Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/e5bf20-86c3-4d3f-93d3-20397e66448a/1/QwfwWnuU2NBVoqdOmvfr5FQjIoM.roa
File:                     QwfwWnuU2NBVoqdOmvfr5FQjIoM.roa (raw, json)
Hash identifier:          eLvlx5jM6qNIq7/8tFMX7T9AIKZbkgsEQFX69vOLcbc=
Subject key identifier:   43:07:F0:5A:7B:94:D8:D0:55:A2:A7:4E:9A:F7:EB:E4:54:23:22:83
Certificate issuer:       /CN=874140151c8d8d56b6af53239d29021eddcd8a5a
Certificate serial:       019CD7173F89702D688C8C48C6E65AA17FB0
Authority key identifier: 87:41:40:15:1C:8D:8D:56:B6:AF:53:23:9D:29:02:1E:DD:CD:8A:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0FAFRyNjVa2r1MjnSkCHt3Nilo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/e5bf20-86c3-4d3f-93d3-20397e66448a/1/QwfwWnuU2NBVoqdOmvfr5FQjIoM.roa
Signing time:             Tue 10 Mar 2026 09:32:30 +0000
ROA not before:           Tue 10 Mar 2026 09:32:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56900
IP address blocks:        109.69.120.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/e5bf20-86c3-4d3f-93d3-20397e66448a/1/h0FAFRyNjVa2r1MjnSkCHt3Nilo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/e5bf20-86c3-4d3f-93d3-20397e66448a/1/h0FAFRyNjVa2r1MjnSkCHt3Nilo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0FAFRyNjVa2r1MjnSkCHt3Nilo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 12:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d7:17:3f:89:70:2d:68:8c:8c:48:c6:e6:5a:a1:7f:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=874140151c8d8d56b6af53239d29021eddcd8a5a
        Validity
            Not Before: Mar 10 09:32:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4307f05a7b94d8d055a2a74e9af7ebe454232283
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c3:b4:cd:a4:45:a2:70:de:bd:29:c6:13:48:
                    2a:64:db:a1:2a:98:27:90:11:67:0b:8d:f7:df:62:
                    a2:7b:14:d5:93:62:8c:db:52:0f:8b:87:7a:4f:44:
                    f5:41:09:e8:34:6d:a7:54:62:31:10:49:b8:c5:ea:
                    df:61:fb:34:8f:09:e0:39:c8:49:77:c9:33:e1:b5:
                    f2:71:31:63:12:9f:6f:09:8e:7d:24:59:b9:95:1a:
                    e3:47:a6:db:2e:ff:c4:7b:75:95:dc:28:55:f8:54:
                    a4:6e:15:40:75:2f:1b:45:89:53:1d:fe:2d:47:92:
                    c7:52:eb:5a:83:50:b4:7a:75:2c:11:76:d8:ad:31:
                    3a:a6:48:c2:40:f9:8c:26:d9:93:2c:b7:63:fa:89:
                    20:ca:ad:da:87:4c:0c:8b:15:2f:d7:a7:8c:4b:3d:
                    95:bd:c9:d5:68:8e:47:72:c6:ef:92:8e:22:84:62:
                    b4:68:af:ef:4a:27:95:1e:e4:f0:a7:45:21:c0:ab:
                    53:30:9e:2c:e0:32:37:5c:20:c6:01:0d:d4:05:c1:
                    b2:23:96:47:52:cd:1e:fd:db:44:6b:6d:5c:52:e0:
                    4e:e5:31:32:c0:0f:1e:cf:ca:aa:38:f8:40:83:54:
                    c0:31:09:8c:48:85:d8:8c:1e:ea:dc:0b:c4:1a:4f:
                    cd:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:07:F0:5A:7B:94:D8:D0:55:A2:A7:4E:9A:F7:EB:E4:54:23:22:83
            X509v3 Authority Key Identifier:
                keyid:87:41:40:15:1C:8D:8D:56:B6:AF:53:23:9D:29:02:1E:DD:CD:8A:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0FAFRyNjVa2r1MjnSkCHt3Nilo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/e5bf20-86c3-4d3f-93d3-20397e66448a/1/QwfwWnuU2NBVoqdOmvfr5FQjIoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/e5bf20-86c3-4d3f-93d3-20397e66448a/1/h0FAFRyNjVa2r1MjnSkCHt3Nilo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.69.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         85:b3:e5:ea:37:b5:b4:e8:89:f5:9a:f8:f1:63:a5:25:8d:50:
         5a:32:8b:59:99:55:fb:e1:bf:26:c0:fe:b3:ce:49:c6:7d:64:
         68:fd:45:92:2b:5f:82:fb:63:66:20:b4:58:bc:e4:fa:c2:64:
         fd:25:c0:e2:71:ac:92:79:ff:cd:23:bb:58:09:ba:2c:44:cc:
         f4:5a:54:fe:1d:95:6d:33:d4:12:93:b7:de:bf:4b:25:ea:c5:
         dd:0c:b2:ba:c8:e9:ac:92:13:da:d5:39:b4:84:85:9b:70:94:
         1c:00:aa:cc:0c:fe:b7:00:6c:98:21:b8:2d:0c:32:26:00:df:
         d7:c1:e5:96:0c:43:e0:07:8b:4f:f5:62:be:0e:98:c9:38:35:
         36:bf:e5:6a:57:3e:9f:79:6d:b1:f8:73:83:ac:e0:47:c2:4d:
         87:2b:40:5b:0e:0b:ed:08:4a:00:0c:c6:5e:bd:6c:5f:f9:af:
         47:e5:64:69:0d:89:cc:92:63:cc:14:36:d0:35:85:3c:5f:96:
         5b:6d:11:c9:bc:f9:9f:e2:ba:39:b9:0b:b6:c3:51:34:05:74:
         c3:db:db:ad:39:45:0a:e8:9d:0e:df:89:59:d9:91:0f:fa:05:
         56:5a:57:f9:d5:f8:00:57:31:bb:60:5b:14:3b:0e:0a:33:06:
         ad:d1:7c:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzXFz+JcC1ojIxIxuZaoX+wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NDE0MDE1MWM4ZDhkNTZiNmFmNTMyMzlkMjkwMjFlZGRj
ZDhhNWEwHhcNMjYwMzEwMDkzMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzA3ZjA1YTdiOTRkOGQwNTVhMmE3NGU5YWY3ZWJlNDU0MjMyMjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8O0zaRFonDevSnGE0gqZNuhKpgn
kBFnC43332KiexTVk2KM21IPi4d6T0T1QQnoNG2nVGIxEEm4xerfYfs0jwngOchJ
d8kz4bXycTFjEp9vCY59JFm5lRrjR6bbLv/Ee3WV3ChV+FSkbhVAdS8bRYlTHf4t
R5LHUutag1C0enUsEXbYrTE6pkjCQPmMJtmTLLdj+okgyq3ah0wMixUv16eMSz2V
vcnVaI5Hcsbvko4ihGK0aK/vSieVHuTwp0UhwKtTMJ4s4DI3XCDGAQ3UBcGyI5ZH
Us0e/dtEa21cUuBO5TEywA8ez8qqOPhAg1TAMQmMSIXYjB7q3AvEGk/NUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMH8Fp7lNjQVaKnTpr36+RUIyKDMB8GA1UdIwQY
MBaAFIdBQBUcjY1Wtq9TI50pAh7dzYpaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDBGQUZSeU5qVmEycjFNam5Ta0NIdDNOaWxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9lNWJmMjAtODZjMy00ZDNmLTkzZDMt
MjAzOTdlNjY0NDhhLzEvUXdmd1dudVUyTkJWb3FkT212ZnI1RlFqSW9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9lNWJmMjAtODZjMy00ZDNmLTkzZDMtMjAzOTdlNjY0NDhh
LzEvaDBGQUZSeU5qVmEycjFNam5Ta0NIdDNOaWxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbUV4MA0G
CSqGSIb3DQEBCwUAA4IBAQCFs+XqN7W06In1mvjxY6UljVBaMotZmVX74b8mwP6z
zknGfWRo/UWSK1+C+2NmILRYvOT6wmT9JcDicaySef/NI7tYCbosRMz0WlT+HZVt
M9QSk7fev0sl6sXdDLK6yOmskhPa1Tm0hIWbcJQcAKrMDP63AGyYIbgtDDImAN/X
weWWDEPgB4tP9WK+DpjJODU2v+VqVz6feW2x+HODrOBHwk2HK0BbDgvtCEoADMZe
vWxf+a9H5WRpDYnMkmPMFDbQNYU8X5ZbbRHJvPmf4ro5uQu2w1E0BXTD29utOUUK
6J0O34lZ2ZEP+gVWWlf51fgAVzG7YFsUOw4KMwat0XzJ
-----END CERTIFICATE-----