Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b36dbd-55eb-4de4-b6b9-839196345b6d/1/oko0jjQVhM1g4SJmXa1zHjF9DLY.roa
File:                     oko0jjQVhM1g4SJmXa1zHjF9DLY.roa (raw, json)
Hash identifier:          OdA2/Wk2XJh4HpZKtiKeyh0J3e1XxtYP056tIDnTkI0=
Subject key identifier:   A2:4A:34:8E:34:15:84:CD:60:E1:22:66:5D:AD:73:1E:31:7D:0C:B6
Certificate issuer:       /CN=01423ad4d629b2f828b79f00ac40388e37b8e252
Certificate serial:       019B7E392282D4F6BA75C46F2CAEAF8AE515
Authority key identifier: 01:42:3A:D4:D6:29:B2:F8:28:B7:9F:00:AC:40:38:8E:37:B8:E2:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AUI61NYpsvgot58ArEA4jje44lI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b36dbd-55eb-4de4-b6b9-839196345b6d/1/oko0jjQVhM1g4SJmXa1zHjF9DLY.roa
Signing time:             Fri 02 Jan 2026 10:20:32 +0000
ROA not before:           Fri 02 Jan 2026 10:20:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61355
IP address blocks:        185.234.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b36dbd-55eb-4de4-b6b9-839196345b6d/1/AUI61NYpsvgot58ArEA4jje44lI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b36dbd-55eb-4de4-b6b9-839196345b6d/1/AUI61NYpsvgot58ArEA4jje44lI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AUI61NYpsvgot58ArEA4jje44lI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 07:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:22:82:d4:f6:ba:75:c4:6f:2c:ae:af:8a:e5:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01423ad4d629b2f828b79f00ac40388e37b8e252
        Validity
            Not Before: Jan  2 10:20:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a24a348e341584cd60e122665dad731e317d0cb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c0:98:96:d9:5f:6d:4f:62:fb:b0:50:95:08:
                    7f:41:c2:92:42:2c:ce:d2:ca:20:e4:cd:b3:53:58:
                    0c:7e:43:cb:9a:29:09:2b:1d:20:b9:60:42:2d:8f:
                    07:51:a5:8b:bc:7d:09:a3:46:ed:5e:43:0e:62:80:
                    ed:a2:9e:83:61:d9:a5:3b:29:20:31:0f:76:9a:9a:
                    cf:bd:fb:bd:33:f4:95:40:22:db:88:07:1e:bb:f8:
                    73:0b:45:e2:ed:6f:33:0d:56:80:68:c6:41:1c:e6:
                    a2:29:a0:36:26:b3:ff:35:c4:6b:bc:3f:c9:c3:bd:
                    3d:5b:77:33:74:ef:48:44:5a:39:e3:1c:d4:6c:f6:
                    41:c7:4d:2a:fe:e6:fe:40:c2:eb:e5:56:22:58:36:
                    74:f6:37:1e:b5:78:95:12:9c:1e:89:c1:9c:f4:64:
                    b4:34:da:74:8b:1e:b1:0b:98:36:10:4e:e4:39:b6:
                    cd:30:8e:f6:c0:1b:99:d3:11:c4:fe:5d:bb:cd:6b:
                    46:62:88:a5:fd:af:e5:ab:3f:c2:83:e6:ed:9a:ea:
                    28:29:63:e9:25:c4:1d:4d:c2:ea:23:6a:18:a7:63:
                    1e:61:45:56:03:fa:1f:3f:2c:ac:24:8b:bd:25:52:
                    39:d4:70:8e:b1:ce:fb:98:5d:20:1d:2d:74:2f:1a:
                    d9:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:4A:34:8E:34:15:84:CD:60:E1:22:66:5D:AD:73:1E:31:7D:0C:B6
            X509v3 Authority Key Identifier:
                keyid:01:42:3A:D4:D6:29:B2:F8:28:B7:9F:00:AC:40:38:8E:37:B8:E2:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AUI61NYpsvgot58ArEA4jje44lI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b36dbd-55eb-4de4-b6b9-839196345b6d/1/oko0jjQVhM1g4SJmXa1zHjF9DLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b36dbd-55eb-4de4-b6b9-839196345b6d/1/AUI61NYpsvgot58ArEA4jje44lI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:54:e3:42:6d:b9:5d:de:13:e9:7c:e9:99:73:4f:dd:73:9e:
         a6:86:0a:8b:54:cf:2d:4d:66:b9:8a:c5:b1:d9:1e:cc:dd:db:
         9c:fd:d0:db:f2:d7:ab:72:4d:8f:fa:53:73:c5:5d:8c:da:b5:
         d0:aa:bb:4b:73:7a:7d:ea:a7:f7:67:50:37:b3:f3:f4:ff:20:
         96:b1:40:a8:9b:1b:ae:ea:58:09:58:7e:5e:e8:3c:a5:b1:21:
         8e:70:73:f6:5e:ba:eb:b9:84:af:42:78:7c:f1:2e:d9:c9:f6:
         c0:e2:b6:7a:8e:1c:91:c7:da:97:45:45:50:c6:9b:8a:7f:ac:
         c3:1b:15:4e:df:66:8f:d3:44:26:a7:22:40:45:31:8b:6b:c2:
         7b:13:ea:3e:8f:10:a8:d9:6d:4d:9a:78:5e:43:6e:0b:53:2f:
         c2:d4:ad:ab:07:52:27:12:72:41:38:52:3b:c4:94:3d:95:8e:
         15:e0:7e:a7:44:c7:06:82:72:9e:80:59:7b:2c:67:63:8a:4f:
         15:f5:83:be:a8:06:fd:c2:04:ee:06:51:ad:d5:0a:8c:c5:aa:
         c2:88:9f:94:28:57:99:34:62:68:70:71:9a:3e:d1:87:8c:ba:
         2f:59:91:d6:40:2a:d1:f0:86:3c:de:6f:d7:82:a4:3b:cb:6b:
         fa:c8:60:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OSKC1Pa6dcRvLK6viuUVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNDIzYWQ0ZDYyOWIyZjgyOGI3OWYwMGFjNDAzODhlMzdi
OGUyNTIwHhcNMjYwMTAyMTAyMDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjRhMzQ4ZTM0MTU4NGNkNjBlMTIyNjY1ZGFkNzMxZTMxN2QwY2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsCYltlfbU9i+7BQlQh/QcKSQizO
0sog5M2zU1gMfkPLmikJKx0guWBCLY8HUaWLvH0Jo0btXkMOYoDtop6DYdmlOykg
MQ92mprPvfu9M/SVQCLbiAceu/hzC0Xi7W8zDVaAaMZBHOaiKaA2JrP/NcRrvD/J
w709W3czdO9IRFo54xzUbPZBx00q/ub+QMLr5VYiWDZ09jcetXiVEpweicGc9GS0
NNp0ix6xC5g2EE7kObbNMI72wBuZ0xHE/l27zWtGYoil/a/lqz/Cg+btmuooKWPp
JcQdTcLqI2oYp2MeYUVWA/ofPyysJIu9JVI51HCOsc77mF0gHS10LxrZkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJKNI40FYTNYOEiZl2tcx4xfQy2MB8GA1UdIwQY
MBaAFAFCOtTWKbL4KLefAKxAOI43uOJSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVVJNjFOWXBzdmdvdDU4QXJFQTRqamU0NGxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMzZkYmQtNTVlYi00ZGU0LWI2Yjkt
ODM5MTk2MzQ1YjZkLzEvb2tvMGpqUVZoTTFnNFNKbVhhMXpIakY5RExZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMzZkYmQtNTVlYi00ZGU0LWI2YjktODM5MTk2MzQ1YjZk
LzEvQVVJNjFOWXBzdmdvdDU4QXJFQTRqamU0NGxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueptMA0G
CSqGSIb3DQEBCwUAA4IBAQCoVONCbbld3hPpfOmZc0/dc56mhgqLVM8tTWa5isWx
2R7M3duc/dDb8terck2P+lNzxV2M2rXQqrtLc3p96qf3Z1A3s/P0/yCWsUComxuu
6lgJWH5e6DylsSGOcHP2XrrruYSvQnh88S7ZyfbA4rZ6jhyRx9qXRUVQxpuKf6zD
GxVO32aP00QmpyJARTGLa8J7E+o+jxCo2W1NmnheQ24LUy/C1K2rB1InEnJBOFI7
xJQ9lY4V4H6nRMcGgnKegFl7LGdjik8V9YO+qAb9wgTuBlGt1QqMxarCiJ+UKFeZ
NGJocHGaPtGHjLovWZHWQCrR8IY83m/XgqQ7y2v6yGBS
-----END CERTIFICATE-----