Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/e59302-16c7-4927-bca8-c04be02037e8/1/Ojae1ouaKFFFpJbsHiir3b5d2j0.roa
File:                     Ojae1ouaKFFFpJbsHiir3b5d2j0.roa (raw, json)
Hash identifier:          EXi3DwcM0sJFI6Y/icQCPwpZmm7txU2RCMI6k5WdsgU=
Subject key identifier:   3A:36:9E:D6:8B:9A:28:51:45:A4:96:EC:1E:28:AB:DD:BE:5D:DA:3D
Certificate issuer:       /CN=087f59c36e22d1f90384f41da60705ac74d779ce
Certificate serial:       019B78A22F154F65B704840CB0A1CDA7A927
Authority key identifier: 08:7F:59:C3:6E:22:D1:F9:03:84:F4:1D:A6:07:05:AC:74:D7:79:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CH9Zw24i0fkDhPQdpgcFrHTXec4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/e59302-16c7-4927-bca8-c04be02037e8/1/Ojae1ouaKFFFpJbsHiir3b5d2j0.roa
Signing time:             Thu 01 Jan 2026 08:17:33 +0000
ROA not before:           Thu 01 Jan 2026 08:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42171
IP address blocks:        194.0.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/e59302-16c7-4927-bca8-c04be02037e8/1/CH9Zw24i0fkDhPQdpgcFrHTXec4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/e59302-16c7-4927-bca8-c04be02037e8/1/CH9Zw24i0fkDhPQdpgcFrHTXec4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CH9Zw24i0fkDhPQdpgcFrHTXec4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:2f:15:4f:65:b7:04:84:0c:b0:a1:cd:a7:a9:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=087f59c36e22d1f90384f41da60705ac74d779ce
        Validity
            Not Before: Jan  1 08:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a369ed68b9a285145a496ec1e28abddbe5dda3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:13:e1:6a:42:fc:7d:45:43:71:53:1d:f2:66:
                    68:47:64:9e:ad:f9:cd:af:aa:a7:19:bd:36:7f:60:
                    c5:f4:69:b5:6a:27:ae:7b:61:0e:c7:a3:85:4f:fc:
                    f4:5e:11:62:10:9a:5a:ea:2b:ed:de:30:34:46:88:
                    1c:ad:e2:97:9c:77:93:32:fc:f0:36:8e:d5:18:ce:
                    df:70:91:48:6b:2f:fd:a6:a0:6d:16:ea:d9:54:db:
                    cf:54:a2:85:d4:67:2c:09:31:4b:e4:b2:4f:54:36:
                    bf:bd:81:ea:a8:15:17:04:77:a8:c2:89:c2:ba:01:
                    26:bc:6a:85:53:10:83:67:f1:bd:97:b6:01:1d:74:
                    19:61:e8:4a:3a:b2:14:f6:75:e5:75:1a:bb:6d:06:
                    a5:6f:7e:13:df:ab:0b:a4:1b:52:f0:64:12:fa:9a:
                    44:63:3e:24:ef:dd:ff:23:26:26:23:2f:36:96:ec:
                    45:52:fd:df:f0:26:29:62:01:c3:e0:66:2a:ea:3d:
                    b3:2c:a7:d8:36:ae:82:b6:2a:4f:77:27:c0:ef:30:
                    5f:91:06:94:06:70:b6:0e:c5:e8:9e:6d:b1:c6:38:
                    cd:f3:f1:e3:ca:0c:b2:cc:06:6a:fd:c0:03:a9:0f:
                    0e:f5:22:1b:d2:6e:e1:1d:b7:3d:90:2c:f7:e2:68:
                    19:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:36:9E:D6:8B:9A:28:51:45:A4:96:EC:1E:28:AB:DD:BE:5D:DA:3D
            X509v3 Authority Key Identifier:
                keyid:08:7F:59:C3:6E:22:D1:F9:03:84:F4:1D:A6:07:05:AC:74:D7:79:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CH9Zw24i0fkDhPQdpgcFrHTXec4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/e59302-16c7-4927-bca8-c04be02037e8/1/Ojae1ouaKFFFpJbsHiir3b5d2j0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/e59302-16c7-4927-bca8-c04be02037e8/1/CH9Zw24i0fkDhPQdpgcFrHTXec4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:df:ea:b7:0b:f7:84:0d:25:8c:40:c0:42:3a:69:d1:59:61:
         1c:29:1e:37:5e:10:76:73:35:5f:04:a4:ae:95:86:98:0a:1d:
         36:a7:67:24:38:2b:6e:c9:99:ff:97:f4:72:01:f1:aa:61:70:
         ae:8e:46:30:af:26:48:e3:8d:34:7a:6b:62:d8:cc:65:d1:ff:
         58:21:27:ad:7d:ff:57:07:7f:8e:db:12:90:12:cf:2a:b0:84:
         96:0e:02:a0:9f:18:2a:d0:e0:27:59:86:2e:f8:12:84:37:1b:
         31:72:c7:91:15:9c:ce:61:d1:ed:88:48:ca:e7:63:d9:2e:06:
         d3:98:c3:92:85:f4:64:3f:44:d1:79:8b:5d:03:69:71:50:dd:
         ef:bb:d6:9b:ce:f9:60:83:28:fa:b8:15:d9:3e:27:93:75:42:
         ad:4c:97:0d:cb:60:b8:c4:da:f4:64:a1:06:e8:d6:b2:14:16:
         fc:73:0e:54:ac:70:14:dd:2b:18:c9:5f:a6:72:07:99:d8:ea:
         cb:ae:80:ef:40:9a:19:e6:44:d6:c9:b8:61:e6:d3:35:0b:75:
         cf:51:60:99:6f:f8:14:c8:ce:97:09:a0:4e:84:4b:6e:e9:69:
         b7:bc:b6:fe:d8:20:04:03:e6:0c:32:92:de:0e:53:98:77:bf:
         53:51:d5:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oi8VT2W3BIQMsKHNp6knMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4N2Y1OWMzNmUyMmQxZjkwMzg0ZjQxZGE2MDcwNWFjNzRk
Nzc5Y2UwHhcNMjYwMTAxMDgxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTM2OWVkNjhiOWEyODUxNDVhNDk2ZWMxZTI4YWJkZGJlNWRkYTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBPhakL8fUVDcVMd8mZoR2SerfnN
r6qnGb02f2DF9Gm1aieue2EOx6OFT/z0XhFiEJpa6ivt3jA0RogcreKXnHeTMvzw
No7VGM7fcJFIay/9pqBtFurZVNvPVKKF1GcsCTFL5LJPVDa/vYHqqBUXBHeowonC
ugEmvGqFUxCDZ/G9l7YBHXQZYehKOrIU9nXldRq7bQalb34T36sLpBtS8GQS+ppE
Yz4k793/IyYmIy82luxFUv3f8CYpYgHD4GYq6j2zLKfYNq6CtipPdyfA7zBfkQaU
BnC2DsXonm2xxjjN8/HjygyyzAZq/cADqQ8O9SIb0m7hHbc9kCz34mgZVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDo2ntaLmihRRaSW7B4oq92+Xdo9MB8GA1UdIwQY
MBaAFAh/WcNuItH5A4T0HaYHBax013nOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0g5WncyNGkwZmtEaFBRZHBnY0ZySFRYZWM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lNTkzMDItMTZjNy00OTI3LWJjYTgt
YzA0YmUwMjAzN2U4LzEvT2phZTFvdWFLRkZGcEpic0hpaXIzYjVkMmowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lNTkzMDItMTZjNy00OTI3LWJjYTgtYzA0YmUwMjAzN2U4
LzEvQ0g5WncyNGkwZmtEaFBRZHBnY0ZySFRYZWM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgCAMA0G
CSqGSIb3DQEBCwUAA4IBAQB83+q3C/eEDSWMQMBCOmnRWWEcKR43XhB2czVfBKSu
lYaYCh02p2ckOCtuyZn/l/RyAfGqYXCujkYwryZI4400emti2Mxl0f9YISetff9X
B3+O2xKQEs8qsISWDgKgnxgq0OAnWYYu+BKENxsxcseRFZzOYdHtiEjK52PZLgbT
mMOShfRkP0TReYtdA2lxUN3vu9abzvlggyj6uBXZPieTdUKtTJcNy2C4xNr0ZKEG
6NayFBb8cw5UrHAU3SsYyV+mcgeZ2OrLroDvQJoZ5kTWybhh5tM1C3XPUWCZb/gU
yM6XCaBOhEtu6Wm3vLb+2CAEA+YMMpLeDlOYd79TUdX4
-----END CERTIFICATE-----