Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/c94855-5b1a-4f96-b7a1-6fe1f294e627/1/qwSTgi7oKerWlObPanrG2B5_x68.roa
File:                     qwSTgi7oKerWlObPanrG2B5_x68.roa (raw, json)
Hash identifier:          GvOd9VfOiwpS8uCFOwxjkDN1qBagT24LpIgJ30wO6Pw=
Subject key identifier:   AB:04:93:82:2E:E8:29:EA:D6:94:E6:CF:6A:7A:C6:D8:1E:7F:C7:AF
Certificate issuer:       /CN=673b3a71cf772755a3df8ced5d73516f871c0a11
Certificate serial:       019CD7F9FF2A603FA7731DF9F94381718FC2
Authority key identifier: 67:3B:3A:71:CF:77:27:55:A3:DF:8C:ED:5D:73:51:6F:87:1C:0A:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zzs6cc93J1Wj34ztXXNRb4ccChE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/c94855-5b1a-4f96-b7a1-6fe1f294e627/1/qwSTgi7oKerWlObPanrG2B5_x68.roa
Signing time:             Tue 10 Mar 2026 13:40:10 +0000
ROA not before:           Tue 10 Mar 2026 13:40:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199443
IP address blocks:        170.102.159.0/24 maxlen: 24
                          170.102.252.0/23 maxlen: 23
                          170.102.254.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/c94855-5b1a-4f96-b7a1-6fe1f294e627/1/Zzs6cc93J1Wj34ztXXNRb4ccChE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/c94855-5b1a-4f96-b7a1-6fe1f294e627/1/Zzs6cc93J1Wj34ztXXNRb4ccChE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zzs6cc93J1Wj34ztXXNRb4ccChE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d7:f9:ff:2a:60:3f:a7:73:1d:f9:f9:43:81:71:8f:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=673b3a71cf772755a3df8ced5d73516f871c0a11
        Validity
            Not Before: Mar 10 13:40:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab0493822ee829ead694e6cf6a7ac6d81e7fc7af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:53:70:39:78:1e:d8:7b:ea:23:f1:a4:02:c3:
                    47:35:e2:7c:a2:cf:d8:a3:6f:66:1c:c3:02:10:76:
                    6c:72:31:19:24:01:84:97:86:71:39:52:0d:df:49:
                    c6:05:44:93:57:dd:ba:c8:50:52:46:2e:4a:25:b1:
                    1a:d0:40:04:cd:23:a4:2a:c2:3d:49:5d:cc:57:2e:
                    bd:80:ac:06:91:5e:2c:4f:9e:9e:3f:9d:b1:5a:a0:
                    ab:e2:58:6d:d5:1e:44:55:3f:7c:1d:a0:1d:3a:eb:
                    8c:7f:94:ab:51:b8:35:16:9b:53:4e:79:78:34:c4:
                    d8:87:0c:02:42:0f:5a:91:5d:73:39:db:45:45:dd:
                    ee:de:85:23:fe:b2:70:6e:c2:fa:80:34:4b:0d:33:
                    2e:45:00:b9:4b:03:9e:44:75:f1:0e:3e:9b:3b:58:
                    38:34:5a:de:ad:95:6c:18:72:ff:7d:7f:c3:9f:08:
                    be:c7:02:9c:87:73:b9:03:03:01:0b:89:f1:67:1e:
                    2e:25:75:90:07:16:5a:b2:16:79:75:9f:ff:da:41:
                    61:59:4f:00:29:e4:dc:4f:49:ff:b6:e1:d7:8f:0d:
                    36:35:50:ff:55:96:67:22:41:a3:06:0c:9a:09:1e:
                    c4:17:f5:2c:c4:64:91:3a:d9:c8:62:8c:b9:35:2f:
                    71:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:04:93:82:2E:E8:29:EA:D6:94:E6:CF:6A:7A:C6:D8:1E:7F:C7:AF
            X509v3 Authority Key Identifier:
                keyid:67:3B:3A:71:CF:77:27:55:A3:DF:8C:ED:5D:73:51:6F:87:1C:0A:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zzs6cc93J1Wj34ztXXNRb4ccChE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/c94855-5b1a-4f96-b7a1-6fe1f294e627/1/qwSTgi7oKerWlObPanrG2B5_x68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/c94855-5b1a-4f96-b7a1-6fe1f294e627/1/Zzs6cc93J1Wj34ztXXNRb4ccChE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.102.159.0/24
                  170.102.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:49:de:62:b9:05:3b:4f:fa:bf:fb:ce:8b:15:e9:08:09:4b:
         74:2d:54:eb:02:11:7d:1f:b3:bf:a1:5e:ae:a4:be:0e:dd:15:
         91:c8:30:70:e5:77:a9:97:33:0e:f5:c0:ab:f1:be:fa:f4:8b:
         1e:70:1b:28:1c:47:cb:4d:f4:aa:54:9e:30:ed:5a:ec:12:fa:
         1a:74:bf:bf:81:0a:a7:d5:c5:31:64:a7:10:31:ea:f2:63:dc:
         b3:eb:87:52:58:25:bf:cc:44:d4:69:7f:67:08:ea:c5:3d:f5:
         f4:9b:21:20:fa:22:60:56:08:51:10:d6:e0:5f:77:a8:a1:d7:
         9f:74:2c:16:90:06:c1:41:12:c1:ca:39:c9:97:49:7a:4a:7f:
         9f:32:50:df:31:34:54:31:b4:cc:71:6f:7d:8f:cd:5f:4c:c0:
         9c:ef:11:f6:c6:5b:92:78:95:e4:e9:b7:a9:ca:51:60:dc:41:
         29:c0:be:24:b2:ce:3a:f2:a1:a2:39:73:ab:8e:86:1e:f6:88:
         39:1e:54:b4:c7:ad:8d:bd:46:e0:8d:06:55:46:8c:45:59:50:
         0b:21:07:c7:a2:08:c8:2e:02:88:46:ea:31:46:e4:57:a9:72:
         fe:32:82:0a:b6:83:48:e5:db:2c:cd:58:27:7a:30:74:5f:c3:
         c9:a0:3f:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzX+f8qYD+ncx35+UOBcY/CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3M2IzYTcxY2Y3NzI3NTVhM2RmOGNlZDVkNzM1MTZmODcx
YzBhMTEwHhcNMjYwMzEwMTM0MDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjA0OTM4MjJlZTgyOWVhZDY5NGU2Y2Y2YTdhYzZkODFlN2ZjN2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFNwOXge2HvqI/GkAsNHNeJ8os/Y
o29mHMMCEHZscjEZJAGEl4ZxOVIN30nGBUSTV926yFBSRi5KJbEa0EAEzSOkKsI9
SV3MVy69gKwGkV4sT56eP52xWqCr4lht1R5EVT98HaAdOuuMf5SrUbg1FptTTnl4
NMTYhwwCQg9akV1zOdtFRd3u3oUj/rJwbsL6gDRLDTMuRQC5SwOeRHXxDj6bO1g4
NFrerZVsGHL/fX/Dnwi+xwKch3O5AwMBC4nxZx4uJXWQBxZashZ5dZ//2kFhWU8A
KeTcT0n/tuHXjw02NVD/VZZnIkGjBgyaCR7EF/UsxGSROtnIYoy5NS9xlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKsEk4Iu6Cnq1pTmz2p6xtgef8evMB8GA1UdIwQY
MBaAFGc7OnHPdydVo9+M7V1zUW+HHAoRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnpzNmNjOTNKMVdqMzR6dFhYTlJiNGNjQ2hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9jOTQ4NTUtNWIxYS00Zjk2LWI3YTEt
NmZlMWYyOTRlNjI3LzEvcXdTVGdpN29LZXJXbE9iUGFuckcyQjVfeDY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9jOTQ4NTUtNWIxYS00Zjk2LWI3YTEtNmZlMWYyOTRlNjI3
LzEvWnpzNmNjOTNKMVdqMzR6dFhYTlJiNGNjQ2hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAqmafAwQC
qmb8MA0GCSqGSIb3DQEBCwUAA4IBAQC2Sd5iuQU7T/q/+86LFekICUt0LVTrAhF9
H7O/oV6upL4O3RWRyDBw5XeplzMO9cCr8b769IsecBsoHEfLTfSqVJ4w7VrsEvoa
dL+/gQqn1cUxZKcQMeryY9yz64dSWCW/zETUaX9nCOrFPfX0myEg+iJgVghRENbg
X3eoodefdCwWkAbBQRLByjnJl0l6Sn+fMlDfMTRUMbTMcW99j81fTMCc7xH2xluS
eJXk6bepylFg3EEpwL4kss468qGiOXOrjoYe9og5HlS0x62NvUbgjQZVRoxFWVAL
IQfHogjILgKIRuoxRuRXqXL+MoIKtoNI5dsszVgnejB0X8PJoD/1
-----END CERTIFICATE-----