Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/1QeTNjG1Dfkc8SWoA6hDqdCoE0M.roa
File:                     1QeTNjG1Dfkc8SWoA6hDqdCoE0M.roa (raw, json)
Hash identifier:          TI7MVpkcT7thY/M8gEUna2Z6lXeVC6lOhkda9yw/ECs=
Subject key identifier:   D5:07:93:36:31:B5:0D:F9:1C:F1:25:A8:03:A8:43:A9:D0:A8:13:43
Certificate issuer:       /CN=db1d6eba463b7564abfae938b46ed47187de0ec0
Certificate serial:       019CD72C0073FA2255BCB35883B8D379D943
Authority key identifier: DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/1QeTNjG1Dfkc8SWoA6hDqdCoE0M.roa
Signing time:             Tue 10 Mar 2026 09:55:10 +0000
ROA not before:           Tue 10 Mar 2026 09:55:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201670
IP address blocks:        132.243.164.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d7:2c:00:73:fa:22:55:bc:b3:58:83:b8:d3:79:d9:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db1d6eba463b7564abfae938b46ed47187de0ec0
        Validity
            Not Before: Mar 10 09:55:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d507933631b50df91cf125a803a843a9d0a81343
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:26:c6:0f:97:da:2d:64:ba:a6:9e:50:b1:3f:
                    7a:52:7c:32:77:14:67:f1:9d:44:11:77:ce:61:2d:
                    90:53:9a:2e:90:cd:fb:b5:af:e2:f9:86:a5:d6:5f:
                    e1:80:57:d8:4b:f2:3c:b4:23:5e:d8:7f:56:4f:29:
                    6c:de:a4:64:10:ca:c8:c2:09:ac:5a:2c:d5:92:3c:
                    4a:a1:3a:c8:a6:60:ea:61:f6:25:d7:60:2b:3f:79:
                    b7:ac:df:ab:09:77:17:fe:1b:10:cf:1e:3a:22:5e:
                    5d:3b:23:60:a9:48:6a:b3:fa:02:b5:16:63:06:a5:
                    0a:59:2a:29:65:c8:83:43:c4:3e:a1:21:0e:88:12:
                    23:cd:0b:96:c8:10:1f:fe:6c:f6:8a:87:a3:96:58:
                    b4:c7:92:4b:22:24:dd:38:13:98:2b:d2:24:69:c3:
                    18:77:c0:b8:96:87:9c:8d:bf:0f:95:7f:57:e0:6e:
                    2e:3c:0f:10:27:9c:09:0c:83:cb:e8:0a:0f:c3:81:
                    d3:7d:04:a7:0b:5e:e6:a1:86:f0:a0:bc:50:3b:7c:
                    fc:66:1c:68:09:22:ec:7c:56:6d:e2:98:b4:b4:7e:
                    28:c1:9a:1e:73:0c:4f:f4:de:cd:14:6e:be:f9:31:
                    4d:49:3d:82:ed:1b:98:7f:90:77:bf:71:71:6a:f9:
                    fb:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:07:93:36:31:B5:0D:F9:1C:F1:25:A8:03:A8:43:A9:D0:A8:13:43
            X509v3 Authority Key Identifier:
                keyid:DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/1QeTNjG1Dfkc8SWoA6hDqdCoE0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.243.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:38:0d:b1:42:3c:c1:d0:55:84:77:44:fa:a6:09:0d:c9:f9:
         a9:78:41:ce:6c:3e:1c:c3:35:3c:66:6c:01:f6:b3:52:f4:92:
         cc:06:24:57:9f:1d:a4:28:5a:20:d7:1e:8b:72:b5:12:90:86:
         3c:a1:d9:42:60:26:33:b7:72:3b:d9:ac:60:88:d5:06:c5:8b:
         ed:d4:17:af:34:d4:0a:50:65:83:df:27:b4:99:b5:d9:ff:b5:
         99:1f:a8:54:0d:dd:dd:90:6a:de:6e:40:22:d4:0a:15:b0:24:
         e7:40:44:ad:0f:de:db:43:df:fb:8c:1d:64:0a:f5:82:3e:6e:
         34:b8:8f:23:22:6b:1d:c6:76:38:02:f8:26:e2:ac:13:72:b2:
         fa:20:a2:72:d2:b6:74:f9:1e:36:34:d9:b4:0e:c5:b4:41:31:
         01:b4:3e:ae:02:1b:9a:5f:4e:81:2c:ce:06:29:e4:7e:4d:aa:
         7c:85:e3:de:2b:dc:26:ca:d6:f2:6b:bd:51:d0:39:fc:2d:3b:
         65:78:56:30:4b:9d:26:05:9e:ec:5e:e7:e4:73:64:00:92:b5:
         09:0a:06:c2:4d:78:4a:78:53:98:dc:5f:2b:f3:85:f5:f6:91:
         40:f3:7e:87:4d:f0:c5:95:85:11:cb:c5:8a:2a:8d:3a:5f:ed:
         d9:35:ac:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzXLABz+iJVvLNYg7jTedlDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMWQ2ZWJhNDYzYjc1NjRhYmZhZTkzOGI0NmVkNDcxODdk
ZTBlYzAwHhcNMjYwMzEwMDk1NTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTA3OTMzNjMxYjUwZGY5MWNmMTI1YTgwM2E4NDNhOWQwYTgxMzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCbGD5faLWS6pp5QsT96UnwydxRn
8Z1EEXfOYS2QU5oukM37ta/i+Yal1l/hgFfYS/I8tCNe2H9WTyls3qRkEMrIwgms
WizVkjxKoTrIpmDqYfYl12ArP3m3rN+rCXcX/hsQzx46Il5dOyNgqUhqs/oCtRZj
BqUKWSopZciDQ8Q+oSEOiBIjzQuWyBAf/mz2ioejlli0x5JLIiTdOBOYK9IkacMY
d8C4loecjb8PlX9X4G4uPA8QJ5wJDIPL6AoPw4HTfQSnC17moYbwoLxQO3z8Zhxo
CSLsfFZt4pi0tH4owZoecwxP9N7NFG6++TFNST2C7RuYf5B3v3Fxavn7twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUHkzYxtQ35HPElqAOoQ6nQqBNDMB8GA1UdIwQY
MBaAFNsdbrpGO3Vkq/rpOLRu1HGH3g7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAt
NmYyY2Y0ZjAzY2ViLzEvMVFlVE5qRzFEZmtjOFNXb0E2aERxZENvRTBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAtNmYyY2Y0ZjAzY2Vi
LzEvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBhPOkMA0G
CSqGSIb3DQEBCwUAA4IBAQCROA2xQjzB0FWEd0T6pgkNyfmpeEHObD4cwzU8ZmwB
9rNS9JLMBiRXnx2kKFog1x6LcrUSkIY8odlCYCYzt3I72axgiNUGxYvt1BevNNQK
UGWD3ye0mbXZ/7WZH6hUDd3dkGrebkAi1AoVsCTnQEStD97bQ9/7jB1kCvWCPm40
uI8jImsdxnY4Avgm4qwTcrL6IKJy0rZ0+R42NNm0DsW0QTEBtD6uAhuaX06BLM4G
KeR+Tap8hePeK9wmytbya71R0Dn8LTtleFYwS50mBZ7sXufkc2QAkrUJCgbCTXhK
eFOY3F8r84X19pFA836HTfDFlYURy8WKKo06X+3ZNazE
-----END CERTIFICATE-----