Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/9d4274-fb10-42a4-bf9b-1c8be25eb686/1/DKhVHpk7iZz_01UXRjCn1_OlprQ.roa
File:                     DKhVHpk7iZz_01UXRjCn1_OlprQ.roa (raw, json)
Hash identifier:          wsHOQQguXdPejumCbMkMQ0ogcO61399D5EWcawmOeUw=
Subject key identifier:   0C:A8:55:1E:99:3B:89:9C:FF:D3:55:17:46:30:A7:D7:F3:A5:A6:B4
Certificate issuer:       /CN=3918700ea9c7be2df5688affbedd8a4e55392de6
Certificate serial:       019B7F15676E21CD3860E69DB3F67CF6E250
Authority key identifier: 39:18:70:0E:A9:C7:BE:2D:F5:68:8A:FF:BE:DD:8A:4E:55:39:2D:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ORhwDqnHvi31aIr_vt2KTlU5LeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/9d4274-fb10-42a4-bf9b-1c8be25eb686/1/DKhVHpk7iZz_01UXRjCn1_OlprQ.roa
Signing time:             Fri 02 Jan 2026 14:21:07 +0000
ROA not before:           Fri 02 Jan 2026 14:21:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60650
IP address blocks:        193.53.8.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/9d4274-fb10-42a4-bf9b-1c8be25eb686/1/ORhwDqnHvi31aIr_vt2KTlU5LeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/9d4274-fb10-42a4-bf9b-1c8be25eb686/1/ORhwDqnHvi31aIr_vt2KTlU5LeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ORhwDqnHvi31aIr_vt2KTlU5LeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:67:6e:21:cd:38:60:e6:9d:b3:f6:7c:f6:e2:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3918700ea9c7be2df5688affbedd8a4e55392de6
        Validity
            Not Before: Jan  2 14:21:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ca8551e993b899cffd355174630a7d7f3a5a6b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d8:0c:8d:51:85:7b:17:1d:15:a5:93:3f:82:
                    d9:19:04:ea:28:25:c2:86:02:09:a9:ca:6a:d6:fc:
                    4a:92:a3:d4:aa:21:69:7e:ee:c9:08:87:78:12:55:
                    b7:50:b5:f9:ea:92:00:fb:b3:67:00:e1:73:1a:6d:
                    c5:b0:bc:6e:00:04:5e:f0:99:d1:d0:3c:74:62:15:
                    bd:03:91:5c:19:dc:1b:37:ab:07:b8:b5:e1:3a:2c:
                    a0:e3:d0:ef:a6:06:f1:9b:1a:8b:62:f1:e0:df:96:
                    ae:9a:d0:8b:08:90:a5:1a:43:57:69:be:9d:1d:2d:
                    67:8b:16:c4:7e:8e:5a:10:61:95:6c:5c:7e:46:2e:
                    92:ca:55:3b:a3:4c:dd:08:e5:85:0e:cc:1f:d4:ef:
                    ee:b0:85:df:3d:6a:db:65:68:a5:a2:9c:88:12:a2:
                    f7:4b:b4:ac:1e:51:b9:5e:ee:57:1a:3c:47:e8:64:
                    92:8e:0a:21:46:de:94:48:ef:21:18:7c:64:bf:a6:
                    e6:6a:98:18:fc:9b:94:0d:e1:d7:b3:10:e8:0e:70:
                    38:ea:30:5a:3e:93:a1:26:97:b7:b2:2c:97:04:e1:
                    39:91:e0:fa:d9:cc:2b:55:16:39:74:52:eb:02:40:
                    35:5a:01:d1:a8:93:c9:ec:bf:8c:13:4b:bd:c6:6c:
                    38:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:A8:55:1E:99:3B:89:9C:FF:D3:55:17:46:30:A7:D7:F3:A5:A6:B4
            X509v3 Authority Key Identifier:
                keyid:39:18:70:0E:A9:C7:BE:2D:F5:68:8A:FF:BE:DD:8A:4E:55:39:2D:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ORhwDqnHvi31aIr_vt2KTlU5LeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/9d4274-fb10-42a4-bf9b-1c8be25eb686/1/DKhVHpk7iZz_01UXRjCn1_OlprQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/9d4274-fb10-42a4-bf9b-1c8be25eb686/1/ORhwDqnHvi31aIr_vt2KTlU5LeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.53.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:3f:fa:de:2c:e0:ef:58:5a:49:34:b3:c6:8b:3e:1a:83:47:
         dd:84:de:ae:b9:c8:ce:00:df:1d:72:ec:6e:58:4e:14:3b:7a:
         38:47:9c:50:4b:ec:cc:1b:33:ed:8c:aa:e8:86:0b:47:52:71:
         cf:f3:4d:10:2c:55:0e:0d:1a:5d:34:0d:4a:87:45:6b:0d:76:
         85:0d:c3:4b:c4:b8:5c:ca:fc:02:85:66:3d:92:c6:c6:1d:83:
         54:75:c2:1e:07:f9:b9:1a:47:e1:ce:c6:58:6b:47:05:ed:0a:
         c4:68:ba:dc:77:1c:a8:8a:06:75:14:3a:92:6d:0e:b4:cf:87:
         2b:1a:53:f2:f0:57:bd:a3:d4:7c:2c:d1:79:1a:b8:6e:46:c4:
         0f:2e:88:82:89:bc:f0:79:2c:54:7f:06:cd:c9:7e:5b:06:f0:
         cc:0e:53:e8:52:0e:af:43:54:54:27:c3:25:42:83:62:aa:62:
         28:b2:19:3d:ef:86:eb:55:5b:ac:8a:65:e8:6d:c7:09:62:18:
         54:d1:87:b1:43:29:4d:ef:7d:74:2f:c5:9c:13:f8:d9:a2:07:
         31:80:1e:a2:7a:96:88:72:21:0d:76:cd:05:59:92:da:68:b0:
         fb:7a:b1:2b:73:bc:17:5d:ec:cd:56:2e:65:4e:00:d4:ed:a6:
         8f:39:77:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FWduIc04YOads/Z89uJQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MTg3MDBlYTljN2JlMmRmNTY4OGFmZmJlZGQ4YTRlNTUz
OTJkZTYwHhcNMjYwMTAyMTQyMTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2E4NTUxZTk5M2I4OTljZmZkMzU1MTc0NjMwYTdkN2YzYTVhNmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNgMjVGFexcdFaWTP4LZGQTqKCXC
hgIJqcpq1vxKkqPUqiFpfu7JCId4ElW3ULX56pIA+7NnAOFzGm3FsLxuAARe8JnR
0Dx0YhW9A5FcGdwbN6sHuLXhOiyg49DvpgbxmxqLYvHg35aumtCLCJClGkNXab6d
HS1nixbEfo5aEGGVbFx+Ri6SylU7o0zdCOWFDswf1O/usIXfPWrbZWilopyIEqL3
S7SsHlG5Xu5XGjxH6GSSjgohRt6USO8hGHxkv6bmapgY/JuUDeHXsxDoDnA46jBa
PpOhJpe3siyXBOE5keD62cwrVRY5dFLrAkA1WgHRqJPJ7L+ME0u9xmw4/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAyoVR6ZO4mc/9NVF0Ywp9fzpaa0MB8GA1UdIwQY
MBaAFDkYcA6px74t9WiK/77dik5VOS3mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1Jod0Rxbkh2aTMxYUlyX3Z0MktUbFU1TGVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS85ZDQyNzQtZmIxMC00MmE0LWJmOWIt
MWM4YmUyNWViNjg2LzEvREtoVkhwazdpWnpfMDFVWFJqQ24xX09scHJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS85ZDQyNzQtZmIxMC00MmE0LWJmOWItMWM4YmUyNWViNjg2
LzEvT1Jod0Rxbkh2aTMxYUlyX3Z0MktUbFU1TGVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwTUIMA0G
CSqGSIb3DQEBCwUAA4IBAQBgP/reLODvWFpJNLPGiz4ag0fdhN6uucjOAN8dcuxu
WE4UO3o4R5xQS+zMGzPtjKrohgtHUnHP800QLFUODRpdNA1Kh0VrDXaFDcNLxLhc
yvwChWY9ksbGHYNUdcIeB/m5GkfhzsZYa0cF7QrEaLrcdxyoigZ1FDqSbQ60z4cr
GlPy8Fe9o9R8LNF5GrhuRsQPLoiCibzweSxUfwbNyX5bBvDMDlPoUg6vQ1RUJ8Ml
QoNiqmIoshk974brVVusimXobccJYhhU0YexQylN7310L8WcE/jZogcxgB6iepaI
ciENds0FWZLaaLD7erErc7wXXezNVi5lTgDU7aaPOXf+
-----END CERTIFICATE-----