Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/q3NPrHYKH5CwN4fLTEEvq84Dgi8.roa
File:                     q3NPrHYKH5CwN4fLTEEvq84Dgi8.roa (raw, json)
Hash identifier:          LWNIPabcoSQ3zXTK+4RL79E8imk4aUJBxBa9hggryoE=
Subject key identifier:   AB:73:4F:AC:76:0A:1F:90:B0:37:87:CB:4C:41:2F:AB:CE:03:82:2F
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019E1CEA4DEA6E22945DC05A348441C7DF5E
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/q3NPrHYKH5CwN4fLTEEvq84Dgi8.roa
Signing time:             Tue 12 May 2026 15:59:37 +0000
ROA not before:           Tue 12 May 2026 15:59:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42447
IP address blocks:        92.38.48.0/23 maxlen: 24
                          93.170.72.0/23 maxlen: 24
                          93.171.232.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1c:ea:4d:ea:6e:22:94:5d:c0:5a:34:84:41:c7:df:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: May 12 15:59:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab734fac760a1f90b03787cb4c412fabce03822f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:bd:b8:8b:39:55:3f:d1:cb:f5:e1:bd:17:3d:
                    60:42:e7:80:22:cd:cb:62:50:ab:b9:e2:43:5f:d7:
                    d0:39:d4:01:88:62:fd:24:b7:d1:21:05:bb:f5:2d:
                    2f:1b:ad:6f:b1:ab:92:f7:36:0e:00:41:b4:80:c7:
                    3e:5e:c4:23:87:43:cd:80:5a:cc:68:d8:0f:2c:a1:
                    b2:b0:6b:62:b1:8d:fd:f8:21:c8:5d:6b:34:d3:0f:
                    2b:db:e6:ff:b6:69:19:00:38:6e:74:ad:36:de:f5:
                    ea:78:78:7f:61:40:a8:80:45:77:bb:a6:40:d5:f4:
                    9d:61:81:45:5e:f4:4c:5c:67:71:18:b1:36:50:ff:
                    63:32:07:f0:36:2e:cf:0b:57:cf:ec:db:e5:4a:ab:
                    11:ec:52:47:85:46:8a:48:2c:91:07:6f:43:3b:a8:
                    47:75:f4:ec:71:4b:13:16:3e:0a:ab:08:48:03:3f:
                    eb:06:90:d7:55:0d:b8:ec:68:46:b1:93:c2:ef:47:
                    25:91:86:39:b6:8c:48:49:e6:1f:3f:ed:d3:22:ac:
                    9c:48:ba:e3:c8:d6:57:34:b1:71:77:9c:b4:9a:7f:
                    14:be:a7:3d:3e:c8:ae:e4:c8:ea:de:5e:7c:a3:fe:
                    e6:66:ce:1a:d2:a1:c2:dc:b3:3b:39:e7:c1:08:ea:
                    f2:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:73:4F:AC:76:0A:1F:90:B0:37:87:CB:4C:41:2F:AB:CE:03:82:2F
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/q3NPrHYKH5CwN4fLTEEvq84Dgi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.38.48.0/23
                  93.170.72.0/23
                  93.171.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:2b:d6:bd:0a:cc:71:aa:86:d1:07:65:f8:81:6d:1e:6a:e9:
         c1:d5:dc:2c:06:d3:46:69:23:49:e4:27:b2:7a:ac:51:9a:00:
         69:eb:be:98:4f:f8:7c:9e:f4:64:ca:36:7a:de:13:9d:09:4b:
         2b:55:77:b7:7d:73:5f:ae:ec:6d:3c:09:f7:86:b8:5c:44:61:
         4e:d0:15:07:58:2d:10:ea:c9:93:89:2e:8b:6c:3b:c3:3c:95:
         28:99:6c:2a:c3:db:da:56:6b:00:73:62:93:2a:59:c4:5f:54:
         bf:16:5b:9e:a6:ad:25:68:10:5c:63:ec:33:04:88:1d:4d:90:
         d9:8a:56:d6:4b:82:8d:3c:fb:0f:d5:40:0b:77:28:d3:a1:bf:
         1e:ce:4b:61:f7:21:3c:e7:c6:c9:64:74:3b:01:1b:f5:bd:3c:
         22:8b:68:e5:93:5d:85:6d:12:b3:12:9c:e6:f0:de:e0:da:28:
         5d:13:87:65:ff:4c:c1:6e:9b:c8:84:be:42:53:ed:4d:36:11:
         68:02:5b:ab:e4:f8:31:95:19:3a:d6:47:2a:1e:7d:1f:43:b7:
         c7:af:40:7a:ce:fa:8c:20:f3:fa:c9:c9:f4:43:06:6c:4f:78:
         f2:4e:cf:d0:68:c9:48:af:a3:0f:1a:e2:85:97:71:fc:59:0d:
         f2:f1:5a:d7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ4c6k3qbiKUXcBaNIRBx99eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjYwNTEyMTU1OTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjczNGZhYzc2MGExZjkwYjAzNzg3Y2I0YzQxMmZhYmNlMDM4MjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtr24izlVP9HL9eG9Fz1gQueAIs3L
YlCrueJDX9fQOdQBiGL9JLfRIQW79S0vG61vsauS9zYOAEG0gMc+XsQjh0PNgFrM
aNgPLKGysGtisY39+CHIXWs00w8r2+b/tmkZADhudK023vXqeHh/YUCogEV3u6ZA
1fSdYYFFXvRMXGdxGLE2UP9jMgfwNi7PC1fP7NvlSqsR7FJHhUaKSCyRB29DO6hH
dfTscUsTFj4KqwhIAz/rBpDXVQ247GhGsZPC70clkYY5toxISeYfP+3TIqycSLrj
yNZXNLFxd5y0mn8Uvqc9Psiu5Mjq3l58o/7mZs4a0qHC3LM7OefBCOryLQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKtzT6x2Ch+QsDeHy0xBL6vOA4IvMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvcTNOUHJIWUtINUN3TjRmTFRFRXZxODREZ2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBXCYwAwQB
XapIAwQBXavoMA0GCSqGSIb3DQEBCwUAA4IBAQAFK9a9CsxxqobRB2X4gW0eaunB
1dwsBtNGaSNJ5CeyeqxRmgBp676YT/h8nvRkyjZ63hOdCUsrVXe3fXNfruxtPAn3
hrhcRGFO0BUHWC0Q6smTiS6LbDvDPJUomWwqw9vaVmsAc2KTKlnEX1S/Fluepq0l
aBBcY+wzBIgdTZDZilbWS4KNPPsP1UALdyjTob8ezkth9yE858bJZHQ7ARv1vTwi
i2jlk12FbRKzEpzm8N7g2ihdE4dl/0zBbpvIhL5CU+1NNhFoAlur5PgxlRk61kcq
Hn0fQ7fHr0B6zvqMIPP6ycn0QwZsT3jyTs/QaMlIr6MPGuKFl3H8WQ3y8VrX
-----END CERTIFICATE-----