Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/qyLbFsRIe8Jd6sG2DI_BiTtP7io.roa
File:                     qyLbFsRIe8Jd6sG2DI_BiTtP7io.roa (raw, json)
Hash identifier:          yTz+vrd5+uJTzoZ6RiYw+CeRxkudUElCAIqfmUpkz54=
Subject key identifier:   AB:22:DB:16:C4:48:7B:C2:5D:EA:C1:B6:0C:8F:C1:89:3B:4F:EE:2A
Certificate issuer:       /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial:       019D24A9A13D4FFADDB4730CC5B57C4AA9BC
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/qyLbFsRIe8Jd6sG2DI_BiTtP7io.roa
Signing time:             Wed 25 Mar 2026 11:03:09 +0000
ROA not before:           Wed 25 Mar 2026 11:03:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211912
IP address blocks:        65.181.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:a9:a1:3d:4f:fa:dd:b4:73:0c:c5:b5:7c:4a:a9:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
        Validity
            Not Before: Mar 25 11:03:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab22db16c4487bc25deac1b60c8fc1893b4fee2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:60:c6:cd:7a:c4:02:57:bd:b2:c4:85:af:1f:
                    fc:90:36:1a:09:cd:8b:f1:fd:94:c6:1e:b8:2d:e7:
                    a2:f8:ba:48:81:f5:94:be:a7:0c:7d:90:46:fb:b6:
                    c9:b2:d1:a2:db:12:30:ed:f4:b4:ae:dd:20:76:e7:
                    b8:61:99:32:12:4e:f1:fc:3c:05:e0:48:c2:be:47:
                    19:54:06:e5:5c:64:62:42:d1:93:40:94:d4:c0:b9:
                    9f:b0:78:08:1e:d9:22:ae:76:6a:db:af:e8:da:c4:
                    55:84:57:9a:15:96:24:0d:4d:52:76:8e:bc:45:42:
                    a0:3b:d2:37:6a:04:7c:1e:b2:d3:c3:3c:2c:fe:f1:
                    ad:81:d0:ec:ae:4e:7a:cb:fd:85:e2:87:3b:77:41:
                    0e:d2:b8:a3:8b:8d:44:04:98:89:67:03:d6:64:b1:
                    27:05:0d:5d:e1:68:12:8d:8a:2c:fa:22:fb:22:3d:
                    05:bc:27:0a:10:d1:09:68:6b:4e:e1:0e:df:c0:81:
                    a0:c8:43:ce:ba:e4:18:58:ff:4f:23:21:9f:9c:4c:
                    1d:e9:15:a3:1c:dd:3c:e1:8a:81:ae:10:0a:2a:86:
                    d9:c9:8f:92:a3:9e:2b:ce:6a:eb:f6:03:47:00:d2:
                    4b:d0:8a:08:79:ca:69:b5:2e:a8:1a:85:67:f6:ee:
                    6d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:22:DB:16:C4:48:7B:C2:5D:EA:C1:B6:0C:8F:C1:89:3B:4F:EE:2A
            X509v3 Authority Key Identifier:
                keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/qyLbFsRIe8Jd6sG2DI_BiTtP7io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.181.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:9d:a2:53:08:c6:4c:e0:d2:08:83:9b:d1:f0:5f:b2:fb:17:
         b2:86:ea:29:e6:73:b5:99:12:47:5d:46:75:21:99:98:f0:53:
         47:25:ac:2f:78:29:1e:70:c3:4f:af:97:37:57:5a:ba:79:cc:
         dd:6a:58:a6:b6:4e:e9:7b:ca:66:01:50:08:48:05:85:f3:82:
         6a:c3:7a:ee:c4:53:54:bc:f0:a8:66:90:48:a0:e2:95:d4:0c:
         47:56:84:df:1a:bd:10:d4:20:61:ac:ee:7a:e9:a8:fc:08:6c:
         06:94:76:91:c6:93:c3:ec:c1:96:2b:98:81:37:77:fb:a8:8d:
         f8:cb:8c:67:8b:ab:25:3a:c1:f5:60:68:fb:8e:82:a7:21:5f:
         af:ef:d2:5c:8a:53:7d:66:82:41:e8:9c:39:68:77:1f:20:e6:
         63:80:94:89:15:da:f7:83:3c:99:92:2c:81:86:1c:57:b8:0f:
         36:e6:e3:4f:c9:ef:f7:bb:16:b7:5b:67:a5:0d:7a:18:1e:1c:
         29:47:cb:c9:46:f9:d8:5f:a9:6b:d2:54:f6:62:39:a5:6f:73:
         6b:27:31:e5:26:b0:0e:c2:46:55:79:d9:15:44:50:7d:99:9b:
         40:d6:94:d0:35:f8:97:bf:64:8b:78:5e:cd:fc:3f:cb:23:71:
         66:0c:9c:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0kqaE9T/rdtHMMxbV8Sqm8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjYwMzI1MTEwMzA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjIyZGIxNmM0NDg3YmMyNWRlYWMxYjYwYzhmYzE4OTNiNGZlZTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmDGzXrEAle9ssSFrx/8kDYaCc2L
8f2Uxh64Leei+LpIgfWUvqcMfZBG+7bJstGi2xIw7fS0rt0gdue4YZkyEk7x/DwF
4EjCvkcZVAblXGRiQtGTQJTUwLmfsHgIHtkirnZq26/o2sRVhFeaFZYkDU1Sdo68
RUKgO9I3agR8HrLTwzws/vGtgdDsrk56y/2F4oc7d0EO0riji41EBJiJZwPWZLEn
BQ1d4WgSjYos+iL7Ij0FvCcKENEJaGtO4Q7fwIGgyEPOuuQYWP9PIyGfnEwd6RWj
HN084YqBrhAKKobZyY+So54rzmrr9gNHANJL0IoIecpptS6oGoVn9u5tEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKsi2xbESHvCXerBtgyPwYk7T+4qMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvcXlMYkZzUkllOEpkNnNHMkRJX0JpVHRQN2lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAQbV+MA0G
CSqGSIb3DQEBCwUAA4IBAQCdnaJTCMZM4NIIg5vR8F+y+xeyhuop5nO1mRJHXUZ1
IZmY8FNHJawveCkecMNPr5c3V1q6eczdalimtk7pe8pmAVAISAWF84Jqw3ruxFNU
vPCoZpBIoOKV1AxHVoTfGr0Q1CBhrO566aj8CGwGlHaRxpPD7MGWK5iBN3f7qI34
y4xni6slOsH1YGj7joKnIV+v79JcilN9ZoJB6Jw5aHcfIOZjgJSJFdr3gzyZkiyB
hhxXuA825uNPye/3uxa3W2elDXoYHhwpR8vJRvnYX6lr0lT2Yjmlb3NrJzHlJrAO
wkZVedkVRFB9mZtA1pTQNfiXv2SLeF7N/D/LI3FmDJxh
-----END CERTIFICATE-----