Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/245873-1ca7-4b71-b220-edb0418cac4d/1/3_WOSnpd_DmYlCPJ_IFRim5NhZk.roa
File:                     3_WOSnpd_DmYlCPJ_IFRim5NhZk.roa (raw, json)
Hash identifier:          sOMgzGx8D+jagL2hwOlgBVbXLz9AMFtBb5Q7En33UDE=
Subject key identifier:   DF:F5:8E:4A:7A:5D:FC:39:98:94:23:C9:FC:81:51:8A:6E:4D:85:99
Certificate issuer:       /CN=dfd0fbc4de81ee2727aba3e910afcd2a53a6640c
Certificate serial:       019E727EB5A8F1FAC29FE09EAE3CA0EACEDC
Authority key identifier: DF:D0:FB:C4:DE:81:EE:27:27:AB:A3:E9:10:AF:CD:2A:53:A6:64:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/39D7xN6B7icnq6PpEK_NKlOmZAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/245873-1ca7-4b71-b220-edb0418cac4d/1/3_WOSnpd_DmYlCPJ_IFRim5NhZk.roa
Signing time:             Fri 29 May 2026 06:49:26 +0000
ROA not before:           Fri 29 May 2026 06:49:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58232
IP address blocks:        193.138.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/245873-1ca7-4b71-b220-edb0418cac4d/1/39D7xN6B7icnq6PpEK_NKlOmZAw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/245873-1ca7-4b71-b220-edb0418cac4d/1/39D7xN6B7icnq6PpEK_NKlOmZAw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/39D7xN6B7icnq6PpEK_NKlOmZAw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:72:7e:b5:a8:f1:fa:c2:9f:e0:9e:ae:3c:a0:ea:ce:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfd0fbc4de81ee2727aba3e910afcd2a53a6640c
        Validity
            Not Before: May 29 06:49:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dff58e4a7a5dfc39989423c9fc81518a6e4d8599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:30:50:55:3b:05:07:b8:55:1c:b2:0d:3e:c4:
                    74:55:03:14:3b:f7:a1:1c:8d:f3:22:7b:7b:9b:1c:
                    17:46:a3:3f:b8:7c:cc:b1:9d:90:9a:ae:f9:7a:c5:
                    9e:52:b8:1d:48:15:bd:46:12:08:63:2f:84:a7:1c:
                    a4:c8:1a:31:4b:0d:3d:c2:21:53:cc:b8:d4:44:63:
                    b3:06:47:eb:29:1d:48:ff:ad:0f:9e:6d:23:64:87:
                    c8:5e:de:78:cc:53:38:e4:c1:af:5b:d2:e1:80:eb:
                    db:fe:88:44:a6:3f:a8:19:a6:0a:2a:13:9d:6b:8d:
                    73:2c:99:e8:bd:f1:b7:ae:a4:b5:c3:3d:70:b9:4e:
                    49:c1:31:06:1f:b0:73:9a:91:04:2c:a6:d8:be:c3:
                    7e:53:e2:05:b6:f3:1b:43:33:d6:e6:7a:b1:ba:0b:
                    a7:17:39:2b:78:f2:2e:46:8c:82:e7:24:8c:26:e9:
                    3f:1b:c8:96:6d:33:56:5a:fc:f3:c7:fe:a5:78:f1:
                    65:4e:90:c3:10:b9:e1:40:70:70:4f:b1:cb:93:fa:
                    f0:dd:c1:67:db:b8:51:6a:ef:5d:b1:bd:8f:1e:9c:
                    d6:fe:c7:5a:9a:15:ae:9a:55:e2:7e:13:db:a0:c9:
                    87:ab:b2:67:49:7e:c2:d4:65:09:b6:65:92:26:29:
                    67:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:F5:8E:4A:7A:5D:FC:39:98:94:23:C9:FC:81:51:8A:6E:4D:85:99
            X509v3 Authority Key Identifier:
                keyid:DF:D0:FB:C4:DE:81:EE:27:27:AB:A3:E9:10:AF:CD:2A:53:A6:64:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/39D7xN6B7icnq6PpEK_NKlOmZAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/245873-1ca7-4b71-b220-edb0418cac4d/1/3_WOSnpd_DmYlCPJ_IFRim5NhZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/245873-1ca7-4b71-b220-edb0418cac4d/1/39D7xN6B7icnq6PpEK_NKlOmZAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:6a:cd:b7:39:e3:92:a2:37:38:5a:77:20:0e:3d:3f:92:39:
         0b:44:56:12:91:02:ba:02:4d:8e:02:a2:18:9a:5b:2e:ee:af:
         18:dd:1f:e9:6f:e6:b2:e3:2d:4c:c1:d1:cc:35:b8:5f:71:78:
         a8:c6:64:74:80:55:b2:64:47:2d:6a:2b:c5:01:ee:72:43:6b:
         d7:4e:ef:18:25:81:49:91:68:5c:1c:56:76:52:6d:84:58:74:
         b2:0d:17:d3:d5:77:16:72:ff:bf:4d:3f:4a:58:65:82:25:dd:
         a0:e9:cf:2d:5f:62:d8:b6:45:4b:2c:78:1b:cc:29:4b:48:e8:
         77:d1:d1:ef:3f:03:a9:b0:74:19:c6:79:d9:2f:c6:1a:da:bf:
         15:5b:24:a5:1c:59:c7:93:d4:e5:49:59:70:8e:7a:0d:58:c5:
         51:ae:64:93:ff:77:a3:4b:7b:c9:c3:22:ac:43:11:a5:1f:68:
         20:9b:9b:04:55:5b:6b:b3:75:8e:b1:7f:71:7c:6b:14:c4:4c:
         ce:91:8c:14:4a:3b:3c:bf:47:f8:2f:c4:56:8e:99:68:e2:bc:
         88:95:23:a6:0b:30:bf:7a:94:b4:57:0d:2b:3c:45:9f:17:c0:
         0d:5d:11:f7:f7:77:06:43:f7:c3:a3:20:a8:b2:c7:f7:9f:3e:
         ae:cd:87:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5yfrWo8frCn+Cerjyg6s7cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZDBmYmM0ZGU4MWVlMjcyN2FiYTNlOTEwYWZjZDJhNTNh
NjY0MGMwHhcNMjYwNTI5MDY0OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmY1OGU0YTdhNWRmYzM5OTg5NDIzYzlmYzgxNTE4YTZlNGQ4NTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszBQVTsFB7hVHLINPsR0VQMUO/eh
HI3zInt7mxwXRqM/uHzMsZ2Qmq75esWeUrgdSBW9RhIIYy+EpxykyBoxSw09wiFT
zLjURGOzBkfrKR1I/60Pnm0jZIfIXt54zFM45MGvW9LhgOvb/ohEpj+oGaYKKhOd
a41zLJnovfG3rqS1wz1wuU5JwTEGH7BzmpEELKbYvsN+U+IFtvMbQzPW5nqxugun
FzkrePIuRoyC5ySMJuk/G8iWbTNWWvzzx/6lePFlTpDDELnhQHBwT7HLk/rw3cFn
27hRau9dsb2PHpzW/sdamhWumlXifhPboMmHq7JnSX7C1GUJtmWSJilnUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/1jkp6Xfw5mJQjyfyBUYpuTYWZMB8GA1UdIwQY
MBaAFN/Q+8Tege4nJ6uj6RCvzSpTpmQMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzlEN3hONkI3aWNucTZQcEVLX05LbE9tWkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8yNDU4NzMtMWNhNy00YjcxLWIyMjAt
ZWRiMDQxOGNhYzRkLzEvM19XT1NucGRfRG1ZbENQSl9JRlJpbTVOaFprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8yNDU4NzMtMWNhNy00YjcxLWIyMjAtZWRiMDQxOGNhYzRk
LzEvMzlEN3hONkI3aWNucTZQcEVLX05LbE9tWkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYpNMA0G
CSqGSIb3DQEBCwUAA4IBAQBkas23OeOSojc4WncgDj0/kjkLRFYSkQK6Ak2OAqIY
mlsu7q8Y3R/pb+ay4y1MwdHMNbhfcXioxmR0gFWyZEctaivFAe5yQ2vXTu8YJYFJ
kWhcHFZ2Um2EWHSyDRfT1XcWcv+/TT9KWGWCJd2g6c8tX2LYtkVLLHgbzClLSOh3
0dHvPwOpsHQZxnnZL8Ya2r8VWySlHFnHk9TlSVlwjnoNWMVRrmST/3ejS3vJwyKs
QxGlH2ggm5sEVVtrs3WOsX9xfGsUxEzOkYwUSjs8v0f4L8RWjplo4ryIlSOmCzC/
epS0Vw0rPEWfF8ANXRH393cGQ/fDoyCossf3nz6uzYeu
-----END CERTIFICATE-----