Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/qNqIY7Epjb8X6TjZQ6Qe3ZQprHg.roa
File:                     qNqIY7Epjb8X6TjZQ6Qe3ZQprHg.roa (raw, json)
Hash identifier:          Q9eOtWBXHgxp5on3S0pg8Cw1XJUrxWzfmLsW58Uncfs=
Subject key identifier:   A8:DA:88:63:B1:29:8D:BF:17:E9:38:D9:43:A4:1E:DD:94:29:AC:78
Certificate issuer:       /CN=7e65dab23940cb394f9aaa664fea4d6f8f42e318
Certificate serial:       019CF7777F53FD7FB97B7E4E085886D158AF
Authority key identifier: 7E:65:DA:B2:39:40:CB:39:4F:9A:AA:66:4F:EA:4D:6F:8F:42:E3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fmXasjlAyzlPmqpmT-pNb49C4xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/qNqIY7Epjb8X6TjZQ6Qe3ZQprHg.roa
Signing time:             Mon 16 Mar 2026 16:25:29 +0000
ROA not before:           Mon 16 Mar 2026 16:25:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26548
IP address blocks:        46.243.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/fmXasjlAyzlPmqpmT-pNb49C4xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/fmXasjlAyzlPmqpmT-pNb49C4xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fmXasjlAyzlPmqpmT-pNb49C4xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f7:77:7f:53:fd:7f:b9:7b:7e:4e:08:58:86:d1:58:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e65dab23940cb394f9aaa664fea4d6f8f42e318
        Validity
            Not Before: Mar 16 16:25:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a8da8863b1298dbf17e938d943a41edd9429ac78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:5e:d3:bc:ce:c6:77:16:98:4c:bd:69:43:8d:
                    74:86:b0:e8:2e:be:8b:fe:90:6c:c9:42:5c:00:a9:
                    a7:b1:4e:51:d0:aa:31:87:18:70:95:34:c5:c9:6b:
                    ee:f6:83:ce:5f:3a:3e:9e:0a:4b:d3:82:19:e7:1f:
                    63:a9:e6:e4:7f:91:67:7a:b3:20:71:e4:9a:3b:99:
                    4f:99:43:4e:6d:ed:f1:9d:23:29:32:de:1f:1a:d5:
                    9f:67:d7:b6:4e:2f:a9:20:81:20:cb:b9:86:43:97:
                    5d:75:00:07:6a:06:16:36:4e:c7:e4:05:78:24:41:
                    c5:9c:c9:1b:e4:43:30:63:94:73:3a:89:f0:ed:96:
                    5e:fa:7e:07:2e:fd:a8:b2:53:f3:31:ea:5c:ac:56:
                    3c:db:98:3a:32:0c:fa:1c:62:ed:44:30:c2:54:0f:
                    5b:42:1e:9c:00:f7:21:7e:95:36:27:c4:b0:7f:62:
                    6b:6c:3c:d3:57:ed:74:d6:92:a7:e2:8b:a9:98:74:
                    73:fa:81:50:6b:8b:cb:03:e0:2f:76:ab:98:5d:ea:
                    96:55:6b:dc:c3:25:ec:d0:b5:18:ac:43:a1:97:23:
                    bf:e4:e6:5d:73:08:73:3c:45:8e:6d:e2:78:6b:51:
                    56:1f:eb:c0:ae:fd:55:4d:fb:85:60:35:a7:c4:0c:
                    a5:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:DA:88:63:B1:29:8D:BF:17:E9:38:D9:43:A4:1E:DD:94:29:AC:78
            X509v3 Authority Key Identifier:
                keyid:7E:65:DA:B2:39:40:CB:39:4F:9A:AA:66:4F:EA:4D:6F:8F:42:E3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fmXasjlAyzlPmqpmT-pNb49C4xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/qNqIY7Epjb8X6TjZQ6Qe3ZQprHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/fmXasjlAyzlPmqpmT-pNb49C4xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:3b:12:f5:6a:c4:3c:80:20:b7:33:c9:43:fe:fd:f7:73:ef:
         be:0b:4d:25:f6:d9:c7:4a:eb:51:a0:04:f5:bb:73:4e:96:58:
         2a:da:ae:2f:da:50:9b:44:14:c9:94:a4:67:42:99:d4:f8:3c:
         29:5b:b3:29:50:d4:da:7d:ea:c6:45:07:b3:7f:82:b1:f6:af:
         0c:18:e8:2b:83:75:dd:b3:e7:95:50:71:a1:91:a4:03:92:79:
         9c:83:aa:21:a3:af:ae:6f:c9:70:60:d6:b4:81:06:18:66:7d:
         51:94:fb:53:1f:c0:c7:f9:e9:36:58:c2:da:fe:49:bb:b6:54:
         f2:5c:8a:17:c9:92:b6:38:49:20:8b:01:a5:4d:e7:4e:f2:0b:
         73:0f:8d:dc:87:29:97:2c:72:62:31:42:cc:20:cb:74:1f:c4:
         41:a5:1e:e4:e8:69:3b:4d:79:7c:89:7b:f1:19:23:6c:3d:f3:
         87:eb:c3:4c:a0:07:27:49:a3:55:a4:6e:28:eb:cc:03:10:ad:
         67:4b:0d:81:f4:f5:d8:bd:51:d3:dc:ad:a1:98:26:d1:9d:96:
         57:40:22:bd:a8:ce:64:a2:44:3c:db:c5:5f:1e:0f:2d:0c:90:
         2b:92:a1:9d:d3:46:c6:8a:41:b1:53:2d:50:2f:ae:8b:1c:3b:
         79:db:5d:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz3d39T/X+5e35OCFiG0VivMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNjVkYWIyMzk0MGNiMzk0ZjlhYWE2NjRmZWE0ZDZmOGY0
MmUzMTgwHhcNMjYwMzE2MTYyNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGRhODg2M2IxMjk4ZGJmMTdlOTM4ZDk0M2E0MWVkZDk0MjlhYzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA017TvM7GdxaYTL1pQ410hrDoLr6L
/pBsyUJcAKmnsU5R0KoxhxhwlTTFyWvu9oPOXzo+ngpL04IZ5x9jqebkf5FnerMg
ceSaO5lPmUNObe3xnSMpMt4fGtWfZ9e2Ti+pIIEgy7mGQ5dddQAHagYWNk7H5AV4
JEHFnMkb5EMwY5RzOonw7ZZe+n4HLv2oslPzMepcrFY825g6Mgz6HGLtRDDCVA9b
Qh6cAPchfpU2J8Swf2JrbDzTV+101pKn4oupmHRz+oFQa4vLA+AvdquYXeqWVWvc
wyXs0LUYrEOhlyO/5OZdcwhzPEWObeJ4a1FWH+vArv1VTfuFYDWnxAylMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjaiGOxKY2/F+k42UOkHt2UKax4MB8GA1UdIwQY
MBaAFH5l2rI5QMs5T5qqZk/qTW+PQuMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZm1YYXNqbEF5emxQbXFwbVQtcE5iNDlDNHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC81OGViYjEtZGJlYy00N2Y5LWJiOTYt
ODQ5Y2ZjYWJiNjU3LzEvcU5xSVk3RXBqYjhYNlRqWlE2UWUzWlFwckhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC81OGViYjEtZGJlYy00N2Y5LWJiOTYtODQ5Y2ZjYWJiNjU3
LzEvZm1YYXNqbEF5emxQbXFwbVQtcE5iNDlDNHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvM0MA0G
CSqGSIb3DQEBCwUAA4IBAQBPOxL1asQ8gCC3M8lD/v33c+++C00l9tnHSutRoAT1
u3NOllgq2q4v2lCbRBTJlKRnQpnU+DwpW7MpUNTaferGRQezf4Kx9q8MGOgrg3Xd
s+eVUHGhkaQDknmcg6oho6+ub8lwYNa0gQYYZn1RlPtTH8DH+ek2WMLa/km7tlTy
XIoXyZK2OEkgiwGlTedO8gtzD43chymXLHJiMULMIMt0H8RBpR7k6Gk7TXl8iXvx
GSNsPfOH68NMoAcnSaNVpG4o68wDEK1nSw2B9PXYvVHT3K2hmCbRnZZXQCK9qM5k
okQ828VfHg8tDJArkqGd00bGikGxUy1QL66LHDt52102
-----END CERTIFICATE-----