Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Q1ZLOTgwiNUSst5P73W8TgzQMtI.roa
File:                     Q1ZLOTgwiNUSst5P73W8TgzQMtI.roa (raw, json)
Hash identifier:          FG5g7r3i5VAGlZmNqSgI44n1Rim2Crg/irEMu3tPgAc=
Subject key identifier:   43:56:4B:39:38:30:88:D5:12:B2:DE:4F:EF:75:BC:4E:0C:D0:32:D2
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019CCA02369FF40151EF93707883DF0B223E
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Q1ZLOTgwiNUSst5P73W8TgzQMtI.roa
Signing time:             Sat 07 Mar 2026 20:34:28 +0000
ROA not before:           Sat 07 Mar 2026 20:34:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200489
IP address blocks:        151.242.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:56:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ca:02:36:9f:f4:01:51:ef:93:70:78:83:df:0b:22:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Mar  7 20:34:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43564b39383088d512b2de4fef75bc4e0cd032d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e3:25:19:a7:a3:67:2d:47:cf:d5:89:05:bb:
                    77:b4:1c:e1:27:d5:f8:81:53:ca:0a:29:cc:3e:a0:
                    20:42:5e:45:3e:bd:8d:03:f5:30:c7:9c:cd:ce:c8:
                    3f:78:75:44:25:d7:a8:aa:ee:b6:3f:8b:cf:9d:f2:
                    28:41:03:f7:e1:a7:64:c0:bf:f8:5d:73:a7:dd:4e:
                    3d:b6:36:16:61:40:d9:2a:8e:fb:c2:6e:06:88:8d:
                    26:27:85:19:82:10:3a:63:d0:fd:9f:31:6e:ae:91:
                    94:c7:ed:7d:0c:b5:36:43:c9:64:85:3f:a6:19:33:
                    8f:d2:00:db:d9:7c:48:0a:13:1c:8e:21:25:e7:19:
                    62:97:db:47:6a:75:32:86:b8:63:db:1f:d6:55:f2:
                    e8:4b:4a:8d:6c:66:8b:c6:16:14:1f:13:12:97:fd:
                    a6:48:4b:0b:1e:a6:d6:1d:c1:33:5c:dd:45:04:99:
                    f1:fc:25:6f:4c:54:06:51:be:92:dc:de:a0:29:9a:
                    c1:5b:1d:fb:bc:64:63:50:0b:5b:a6:dd:f7:11:0c:
                    29:74:6d:98:7c:fe:14:f1:ed:74:4f:d1:e5:e8:35:
                    c9:95:fc:5e:dd:23:bf:cb:cd:d5:f9:3e:65:2f:40:
                    32:31:95:08:f3:85:6b:a0:35:ae:c0:ec:2d:c1:14:
                    1d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:56:4B:39:38:30:88:D5:12:B2:DE:4F:EF:75:BC:4E:0C:D0:32:D2
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/Q1ZLOTgwiNUSst5P73W8TgzQMtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:e7:96:5a:d7:17:53:47:7f:04:b1:9d:97:a5:a7:a1:cb:64:
         be:f8:e4:6e:a1:f3:8b:ff:f1:0e:21:a2:3a:92:68:55:34:8e:
         cf:75:d3:49:52:f6:85:f4:ef:1b:13:60:85:73:b1:22:57:7a:
         32:e4:ae:82:d8:05:c8:f4:03:d0:d0:56:7d:0e:19:5d:37:d8:
         c7:20:3c:4f:c5:81:fd:e7:f0:0e:ec:e6:8c:67:11:13:04:a8:
         35:65:34:b6:ae:e4:fc:b1:48:df:0a:53:a8:5f:83:fc:c4:7c:
         61:36:b5:c5:63:1e:00:ac:f3:bb:c8:8f:32:0b:bc:99:5c:84:
         d8:7f:f4:a7:db:28:de:af:07:84:5e:25:31:7e:ac:12:9e:b7:
         b3:73:6f:2e:7c:c3:99:fe:23:69:d8:4b:6a:d2:67:e8:e4:8d:
         18:94:e3:96:0f:93:b5:f7:31:23:53:4c:e9:7a:5b:95:f2:b0:
         98:98:e8:fc:41:8d:cb:63:46:23:fb:6a:fe:4c:2a:98:2b:c9:
         41:1c:46:b5:12:18:89:1a:77:62:57:04:b4:d1:9c:56:86:3f:
         0d:11:91:68:ce:14:15:fd:fd:5a:db:68:88:c2:a5:fa:0c:70:
         b2:ff:0a:26:13:cc:39:53:de:d1:cc:bc:89:87:e0:70:f5:e4:
         9f:ec:5f:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzKAjaf9AFR75NweIPfCyI+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMzA3MjAzNDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzU2NGIzOTM4MzA4OGQ1MTJiMmRlNGZlZjc1YmM0ZTBjZDAzMmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuMlGaejZy1Hz9WJBbt3tBzhJ9X4
gVPKCinMPqAgQl5FPr2NA/Uwx5zNzsg/eHVEJdeoqu62P4vPnfIoQQP34adkwL/4
XXOn3U49tjYWYUDZKo77wm4GiI0mJ4UZghA6Y9D9nzFurpGUx+19DLU2Q8lkhT+m
GTOP0gDb2XxIChMcjiEl5xlil9tHanUyhrhj2x/WVfLoS0qNbGaLxhYUHxMSl/2m
SEsLHqbWHcEzXN1FBJnx/CVvTFQGUb6S3N6gKZrBWx37vGRjUAtbpt33EQwpdG2Y
fP4U8e10T9Hl6DXJlfxe3SO/y83V+T5lL0AyMZUI84VroDWuwOwtwRQdkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENWSzk4MIjVErLeT+91vE4M0DLSMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvUTFaTE9UZ3dpTlVTc3Q1UDczVzhUZ3pRTXRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/L/MA0G
CSqGSIb3DQEBCwUAA4IBAQAq55Za1xdTR38EsZ2Xpaehy2S++ORuofOL//EOIaI6
kmhVNI7PddNJUvaF9O8bE2CFc7EiV3oy5K6C2AXI9APQ0FZ9DhldN9jHIDxPxYH9
5/AO7OaMZxETBKg1ZTS2ruT8sUjfClOoX4P8xHxhNrXFYx4ArPO7yI8yC7yZXITY
f/Sn2yjerweEXiUxfqwSnrezc28ufMOZ/iNp2Etq0mfo5I0YlOOWD5O19zEjU0zp
eluV8rCYmOj8QY3LY0Yj+2r+TCqYK8lBHEa1EhiJGndiVwS00ZxWhj8NEZFozhQV
/f1a22iIwqX6DHCy/womE8w5U97RzLyJh+Bw9eSf7F/b
-----END CERTIFICATE-----