Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/Q7sGk7ECwFV3meUPYImkro5mZn8.roa
File:                     Q7sGk7ECwFV3meUPYImkro5mZn8.roa (raw, json)
Hash identifier:          yPT2eaBvSLQfJfLB4jWSat0V9vFdL71JwO3EoW7qPCQ=
Subject key identifier:   43:BB:06:93:B1:02:C0:55:77:99:E5:0F:60:89:A4:AE:8E:66:66:7F
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       019CC3923E925B9BE2AA601704E54E0C56C1
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/Q7sGk7ECwFV3meUPYImkro5mZn8.roa
Signing time:             Fri 06 Mar 2026 14:34:27 +0000
ROA not before:           Fri 06 Mar 2026 14:34:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211440
IP address blocks:        45.95.224.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c3:92:3e:92:5b:9b:e2:aa:60:17:04:e5:4e:0c:56:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: Mar  6 14:34:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43bb0693b102c0557799e50f6089a4ae8e66667f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:0e:f0:8a:48:73:b1:9b:2c:0a:fb:15:75:e7:
                    67:41:62:ed:57:84:9b:a7:33:54:5f:9b:85:b3:9c:
                    3d:89:94:5e:a8:dc:0d:e2:1a:3b:52:d7:33:0b:b8:
                    04:c7:c7:78:70:63:9e:d9:e0:f3:6d:2b:be:04:60:
                    17:c5:fc:71:08:2e:0d:e7:ea:1a:52:aa:03:b2:c7:
                    07:09:ce:0a:70:58:7a:2c:99:a5:10:01:b9:31:e8:
                    c4:26:41:bf:08:f0:2a:a8:a2:1b:2e:8e:98:24:a7:
                    68:db:51:34:e7:50:d5:fd:5c:f6:7e:a3:af:53:e7:
                    c0:65:0a:b7:e5:7c:d6:a7:96:80:1a:2f:8d:c6:ba:
                    2e:62:a3:fa:ed:af:be:46:65:50:b4:53:62:b8:65:
                    33:da:c8:d8:d2:c3:96:65:e2:c3:70:97:b0:4c:f3:
                    5b:fe:cd:44:74:9d:e5:7a:7c:15:92:5d:d8:8f:0b:
                    f3:4d:d5:7b:72:1b:24:a5:be:20:7d:28:b8:2f:43:
                    cb:a0:63:15:fc:fe:69:99:68:05:5e:d1:bf:d4:73:
                    5f:99:08:7f:3c:cf:b1:4f:f3:f8:15:c7:c6:aa:0d:
                    4e:f2:e7:f5:57:c2:fa:ae:28:c1:d0:a0:1a:81:5d:
                    6c:29:3f:68:18:00:ec:58:90:be:0d:5d:89:74:d2:
                    39:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:BB:06:93:B1:02:C0:55:77:99:E5:0F:60:89:A4:AE:8E:66:66:7F
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/Q7sGk7ECwFV3meUPYImkro5mZn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:ff:d5:43:a0:a8:c3:34:b2:c9:45:ae:7c:92:c2:d9:60:46:
         fe:6e:57:38:88:75:83:fc:cc:0a:68:c9:bb:cf:75:8d:e1:f1:
         bc:9e:08:89:d5:2d:ce:2d:11:9f:be:5b:6d:74:69:d9:78:bf:
         93:97:ab:60:60:0d:42:ac:94:43:d5:52:e8:f6:6f:07:0a:fa:
         f0:9c:fa:48:8d:88:bf:fe:db:83:59:3f:05:28:6a:b3:8d:2b:
         2b:e9:2b:f5:74:c4:af:06:7e:45:17:df:d5:da:4e:59:b0:d1:
         64:a0:56:65:0a:38:66:ad:7d:5f:1e:e9:ba:22:f4:59:4c:66:
         23:a0:9d:a2:49:d1:2d:b8:6d:00:fd:c3:5c:37:cb:ae:e6:4c:
         56:9f:32:6e:c1:08:df:4b:41:90:1b:88:be:f5:d6:82:a7:d6:
         78:15:83:68:fe:44:0c:33:e5:b9:e5:6c:16:dd:3f:80:aa:c7:
         72:b1:12:7f:dd:f3:aa:35:b9:e2:22:e0:7d:8d:e3:b3:73:af:
         ba:55:a7:a2:61:29:1b:6f:d7:f1:6f:2a:3f:fe:e1:78:76:a0:
         97:d3:78:f2:5e:3f:2c:f9:37:ca:62:a3:df:f7:72:83:da:ad:
         37:89:8d:f4:f7:7f:62:ed:ce:e9:36:a4:ff:c6:a3:77:97:f8:
         f1:3f:ca:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzDkj6SW5viqmAXBOVODFbBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjYwMzA2MTQzNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2JiMDY5M2IxMDJjMDU1Nzc5OWU1MGY2MDg5YTRhZThlNjY2NjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQ7wikhzsZssCvsVdednQWLtV4Sb
pzNUX5uFs5w9iZReqNwN4ho7UtczC7gEx8d4cGOe2eDzbSu+BGAXxfxxCC4N5+oa
UqoDsscHCc4KcFh6LJmlEAG5MejEJkG/CPAqqKIbLo6YJKdo21E051DV/Vz2fqOv
U+fAZQq35XzWp5aAGi+NxrouYqP67a++RmVQtFNiuGUz2sjY0sOWZeLDcJewTPNb
/s1EdJ3lenwVkl3YjwvzTdV7chskpb4gfSi4L0PLoGMV/P5pmWgFXtG/1HNfmQh/
PM+xT/P4FcfGqg1O8uf1V8L6rijB0KAagV1sKT9oGADsWJC+DV2JdNI5swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEO7BpOxAsBVd5nlD2CJpK6OZmZ/MB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvUTdzR2s3RUN3RlYzbWVVUFlJbWtybzVtWm44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLV/gMA0G
CSqGSIb3DQEBCwUAA4IBAQAl/9VDoKjDNLLJRa58ksLZYEb+blc4iHWD/MwKaMm7
z3WN4fG8ngiJ1S3OLRGfvlttdGnZeL+Tl6tgYA1CrJRD1VLo9m8HCvrwnPpIjYi/
/tuDWT8FKGqzjSsr6Sv1dMSvBn5FF9/V2k5ZsNFkoFZlCjhmrX1fHum6IvRZTGYj
oJ2iSdEtuG0A/cNcN8uu5kxWnzJuwQjfS0GQG4i+9daCp9Z4FYNo/kQMM+W55WwW
3T+AqsdysRJ/3fOqNbniIuB9jeOzc6+6VaeiYSkbb9fxbyo//uF4dqCX03jyXj8s
+TfKYqPf93KD2q03iY30939i7c7pNqT/xqN3l/jxP8rW
-----END CERTIFICATE-----