Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/3d04de-447d-4e2b-997d-3ad4032503c0/1/OlMlgs31AIpaAYyvx-pkZgJRnD4.roa
File:                     OlMlgs31AIpaAYyvx-pkZgJRnD4.roa (raw, json)
Hash identifier:          E/uAqkcgJ8DHc0dc0BC15Pxbqo2GjJOGoAJB4FHkYfE=
Subject key identifier:   3A:53:25:82:CD:F5:00:8A:5A:01:8C:AF:C7:EA:64:66:02:51:9C:3E
Certificate issuer:       /CN=011710d95c83be3e7860b97b1d7b36e4607173a2
Certificate serial:       019D7FE30F702F1EDB1EB7FEDDE9B8B560C9
Authority key identifier: 01:17:10:D9:5C:83:BE:3E:78:60:B9:7B:1D:7B:36:E4:60:71:73:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ARcQ2VyDvj54YLl7HXs25GBxc6I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/3d04de-447d-4e2b-997d-3ad4032503c0/1/OlMlgs31AIpaAYyvx-pkZgJRnD4.roa
Signing time:             Sun 12 Apr 2026 04:11:20 +0000
ROA not before:           Sun 12 Apr 2026 04:11:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42258
IP address blocks:        185.160.32.0/22 maxlen: 22
                          185.160.32.0/24 maxlen: 24
                          185.160.33.0/24 maxlen: 24
                          185.160.34.0/24 maxlen: 24
                          185.160.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/3d04de-447d-4e2b-997d-3ad4032503c0/1/ARcQ2VyDvj54YLl7HXs25GBxc6I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/3d04de-447d-4e2b-997d-3ad4032503c0/1/ARcQ2VyDvj54YLl7HXs25GBxc6I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ARcQ2VyDvj54YLl7HXs25GBxc6I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:7f:e3:0f:70:2f:1e:db:1e:b7:fe:dd:e9:b8:b5:60:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=011710d95c83be3e7860b97b1d7b36e4607173a2
        Validity
            Not Before: Apr 12 04:11:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a532582cdf5008a5a018cafc7ea646602519c3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a6:02:f0:84:0e:f2:8a:21:30:ed:4f:44:fa:
                    8f:44:db:21:95:06:e4:09:53:eb:97:db:b0:62:a7:
                    99:0a:f7:93:64:23:0f:c8:71:f1:bb:26:e4:3d:bd:
                    ac:00:11:d5:8a:65:c8:e8:e0:dc:a8:a1:fa:be:69:
                    15:ae:46:e2:36:01:2c:2d:d3:50:95:ed:17:56:a4:
                    a1:20:7f:b0:e2:e5:64:b7:0d:2d:7c:47:55:8a:e1:
                    b2:80:c9:05:84:f6:87:de:ef:ae:55:3b:10:31:79:
                    fe:e9:f2:c5:cd:66:c2:e0:3f:c0:22:b9:65:3a:46:
                    ab:ba:8d:bb:88:65:67:d2:4a:34:d2:45:8c:14:77:
                    5f:30:31:7e:79:0c:6a:8e:a6:f3:72:b7:9b:c2:f7:
                    a0:5d:87:e7:14:69:98:a6:2f:36:3b:cb:6c:58:3c:
                    a6:aa:ed:fd:1f:c1:67:0e:72:0a:d7:01:2a:d7:cf:
                    4a:ac:ca:c8:10:4e:1f:ba:41:2d:be:97:f8:09:7c:
                    6a:3f:dc:56:43:0c:4e:2f:a4:5b:c3:95:60:f4:61:
                    22:bd:79:4a:6e:09:31:90:bd:7a:92:6d:01:c1:f6:
                    7e:5a:27:9b:e6:98:e5:fb:5d:0d:f1:2c:4a:7b:e4:
                    ea:c6:5d:f5:10:a1:8d:56:43:cd:b2:8b:41:20:bb:
                    d6:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:53:25:82:CD:F5:00:8A:5A:01:8C:AF:C7:EA:64:66:02:51:9C:3E
            X509v3 Authority Key Identifier:
                keyid:01:17:10:D9:5C:83:BE:3E:78:60:B9:7B:1D:7B:36:E4:60:71:73:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ARcQ2VyDvj54YLl7HXs25GBxc6I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/3d04de-447d-4e2b-997d-3ad4032503c0/1/OlMlgs31AIpaAYyvx-pkZgJRnD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/3d04de-447d-4e2b-997d-3ad4032503c0/1/ARcQ2VyDvj54YLl7HXs25GBxc6I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:44:1f:93:2d:54:f8:ad:14:6e:cc:0d:8a:91:37:b5:ec:67:
         0e:2a:41:89:42:67:17:99:9a:7e:31:1e:8a:99:c2:e9:77:ac:
         2b:37:7f:6e:b6:4c:47:05:58:33:b7:b7:36:33:99:e0:83:0f:
         f4:3d:93:35:3b:84:63:17:6a:8a:0a:23:ed:aa:1b:7b:81:97:
         fb:dd:81:94:d2:14:bb:a6:dc:a5:35:58:bc:1f:be:ad:66:48:
         3b:e6:8a:59:4e:3d:0e:cd:c8:df:f3:84:99:64:bb:f3:e8:9d:
         88:44:01:a8:1f:39:bc:8b:25:15:25:ce:dc:03:8d:bf:33:f9:
         09:de:8d:c7:ca:d6:4f:f0:9d:93:92:c1:c7:f0:36:21:d0:b4:
         c0:f0:77:38:23:d9:14:63:d5:ae:23:67:27:81:fe:82:5a:1c:
         2d:41:35:f2:eb:aa:82:e4:c3:1b:8f:5f:b4:33:a8:df:f5:1b:
         30:fe:24:f1:d0:58:27:91:c1:35:76:5b:1c:fd:75:23:1d:a2:
         10:9f:85:01:28:11:01:02:ac:d0:90:cc:9e:0c:06:55:22:d0:
         ca:5c:aa:b3:a1:f7:11:af:e3:94:9a:4d:04:ac:c1:d0:a2:6b:
         e8:35:1f:ce:56:b4:2d:1f:42:99:6b:97:c8:c8:b0:5c:9a:35:
         54:57:0a:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1/4w9wLx7bHrf+3em4tWDJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxMTcxMGQ5NWM4M2JlM2U3ODYwYjk3YjFkN2IzNmU0NjA3
MTczYTIwHhcNMjYwNDEyMDQxMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTUzMjU4MmNkZjUwMDhhNWEwMThjYWZjN2VhNjQ2NjAyNTE5YzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaYC8IQO8oohMO1PRPqPRNshlQbk
CVPrl9uwYqeZCveTZCMPyHHxuybkPb2sABHVimXI6ODcqKH6vmkVrkbiNgEsLdNQ
le0XVqShIH+w4uVktw0tfEdViuGygMkFhPaH3u+uVTsQMXn+6fLFzWbC4D/AIrll
Okaruo27iGVn0ko00kWMFHdfMDF+eQxqjqbzcrebwvegXYfnFGmYpi82O8tsWDym
qu39H8FnDnIK1wEq189KrMrIEE4fukEtvpf4CXxqP9xWQwxOL6Rbw5Vg9GEivXlK
bgkxkL16km0BwfZ+Wieb5pjl+10N8SxKe+Tqxl31EKGNVkPNsotBILvWEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpTJYLN9QCKWgGMr8fqZGYCUZw+MB8GA1UdIwQY
MBaAFAEXENlcg74+eGC5ex17NuRgcXOiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVJjUTJWeUR2ajU0WUxsN0hYczI1R0J4YzZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8zZDA0ZGUtNDQ3ZC00ZTJiLTk5N2Qt
M2FkNDAzMjUwM2MwLzEvT2xNbGdzMzFBSXBhQVl5dngtcGtaZ0pSbkQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8zZDA0ZGUtNDQ3ZC00ZTJiLTk5N2QtM2FkNDAzMjUwM2Mw
LzEvQVJjUTJWeUR2ajU0WUxsN0hYczI1R0J4YzZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaAgMA0G
CSqGSIb3DQEBCwUAA4IBAQB/RB+TLVT4rRRuzA2KkTe17GcOKkGJQmcXmZp+MR6K
mcLpd6wrN39utkxHBVgzt7c2M5nggw/0PZM1O4RjF2qKCiPtqht7gZf73YGU0hS7
ptylNVi8H76tZkg75opZTj0Ozcjf84SZZLvz6J2IRAGoHzm8iyUVJc7cA42/M/kJ
3o3HytZP8J2TksHH8DYh0LTA8Hc4I9kUY9WuI2cngf6CWhwtQTXy66qC5MMbj1+0
M6jf9Rsw/iTx0FgnkcE1dlsc/XUjHaIQn4UBKBEBAqzQkMyeDAZVItDKXKqzofcR
r+OUmk0ErMHQomvoNR/OVrQtH0KZa5fIyLBcmjVUVwrx
-----END CERTIFICATE-----