1XlESHMqiwvYQnRQ2BM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/36190d-1c6c-48c6-a414-2fbb208ad182/1/qFql76UYRJ7MqINcpO2JRQNjZJk.roa
Signing time:             Mon 23 Mar 2026 13:25:29 +0000
ROA not before:           Mon 23 Mar 2026 13:25:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5413
IP address blocks:        212.124.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/36190d-1c6c-48c6-a414-2fbb208ad182/1/1-cngMFz-1XlESHMqiwvYQnRQ2BM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/36190d-1c6c-48c6-a414-2fbb208ad182/1/1-cngMFz-1XlESHMqiwvYQnRQ2BM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-cngMFz-1XlESHMqiwvYQnRQ2BM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 13:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1a:df:38:fa:d9:4a:45:0a:b3:9b:f0:8d:8f:63:7a:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9c9e0305cfed5794448732a8b0bd8427450d813
        Validity
            Not Before: Mar 23 13:25:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a85aa5efa518449ecca8835ca4ed894503636499
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d5:e3:45:14:fc:d5:b9:7f:5d:19:62:f6:ea:
                    cb:b1:89:bc:45:1d:cf:b2:fb:97:1a:9e:8f:13:be:
                    4c:f2:4f:5f:f1:dc:24:33:b2:cc:74:1f:68:1d:fb:
                    a1:cc:45:ec:e3:28:7c:c6:2e:cf:28:b9:fa:6d:0f:
                    1c:f0:d9:af:39:91:75:7f:44:8c:8d:3a:52:70:c1:
                    3e:29:14:22:18:41:11:29:2f:3d:b3:31:44:1e:2a:
                    af:11:2b:20:bb:8a:aa:77:28:b7:62:41:eb:9c:0a:
                    41:1e:83:f3:25:9a:20:02:cb:85:1f:90:a3:9d:c4:
                    6d:79:f1:d7:1c:04:1a:e5:22:4a:35:cc:c6:19:95:
                    36:60:ac:e7:70:26:85:65:a4:48:fa:d1:d1:32:f8:
                    f8:5c:e6:97:ab:b0:36:cc:f8:c6:16:24:c8:8b:0c:
                    4b:b2:b2:b0:66:e4:fa:11:09:dd:cf:5e:fe:73:30:
                    5c:dc:9d:05:4f:46:c0:cb:60:3e:23:47:28:cd:dd:
                    fe:62:8b:f2:8c:46:fe:ce:0c:c3:04:bf:96:31:73:
                    ba:0c:5c:fc:01:04:ad:99:04:52:0b:28:78:2c:d1:
                    41:34:b8:0c:09:e4:a6:1e:cc:67:da:f8:8a:aa:54:
                    21:e0:f5:86:76:b9:38:3d:89:7c:52:3e:21:2d:5d:
                    ba:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:5A:A5:EF:A5:18:44:9E:CC:A8:83:5C:A4:ED:89:45:03:63:64:99
            X509v3 Authority Key Identifier:
                keyid:F9:C9:E0:30:5C:FE:D5:79:44:48:73:2A:8B:0B:D8:42:74:50:D8:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-cngMFz-1XlESHMqiwvYQnRQ2BM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/36190d-1c6c-48c6-a414-2fbb208ad182/1/qFql76UYRJ7MqINcpO2JRQNjZJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/36190d-1c6c-48c6-a414-2fbb208ad182/1/1-cngMFz-1XlESHMqiwvYQnRQ2BM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.124.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:32:e1:a4:a0:4e:f4:2e:52:0f:ed:80:1a:54:3e:e2:2d:e6:
         d5:2a:43:63:d8:74:3a:9d:90:e0:23:1e:a7:61:93:43:a4:ea:
         1d:32:b1:5d:e7:6f:82:c4:09:10:75:f7:a8:39:e5:bf:e1:85:
         be:4a:80:f1:1f:60:2a:98:a1:7f:ae:7e:98:cc:4c:9e:a9:bd:
         1f:e9:32:80:f4:ca:35:44:35:70:79:97:d4:64:d7:14:c6:ef:
         78:00:8e:51:e7:5b:1c:ec:0e:41:33:2a:c1:67:12:77:d0:6f:
         2a:a3:b2:4e:64:43:3a:5b:3e:16:98:61:9a:72:52:28:7f:94:
         7a:51:39:84:35:b7:6b:5b:b7:82:0b:ab:73:39:93:78:3b:d3:
         d5:c2:a9:08:27:48:5a:d3:f8:bf:5c:0e:df:02:43:fa:26:17:
         91:78:d1:26:b7:22:4b:3e:81:07:4b:75:59:77:23:e9:36:5b:
         a3:f3:69:c7:68:3c:ef:16:03:4d:f2:c5:59:52:c7:82:53:81:
         73:8f:bc:63:70:be:a9:b3:c9:50:66:20:5e:01:f8:8b:52:f4:
         4f:2d:6e:fe:70:e5:2a:ac:b0:a2:15:9d:b4:54:9b:a8:94:e0:
         28:ea:2e:7b:81:28:48:9f:cb:e9:da:af:64:4d:ca:80:9c:df:
         de:33:9c:f3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ0a3zj62UpFCrOb8I2PY3pZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5YzllMDMwNWNmZWQ1Nzk0NDQ4NzMyYThiMGJkODQyNzQ1
MGQ4MTMwHhcNMjYwMzIzMTMyNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODVhYTVlZmE1MTg0NDllY2NhODgzNWNhNGVkODk0NTAzNjM2NDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdXjRRT81bl/XRli9urLsYm8RR3P
svuXGp6PE75M8k9f8dwkM7LMdB9oHfuhzEXs4yh8xi7PKLn6bQ8c8NmvOZF1f0SM
jTpScME+KRQiGEERKS89szFEHiqvESsgu4qqdyi3YkHrnApBHoPzJZogAsuFH5Cj
ncRtefHXHAQa5SJKNczGGZU2YKzncCaFZaRI+tHRMvj4XOaXq7A2zPjGFiTIiwxL
srKwZuT6EQndz17+czBc3J0FT0bAy2A+I0cozd3+YovyjEb+zgzDBL+WMXO6DFz8
AQStmQRSCyh4LNFBNLgMCeSmHsxn2viKqlQh4PWGdrk4PYl8Uj4hLV26PwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKhape+lGESezKiDXKTtiUUDY2SZMB8GA1UdIwQY
MBaAFPnJ4DBc/tV5REhzKosL2EJ0UNgTMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1jbmdNRnotMVhsRVNITXFpd3ZZUW5SUTJCTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcvMzYxOTBkLTFjNmMtNDhjNi1hNDE0
LTJmYmIyMDhhZDE4Mi8xL3FGcWw3NlVZUko3TXFJTmNwTzJKUlFOalpKay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzcvMzYxOTBkLTFjNmMtNDhjNi1hNDE0LTJmYmIyMDhhZDE4
Mi8xLzEtY25nTUZ6LTFYbEVTSE1xaXd2WVFuUlEyQk0uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADUfNcw
DQYJKoZIhvcNAQELBQADggEBALMy4aSgTvQuUg/tgBpUPuIt5tUqQ2PYdDqdkOAj
Hqdhk0Ok6h0ysV3nb4LECRB196g55b/hhb5KgPEfYCqYoX+ufpjMTJ6pvR/pMoD0
yjVENXB5l9Rk1xTG73gAjlHnWxzsDkEzKsFnEnfQbyqjsk5kQzpbPhaYYZpyUih/
lHpROYQ1t2tbt4ILq3M5k3g709XCqQgnSFrT+L9cDt8CQ/omF5F40Sa3Iks+gQdL
dVl3I+k2W6PzacdoPO8WA03yxVlSx4JTgXOPvGNwvqmzyVBmIF4B+ItS9E8tbv5w
5SqssKIVnbRUm6iU4CjqLnuBKEify+nar2RNyoCc394znPM=
-----END CERTIFICATE-----