Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/q5TzXHZpij2KetERDwER8oSMDkI.roa
File:                     q5TzXHZpij2KetERDwER8oSMDkI.roa (raw, json)
Hash identifier:          P3VmF/g2MZJE2J3jyCR51iNg6MfIrLEAIdlItL/TpBg=
Subject key identifier:   AB:94:F3:5C:76:69:8A:3D:8A:7A:D1:11:0F:01:11:F2:84:8C:0E:42
Certificate issuer:       /CN=2e252a477242fb45f20bb08020a403a2bb466a9b
Certificate serial:       019CE21C9A4E4B70EBBE18615EF3F0600312
Authority key identifier: 2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/q5TzXHZpij2KetERDwER8oSMDkI.roa
Signing time:             Thu 12 Mar 2026 12:54:11 +0000
ROA not before:           Thu 12 Mar 2026 12:54:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50274
IP address blocks:        31.171.76.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:1c:9a:4e:4b:70:eb:be:18:61:5e:f3:f0:60:03:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e252a477242fb45f20bb08020a403a2bb466a9b
        Validity
            Not Before: Mar 12 12:54:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab94f35c76698a3d8a7ad1110f0111f2848c0e42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:9a:07:83:3b:f5:b5:92:51:66:b4:32:d9:82:
                    60:df:35:7b:d9:03:c5:4a:78:48:f2:c7:73:8f:5d:
                    f2:35:8f:2e:fb:86:ba:96:6c:4a:6d:0a:a9:e8:5a:
                    a2:74:8a:32:d7:9a:7c:d0:de:b9:bc:ff:b1:ef:8d:
                    4e:23:0a:57:de:8c:1f:61:f9:d7:60:dd:22:a5:7e:
                    27:ca:78:93:94:10:e3:fc:bd:39:5c:57:91:80:f0:
                    5d:e7:4c:45:3a:0f:95:5b:c8:bf:a3:3e:14:bd:5d:
                    30:de:f2:d9:f3:d4:43:2b:63:ee:12:5b:22:31:ba:
                    24:7b:f9:52:d8:5b:22:b7:25:c3:ec:c5:da:39:27:
                    0d:84:3c:c4:45:60:c2:9f:8b:4e:44:57:dc:94:66:
                    82:0a:75:c0:3d:c5:12:58:ef:5d:9e:b9:6f:0e:7d:
                    a5:bc:37:5a:f1:55:ad:85:a2:ed:b1:1d:27:71:2b:
                    90:0b:64:db:57:58:73:5f:98:2c:74:35:3a:ee:65:
                    53:11:df:43:c7:4b:bd:55:9c:20:5d:f0:0f:87:be:
                    4e:3b:1e:76:25:b6:e0:a1:42:b1:60:0e:2c:cd:63:
                    0e:ef:73:37:66:d9:67:f0:91:ab:71:16:fd:35:aa:
                    29:e4:63:d7:9b:59:d5:f0:9e:53:6b:ea:21:ed:30:
                    4b:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:94:F3:5C:76:69:8A:3D:8A:7A:D1:11:0F:01:11:F2:84:8C:0E:42
            X509v3 Authority Key Identifier:
                keyid:2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/q5TzXHZpij2KetERDwER8oSMDkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.171.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:be:4a:ed:17:b1:bf:9a:ef:75:7b:a9:be:eb:d7:62:1c:4f:
         a7:6b:14:4a:14:61:5e:0c:9b:2c:6f:d2:57:b2:ea:76:7e:ab:
         45:e6:50:d8:86:af:12:59:91:38:ee:11:51:fd:0a:b1:34:32:
         17:1b:41:48:74:76:c4:ed:11:a7:07:78:c2:44:35:11:e0:b3:
         a1:f8:87:ef:1a:35:99:5a:83:7c:9c:c4:3a:bf:01:01:80:7a:
         58:ab:93:83:e3:b8:01:64:e5:b1:e1:47:f1:c3:07:f1:ab:77:
         35:cc:0d:17:a6:8d:21:22:7b:bb:33:7e:05:2b:45:e5:45:76:
         01:64:3b:c2:ba:a1:0f:d6:40:34:18:24:2b:d9:95:d8:3d:93:
         0e:85:a1:84:71:d9:9c:13:25:07:e3:e1:5d:f8:84:12:17:d5:
         cd:06:dc:41:eb:f9:57:5f:f5:f8:05:13:f7:9c:66:22:4d:10:
         8e:26:c8:f6:f9:dc:9d:d4:e5:e9:6b:09:3f:c1:7b:52:85:ec:
         d1:0a:c0:a1:27:95:c0:79:94:69:60:44:88:3b:c2:fd:8e:29:
         a4:c7:0f:b4:5b:f3:3c:83:5c:83:cb:6c:3e:23:43:1d:40:14:
         bd:32:4b:a6:32:51:bc:c6:56:cd:3f:9e:2c:e4:90:61:02:96:
         de:31:86:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZziHJpOS3DrvhhhXvPwYAMSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMjUyYTQ3NzI0MmZiNDVmMjBiYjA4MDIwYTQwM2EyYmI0
NjZhOWIwHhcNMjYwMzEyMTI1NDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjk0ZjM1Yzc2Njk4YTNkOGE3YWQxMTEwZjAxMTFmMjg0OGMwZTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJoHgzv1tZJRZrQy2YJg3zV72QPF
SnhI8sdzj13yNY8u+4a6lmxKbQqp6FqidIoy15p80N65vP+x741OIwpX3owfYfnX
YN0ipX4nyniTlBDj/L05XFeRgPBd50xFOg+VW8i/oz4UvV0w3vLZ89RDK2PuElsi
Mboke/lS2FsityXD7MXaOScNhDzERWDCn4tORFfclGaCCnXAPcUSWO9dnrlvDn2l
vDda8VWthaLtsR0ncSuQC2TbV1hzX5gsdDU67mVTEd9Dx0u9VZwgXfAPh75OOx52
JbbgoUKxYA4szWMO73M3Ztln8JGrcRb9Naop5GPXm1nV8J5Ta+oh7TBLwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKuU81x2aYo9inrREQ8BEfKEjA5CMB8GA1UdIwQY
MBaAFC4lKkdyQvtF8guwgCCkA6K7RmqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmIt
MTZmMTQ2YmVmOTk1LzEvcTVUelhIWnBpajJLZXRFUkR3RVI4b1NNRGtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmItMTZmMTQ2YmVmOTk1
LzEvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCH6tMMA0G
CSqGSIb3DQEBCwUAA4IBAQAkvkrtF7G/mu91e6m+69diHE+naxRKFGFeDJssb9JX
sup2fqtF5lDYhq8SWZE47hFR/QqxNDIXG0FIdHbE7RGnB3jCRDUR4LOh+IfvGjWZ
WoN8nMQ6vwEBgHpYq5OD47gBZOWx4Ufxwwfxq3c1zA0Xpo0hInu7M34FK0XlRXYB
ZDvCuqEP1kA0GCQr2ZXYPZMOhaGEcdmcEyUH4+Fd+IQSF9XNBtxB6/lXX/X4BRP3
nGYiTRCOJsj2+dyd1OXpawk/wXtShezRCsChJ5XAeZRpYESIO8L9jimkxw+0W/M8
g1yDy2w+I0MdQBS9MkumMlG8xlbNP54s5JBhApbeMYYU
-----END CERTIFICATE-----