Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/a3d2ee-174c-48c3-bd26-7fa9d94024f0/1/qTJDb5bZcI57GfkMCiidBBuCxcM.roa
File:                     qTJDb5bZcI57GfkMCiidBBuCxcM.roa (raw, json)
Hash identifier:          hotESPxS+NRDdQrT1wDQOkWWo9YVaPiGSYJ82rAj5o4=
Subject key identifier:   A9:32:43:6F:96:D9:70:8E:7B:19:F9:0C:0A:28:9D:04:1B:82:C5:C3
Certificate issuer:       /CN=8cef146d85c09aa59687fd6315b13271c1c292ad
Certificate serial:       019DD59ADC86E6DA32683F08119D8DCDD07C
Authority key identifier: 8C:EF:14:6D:85:C0:9A:A5:96:87:FD:63:15:B1:32:71:C1:C2:92:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jO8UbYXAmqWWh_1jFbEyccHCkq0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/a3d2ee-174c-48c3-bd26-7fa9d94024f0/1/qTJDb5bZcI57GfkMCiidBBuCxcM.roa
Signing time:             Tue 28 Apr 2026 19:39:49 +0000
ROA not before:           Tue 28 Apr 2026 19:39:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203055
IP address blocks:        66.203.124.0/24 maxlen: 24
                          66.203.125.0/24 maxlen: 24
                          2a0b:e46:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/a3d2ee-174c-48c3-bd26-7fa9d94024f0/1/jO8UbYXAmqWWh_1jFbEyccHCkq0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/a3d2ee-174c-48c3-bd26-7fa9d94024f0/1/jO8UbYXAmqWWh_1jFbEyccHCkq0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jO8UbYXAmqWWh_1jFbEyccHCkq0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d5:9a:dc:86:e6:da:32:68:3f:08:11:9d:8d:cd:d0:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cef146d85c09aa59687fd6315b13271c1c292ad
        Validity
            Not Before: Apr 28 19:39:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a932436f96d9708e7b19f90c0a289d041b82c5c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:07:90:ea:b5:8c:89:1a:51:9a:2f:f8:c6:37:
                    6b:59:47:83:a9:98:b7:f3:17:b1:20:34:71:cc:7f:
                    ec:82:7f:d2:7e:fa:cf:b6:c7:02:05:8d:ef:68:b5:
                    a0:f0:6b:d9:df:cd:1e:4b:26:b2:98:5d:55:33:29:
                    f4:d1:a4:f0:c0:61:a5:88:6e:71:09:bc:b5:48:6d:
                    f7:f5:76:3a:31:3a:fc:1f:30:b9:30:5a:5d:69:91:
                    cb:1b:4b:ea:15:ea:9b:76:66:1d:e0:7b:ce:04:94:
                    1b:dd:32:e3:22:6c:54:35:5a:1b:06:c8:05:4d:a7:
                    9a:42:cf:cc:01:61:57:0d:9c:3d:c8:57:d3:33:9c:
                    e7:44:42:24:80:16:e1:62:55:bd:86:f3:d0:ef:64:
                    48:6b:c9:85:b3:17:75:43:6b:90:68:04:33:90:2c:
                    62:40:31:41:14:22:d6:a0:45:31:d2:6a:05:ac:43:
                    c6:12:63:db:cf:65:4b:97:4b:af:05:43:f3:83:45:
                    c4:33:3a:3e:3a:41:0b:94:c0:ce:8f:fa:be:3b:fc:
                    9b:65:8c:16:c8:d6:59:c8:16:8c:9e:3c:81:09:05:
                    bb:9f:a0:d7:a8:a5:fc:63:ae:5a:31:c8:36:88:78:
                    01:74:c6:21:30:2f:1f:fe:4b:16:40:bd:88:66:a8:
                    4b:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:32:43:6F:96:D9:70:8E:7B:19:F9:0C:0A:28:9D:04:1B:82:C5:C3
            X509v3 Authority Key Identifier:
                keyid:8C:EF:14:6D:85:C0:9A:A5:96:87:FD:63:15:B1:32:71:C1:C2:92:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jO8UbYXAmqWWh_1jFbEyccHCkq0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/a3d2ee-174c-48c3-bd26-7fa9d94024f0/1/qTJDb5bZcI57GfkMCiidBBuCxcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/a3d2ee-174c-48c3-bd26-7fa9d94024f0/1/jO8UbYXAmqWWh_1jFbEyccHCkq0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.203.124.0/23
                IPv6:
                  2a0b:e46:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:54:92:52:e9:6d:43:61:18:fa:ca:d9:5f:43:93:e3:27:3d:
         14:c0:37:46:06:5b:81:1c:b6:69:e5:f4:9d:01:b6:02:cd:70:
         40:78:51:8a:f0:24:52:ac:9d:68:db:e7:2e:a7:52:3e:13:12:
         3b:d5:0b:a5:4a:23:79:9d:42:c1:a9:54:57:31:86:63:10:ba:
         80:64:25:c0:e3:12:b3:d0:97:89:34:58:93:55:02:2d:cc:ba:
         a6:d7:4e:51:f7:52:bc:ac:83:d6:52:19:b8:7e:f1:ff:c2:23:
         69:73:f9:df:71:59:d9:fa:75:ed:6d:f8:c5:3f:a3:9a:99:0a:
         5f:2e:cd:c7:7f:e3:1c:22:8b:94:74:aa:e7:43:32:01:f5:24:
         41:e5:d4:9d:48:6c:4a:cf:47:97:ad:33:91:cb:3f:b0:45:f9:
         34:3d:ea:04:e9:51:b6:ae:14:70:e4:d8:c6:26:93:a2:d8:81:
         39:8b:d0:6f:bb:00:7a:da:ff:fd:36:86:a8:31:93:2f:7e:e1:
         9b:e0:72:9a:c8:60:fd:6f:c9:d3:64:50:81:18:aa:c6:26:60:
         a2:bc:12:81:e2:82:73:e0:4d:69:ce:a4:30:af:33:87:c1:96:
         2a:9f:59:a3:c7:28:a4:84:1a:2c:a3:8b:2d:16:98:2f:3d:1a:
         33:25:e4:82
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ3VmtyG5toyaD8IEZ2NzdB8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZWYxNDZkODVjMDlhYTU5Njg3ZmQ2MzE1YjEzMjcxYzFj
MjkyYWQwHhcNMjYwNDI4MTkzOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTMyNDM2Zjk2ZDk3MDhlN2IxOWY5MGMwYTI4OWQwNDFiODJjNWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5weQ6rWMiRpRmi/4xjdrWUeDqZi3
8xexIDRxzH/sgn/SfvrPtscCBY3vaLWg8GvZ380eSyaymF1VMyn00aTwwGGliG5x
Cby1SG339XY6MTr8HzC5MFpdaZHLG0vqFeqbdmYd4HvOBJQb3TLjImxUNVobBsgF
TaeaQs/MAWFXDZw9yFfTM5znREIkgBbhYlW9hvPQ72RIa8mFsxd1Q2uQaAQzkCxi
QDFBFCLWoEUx0moFrEPGEmPbz2VLl0uvBUPzg0XEMzo+OkELlMDOj/q+O/ybZYwW
yNZZyBaMnjyBCQW7n6DXqKX8Y65aMcg2iHgBdMYhMC8f/ksWQL2IZqhLbQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKkyQ2+W2XCOexn5DAoonQQbgsXDMB8GA1UdIwQY
MBaAFIzvFG2FwJqllof9YxWxMnHBwpKtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak84VWJZWEFtcVdXaF8xakZiRXljY0hDa3EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9hM2QyZWUtMTc0Yy00OGMzLWJkMjYt
N2ZhOWQ5NDAyNGYwLzEvcVRKRGI1YlpjSTU3R2ZrTUNpaWRCQnVDeGNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9hM2QyZWUtMTc0Yy00OGMzLWJkMjYtN2ZhOWQ5NDAyNGYw
LzEvak84VWJZWEFtcVdXaF8xakZiRXljY0hDa3EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBQst8MA8E
AgACMAkDBwAqCw5GAAEwDQYJKoZIhvcNAQELBQADggEBAGtUklLpbUNhGPrK2V9D
k+MnPRTAN0YGW4Ectmnl9J0BtgLNcEB4UYrwJFKsnWjb5y6nUj4TEjvVC6VKI3md
QsGpVFcxhmMQuoBkJcDjErPQl4k0WJNVAi3MuqbXTlH3Urysg9ZSGbh+8f/CI2lz
+d9xWdn6de1t+MU/o5qZCl8uzcd/4xwii5R0qudDMgH1JEHl1J1IbErPR5etM5HL
P7BF+TQ96gTpUbauFHDk2MYmk6LYgTmL0G+7AHra//02hqgxky9+4ZvgcprIYP1v
ydNkUIEYqsYmYKK8EoHignPgTWnOpDCvM4fBliqfWaPHKKSEGiyjiy0WmC89GjMl
5II=
-----END CERTIFICATE-----