Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/282796-2b3e-4ce1-8fbf-3e986c6fe87d/1/q8RepG1EYgx-WqxItUPX_OH0OX0.roa
File:                     q8RepG1EYgx-WqxItUPX_OH0OX0.roa (raw, json)
Hash identifier:          b4kZ60ZayB+5ne7ycneOFCjARrzoZ1efrTrEpXK66A8=
Subject key identifier:   AB:C4:5E:A4:6D:44:62:0C:7E:5A:AC:48:B5:43:D7:FC:E1:F4:39:7D
Certificate issuer:       /CN=26346b42e722a23f3307bd72f573762c024f2385
Certificate serial:       019E03F1287572304AF34E0A71A5A32F7C18
Authority key identifier: 26:34:6B:42:E7:22:A2:3F:33:07:BD:72:F5:73:76:2C:02:4F:23:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JjRrQucioj8zB71y9XN2LAJPI4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/282796-2b3e-4ce1-8fbf-3e986c6fe87d/1/q8RepG1EYgx-WqxItUPX_OH0OX0.roa
Signing time:             Thu 07 May 2026 19:36:36 +0000
ROA not before:           Thu 07 May 2026 19:36:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31736
IP address blocks:        203.16.207.0/24 maxlen: 24
                          2001:67c:7d4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/282796-2b3e-4ce1-8fbf-3e986c6fe87d/1/JjRrQucioj8zB71y9XN2LAJPI4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/282796-2b3e-4ce1-8fbf-3e986c6fe87d/1/JjRrQucioj8zB71y9XN2LAJPI4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JjRrQucioj8zB71y9XN2LAJPI4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:03:f1:28:75:72:30:4a:f3:4e:0a:71:a5:a3:2f:7c:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26346b42e722a23f3307bd72f573762c024f2385
        Validity
            Not Before: May  7 19:36:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=abc45ea46d44620c7e5aac48b543d7fce1f4397d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:16:fb:17:4d:99:5f:96:cd:72:65:9f:9e:f3:
                    f4:7d:11:76:ce:5b:e4:2c:a6:a1:02:d0:41:d6:87:
                    2e:3f:38:03:2f:98:ad:82:0f:d5:61:59:20:f0:31:
                    f7:8f:f4:a9:9c:07:90:57:84:72:b1:16:61:a6:b6:
                    6c:f4:f2:06:0b:f5:ee:51:a8:d6:01:cc:15:dc:9e:
                    7b:d6:35:a1:f6:44:f0:af:46:b8:09:5a:5b:be:d4:
                    49:62:33:89:b0:7f:1c:63:d2:fd:5a:79:ba:ff:d9:
                    98:ab:02:83:df:d3:77:5c:bf:00:06:3d:f6:92:f5:
                    6b:d9:23:7a:45:1f:34:a4:21:86:9e:c5:72:1e:76:
                    0e:22:0f:7f:58:5d:df:79:a2:74:2b:91:26:8a:a2:
                    f3:e5:4e:ea:2c:d9:c3:02:d5:20:61:33:2b:3d:c3:
                    c2:8b:73:59:c3:3b:93:11:10:4d:d5:95:de:aa:87:
                    80:2b:5d:98:d4:39:be:36:53:6a:c1:be:db:25:0c:
                    14:df:4d:32:f9:db:c4:72:88:66:8b:9e:40:27:2d:
                    b1:06:d0:c2:d5:44:fc:4a:ab:72:c0:51:ad:6a:6b:
                    6c:1c:cb:89:df:48:a9:55:eb:21:f7:00:62:64:3f:
                    90:32:ea:74:6c:5a:f3:2e:ab:d6:8e:96:52:2d:3a:
                    f9:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:C4:5E:A4:6D:44:62:0C:7E:5A:AC:48:B5:43:D7:FC:E1:F4:39:7D
            X509v3 Authority Key Identifier:
                keyid:26:34:6B:42:E7:22:A2:3F:33:07:BD:72:F5:73:76:2C:02:4F:23:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JjRrQucioj8zB71y9XN2LAJPI4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/282796-2b3e-4ce1-8fbf-3e986c6fe87d/1/q8RepG1EYgx-WqxItUPX_OH0OX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/282796-2b3e-4ce1-8fbf-3e986c6fe87d/1/JjRrQucioj8zB71y9XN2LAJPI4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.16.207.0/24
                IPv6:
                  2001:67c:7d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:31:55:21:44:58:d7:92:7d:0a:ac:b6:41:e6:77:e0:d6:67:
         61:85:ba:d0:13:d4:e7:d0:1c:90:e4:57:7f:8f:cf:75:c5:84:
         02:d1:ce:0a:88:f5:1c:99:be:17:a0:e9:1c:26:16:30:c4:6d:
         4b:7c:f0:6a:6a:95:9e:7f:3c:79:1e:b8:b9:3b:de:3a:01:96:
         b8:a6:ef:6b:dc:d5:54:fc:16:52:67:68:eb:4e:a1:2a:a4:a7:
         5e:e6:7e:3c:fe:0e:bf:75:96:fe:35:29:23:7f:0a:bc:a7:8d:
         86:e1:6a:a1:0b:b4:5d:6c:e7:93:5f:ab:25:b6:98:7e:d1:47:
         ad:0f:a6:c7:50:78:da:43:6a:c6:10:60:6b:f6:7e:7b:19:b1:
         6e:e9:30:9a:da:4f:13:d9:97:e4:16:b4:e2:74:31:84:a0:07:
         59:af:8e:e2:39:5c:e2:7d:dd:26:6b:bd:63:5c:a1:00:1a:43:
         be:a1:44:3d:71:83:d9:1b:e6:e9:60:41:46:11:90:07:63:9c:
         0b:dc:bc:e6:3e:86:54:52:58:65:fd:80:99:e9:fd:f9:2c:49:
         4f:72:5d:00:e6:2a:69:8c:f7:60:96:c1:1d:d3:44:3f:76:fb:
         f0:68:58:b1:df:a7:52:66:83:c9:b6:a6:88:15:a3:54:75:15:
         09:c0:f4:9a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ4D8Sh1cjBK804KcaWjL3wYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MzQ2YjQyZTcyMmEyM2YzMzA3YmQ3MmY1NzM3NjJjMDI0
ZjIzODUwHhcNMjYwNTA3MTkzNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmM0NWVhNDZkNDQ2MjBjN2U1YWFjNDhiNTQzZDdmY2UxZjQzOTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4xb7F02ZX5bNcmWfnvP0fRF2zlvk
LKahAtBB1ocuPzgDL5itgg/VYVkg8DH3j/SpnAeQV4RysRZhprZs9PIGC/XuUajW
AcwV3J571jWh9kTwr0a4CVpbvtRJYjOJsH8cY9L9Wnm6/9mYqwKD39N3XL8ABj32
kvVr2SN6RR80pCGGnsVyHnYOIg9/WF3feaJ0K5EmiqLz5U7qLNnDAtUgYTMrPcPC
i3NZwzuTERBN1ZXeqoeAK12Y1Dm+NlNqwb7bJQwU300y+dvEcohmi55AJy2xBtDC
1UT8SqtywFGtamtsHMuJ30ipVesh9wBiZD+QMup0bFrzLqvWjpZSLTr5wQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKvEXqRtRGIMflqsSLVD1/zh9Dl9MB8GA1UdIwQY
MBaAFCY0a0LnIqI/Mwe9cvVzdiwCTyOFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmpSclF1Y2lvajh6QjcxeTlYTjJMQUpQSTRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8yODI3OTYtMmIzZS00Y2UxLThmYmYt
M2U5ODZjNmZlODdkLzEvcThSZXBHMUVZZ3gtV3F4SXRVUFhfT0gwT1gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8yODI3OTYtMmIzZS00Y2UxLThmYmYtM2U5ODZjNmZlODdk
LzEvSmpSclF1Y2lvajh6QjcxeTlYTjJMQUpQSTRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAyxDPMA8E
AgACMAkDBwAgAQZ8B9QwDQYJKoZIhvcNAQELBQADggEBAHAxVSFEWNeSfQqstkHm
d+DWZ2GFutAT1OfQHJDkV3+Pz3XFhALRzgqI9RyZvheg6RwmFjDEbUt88GpqlZ5/
PHkeuLk73joBlrim72vc1VT8FlJnaOtOoSqkp17mfjz+Dr91lv41KSN/CrynjYbh
aqELtF1s55NfqyW2mH7RR60PpsdQeNpDasYQYGv2fnsZsW7pMJraTxPZl+QWtOJ0
MYSgB1mvjuI5XOJ93SZrvWNcoQAaQ76hRD1xg9kb5ulgQUYRkAdjnAvcvOY+hlRS
WGX9gJnp/fksSU9yXQDmKmmM92CWwR3TRD92+/BoWLHfp1Jmg8m2pogVo1R1FQnA
9Jo=
-----END CERTIFICATE-----