Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qWlIDYTC6xV_yKmo24hmy5Bq1sg.roa
File:                     qWlIDYTC6xV_yKmo24hmy5Bq1sg.roa (raw, json)
Hash identifier:          PWfFdOM1yeSdGqgL/kqDB0CNziEAdoqHTqw6MctXW04=
Subject key identifier:   A9:69:48:0D:84:C2:EB:15:7F:C8:A9:A8:DB:88:66:CB:90:6A:D6:C8
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019DFDD761C40E10B0036621A0C57F06C27A
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qWlIDYTC6xV_yKmo24hmy5Bq1sg.roa
Signing time:             Wed 06 May 2026 15:10:44 +0000
ROA not before:           Wed 06 May 2026 15:10:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213549
IP address blocks:        37.202.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:d7:61:c4:0e:10:b0:03:66:21:a0:c5:7f:06:c2:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May  6 15:10:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a969480d84c2eb157fc8a9a8db8866cb906ad6c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d1:00:f4:17:00:7e:79:e0:5e:14:22:4b:05:
                    5a:ee:ba:ab:ff:6f:be:98:fa:6e:fa:1d:5e:fe:59:
                    20:ef:66:f6:30:b4:f2:c6:39:80:35:e3:02:39:52:
                    70:05:bd:c1:33:00:5f:2a:90:e7:f2:6e:1c:5a:ac:
                    19:6f:88:f2:17:a9:ef:c7:60:64:d3:95:6d:f6:13:
                    b2:19:97:dd:5f:5f:1e:7e:7a:b2:f8:c5:b1:4e:6b:
                    f9:3d:af:af:1a:c0:21:95:f6:b3:07:62:4b:81:f1:
                    5b:9e:fa:c5:e0:d0:e0:d1:33:5d:d0:ae:7e:27:4e:
                    ae:70:b4:0f:cc:b4:ca:c8:df:34:7d:43:97:68:c3:
                    86:ba:57:b4:be:61:2d:ed:ae:45:0d:7a:76:59:bb:
                    69:7e:0b:bc:6c:44:33:04:dd:ce:d8:c4:96:ad:b3:
                    ce:b0:a4:81:86:27:d2:b5:4d:84:7d:97:9a:04:ba:
                    bc:54:30:4a:cf:30:25:a0:52:5a:4c:b0:66:ca:8c:
                    2c:78:cc:70:5a:fb:72:e2:45:44:9c:df:22:87:70:
                    a9:65:58:95:32:a4:5f:88:3d:c2:26:ab:f7:04:a4:
                    55:b1:62:73:28:24:68:4e:9e:41:5c:3b:c8:24:f8:
                    cd:cb:89:07:6c:e8:d9:50:d7:27:76:4e:f1:4f:b4:
                    af:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:69:48:0D:84:C2:EB:15:7F:C8:A9:A8:DB:88:66:CB:90:6A:D6:C8
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/qWlIDYTC6xV_yKmo24hmy5Bq1sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:2a:ae:7f:61:c5:26:f4:eb:53:3a:b9:67:f6:b3:75:23:84:
         8e:9f:ae:d5:9b:9e:94:ac:06:9c:ad:de:c2:00:41:94:1c:f2:
         c1:bc:0f:1b:0b:96:2c:1a:80:56:ba:40:2c:cb:d3:fa:f8:1b:
         f9:9f:28:53:79:75:2b:44:2e:71:c0:55:ac:dd:d6:bc:70:4d:
         04:72:c3:b1:e2:58:fa:ae:17:71:cb:ad:e9:d8:ea:09:55:03:
         93:1c:0a:78:82:3f:b3:b4:bc:f3:93:11:31:bb:f4:80:08:37:
         79:ae:04:6e:6d:c1:82:71:cb:f2:b6:72:a9:83:45:56:59:4f:
         3d:be:49:87:e6:8e:0e:2e:0d:82:fd:89:23:77:90:0f:f0:02:
         2f:f2:82:7d:4b:93:8d:bb:4d:f2:26:a4:a4:e5:27:a5:e9:1a:
         24:b2:d8:09:b0:09:07:af:42:70:47:4e:a7:e3:bf:dc:4b:90:
         24:93:4c:ce:f7:3c:66:fc:4f:a0:64:ef:93:43:8d:13:e7:f3:
         81:5a:fb:35:49:cd:2e:57:d8:13:af:32:8b:9d:25:a7:08:97:
         d5:e5:35:d6:3a:57:f0:1d:c1:e5:14:30:b6:10:77:f7:87:24:
         39:b7:ca:85:6e:70:30:5b:1a:1d:cf:21:4e:31:61:f7:8e:17:
         2a:7e:17:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3912HEDhCwA2YhoMV/BsJ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNTA2MTUxMDQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTY5NDgwZDg0YzJlYjE1N2ZjOGE5YThkYjg4NjZjYjkwNmFkNmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9EA9BcAfnngXhQiSwVa7rqr/2++
mPpu+h1e/lkg72b2MLTyxjmANeMCOVJwBb3BMwBfKpDn8m4cWqwZb4jyF6nvx2Bk
05Vt9hOyGZfdX18efnqy+MWxTmv5Pa+vGsAhlfazB2JLgfFbnvrF4NDg0TNd0K5+
J06ucLQPzLTKyN80fUOXaMOGule0vmEt7a5FDXp2Wbtpfgu8bEQzBN3O2MSWrbPO
sKSBhifStU2EfZeaBLq8VDBKzzAloFJaTLBmyowseMxwWvty4kVEnN8ih3CpZViV
MqRfiD3CJqv3BKRVsWJzKCRoTp5BXDvIJPjNy4kHbOjZUNcndk7xT7Sv+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKlpSA2EwusVf8ipqNuIZsuQatbIMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcVdsSURZVEM2eFZfeUttbzI0aG15NUJxMXNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJcrCMA0G
CSqGSIb3DQEBCwUAA4IBAQA6Kq5/YcUm9OtTOrln9rN1I4SOn67Vm56UrAacrd7C
AEGUHPLBvA8bC5YsGoBWukAsy9P6+Bv5nyhTeXUrRC5xwFWs3da8cE0EcsOx4lj6
rhdxy63p2OoJVQOTHAp4gj+ztLzzkxExu/SACDd5rgRubcGCccvytnKpg0VWWU89
vkmH5o4OLg2C/Ykjd5AP8AIv8oJ9S5ONu03yJqSk5Sel6RokstgJsAkHr0JwR06n
47/cS5Akk0zO9zxm/E+gZO+TQ40T5/OBWvs1Sc0uV9gTrzKLnSWnCJfV5TXWOlfw
HcHlFDC2EHf3hyQ5t8qFbnAwWxodzyFOMWH3jhcqfhf7
-----END CERTIFICATE-----