Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/qbinC6Bue2GJIuNLnptWJaA-Dds.roa
File:                     qbinC6Bue2GJIuNLnptWJaA-Dds.roa (raw, json)
Hash identifier:          6HXvSYL8Dx9Ja4sY1cHp96tpfM1YjHJq65VRixXzZSc=
Subject key identifier:   A9:B8:A7:0B:A0:6E:7B:61:89:22:E3:4B:9E:9B:56:25:A0:3E:0D:DB
Certificate issuer:       /CN=8cd802512ccb745b2a1b8f315714ebe39395403e
Certificate serial:       019DFDA8AB1E629C6F55E3105306AC85422C
Authority key identifier: 8C:D8:02:51:2C:CB:74:5B:2A:1B:8F:31:57:14:EB:E3:93:95:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/qbinC6Bue2GJIuNLnptWJaA-Dds.roa
Signing time:             Wed 06 May 2026 14:19:42 +0000
ROA not before:           Wed 06 May 2026 14:19:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        193.19.76.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:a8:ab:1e:62:9c:6f:55:e3:10:53:06:ac:85:42:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cd802512ccb745b2a1b8f315714ebe39395403e
        Validity
            Not Before: May  6 14:19:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a9b8a70ba06e7b618922e34b9e9b5625a03e0ddb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:0a:d3:a6:a2:02:62:e0:c5:16:03:92:1c:e3:
                    93:78:55:f6:53:19:d8:99:60:7d:14:e1:23:69:68:
                    35:36:9b:5a:18:08:62:78:17:ff:e5:be:38:ef:c8:
                    4c:27:79:08:73:ab:f6:05:24:47:95:68:ba:e9:ea:
                    95:f6:8b:a2:02:6d:0e:9c:a2:a6:e3:e2:d9:5c:e6:
                    37:11:1b:36:e2:ee:0f:ba:6a:5d:2a:35:3c:73:e4:
                    95:fc:f7:92:a9:38:fb:a8:16:b0:e7:fd:43:ed:a6:
                    67:69:6b:eb:99:34:71:37:72:12:9f:85:3e:c7:6e:
                    df:22:d3:fb:25:9d:59:71:19:12:70:8c:b3:d0:97:
                    c4:3e:35:f5:21:d8:38:a0:83:80:ef:fb:0a:26:b5:
                    45:18:57:38:32:da:2c:f7:1d:90:79:91:e7:80:90:
                    bd:95:66:77:bf:95:75:cb:41:1c:67:dc:02:f9:17:
                    cd:bb:9e:ed:77:09:b0:0e:e9:ed:b6:6b:c9:72:93:
                    ba:02:c4:f7:c3:52:59:d9:26:3d:5c:46:8e:cb:57:
                    39:5a:8b:1a:b7:e4:dc:d5:8b:9b:78:d2:44:c8:0d:
                    02:09:7d:9e:8d:4f:af:d5:56:5a:36:1e:c1:cb:28:
                    3e:f9:d6:16:1b:71:01:d2:2a:d4:39:9a:73:f2:71:
                    a6:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:B8:A7:0B:A0:6E:7B:61:89:22:E3:4B:9E:9B:56:25:A0:3E:0D:DB
            X509v3 Authority Key Identifier:
                keyid:8C:D8:02:51:2C:CB:74:5B:2A:1B:8F:31:57:14:EB:E3:93:95:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/qbinC6Bue2GJIuNLnptWJaA-Dds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:54:74:b1:7e:40:29:0d:a8:44:f4:21:2a:18:cb:51:6f:b6:
         ba:b6:11:0a:62:04:87:1b:f8:68:4b:91:92:ff:2b:17:62:95:
         42:33:92:10:85:37:d2:76:4f:86:e6:51:c4:9b:97:c7:b3:d2:
         31:b6:a1:78:18:c3:60:fa:8a:47:52:55:b4:f9:46:3a:ba:d7:
         13:9e:cb:b3:3f:46:b0:b0:d0:1d:f5:f8:59:da:1a:f9:87:22:
         c8:d3:2f:74:f2:27:88:05:74:49:58:bf:87:ed:4c:76:5a:45:
         fc:3c:fe:31:4e:8a:9d:2b:24:09:3a:44:1e:1c:79:7f:25:30:
         da:7d:77:2b:05:29:ea:72:22:21:6b:b8:e8:1d:e6:10:2f:90:
         cf:2c:45:ca:cd:7b:60:55:ab:39:97:00:2c:ff:57:68:cc:29:
         c7:31:1f:bc:21:6d:ef:d1:5b:7a:d9:2d:c7:7f:2d:0f:df:10:
         08:50:ac:cf:8b:b4:3d:e5:4d:8b:ec:3e:43:df:7b:0a:b0:3e:
         28:a6:a7:cd:38:c1:9c:8c:73:06:b1:96:e5:65:61:14:2f:8d:
         3e:ff:86:f9:81:c5:ad:ed:05:83:77:d6:6e:ee:4f:d5:e4:0d:
         97:10:70:e5:10:b8:c6:fd:5f:14:08:0b:64:a7:b1:56:73:f8:
         d0:a0:ca:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ39qKseYpxvVeMQUwashUIsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZDgwMjUxMmNjYjc0NWIyYTFiOGYzMTU3MTRlYmUzOTM5
NTQwM2UwHhcNMjYwNTA2MTQxOTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWI4YTcwYmEwNmU3YjYxODkyMmUzNGI5ZTliNTYyNWEwM2UwZGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgrTpqICYuDFFgOSHOOTeFX2UxnY
mWB9FOEjaWg1NptaGAhieBf/5b4478hMJ3kIc6v2BSRHlWi66eqV9ouiAm0OnKKm
4+LZXOY3ERs24u4PumpdKjU8c+SV/PeSqTj7qBaw5/1D7aZnaWvrmTRxN3ISn4U+
x27fItP7JZ1ZcRkScIyz0JfEPjX1Idg4oIOA7/sKJrVFGFc4Mtos9x2QeZHngJC9
lWZ3v5V1y0EcZ9wC+RfNu57tdwmwDunttmvJcpO6AsT3w1JZ2SY9XEaOy1c5Wosa
t+Tc1YubeNJEyA0CCX2ejU+v1VZaNh7Byyg++dYWG3EB0irUOZpz8nGmNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKm4pwugbnthiSLjS56bViWgPg3bMB8GA1UdIwQY
MBaAFIzYAlEsy3RbKhuPMVcU6+OTlUA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak5nQ1VTekxkRnNxRzQ4eFZ4VHI0NU9WUUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8zZDg5M2EtNWIxYS00ZDcwLTllYmIt
MzhlMDY4NTM2ZTZiLzEvcWJpbkM2QnVlMkdKSXVOTG5wdFdKYUEtRGRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8zZDg5M2EtNWIxYS00ZDcwLTllYmItMzhlMDY4NTM2ZTZi
LzEvak5nQ1VTekxkRnNxRzQ4eFZ4VHI0NU9WUUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRNMMA0G
CSqGSIb3DQEBCwUAA4IBAQBhVHSxfkApDahE9CEqGMtRb7a6thEKYgSHG/hoS5GS
/ysXYpVCM5IQhTfSdk+G5lHEm5fHs9IxtqF4GMNg+opHUlW0+UY6utcTnsuzP0aw
sNAd9fhZ2hr5hyLI0y908ieIBXRJWL+H7Ux2WkX8PP4xToqdKyQJOkQeHHl/JTDa
fXcrBSnqciIha7joHeYQL5DPLEXKzXtgVas5lwAs/1dozCnHMR+8IW3v0Vt62S3H
fy0P3xAIUKzPi7Q95U2L7D5D33sKsD4opqfNOMGcjHMGsZblZWEUL40+/4b5gcWt
7QWDd9Zu7k/V5A2XEHDlELjG/V8UCAtkp7FWc/jQoMol
-----END CERTIFICATE-----