Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/33c771-7704-46b9-bcd0-93ae0c3e2736/1/qS1_3wEIQuVYlhTs3iloYf1YjMc.roa
File:                     qS1_3wEIQuVYlhTs3iloYf1YjMc.roa (raw, json)
Hash identifier:          Uzfr9K7CjY3AFHyO0zyI/Bv4ovC6HD2V9T5Yebzh90M=
Subject key identifier:   A9:2D:7F:DF:01:08:42:E5:58:96:14:EC:DE:29:68:61:FD:58:8C:C7
Certificate issuer:       /CN=d6ce7c7c219277a072ba26954d5ca3ecceb2984a
Certificate serial:       019CF97E99AFCC31535B584D114270569079
Authority key identifier: D6:CE:7C:7C:21:92:77:A0:72:BA:26:95:4D:5C:A3:EC:CE:B2:98:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1s58fCGSd6ByuiaVTVyj7M6ymEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/33c771-7704-46b9-bcd0-93ae0c3e2736/1/qS1_3wEIQuVYlhTs3iloYf1YjMc.roa
Signing time:             Tue 17 Mar 2026 01:52:29 +0000
ROA not before:           Tue 17 Mar 2026 01:52:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201501
IP address blocks:        204.236.0.0/19 maxlen: 24
                          2a0f:4a80::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/33c771-7704-46b9-bcd0-93ae0c3e2736/1/1s58fCGSd6ByuiaVTVyj7M6ymEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/33c771-7704-46b9-bcd0-93ae0c3e2736/1/1s58fCGSd6ByuiaVTVyj7M6ymEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1s58fCGSd6ByuiaVTVyj7M6ymEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 10:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f9:7e:99:af:cc:31:53:5b:58:4d:11:42:70:56:90:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6ce7c7c219277a072ba26954d5ca3ecceb2984a
        Validity
            Not Before: Mar 17 01:52:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a92d7fdf010842e5589614ecde296861fd588cc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:38:5f:49:42:32:55:05:19:c8:c3:d0:28:e2:
                    14:79:00:b4:62:b8:b6:e5:1e:cb:20:77:32:72:fa:
                    f9:90:61:0e:95:0b:fb:9d:0b:3f:b5:35:e3:55:da:
                    f1:9e:64:7e:38:3d:3b:38:2c:03:23:09:e3:75:6f:
                    17:f4:a8:12:9d:77:9d:97:55:b5:42:5b:d5:c3:09:
                    ff:96:c2:b2:40:5b:75:ad:93:e0:27:0e:2a:c3:89:
                    b4:a9:17:91:3a:3a:6b:2e:dd:ff:74:a1:32:0d:88:
                    62:c9:26:31:2c:5d:8b:43:c3:82:29:d1:7d:9d:b2:
                    29:cb:52:8e:45:c7:48:7c:a1:a7:3a:84:56:a3:52:
                    83:22:bb:53:2c:24:16:1c:3f:d5:9a:fb:6e:2a:e5:
                    9d:bc:01:40:d3:8f:b1:9b:cc:73:7e:74:83:34:6b:
                    e0:4d:8a:35:e5:d6:58:e4:ec:60:38:df:21:89:9d:
                    5e:f9:0a:04:03:76:52:25:c0:72:64:4b:ab:00:9e:
                    02:d6:e5:de:f9:6b:f8:49:6b:72:a5:b5:15:67:c7:
                    a2:e1:1e:b7:29:5f:db:9c:1d:ef:14:73:64:16:15:
                    ae:c2:7c:da:26:62:8e:ee:ed:1a:2e:2c:2e:3b:c5:
                    d3:5e:73:54:a3:01:5d:66:5f:a3:dd:f7:04:59:20:
                    30:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:2D:7F:DF:01:08:42:E5:58:96:14:EC:DE:29:68:61:FD:58:8C:C7
            X509v3 Authority Key Identifier:
                keyid:D6:CE:7C:7C:21:92:77:A0:72:BA:26:95:4D:5C:A3:EC:CE:B2:98:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1s58fCGSd6ByuiaVTVyj7M6ymEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/33c771-7704-46b9-bcd0-93ae0c3e2736/1/qS1_3wEIQuVYlhTs3iloYf1YjMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/33c771-7704-46b9-bcd0-93ae0c3e2736/1/1s58fCGSd6ByuiaVTVyj7M6ymEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.236.0.0/19
                IPv6:
                  2a0f:4a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         b5:89:43:04:06:36:fe:8f:ac:73:2f:5f:f2:c4:74:42:21:d3:
         74:55:a5:b2:76:9e:d5:fe:2b:73:4c:2d:7f:12:67:cf:68:91:
         91:59:24:f9:07:06:65:39:3f:39:0e:10:fe:b8:0f:65:02:fd:
         ca:f8:40:ed:09:cd:ba:d5:d0:60:fe:11:73:e4:77:b7:b6:23:
         aa:c2:fd:6b:8e:61:c9:86:30:61:21:a8:cb:04:43:86:72:0a:
         7f:2e:a3:f4:c5:95:99:b6:97:b7:ec:76:21:d8:89:66:9e:ae:
         74:b9:d3:3e:65:93:19:28:8a:9f:25:0a:50:8d:2d:ce:4c:f4:
         19:6a:c9:be:ca:d4:70:1f:de:5e:47:77:f5:8f:c2:ce:ab:d9:
         db:15:5c:e3:14:1f:b2:fb:0c:e4:f0:4a:a6:2f:70:15:96:a2:
         92:08:71:68:c2:15:3e:3f:06:28:ea:56:c9:02:55:78:ee:a5:
         8b:aa:c6:a4:31:38:91:e4:fd:4b:74:a7:b2:c4:1c:03:b3:49:
         ad:4a:39:40:fe:9b:7c:20:93:6e:ef:f2:11:62:b3:dd:6b:94:
         3a:85:7e:f6:d9:49:e6:d8:5b:24:c9:82:1c:5c:11:10:cf:d1:
         8c:ca:49:71:4c:01:f5:fd:4d:00:5f:7f:55:2b:e1:a0:91:f6:
         46:5c:cc:64
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZz5fpmvzDFTW1hNEUJwVpB5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2Y2U3YzdjMjE5Mjc3YTA3MmJhMjY5NTRkNWNhM2VjY2Vi
Mjk4NGEwHhcNMjYwMzE3MDE1MjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTJkN2ZkZjAxMDg0MmU1NTg5NjE0ZWNkZTI5Njg2MWZkNTg4Y2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjhfSUIyVQUZyMPQKOIUeQC0Yri2
5R7LIHcycvr5kGEOlQv7nQs/tTXjVdrxnmR+OD07OCwDIwnjdW8X9KgSnXedl1W1
QlvVwwn/lsKyQFt1rZPgJw4qw4m0qReROjprLt3/dKEyDYhiySYxLF2LQ8OCKdF9
nbIpy1KORcdIfKGnOoRWo1KDIrtTLCQWHD/VmvtuKuWdvAFA04+xm8xzfnSDNGvg
TYo15dZY5OxgON8hiZ1e+QoEA3ZSJcByZEurAJ4C1uXe+Wv4SWtypbUVZ8ei4R63
KV/bnB3vFHNkFhWuwnzaJmKO7u0aLiwuO8XTXnNUowFdZl+j3fcEWSAw9QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKktf98BCELlWJYU7N4paGH9WIzHMB8GA1UdIwQY
MBaAFNbOfHwhknegcromlU1co+zOsphKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXM1OGZDR1NkNkJ5dWlhVlRWeWo3TTZ5bUVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8zM2M3NzEtNzcwNC00NmI5LWJjZDAt
OTNhZTBjM2UyNzM2LzEvcVMxXzN3RUlRdVZZbGhUczNpbG9ZZjFZak1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8zM2M3NzEtNzcwNC00NmI5LWJjZDAtOTNhZTBjM2UyNzM2
LzEvMXM1OGZDR1NkNkJ5dWlhVlRWeWo3TTZ5bUVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFzOwAMA0E
AgACMAcDBQMqD0qAMA0GCSqGSIb3DQEBCwUAA4IBAQC1iUMEBjb+j6xzL1/yxHRC
IdN0VaWydp7V/itzTC1/EmfPaJGRWST5BwZlOT85DhD+uA9lAv3K+EDtCc261dBg
/hFz5He3tiOqwv1rjmHJhjBhIajLBEOGcgp/LqP0xZWZtpe37HYh2Ilmnq50udM+
ZZMZKIqfJQpQjS3OTPQZasm+ytRwH95eR3f1j8LOq9nbFVzjFB+y+wzk8EqmL3AV
lqKSCHFowhU+PwYo6lbJAlV47qWLqsakMTiR5P1LdKeyxBwDs0mtSjlA/pt8IJNu
7/IRYrPda5Q6hX722Unm2FskyYIcXBEQz9GMyklxTAH1/U0AX39VK+GgkfZGXMxk
-----END CERTIFICATE-----