Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/1-QZ5QX6tZmhmzxZXHuUL5oHNCBg.roa
File:                     1-QZ5QX6tZmhmzxZXHuUL5oHNCBg.roa (raw, json)
Hash identifier:          wAkCT4pki/s142AZPomCfPDcuTZDN7WfQUDeJjKJk/0=
Subject key identifier:   F9:06:79:41:7E:AD:66:68:66:CF:16:57:1E:E5:0B:E6:81:CD:08:18
Certificate issuer:       /CN=86170339c2bc664d600fa98b8061269d48e4f2c6
Certificate serial:       019CE438C26014F98C22033194F372DB4790
Authority key identifier: 86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/1-QZ5QX6tZmhmzxZXHuUL5oHNCBg.roa
Signing time:             Thu 12 Mar 2026 22:44:10 +0000
ROA not before:           Thu 12 Mar 2026 22:44:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211665
IP address blocks:        31.13.212.0/24 maxlen: 24
                          141.98.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 13:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e4:38:c2:60:14:f9:8c:22:03:31:94:f3:72:db:47:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86170339c2bc664d600fa98b8061269d48e4f2c6
        Validity
            Not Before: Mar 12 22:44:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f90679417ead666866cf16571ee50be681cd0818
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:2f:fd:05:00:22:07:36:c9:28:66:89:df:f4:
                    c3:6e:7c:dc:17:36:82:05:53:f8:75:1b:a2:57:0a:
                    7e:99:15:1d:ae:23:c6:57:69:35:1d:c9:6c:28:aa:
                    58:d7:f4:08:43:fc:a2:ea:48:4a:4b:59:9d:2f:9b:
                    59:e5:31:3b:d3:40:27:04:8c:cd:f1:c0:2c:f1:20:
                    4b:d3:c7:de:1f:3e:e1:45:bc:c9:b0:d8:d0:4b:78:
                    d9:87:3b:c1:0e:ca:10:9c:98:f2:68:d5:40:9e:b0:
                    de:5b:51:bd:57:91:ca:2f:ee:45:fc:5c:83:f4:35:
                    19:d7:2f:7e:fd:cb:9c:02:e4:4a:73:3a:ba:de:ac:
                    5d:77:81:66:c0:76:e7:44:96:ab:ad:96:7f:53:ac:
                    bd:69:07:8d:03:06:48:42:6e:c5:0d:7c:63:0e:80:
                    d8:43:99:60:3d:ac:01:9b:61:13:49:64:47:e7:2d:
                    2f:b0:0e:fd:ef:ee:56:01:57:81:7f:7c:33:c9:64:
                    d7:19:1a:a4:3a:51:17:c9:70:4f:0d:b2:7a:9c:b0:
                    f6:b5:08:52:fc:b2:ef:69:0d:c6:00:d9:0b:4c:ca:
                    51:bf:bc:aa:1e:a2:9f:b9:c4:23:11:b6:08:22:c7:
                    1c:c2:02:00:18:b8:16:b4:ab:3d:ce:0b:96:ba:6c:
                    1e:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:06:79:41:7E:AD:66:68:66:CF:16:57:1E:E5:0B:E6:81:CD:08:18
            X509v3 Authority Key Identifier:
                keyid:86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/1-QZ5QX6tZmhmzxZXHuUL5oHNCBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.212.0/24
                  141.98.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:c8:2a:74:a2:a5:1b:ec:70:13:36:d0:9f:53:45:03:32:d2:
         55:83:ca:64:08:07:e7:e4:3d:91:e9:d6:12:2e:3f:19:9a:cc:
         24:30:52:e8:5c:cf:d5:b5:7a:c3:34:45:07:f5:bf:d0:0f:9c:
         06:ce:cd:cf:95:57:17:ad:18:10:09:51:94:9b:fb:d0:53:ac:
         38:57:ca:c9:b1:7a:5d:d5:16:6b:06:7d:25:5a:9d:fb:8d:76:
         b1:93:a9:ee:51:0e:7f:45:0c:17:2e:4d:46:d7:01:87:ee:2b:
         62:fc:d4:5a:3e:95:7e:a9:8e:15:fa:7f:07:d2:bb:bb:7f:89:
         1c:2d:50:0b:13:28:3c:8d:e1:70:5c:aa:3d:b1:3d:ae:4a:df:
         46:f3:d4:d9:a8:10:57:b4:be:f2:17:f9:96:e7:31:91:58:b7:
         67:c1:b9:3f:2f:b0:6c:eb:fa:f9:94:99:91:e5:d6:59:27:10:
         f6:22:27:2b:08:d9:dd:15:e0:c3:48:ad:ac:e6:77:b2:5f:8a:
         c7:4f:d8:ab:50:3b:bb:07:87:1a:7b:d5:ed:81:b4:28:fb:12:
         e0:40:80:e2:07:68:aa:cf:80:a5:28:24:70:76:7f:d2:5c:dc:
         8f:f0:97:f5:17:8a:a9:1d:4c:f6:8e:ce:e1:cf:81:1c:73:6f:
         f8:c5:2f:e1
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZzkOMJgFPmMIgMxlPNy20eQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MTcwMzM5YzJiYzY2NGQ2MDBmYTk4YjgwNjEyNjlkNDhl
NGYyYzYwHhcNMjYwMzEyMjI0NDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTA2Nzk0MTdlYWQ2NjY4NjZjZjE2NTcxZWU1MGJlNjgxY2QwODE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0i/9BQAiBzbJKGaJ3/TDbnzcFzaC
BVP4dRuiVwp+mRUdriPGV2k1HclsKKpY1/QIQ/yi6khKS1mdL5tZ5TE700AnBIzN
8cAs8SBL08feHz7hRbzJsNjQS3jZhzvBDsoQnJjyaNVAnrDeW1G9V5HKL+5F/FyD
9DUZ1y9+/cucAuRKczq63qxdd4FmwHbnRJarrZZ/U6y9aQeNAwZIQm7FDXxjDoDY
Q5lgPawBm2ETSWRH5y0vsA797+5WAVeBf3wzyWTXGRqkOlEXyXBPDbJ6nLD2tQhS
/LLvaQ3GANkLTMpRv7yqHqKfucQjEbYIIsccwgIAGLgWtKs9zguWumweHwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPkGeUF+rWZoZs8WVx7lC+aBzQgYMB8GA1UdIwQY
MBaAFIYXAznCvGZNYA+pi4BhJp1I5PLGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMt
NzRkOTFjZGJlMTk1LzEvMS1RWjVRWDZ0Wm1obXp4WlhIdVVMNW9ITkNCZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDcvYzk4YWEzLTBlMGMtNGQ5Ny05YmMzLTc0ZDkxY2RiZTE5
NS8xL2hoY0RPY0s4WmsxZ0Q2bUxnR0VtblVqazhzWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAB8N1AME
AI1iATANBgkqhkiG9w0BAQsFAAOCAQEAScgqdKKlG+xwEzbQn1NFAzLSVYPKZAgH
5+Q9kenWEi4/GZrMJDBS6FzP1bV6wzRFB/W/0A+cBs7Nz5VXF60YEAlRlJv70FOs
OFfKybF6XdUWawZ9JVqd+412sZOp7lEOf0UMFy5NRtcBh+4rYvzUWj6VfqmOFfp/
B9K7u3+JHC1QCxMoPI3hcFyqPbE9rkrfRvPU2agQV7S+8hf5lucxkVi3Z8G5Py+w
bOv6+ZSZkeXWWScQ9iInKwjZ3RXgw0itrOZ3sl+Kx0/Yq1A7uweHGnvV7YG0KPsS
4ECA4gdoqs+ApSgkcHZ/0lzcj/CX9ReKqR1M9o7O4c+BHHNv+MUv4Q==
-----END CERTIFICATE-----