Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/625ad6-ce2b-4314-ac78-aa5aa6d74b4e/1/Qr6lJM203NhFGKZShnscSCdGFno.roa
File:                     Qr6lJM203NhFGKZShnscSCdGFno.roa (raw, json)
Hash identifier:          jbJSkdqG0TP7acpwCoEzRW1DcU+dJ+gbIy2PJggIZmM=
Subject key identifier:   42:BE:A5:24:CD:B4:DC:D8:45:18:A6:52:86:7B:1C:48:27:46:16:7A
Certificate issuer:       /CN=82daa65007083ecca59128fd5f031d35032b5749
Certificate serial:       019E01D75E8C7EBCD44D61BDE57898C781EA
Authority key identifier: 82:DA:A6:50:07:08:3E:CC:A5:91:28:FD:5F:03:1D:35:03:2B:57:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gtqmUAcIPsylkSj9XwMdNQMrV0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/625ad6-ce2b-4314-ac78-aa5aa6d74b4e/1/Qr6lJM203NhFGKZShnscSCdGFno.roa
Signing time:             Thu 07 May 2026 09:49:12 +0000
ROA not before:           Thu 07 May 2026 09:49:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197858
IP address blocks:        2a03:bb00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/625ad6-ce2b-4314-ac78-aa5aa6d74b4e/1/gtqmUAcIPsylkSj9XwMdNQMrV0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/625ad6-ce2b-4314-ac78-aa5aa6d74b4e/1/gtqmUAcIPsylkSj9XwMdNQMrV0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gtqmUAcIPsylkSj9XwMdNQMrV0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:01:d7:5e:8c:7e:bc:d4:4d:61:bd:e5:78:98:c7:81:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82daa65007083ecca59128fd5f031d35032b5749
        Validity
            Not Before: May  7 09:49:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=42bea524cdb4dcd84518a652867b1c482746167a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:dc:34:00:08:31:a5:00:6d:46:00:9c:5f:ca:
                    ad:ba:b6:43:24:bd:fd:20:20:c1:b4:3e:e1:46:ed:
                    9c:49:fe:41:af:01:7a:d9:ca:ab:e9:20:02:35:d0:
                    58:71:a7:88:6b:16:c6:56:02:ff:9a:f0:9d:de:1a:
                    1d:f7:7f:30:9f:7b:d8:02:8f:16:e5:6a:84:db:cb:
                    5e:50:3d:16:4d:0f:02:aa:7d:f2:ee:e3:99:87:06:
                    35:78:68:54:07:bb:cf:1d:13:83:ae:4c:0e:e3:5a:
                    0a:b8:f9:a0:86:69:29:56:9b:28:ed:ff:fe:96:ea:
                    04:87:48:3b:7e:65:40:52:a7:6b:a9:c1:ef:1b:21:
                    c1:ff:5e:07:25:8d:31:d8:fa:37:f9:06:cd:4e:43:
                    8e:e3:f0:46:fb:83:b1:1e:90:3a:4d:cf:5e:57:ce:
                    b7:4f:41:91:83:f7:1b:6a:87:fa:c7:16:50:f9:b3:
                    81:d3:ab:70:41:e0:26:04:fc:21:03:90:d4:4d:0b:
                    f5:60:21:6f:a0:d9:f5:5f:a9:5f:d0:15:6b:01:c1:
                    46:b2:11:96:88:e9:5e:57:f3:6e:18:dc:3a:7a:14:
                    11:0b:48:c2:00:dc:89:c5:70:63:fc:88:92:69:ec:
                    73:ba:d3:2b:bb:69:bd:06:ec:07:90:11:40:44:b8:
                    b7:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:BE:A5:24:CD:B4:DC:D8:45:18:A6:52:86:7B:1C:48:27:46:16:7A
            X509v3 Authority Key Identifier:
                keyid:82:DA:A6:50:07:08:3E:CC:A5:91:28:FD:5F:03:1D:35:03:2B:57:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gtqmUAcIPsylkSj9XwMdNQMrV0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/625ad6-ce2b-4314-ac78-aa5aa6d74b4e/1/Qr6lJM203NhFGKZShnscSCdGFno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/625ad6-ce2b-4314-ac78-aa5aa6d74b4e/1/gtqmUAcIPsylkSj9XwMdNQMrV0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:bb00::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:d3:2c:0d:c0:2e:3d:eb:84:cb:d2:d0:38:24:89:77:d3:22:
         66:d7:d6:d2:df:1d:55:eb:d5:18:97:6e:d9:4b:76:ef:07:e0:
         f1:ab:4c:fb:2f:18:a5:1b:4f:f3:11:87:0c:bc:d7:7b:b4:bb:
         f0:75:18:97:dc:ce:60:3b:7c:55:ef:f2:5e:21:5d:d9:d2:12:
         f4:d9:25:2f:5a:5c:2b:b6:dc:2f:55:ad:16:8b:b8:18:d9:c4:
         fa:71:d9:2a:2e:c9:c6:cb:0a:9d:cd:39:b0:a2:8f:58:3f:8b:
         f6:07:e4:03:19:d0:49:42:46:67:b6:5f:9b:37:fb:8b:bf:6a:
         2b:2d:cb:3b:fd:53:3e:57:f3:74:cf:cd:fc:d9:25:d4:6c:61:
         08:d9:00:00:8e:77:a7:4e:e6:46:8e:a4:d2:37:af:4f:7f:a8:
         86:a0:26:d7:f0:6c:90:b8:f0:3a:92:af:17:69:b4:be:39:7f:
         40:d7:c1:6b:37:b0:55:5f:04:1a:bb:05:b9:ce:4b:2f:70:2f:
         f7:67:32:73:d6:6f:05:72:e7:0b:ef:61:b1:12:af:a3:35:58:
         80:32:7a:9c:4b:4f:57:40:80:fb:c8:9b:9f:11:15:e7:c5:85:
         6d:77:7b:0b:9b:21:b4:36:d6:2b:5f:45:f8:b4:ff:8d:c1:fa:
         2a:60:fa:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ4B116MfrzUTWG95XiYx4HqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyZGFhNjUwMDcwODNlY2NhNTkxMjhmZDVmMDMxZDM1MDMy
YjU3NDkwHhcNMjYwNTA3MDk0OTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmJlYTUyNGNkYjRkY2Q4NDUxOGE2NTI4NjdiMWM0ODI3NDYxNjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtw0AAgxpQBtRgCcX8qturZDJL39
ICDBtD7hRu2cSf5BrwF62cqr6SACNdBYcaeIaxbGVgL/mvCd3hod938wn3vYAo8W
5WqE28teUD0WTQ8Cqn3y7uOZhwY1eGhUB7vPHRODrkwO41oKuPmghmkpVpso7f/+
luoEh0g7fmVAUqdrqcHvGyHB/14HJY0x2Po3+QbNTkOO4/BG+4OxHpA6Tc9eV863
T0GRg/cbaof6xxZQ+bOB06twQeAmBPwhA5DUTQv1YCFvoNn1X6lf0BVrAcFGshGW
iOleV/NuGNw6ehQRC0jCANyJxXBj/IiSaexzutMru2m9BuwHkBFARLi3zQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEK+pSTNtNzYRRimUoZ7HEgnRhZ6MB8GA1UdIwQY
MBaAFILaplAHCD7MpZEo/V8DHTUDK1dJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3RxbVVBY0lQc3lsa1NqOVh3TWROUU1yVjBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi82MjVhZDYtY2UyYi00MzE0LWFjNzgt
YWE1YWE2ZDc0YjRlLzEvUXI2bEpNMjAzTmhGR0taU2huc2NTQ2RHRm5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi82MjVhZDYtY2UyYi00MzE0LWFjNzgtYWE1YWE2ZDc0YjRl
LzEvZ3RxbVVBY0lQc3lsa1NqOVh3TWROUU1yVjBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgO7AAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBg0ywNwC4964TL0tA4JIl30yJm19bS3x1V69UY
l27ZS3bvB+Dxq0z7LxilG0/zEYcMvNd7tLvwdRiX3M5gO3xV7/JeIV3Z0hL02SUv
WlwrttwvVa0Wi7gY2cT6cdkqLsnGywqdzTmwoo9YP4v2B+QDGdBJQkZntl+bN/uL
v2orLcs7/VM+V/N0z8382SXUbGEI2QAAjnenTuZGjqTSN69Pf6iGoCbX8GyQuPA6
kq8XabS+OX9A18FrN7BVXwQauwW5zksvcC/3ZzJz1m8FcucL72GxEq+jNViAMnqc
S09XQID7yJufERXnxYVtd3sLmyG0NtYrX0X4tP+NwfoqYPqr
-----END CERTIFICATE-----