Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/_QEbXOhnZV9n3vJqF96EEUMuwNk.roa
File:                     _QEbXOhnZV9n3vJqF96EEUMuwNk.roa (raw, json)
Hash identifier:          XChvxWori4tfEGM4dfBOVq9EW2lVcg4mXna8rVd0PwA=
Subject key identifier:   FD:01:1B:5C:E8:67:65:5F:67:DE:F2:6A:17:DE:84:11:43:2E:C0:D9
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       019DD39103F5C134F0BC4117BFE99161F6B2
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/_QEbXOhnZV9n3vJqF96EEUMuwNk.roa
Signing time:             Tue 28 Apr 2026 10:09:49 +0000
ROA not before:           Tue 28 Apr 2026 10:09:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55933
IP address blocks:        45.94.43.0/24 maxlen: 24
                          185.207.152.0/22 maxlen: 22
                          185.207.152.0/24 maxlen: 24
                          185.207.154.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:91:03:f5:c1:34:f0:bc:41:17:bf:e9:91:61:f6:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Apr 28 10:09:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd011b5ce867655f67def26a17de8411432ec0d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:0d:13:07:12:64:bb:7e:43:9b:b6:cb:34:2f:
                    45:83:df:32:0d:a0:e9:f1:4d:05:aa:04:99:d9:dc:
                    77:26:fd:43:3d:42:00:80:2d:b9:65:a6:6a:e9:bd:
                    48:b3:e4:f3:40:70:54:bc:10:7b:2f:28:05:58:24:
                    4e:af:24:2a:d1:b9:c6:f2:56:c1:a4:46:39:76:a0:
                    a0:a5:0c:9e:4d:93:75:4d:5e:34:a2:9b:fa:62:df:
                    fe:da:2f:d3:23:93:95:49:13:51:37:ad:84:e1:cd:
                    7a:40:24:5b:b5:e9:f7:26:1a:38:c2:9f:1f:30:47:
                    38:68:3f:93:04:0a:bf:f1:70:cc:b1:e4:78:68:f8:
                    65:29:7a:d6:cf:08:2b:31:a1:78:41:60:d1:41:8c:
                    b4:a0:a2:5c:cb:7f:17:cf:bf:a4:e8:b7:6a:74:52:
                    58:5d:44:c2:02:70:ed:a2:52:2e:e8:e3:ee:88:b1:
                    1b:12:1c:40:8a:11:98:1c:9e:40:fc:cc:0d:11:de:
                    3d:14:26:63:6f:a0:5d:f4:84:7c:48:20:44:b0:87:
                    1c:35:e5:67:08:e9:72:8d:9a:13:a9:2b:17:27:b7:
                    65:b7:d6:1a:e9:79:72:1a:f7:af:19:e6:f3:ec:ef:
                    52:c3:02:97:8c:25:51:87:0c:29:e4:84:45:f5:4f:
                    2d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:01:1B:5C:E8:67:65:5F:67:DE:F2:6A:17:DE:84:11:43:2E:C0:D9
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/_QEbXOhnZV9n3vJqF96EEUMuwNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.43.0/24
                  185.207.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:52:51:d3:f5:2f:c3:c0:ec:06:ec:28:c5:ea:3f:13:68:b8:
         16:a7:9b:a8:eb:77:97:f2:39:d9:7b:df:cb:f1:bd:1f:1b:56:
         ac:f8:d4:83:31:2e:73:5f:88:ee:fc:a8:53:e1:79:25:75:94:
         dd:17:ad:80:d0:d8:09:b3:01:e7:2a:bf:23:a4:06:9d:24:af:
         e3:72:8e:04:30:37:bd:57:42:51:c1:46:0b:6e:73:8b:22:d1:
         29:24:d1:9d:58:98:70:7d:56:75:9c:ed:e4:86:d4:62:0c:55:
         b7:e0:df:a7:98:ad:c4:04:4f:1d:97:43:a6:09:b4:d6:9a:11:
         3d:c3:7e:6a:e6:0c:f4:a5:ad:2d:69:19:80:c2:18:7b:25:99:
         48:6d:ce:2d:6e:af:33:8d:e3:d6:d6:b2:07:8d:53:55:d1:80:
         f3:f9:13:a4:e5:89:01:e8:f1:5d:5c:07:f2:d9:4b:61:12:b9:
         4b:ee:47:cf:9e:33:27:ab:c6:11:e9:4c:46:d4:c0:9f:8e:60:
         24:ab:4b:dd:27:af:0e:50:a6:2f:89:aa:ff:30:dd:46:97:0b:
         24:d7:29:b6:92:0d:1c:29:c5:bf:83:d5:02:03:93:aa:5d:90:
         fb:7e:50:aa:57:cf:99:1f:22:81:43:30:48:b3:5b:cf:02:72:
         62:85:5f:3b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3TkQP1wTTwvEEXv+mRYfayMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjYwNDI4MTAwOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDAxMWI1Y2U4Njc2NTVmNjdkZWYyNmExN2RlODQxMTQzMmVjMGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAow0TBxJku35Dm7bLNC9Fg98yDaDp
8U0FqgSZ2dx3Jv1DPUIAgC25ZaZq6b1Is+TzQHBUvBB7LygFWCROryQq0bnG8lbB
pEY5dqCgpQyeTZN1TV40opv6Yt/+2i/TI5OVSRNRN62E4c16QCRbten3Jho4wp8f
MEc4aD+TBAq/8XDMseR4aPhlKXrWzwgrMaF4QWDRQYy0oKJcy38Xz7+k6LdqdFJY
XUTCAnDtolIu6OPuiLEbEhxAihGYHJ5A/MwNEd49FCZjb6Bd9IR8SCBEsIccNeVn
COlyjZoTqSsXJ7dlt9Ya6XlyGvevGebz7O9SwwKXjCVRhwwp5IRF9U8t0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP0BG1zoZ2VfZ97yahfehBFDLsDZMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvX1FFYlhPaG5aVjluM3ZKcUY5NkVFVU11d05rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALV4rAwQC
uc+YMA0GCSqGSIb3DQEBCwUAA4IBAQAkUlHT9S/DwOwG7CjF6j8TaLgWp5uo63eX
8jnZe9/L8b0fG1as+NSDMS5zX4ju/KhT4XkldZTdF62A0NgJswHnKr8jpAadJK/j
co4EMDe9V0JRwUYLbnOLItEpJNGdWJhwfVZ1nO3khtRiDFW34N+nmK3EBE8dl0Om
CbTWmhE9w35q5gz0pa0taRmAwhh7JZlIbc4tbq8zjePW1rIHjVNV0YDz+ROk5YkB
6PFdXAfy2UthErlL7kfPnjMnq8YR6UxG1MCfjmAkq0vdJ68OUKYviar/MN1Glwsk
1ym2kg0cKcW/g9UCA5OqXZD7flCqV8+ZHyKBQzBIs1vPAnJihV87
-----END CERTIFICATE-----