Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/42bed4-44d7-480b-bbda-16ab5746ef4e/1/D3QWsZD5slBszZssssGu-y6SPDY.roa
File:                     D3QWsZD5slBszZssssGu-y6SPDY.roa (raw, json)
Hash identifier:          m5arG3sgwaeIurzLGruOIuKyUYJet4zIQQosgeemCIc=
Subject key identifier:   0F:74:16:B1:90:F9:B2:50:6C:CD:9B:2C:B2:C1:AE:FB:2E:92:3C:36
Certificate issuer:       /CN=aad4f53b213fd5f6e46dd3ee3b7e9d287fc91732
Certificate serial:       019B7A5B031868858A3623AF09815AA4A1AF
Authority key identifier: AA:D4:F5:3B:21:3F:D5:F6:E4:6D:D3:EE:3B:7E:9D:28:7F:C9:17:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qtT1OyE_1fbkbdPuO36dKH_JFzI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/42bed4-44d7-480b-bbda-16ab5746ef4e/1/D3QWsZD5slBszZssssGu-y6SPDY.roa
Signing time:             Thu 01 Jan 2026 16:19:03 +0000
ROA not before:           Thu 01 Jan 2026 16:19:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215906
IP address blocks:        176.118.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/42bed4-44d7-480b-bbda-16ab5746ef4e/1/qtT1OyE_1fbkbdPuO36dKH_JFzI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/42bed4-44d7-480b-bbda-16ab5746ef4e/1/qtT1OyE_1fbkbdPuO36dKH_JFzI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qtT1OyE_1fbkbdPuO36dKH_JFzI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:03:18:68:85:8a:36:23:af:09:81:5a:a4:a1:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aad4f53b213fd5f6e46dd3ee3b7e9d287fc91732
        Validity
            Not Before: Jan  1 16:19:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0f7416b190f9b2506ccd9b2cb2c1aefb2e923c36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:11:3b:ec:44:98:26:27:33:a7:4d:68:1c:da:
                    3c:10:8b:20:82:b2:15:f8:15:03:91:c9:5f:33:e0:
                    bd:9d:58:d5:39:ba:cb:9c:7f:3d:0e:e6:52:2a:c5:
                    54:79:17:14:f9:c1:56:19:c3:47:f7:1c:f1:2e:83:
                    57:1b:e0:62:e3:be:16:f5:00:17:b0:46:b1:01:f8:
                    67:b4:17:de:68:a3:42:58:dc:f7:4b:dc:c7:aa:53:
                    15:10:d4:51:26:26:03:7f:99:8b:a3:cf:08:26:3a:
                    4d:ae:36:71:cf:b3:9d:c7:96:89:0a:02:39:20:2e:
                    86:49:b0:66:60:84:f2:8d:1e:40:28:c4:fe:56:ac:
                    ac:89:d8:36:0a:ba:09:d3:db:c3:b1:68:6c:7a:42:
                    de:1d:6b:95:15:a3:9d:fd:df:0b:75:41:b2:d9:97:
                    4a:71:f2:fc:36:80:8b:0d:ec:e8:fa:e0:83:4a:70:
                    f8:16:27:de:8c:92:9c:2c:1e:52:21:34:fa:05:ce:
                    1b:9f:e4:46:cc:57:8e:90:a0:8a:88:37:f9:82:ca:
                    7f:9b:f3:af:47:04:40:b3:14:07:16:54:ba:f8:ab:
                    73:9b:72:69:f4:fa:43:c3:b1:e2:ae:b9:9d:10:eb:
                    ac:18:87:1c:2c:8a:91:9a:fa:19:4c:6a:b7:ed:78:
                    92:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:74:16:B1:90:F9:B2:50:6C:CD:9B:2C:B2:C1:AE:FB:2E:92:3C:36
            X509v3 Authority Key Identifier:
                keyid:AA:D4:F5:3B:21:3F:D5:F6:E4:6D:D3:EE:3B:7E:9D:28:7F:C9:17:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qtT1OyE_1fbkbdPuO36dKH_JFzI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/42bed4-44d7-480b-bbda-16ab5746ef4e/1/D3QWsZD5slBszZssssGu-y6SPDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/42bed4-44d7-480b-bbda-16ab5746ef4e/1/qtT1OyE_1fbkbdPuO36dKH_JFzI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.118.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:fa:ef:c5:9a:65:30:1b:26:50:67:fa:80:b8:6a:ca:ea:12:
         61:51:b6:cf:2b:89:1d:62:c3:a0:da:69:df:5a:b1:f1:d3:0b:
         f1:c2:7e:48:bb:2f:69:4a:38:9c:f5:7a:04:11:ce:00:42:f5:
         32:30:8c:96:d0:a1:92:b7:b0:93:54:c5:03:e8:79:ea:95:8d:
         a2:cb:94:dd:97:53:c8:c5:89:83:d5:55:f1:c0:c3:4d:f1:19:
         64:6d:e6:56:63:77:25:9e:2a:f2:65:ca:2a:5d:59:01:77:68:
         5a:7f:bc:76:84:b0:e3:29:1b:89:16:ac:0e:2d:45:2c:fe:d8:
         e8:ed:68:28:14:df:78:e7:6b:3b:5f:30:0b:17:1c:c3:22:7e:
         e0:31:95:cd:55:af:e8:47:75:ba:67:0c:49:07:27:d6:4d:58:
         7f:41:7a:0b:35:bb:1e:80:9f:91:33:70:47:2a:8d:02:50:ab:
         5e:a2:01:11:b9:2a:3c:8e:17:fb:c4:2c:97:b9:4c:ca:44:9c:
         39:cf:85:b2:bc:27:6d:70:b1:a0:43:80:ca:53:ef:c9:0b:42:
         c5:28:b0:cb:b8:e9:24:6d:f8:77:53:18:20:24:79:37:ce:47:
         6b:46:4b:9a:4f:5e:d9:6d:e5:bc:cc:a1:fd:22:67:ef:28:0e:
         6c:07:7b:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WwMYaIWKNiOvCYFapKGvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZDRmNTNiMjEzZmQ1ZjZlNDZkZDNlZTNiN2U5ZDI4N2Zj
OTE3MzIwHhcNMjYwMTAxMTYxOTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjc0MTZiMTkwZjliMjUwNmNjZDliMmNiMmMxYWVmYjJlOTIzYzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBE77ESYJiczp01oHNo8EIsggrIV
+BUDkclfM+C9nVjVObrLnH89DuZSKsVUeRcU+cFWGcNH9xzxLoNXG+Bi474W9QAX
sEaxAfhntBfeaKNCWNz3S9zHqlMVENRRJiYDf5mLo88IJjpNrjZxz7Odx5aJCgI5
IC6GSbBmYITyjR5AKMT+Vqysidg2CroJ09vDsWhsekLeHWuVFaOd/d8LdUGy2ZdK
cfL8NoCLDezo+uCDSnD4FifejJKcLB5SITT6Bc4bn+RGzFeOkKCKiDf5gsp/m/Ov
RwRAsxQHFlS6+Ktzm3Jp9PpDw7HirrmdEOusGIccLIqRmvoZTGq37XiS4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA90FrGQ+bJQbM2bLLLBrvsukjw2MB8GA1UdIwQY
MBaAFKrU9TshP9X25G3T7jt+nSh/yRcyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXRUMU95RV8xZmJrYmRQdU8zNmRLSF9KRnpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS80MmJlZDQtNDRkNy00ODBiLWJiZGEt
MTZhYjU3NDZlZjRlLzEvRDNRV3NaRDVzbEJzelpzc3NzR3UteTZTUERZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS80MmJlZDQtNDRkNy00ODBiLWJiZGEtMTZhYjU3NDZlZjRl
LzEvcXRUMU95RV8xZmJrYmRQdU8zNmRLSF9KRnpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHazMA0G
CSqGSIb3DQEBCwUAA4IBAQAF+u/FmmUwGyZQZ/qAuGrK6hJhUbbPK4kdYsOg2mnf
WrHx0wvxwn5Iuy9pSjic9XoEEc4AQvUyMIyW0KGSt7CTVMUD6HnqlY2iy5Tdl1PI
xYmD1VXxwMNN8RlkbeZWY3clniryZcoqXVkBd2haf7x2hLDjKRuJFqwOLUUs/tjo
7WgoFN9452s7XzALFxzDIn7gMZXNVa/oR3W6ZwxJByfWTVh/QXoLNbsegJ+RM3BH
Ko0CUKteogERuSo8jhf7xCyXuUzKRJw5z4WyvCdtcLGgQ4DKU+/JC0LFKLDLuOkk
bfh3UxggJHk3zkdrRkuaT17ZbeW8zKH9ImfvKA5sB3sC
-----END CERTIFICATE-----