Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ozZhGegfS5L7PrC4vrIkiFoLi4s.roa
File:                     ozZhGegfS5L7PrC4vrIkiFoLi4s.roa (raw, json)
Hash identifier:          K0VQ91tEfLDQ1D8IY9Ax2BnWR4XXyesAhm4t8hi21M0=
Subject key identifier:   A3:36:61:19:E8:1F:4B:92:FB:3E:B0:B8:BE:B2:24:88:5A:0B:8B:8B
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019D619D3882DDD960C3B86C582F602F2DAB
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ozZhGegfS5L7PrC4vrIkiFoLi4s.roa
Signing time:             Mon 06 Apr 2026 07:06:26 +0000
ROA not before:           Mon 06 Apr 2026 07:06:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213449
IP address blocks:        5.175.170.0/24 maxlen: 24
                          89.144.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:61:9d:38:82:dd:d9:60:c3:b8:6c:58:2f:60:2f:2d:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr  6 07:06:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a3366119e81f4b92fb3eb0b8beb224885a0b8b8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:3a:aa:2c:cf:4e:c5:bc:4a:3f:24:5e:a4:20:
                    b6:f5:e1:8d:75:8d:91:fe:76:94:35:d7:bc:b0:2b:
                    84:d5:b7:47:7f:68:d2:84:1a:e9:aa:ee:d6:b9:66:
                    19:af:8e:37:4d:8b:cc:e9:3d:a3:c5:2b:fb:31:b4:
                    8e:b0:06:40:66:ff:1d:dd:a6:19:03:4e:f6:85:9f:
                    10:a7:71:95:cb:72:69:74:15:fa:97:1b:ce:1e:39:
                    a2:51:d2:69:eb:c5:7b:f4:61:15:92:b4:c0:13:56:
                    20:98:50:6c:17:2e:86:87:b0:5f:01:c8:63:b9:4e:
                    7d:fb:af:da:f1:ea:17:5a:d6:85:a9:e7:1b:7b:cd:
                    7c:98:23:e0:5d:27:a0:6c:73:21:f7:dc:e4:f5:d7:
                    d1:1f:68:ff:e0:68:42:91:7d:03:1e:96:b1:9c:31:
                    5b:90:92:49:da:b4:a0:3f:79:b9:7d:38:13:39:c8:
                    15:71:23:d4:05:48:01:06:fa:c1:ca:05:65:cb:f7:
                    c5:51:b8:bb:44:dc:2c:f7:70:8a:8e:3e:06:68:61:
                    4c:91:25:7d:3a:33:0a:54:af:54:55:c0:61:55:ae:
                    a2:f1:f8:cd:36:8f:fd:43:13:01:2a:e7:79:67:f3:
                    43:db:e6:4c:28:72:0c:c9:ca:13:d2:8e:84:69:78:
                    c4:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:36:61:19:E8:1F:4B:92:FB:3E:B0:B8:BE:B2:24:88:5A:0B:8B:8B
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ozZhGegfS5L7PrC4vrIkiFoLi4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.170.0/24
                  89.144.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:fd:a4:0b:81:8f:8f:0e:ae:f7:53:14:40:7f:25:72:c2:de:
         5f:32:26:03:22:73:c4:60:a0:d6:bf:11:f6:fe:9e:e2:27:7b:
         a8:15:20:a9:ec:e1:74:47:6f:70:47:64:dc:98:db:aa:ec:50:
         d6:dc:ec:77:1a:75:38:8f:03:9e:ce:b5:5a:4e:3a:e5:29:5f:
         38:95:16:17:ff:39:96:91:5e:a1:01:5b:01:17:27:52:ce:ce:
         f9:c9:c5:eb:7d:86:e3:4e:ff:bb:db:19:35:fb:49:e6:53:bd:
         92:28:fc:33:12:5a:e8:69:3f:c8:6b:6b:b6:02:70:b1:53:da:
         f0:5c:76:3a:70:38:f7:11:ba:00:ae:91:6b:25:7e:0d:b0:71:
         ea:7b:23:36:cf:46:ec:4e:66:a1:75:c5:20:5f:7a:be:96:b1:
         bc:8b:75:0e:a8:06:2c:43:0a:f1:68:bf:12:47:26:97:36:e8:
         0d:a0:56:dd:07:94:cb:91:3d:26:bf:ad:02:df:c6:84:0b:68:
         c8:17:04:2c:1f:69:cb:7c:d1:63:89:08:38:52:d2:cc:81:f6:
         8d:e0:ab:c4:3a:38:f6:0e:56:33:85:72:8a:89:ab:38:c0:67:
         89:86:7e:8d:bd:7b:d9:6f:c0:21:43:cb:61:ba:3b:61:3e:a6:
         52:1b:cd:30
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1hnTiC3dlgw7hsWC9gLy2rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNDA2MDcwNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzM2NjExOWU4MWY0YjkyZmIzZWIwYjhiZWIyMjQ4ODVhMGI4YjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTqqLM9OxbxKPyRepCC29eGNdY2R
/naUNde8sCuE1bdHf2jShBrpqu7WuWYZr443TYvM6T2jxSv7MbSOsAZAZv8d3aYZ
A072hZ8Qp3GVy3JpdBX6lxvOHjmiUdJp68V79GEVkrTAE1YgmFBsFy6Gh7BfAchj
uU59+6/a8eoXWtaFqecbe818mCPgXSegbHMh99zk9dfRH2j/4GhCkX0DHpaxnDFb
kJJJ2rSgP3m5fTgTOcgVcSPUBUgBBvrBygVly/fFUbi7RNws93CKjj4GaGFMkSV9
OjMKVK9UVcBhVa6i8fjNNo/9QxMBKud5Z/ND2+ZMKHIMycoT0o6EaXjE6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKM2YRnoH0uS+z6wuL6yJIhaC4uLMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvb3paaEdlZ2ZTNUw3UHJDNHZySWtpRm9MaTRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABa+qAwQA
WZA/MA0GCSqGSIb3DQEBCwUAA4IBAQCJ/aQLgY+PDq73UxRAfyVywt5fMiYDInPE
YKDWvxH2/p7iJ3uoFSCp7OF0R29wR2TcmNuq7FDW3Ox3GnU4jwOezrVaTjrlKV84
lRYX/zmWkV6hAVsBFydSzs75ycXrfYbjTv+72xk1+0nmU72SKPwzElroaT/Ia2u2
AnCxU9rwXHY6cDj3EboArpFrJX4NsHHqeyM2z0bsTmahdcUgX3q+lrG8i3UOqAYs
QwrxaL8SRyaXNugNoFbdB5TLkT0mv60C38aEC2jIFwQsH2nLfNFjiQg4UtLMgfaN
4KvEOjj2DlYzhXKKias4wGeJhn6NvXvZb8AhQ8thujthPqZSG80w
-----END CERTIFICATE-----