Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/QZdTLlRD4Okhl79-cwTWG-lMWBA.roa
File:                     QZdTLlRD4Okhl79-cwTWG-lMWBA.roa (raw, json)
Hash identifier:          ISyk0Q9t6PT0ZdTNXB+TU8Y4jmhKViNhhxyxlz8KsfE=
Subject key identifier:   41:97:53:2E:54:43:E0:E9:21:97:BF:7E:73:04:D6:1B:E9:4C:58:10
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019D29596AB425ECA77A09341190BA68C5C3
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/QZdTLlRD4Okhl79-cwTWG-lMWBA.roa
Signing time:             Thu 26 Mar 2026 08:53:39 +0000
ROA not before:           Thu 26 Mar 2026 08:53:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198513
IP address blocks:        185.249.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:59:6a:b4:25:ec:a7:7a:09:34:11:90:ba:68:c5:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Mar 26 08:53:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4197532e5443e0e92197bf7e7304d61be94c5810
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:f8:c4:be:c4:56:25:10:b9:1c:df:7f:52:c3:
                    23:be:f5:0b:ea:11:8e:50:0d:61:73:02:20:5b:20:
                    81:36:07:78:6a:f4:8e:09:26:73:40:1a:28:5b:ce:
                    e5:61:50:7f:3f:ef:fa:df:13:af:b5:89:33:95:22:
                    45:ae:f0:08:ec:20:80:be:9a:93:33:4c:66:83:53:
                    aa:1e:61:68:ff:93:88:51:58:ac:aa:46:c6:de:18:
                    0d:64:99:ab:1c:c3:dd:3c:82:8f:b1:04:10:48:3b:
                    ca:69:42:15:da:af:3a:25:87:f2:2e:19:bc:b0:a7:
                    37:dd:d3:5e:fe:10:49:63:d0:ed:89:46:c3:65:84:
                    ac:16:b7:e1:74:5b:d4:ce:3e:f7:3a:57:9f:a6:33:
                    15:0d:85:36:62:dc:13:b1:4c:58:16:dc:cd:cb:14:
                    71:52:1a:91:fd:bd:c2:a5:32:9d:a8:a5:05:10:6d:
                    09:9f:c1:de:e3:75:e1:02:66:1c:5f:d4:1e:be:b9:
                    25:ba:4f:a8:11:25:43:21:e0:33:6c:6f:f0:95:cb:
                    32:fc:85:bb:20:41:35:7a:c8:46:e5:66:dd:31:28:
                    5f:2a:85:08:c1:49:6e:20:87:c1:ef:63:84:f4:3f:
                    2e:f0:3d:57:25:f2:39:a3:84:12:ed:ac:1c:7e:7c:
                    ea:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:97:53:2E:54:43:E0:E9:21:97:BF:7E:73:04:D6:1B:E9:4C:58:10
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/QZdTLlRD4Okhl79-cwTWG-lMWBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:43:0f:ea:75:b0:63:b0:99:b5:0e:50:fb:65:59:60:a2:64:
         34:0a:77:27:80:b6:f5:4e:c6:f2:f7:03:ec:f5:b1:42:f4:01:
         57:ec:ca:f4:79:c8:74:b1:93:c4:97:5b:25:43:aa:17:f7:f2:
         92:07:e2:1d:9a:08:d1:94:a9:21:67:b3:7e:eb:8e:8d:ee:ad:
         44:7c:0d:b5:ef:10:ac:89:c6:fb:65:9c:f4:06:5f:03:11:ee:
         da:b2:c9:8e:45:fd:b0:43:0e:25:e6:a7:06:c6:fa:8f:b9:b1:
         a5:62:0b:15:10:4c:3e:ef:59:3d:ea:70:04:f4:9d:e3:53:c0:
         93:6b:89:52:38:49:40:bd:a8:94:e5:52:ba:c8:a6:71:06:f4:
         27:ed:52:5e:7f:3c:f1:37:a1:a7:eb:45:7b:6b:60:24:a8:5c:
         6a:0b:13:32:62:3f:9a:ea:0d:79:21:ae:38:11:cb:e8:a2:d0:
         24:97:93:d3:bb:15:84:f6:e2:7d:35:10:49:4c:de:5f:4a:14:
         52:b8:50:3e:84:47:6b:e5:f2:3f:32:e6:85:db:6d:4a:81:e4:
         76:2c:7f:48:b8:6b:d0:bf:e0:dd:5d:65:d8:a2:d0:5a:f7:e2:
         3d:37:c7:b3:d9:9c:24:fa:69:fe:37:8f:d4:3e:32:5a:66:e6:
         03:fa:e0:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0pWWq0Jeynegk0EZC6aMXDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwMzI2MDg1MzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTk3NTMyZTU0NDNlMGU5MjE5N2JmN2U3MzA0ZDYxYmU5NGM1ODEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vjEvsRWJRC5HN9/UsMjvvUL6hGO
UA1hcwIgWyCBNgd4avSOCSZzQBooW87lYVB/P+/63xOvtYkzlSJFrvAI7CCAvpqT
M0xmg1OqHmFo/5OIUVisqkbG3hgNZJmrHMPdPIKPsQQQSDvKaUIV2q86JYfyLhm8
sKc33dNe/hBJY9DtiUbDZYSsFrfhdFvUzj73OlefpjMVDYU2YtwTsUxYFtzNyxRx
UhqR/b3CpTKdqKUFEG0Jn8He43XhAmYcX9Qevrkluk+oESVDIeAzbG/wlcsy/IW7
IEE1eshG5WbdMShfKoUIwUluIIfB72OE9D8u8D1XJfI5o4QS7awcfnzqzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEGXUy5UQ+DpIZe/fnME1hvpTFgQMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvUVpkVExsUkQ0T2tobDc5LWN3VFdHLWxNV0JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufn8MA0G
CSqGSIb3DQEBCwUAA4IBAQBnQw/qdbBjsJm1DlD7ZVlgomQ0CncngLb1Tsby9wPs
9bFC9AFX7Mr0ech0sZPEl1slQ6oX9/KSB+IdmgjRlKkhZ7N+646N7q1EfA217xCs
icb7ZZz0Bl8DEe7assmORf2wQw4l5qcGxvqPubGlYgsVEEw+71k96nAE9J3jU8CT
a4lSOElAvaiU5VK6yKZxBvQn7VJefzzxN6Gn60V7a2AkqFxqCxMyYj+a6g15Ia44
EcvootAkl5PTuxWE9uJ9NRBJTN5fShRSuFA+hEdr5fI/MuaF221KgeR2LH9IuGvQ
v+DdXWXYotBa9+I9N8ez2Zwk+mn+N4/UPjJaZuYD+uDl
-----END CERTIFICATE-----