Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/ec4769-eb6a-4c20-8bef-635726ccfdb0/1/Q03Wrr-4bRfsym1mVZ38VCx0Qzc.roa
File:                     Q03Wrr-4bRfsym1mVZ38VCx0Qzc.roa (raw, json)
Hash identifier:          QlIjxjh/GKAm5itGl6sVrB0RZN4x8cc0LZn3FPdxeAQ=
Subject key identifier:   43:4D:D6:AE:BF:B8:6D:17:EC:CA:6D:66:55:9D:FC:54:2C:74:43:37
Certificate issuer:       /CN=eff6f3a1ef7b46120ddea503b91140ea49f41282
Certificate serial:       019D919516B01B48DDD36F0619A06B581F6A
Authority key identifier: EF:F6:F3:A1:EF:7B:46:12:0D:DE:A5:03:B9:11:40:EA:49:F4:12:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7_bzoe97RhIN3qUDuRFA6kn0EoI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/ec4769-eb6a-4c20-8bef-635726ccfdb0/1/Q03Wrr-4bRfsym1mVZ38VCx0Qzc.roa
Signing time:             Wed 15 Apr 2026 14:39:20 +0000
ROA not before:           Wed 15 Apr 2026 14:39:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198892
IP address blocks:        153.56.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/ec4769-eb6a-4c20-8bef-635726ccfdb0/1/7_bzoe97RhIN3qUDuRFA6kn0EoI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/ec4769-eb6a-4c20-8bef-635726ccfdb0/1/7_bzoe97RhIN3qUDuRFA6kn0EoI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7_bzoe97RhIN3qUDuRFA6kn0EoI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:95:16:b0:1b:48:dd:d3:6f:06:19:a0:6b:58:1f:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eff6f3a1ef7b46120ddea503b91140ea49f41282
        Validity
            Not Before: Apr 15 14:39:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=434dd6aebfb86d17ecca6d66559dfc542c744337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:c0:62:ed:ba:88:42:4e:8b:a3:54:fb:2d:27:
                    f8:5a:7e:2b:06:a2:96:ab:e1:de:d0:20:b4:1c:07:
                    24:71:18:dd:5e:91:34:6e:ca:68:df:5a:e8:61:12:
                    2b:c9:f8:fe:5a:9c:50:c4:85:13:41:02:a9:7a:b9:
                    87:14:94:92:aa:d0:59:72:be:04:d6:33:27:6f:69:
                    fd:e5:40:13:0d:47:ac:0c:e8:20:0d:7f:6d:5a:04:
                    01:f0:a4:1b:ee:e2:06:db:01:31:db:0f:92:0d:dd:
                    76:ae:84:88:fc:5f:ea:4a:8d:a6:ed:c6:f8:bc:1c:
                    f2:8e:9a:c6:e1:2d:a8:df:72:97:6c:58:23:5a:b7:
                    f4:42:9f:ca:2d:72:d1:fa:91:2b:b4:8b:b6:eb:2c:
                    23:81:90:52:58:3e:58:45:c7:9c:48:23:97:5a:8f:
                    8d:5f:85:57:61:6d:00:ef:8e:b0:33:26:cc:19:f0:
                    54:14:a7:45:8e:7f:cb:80:93:ab:af:73:ea:a0:17:
                    c5:59:f8:31:55:bd:49:c3:14:8b:69:44:79:4c:17:
                    3b:27:bf:dc:14:4c:6f:c3:3d:09:57:a0:fd:1d:a5:
                    8c:ee:16:1a:7a:d8:61:76:7c:6d:1c:df:10:4f:47:
                    46:4e:0b:b9:c9:87:c8:93:1c:ef:d9:cc:cd:ce:0f:
                    3e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:4D:D6:AE:BF:B8:6D:17:EC:CA:6D:66:55:9D:FC:54:2C:74:43:37
            X509v3 Authority Key Identifier:
                keyid:EF:F6:F3:A1:EF:7B:46:12:0D:DE:A5:03:B9:11:40:EA:49:F4:12:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7_bzoe97RhIN3qUDuRFA6kn0EoI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/ec4769-eb6a-4c20-8bef-635726ccfdb0/1/Q03Wrr-4bRfsym1mVZ38VCx0Qzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/ec4769-eb6a-4c20-8bef-635726ccfdb0/1/7_bzoe97RhIN3qUDuRFA6kn0EoI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.56.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:9f:bb:ba:7a:40:7c:e9:bd:e8:c9:2d:5f:0e:47:84:98:c5:
         06:9d:10:1d:84:c5:69:3c:6a:25:de:c8:5f:48:b9:e4:90:b6:
         d7:43:03:2b:44:e5:34:b9:44:c1:9d:da:96:60:7c:9f:6e:da:
         61:5c:1c:dd:86:de:83:b2:80:96:a7:13:52:33:94:51:2e:75:
         f0:22:a3:c9:83:cb:37:3c:99:53:e7:f5:6f:00:54:c5:a5:1b:
         0e:da:ce:38:7d:b4:62:0b:6b:e8:5a:72:95:97:af:94:3a:4a:
         df:e5:9e:b8:91:44:cd:34:14:5d:f6:ea:47:52:1d:cd:d6:61:
         49:ca:06:bd:45:a8:7d:ac:1c:b2:53:25:8b:b0:9a:1b:37:ff:
         d5:b5:8f:34:5c:bc:e4:e4:9e:6a:ed:b9:2f:52:e1:44:45:b4:
         9f:da:a1:18:d9:89:49:24:5f:7a:a3:5b:6a:50:4b:40:89:5d:
         3d:d9:c8:2a:48:26:bb:19:32:dc:99:c8:e2:0d:44:b6:34:88:
         0f:2f:c7:e6:78:63:e9:6a:cb:d2:a0:e4:b9:08:56:a2:dd:4e:
         23:ef:e6:96:18:a1:78:e1:38:ce:39:71:11:f8:f7:f3:52:38:
         c0:94:57:2d:3c:78:3e:3a:fe:dd:e9:3e:f9:04:e7:14:18:d4:
         5c:59:08:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2RlRawG0jd028GGaBrWB9qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmZjZmM2ExZWY3YjQ2MTIwZGRlYTUwM2I5MTE0MGVhNDlm
NDEyODIwHhcNMjYwNDE1MTQzOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzRkZDZhZWJmYjg2ZDE3ZWNjYTZkNjY1NTlkZmM1NDJjNzQ0MzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0sBi7bqIQk6Lo1T7LSf4Wn4rBqKW
q+He0CC0HAckcRjdXpE0bspo31roYRIryfj+WpxQxIUTQQKpermHFJSSqtBZcr4E
1jMnb2n95UATDUesDOggDX9tWgQB8KQb7uIG2wEx2w+SDd12roSI/F/qSo2m7cb4
vBzyjprG4S2o33KXbFgjWrf0Qp/KLXLR+pErtIu26ywjgZBSWD5YRcecSCOXWo+N
X4VXYW0A746wMybMGfBUFKdFjn/LgJOrr3PqoBfFWfgxVb1JwxSLaUR5TBc7J7/c
FExvwz0JV6D9HaWM7hYaethhdnxtHN8QT0dGTgu5yYfIkxzv2czNzg8+tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENN1q6/uG0X7MptZlWd/FQsdEM3MB8GA1UdIwQY
MBaAFO/286Hve0YSDd6lA7kRQOpJ9BKCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN19iem9lOTdSaElOM3FVRHVSRkE2a24wRW9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lYzQ3NjktZWI2YS00YzIwLThiZWYt
NjM1NzI2Y2NmZGIwLzEvUTAzV3JyLTRiUmZzeW0xbVZaMzhWQ3gwUXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lYzQ3NjktZWI2YS00YzIwLThiZWYtNjM1NzI2Y2NmZGIw
LzEvN19iem9lOTdSaElOM3FVRHVSRkE2a24wRW9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmTiaMA0G
CSqGSIb3DQEBCwUAA4IBAQChn7u6ekB86b3oyS1fDkeEmMUGnRAdhMVpPGol3shf
SLnkkLbXQwMrROU0uUTBndqWYHyfbtphXBzdht6DsoCWpxNSM5RRLnXwIqPJg8s3
PJlT5/VvAFTFpRsO2s44fbRiC2voWnKVl6+UOkrf5Z64kUTNNBRd9upHUh3N1mFJ
yga9Rah9rByyUyWLsJobN//VtY80XLzk5J5q7bkvUuFERbSf2qEY2YlJJF96o1tq
UEtAiV092cgqSCa7GTLcmcjiDUS2NIgPL8fmeGPpasvSoOS5CFai3U4j7+aWGKF4
4TjOOXER+PfzUjjAlFctPHg+Ov7d6T75BOcUGNRcWQjP
-----END CERTIFICATE-----