Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/6b5fee-96ad-46ee-bc23-ed3d2760dcbd/1/XTRFNK15Srj4Dxkx9BJpGhvon9c.roa
File:                     XTRFNK15Srj4Dxkx9BJpGhvon9c.roa (raw, json)
Hash identifier:          2JtlFPv4dLd8U4gLpBv5lJb7jlDjsUb3MwUWDpaLfmA=
Subject key identifier:   5D:34:45:34:AD:79:4A:B8:F8:0F:19:31:F4:12:69:1A:1B:E8:9F:D7
Certificate issuer:       /CN=500a9d6925907dc66ce7991eb942e680b13913a9
Certificate serial:       019D8FAAAAF7AB9D3CD6B5939AC248D99CA3
Authority key identifier: 50:0A:9D:69:25:90:7D:C6:6C:E7:99:1E:B9:42:E6:80:B1:39:13:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UAqdaSWQfcZs55keuULmgLE5E6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/6b5fee-96ad-46ee-bc23-ed3d2760dcbd/1/XTRFNK15Srj4Dxkx9BJpGhvon9c.roa
Signing time:             Wed 15 Apr 2026 05:43:39 +0000
ROA not before:           Wed 15 Apr 2026 05:43:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12302
IP address blocks:        194.102.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/6b5fee-96ad-46ee-bc23-ed3d2760dcbd/1/UAqdaSWQfcZs55keuULmgLE5E6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/6b5fee-96ad-46ee-bc23-ed3d2760dcbd/1/UAqdaSWQfcZs55keuULmgLE5E6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UAqdaSWQfcZs55keuULmgLE5E6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8f:aa:aa:f7:ab:9d:3c:d6:b5:93:9a:c2:48:d9:9c:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=500a9d6925907dc66ce7991eb942e680b13913a9
        Validity
            Not Before: Apr 15 05:43:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d344534ad794ab8f80f1931f412691a1be89fd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ef:5d:8b:33:6c:c6:d8:f5:d6:dd:9a:74:4a:
                    eb:d9:76:f8:87:ad:f9:36:f1:13:15:62:84:39:47:
                    55:15:ac:35:35:d7:18:b7:d8:7b:fb:8d:9e:ca:7f:
                    9f:1f:c0:06:9a:2a:cc:c1:8c:cc:26:0b:a7:4b:c1:
                    ef:14:c2:aa:b4:72:a5:73:ad:4c:c3:4f:3f:c9:fc:
                    e9:89:8a:6e:ff:ba:43:75:ad:a7:4f:97:36:8d:33:
                    7d:bd:67:83:5d:a8:1c:95:d8:21:99:83:7e:a6:13:
                    9f:df:12:49:b2:7d:99:05:10:b9:37:94:ee:7c:95:
                    d4:46:22:c7:8b:9b:a5:cb:de:4f:c8:7a:fb:50:b5:
                    ea:1b:0a:d8:01:21:78:0d:d5:67:d1:60:e9:67:b4:
                    2a:98:02:ce:95:88:e4:c1:21:61:f4:59:57:63:ac:
                    83:14:28:f0:69:e7:99:33:e3:84:40:fd:42:4d:07:
                    44:f1:ec:04:af:6b:b3:cf:91:77:f9:24:74:d4:f8:
                    04:07:9c:c4:29:59:7f:0d:89:d0:58:36:db:02:c1:
                    57:69:e1:62:c3:22:23:ca:22:f5:b8:10:db:4e:db:
                    38:a6:d8:40:c7:80:9b:4e:71:78:44:09:c5:cf:98:
                    fc:f6:ab:c5:a5:13:61:a0:3a:db:9a:f6:b0:a9:4d:
                    2e:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:34:45:34:AD:79:4A:B8:F8:0F:19:31:F4:12:69:1A:1B:E8:9F:D7
            X509v3 Authority Key Identifier:
                keyid:50:0A:9D:69:25:90:7D:C6:6C:E7:99:1E:B9:42:E6:80:B1:39:13:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UAqdaSWQfcZs55keuULmgLE5E6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/6b5fee-96ad-46ee-bc23-ed3d2760dcbd/1/XTRFNK15Srj4Dxkx9BJpGhvon9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/6b5fee-96ad-46ee-bc23-ed3d2760dcbd/1/UAqdaSWQfcZs55keuULmgLE5E6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:5d:1b:45:c9:15:b3:6b:cf:bc:3e:a6:39:ba:04:c3:2f:0b:
         88:1a:e9:c7:c8:dd:fa:c2:3a:bd:fe:ba:1b:d3:e8:3c:c9:07:
         ba:6d:8a:03:a3:c9:00:bb:1b:48:ca:78:57:cd:73:21:ae:d4:
         a3:ac:d9:2f:9d:b5:8b:ad:0d:58:a7:86:bf:63:fa:d8:01:05:
         ee:b3:1e:a2:7c:69:64:a9:94:ab:08:26:c6:c3:e0:1f:9a:f4:
         a5:58:51:85:64:83:71:0e:fe:09:47:93:1a:27:73:86:8d:3a:
         dd:90:91:5b:af:9d:89:bc:6a:91:8a:61:65:e6:97:75:cc:93:
         32:44:47:1b:67:74:9b:2f:19:d6:46:c9:6b:ef:94:ed:92:33:
         cc:19:f4:b5:8e:1c:fb:9d:d1:da:7a:1f:a7:97:50:35:f1:b5:
         5c:3f:fb:ea:a5:d2:d5:ba:a1:55:ba:84:83:8c:72:38:24:2f:
         18:d7:ed:88:43:79:74:87:c5:13:a2:23:a7:bd:04:aa:40:c3:
         85:fc:d7:b3:c2:8c:bb:d4:4d:06:64:ae:ae:05:9d:96:f4:2b:
         8e:c1:48:19:0f:ea:1a:48:ff:17:eb:eb:6d:4b:6a:d2:72:35:
         80:a5:51:ea:d3:f8:39:7f:d9:7a:d8:70:04:b5:ff:84:94:29:
         f9:a7:7e:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Pqqr3q5081rWTmsJI2ZyjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMGE5ZDY5MjU5MDdkYzY2Y2U3OTkxZWI5NDJlNjgwYjEz
OTEzYTkwHhcNMjYwNDE1MDU0MzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDM0NDUzNGFkNzk0YWI4ZjgwZjE5MzFmNDEyNjkxYTFiZTg5ZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwu9dizNsxtj11t2adErr2Xb4h635
NvETFWKEOUdVFaw1NdcYt9h7+42eyn+fH8AGmirMwYzMJgunS8HvFMKqtHKlc61M
w08/yfzpiYpu/7pDda2nT5c2jTN9vWeDXagcldghmYN+phOf3xJJsn2ZBRC5N5Tu
fJXURiLHi5uly95PyHr7ULXqGwrYASF4DdVn0WDpZ7QqmALOlYjkwSFh9FlXY6yD
FCjwaeeZM+OEQP1CTQdE8ewEr2uzz5F3+SR01PgEB5zEKVl/DYnQWDbbAsFXaeFi
wyIjyiL1uBDbTts4pthAx4CbTnF4RAnFz5j89qvFpRNhoDrbmvawqU0ueQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF00RTSteUq4+A8ZMfQSaRob6J/XMB8GA1UdIwQY
MBaAFFAKnWklkH3GbOeZHrlC5oCxOROpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUFxZGFTV1FmY1pzNTVrZXVVTG1nTEU1RTZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS82YjVmZWUtOTZhZC00NmVlLWJjMjMt
ZWQzZDI3NjBkY2JkLzEvWFRSRk5LMTVTcmo0RHhreDlCSnBHaHZvbjljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS82YjVmZWUtOTZhZC00NmVlLWJjMjMtZWQzZDI3NjBkY2Jk
LzEvVUFxZGFTV1FmY1pzNTVrZXVVTG1nTEU1RTZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmbrMA0G
CSqGSIb3DQEBCwUAA4IBAQBBXRtFyRWza8+8PqY5ugTDLwuIGunHyN36wjq9/rob
0+g8yQe6bYoDo8kAuxtIynhXzXMhrtSjrNkvnbWLrQ1Yp4a/Y/rYAQXusx6ifGlk
qZSrCCbGw+AfmvSlWFGFZINxDv4JR5MaJ3OGjTrdkJFbr52JvGqRimFl5pd1zJMy
REcbZ3SbLxnWRslr75TtkjPMGfS1jhz7ndHaeh+nl1A18bVcP/vqpdLVuqFVuoSD
jHI4JC8Y1+2IQ3l0h8UToiOnvQSqQMOF/Nezwoy71E0GZK6uBZ2W9CuOwUgZD+oa
SP8X6+ttS2rScjWApVHq0/g5f9l62HAEtf+ElCn5p37u
-----END CERTIFICATE-----