Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/8dc2c7-3fc0-446d-807c-ef6c9ead611c/1/TDJw8c2ugNuZzTvDh-dhjlcAHEQ.roa
File:                     TDJw8c2ugNuZzTvDh-dhjlcAHEQ.roa (raw, json)
Hash identifier:          i8ViOgSKUgk23gc5KboIyTVKvb8lTiASE07Nhp1UbTE=
Subject key identifier:   4C:32:70:F1:CD:AE:80:DB:99:CD:3B:C3:87:E7:61:8E:57:00:1C:44
Certificate issuer:       /CN=3bdfd7604dfa0eb8ae20e90fcf130393b8a8564a
Certificate serial:       019D6C247057BDEE8719C029FE7AA7A11FFD
Authority key identifier: 3B:DF:D7:60:4D:FA:0E:B8:AE:20:E9:0F:CF:13:03:93:B8:A8:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O9_XYE36DriuIOkPzxMDk7ioVko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/8dc2c7-3fc0-446d-807c-ef6c9ead611c/1/TDJw8c2ugNuZzTvDh-dhjlcAHEQ.roa
Signing time:             Wed 08 Apr 2026 08:10:20 +0000
ROA not before:           Wed 08 Apr 2026 08:10:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50139
IP address blocks:        130.255.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/8dc2c7-3fc0-446d-807c-ef6c9ead611c/1/O9_XYE36DriuIOkPzxMDk7ioVko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/8dc2c7-3fc0-446d-807c-ef6c9ead611c/1/O9_XYE36DriuIOkPzxMDk7ioVko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O9_XYE36DriuIOkPzxMDk7ioVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6c:24:70:57:bd:ee:87:19:c0:29:fe:7a:a7:a1:1f:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bdfd7604dfa0eb8ae20e90fcf130393b8a8564a
        Validity
            Not Before: Apr  8 08:10:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c3270f1cdae80db99cd3bc387e7618e57001c44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:05:1a:26:b3:c2:ca:65:52:c7:db:1e:08:31:
                    f4:6c:96:0d:23:3b:2f:cd:01:9a:60:1d:a2:39:fc:
                    5a:3d:8f:6a:ad:90:d4:79:c4:9d:5e:0a:6f:dc:e5:
                    fd:b1:62:68:98:a1:4e:f4:b3:ab:5b:46:39:d8:f4:
                    26:ce:de:cc:dc:3b:ca:8d:4a:21:2e:9d:1f:1a:22:
                    cd:8e:c2:ec:50:c5:24:00:ac:76:77:c6:84:f5:f8:
                    9c:57:11:97:33:b1:39:07:c2:78:e4:25:6e:f9:f6:
                    5a:fb:cb:ae:36:a9:69:c1:f8:6b:38:32:0e:be:ba:
                    72:33:58:8c:1a:71:41:9b:b7:39:dc:bc:31:88:37:
                    ab:91:e2:07:fa:fb:c5:1a:a4:4c:37:6f:51:32:80:
                    f2:b0:71:89:8f:3e:65:06:54:c8:4e:66:61:cd:4a:
                    bf:fd:70:7b:80:a8:5d:ee:9a:98:7c:25:b1:1d:d5:
                    01:7d:37:82:fe:5c:4e:06:9a:05:8f:9f:b6:6f:42:
                    23:f1:0b:06:c9:bb:db:0c:3c:9b:9d:2f:c1:4e:06:
                    dd:df:ae:66:5c:85:29:99:c6:28:82:75:b1:d9:21:
                    04:0d:b8:2c:b3:48:ac:8f:9c:0f:18:cd:ed:c4:06:
                    6d:e6:0f:df:25:6b:38:d1:27:13:a6:0d:d4:06:8b:
                    60:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:32:70:F1:CD:AE:80:DB:99:CD:3B:C3:87:E7:61:8E:57:00:1C:44
            X509v3 Authority Key Identifier:
                keyid:3B:DF:D7:60:4D:FA:0E:B8:AE:20:E9:0F:CF:13:03:93:B8:A8:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O9_XYE36DriuIOkPzxMDk7ioVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/8dc2c7-3fc0-446d-807c-ef6c9ead611c/1/TDJw8c2ugNuZzTvDh-dhjlcAHEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/8dc2c7-3fc0-446d-807c-ef6c9ead611c/1/O9_XYE36DriuIOkPzxMDk7ioVko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.255.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:98:95:02:23:7c:7f:42:8b:f1:77:90:8a:51:d9:9e:9d:33:
         8a:4f:92:ef:2e:ef:40:ca:31:a7:55:2f:9a:8c:8b:19:38:f2:
         7f:87:44:8b:3e:73:82:cf:26:c5:62:c8:38:e4:25:b6:00:32:
         6e:6c:b3:d5:dc:f5:74:54:48:ef:43:4a:7e:62:33:b9:a6:62:
         ce:53:a6:13:94:aa:b9:e5:35:bc:4f:84:af:b1:f0:81:fd:42:
         cc:b4:da:8f:1f:24:04:82:37:f0:96:45:2b:96:8f:4f:ce:93:
         9d:21:2b:ab:88:03:7a:5c:59:c8:4c:09:80:60:00:7e:f0:cc:
         68:18:0d:d3:7c:91:1a:72:cb:b4:72:72:79:84:b3:42:19:44:
         b1:32:ec:6f:d6:cb:e0:f1:da:0d:c1:de:ed:25:3a:50:88:3f:
         d8:e6:07:aa:d0:e0:46:74:d4:15:fd:2a:cc:0d:68:ba:e7:61:
         70:3e:e7:b4:ca:25:29:95:2f:4e:1d:1a:9d:a2:d6:46:01:13:
         d8:55:99:2a:99:6b:4f:10:a8:9a:e2:22:54:2a:01:7c:fa:94:
         dc:fa:1d:47:21:e4:e7:a8:7b:0e:4e:9a:d1:a4:f7:ce:ad:5d:
         99:1b:75:02:77:e1:b2:c3:2d:3e:0f:17:2c:01:ee:8f:7b:cd:
         3d:d3:a1:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1sJHBXve6HGcAp/nqnoR/9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZGZkNzYwNGRmYTBlYjhhZTIwZTkwZmNmMTMwMzkzYjhh
ODU2NGEwHhcNMjYwNDA4MDgxMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzMyNzBmMWNkYWU4MGRiOTljZDNiYzM4N2U3NjE4ZTU3MDAxYzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAUaJrPCymVSx9seCDH0bJYNIzsv
zQGaYB2iOfxaPY9qrZDUecSdXgpv3OX9sWJomKFO9LOrW0Y52PQmzt7M3DvKjUoh
Lp0fGiLNjsLsUMUkAKx2d8aE9ficVxGXM7E5B8J45CVu+fZa+8uuNqlpwfhrODIO
vrpyM1iMGnFBm7c53LwxiDerkeIH+vvFGqRMN29RMoDysHGJjz5lBlTITmZhzUq/
/XB7gKhd7pqYfCWxHdUBfTeC/lxOBpoFj5+2b0Ij8QsGybvbDDybnS/BTgbd365m
XIUpmcYognWx2SEEDbgss0isj5wPGM3txAZt5g/fJWs40ScTpg3UBotgjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwycPHNroDbmc07w4fnYY5XABxEMB8GA1UdIwQY
MBaAFDvf12BN+g64riDpD88TA5O4qFZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzlfWFlFMzZEcml1SU9rUHp4TURrN2lvVmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS84ZGMyYzctM2ZjMC00NDZkLTgwN2Mt
ZWY2YzllYWQ2MTFjLzEvVERKdzhjMnVnTnVaelR2RGgtZGhqbGNBSEVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS84ZGMyYzctM2ZjMC00NDZkLTgwN2MtZWY2YzllYWQ2MTFj
LzEvTzlfWFlFMzZEcml1SU9rUHp4TURrN2lvVmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgv+tMA0G
CSqGSIb3DQEBCwUAA4IBAQBGmJUCI3x/Qovxd5CKUdmenTOKT5LvLu9AyjGnVS+a
jIsZOPJ/h0SLPnOCzybFYsg45CW2ADJubLPV3PV0VEjvQ0p+YjO5pmLOU6YTlKq5
5TW8T4SvsfCB/ULMtNqPHyQEgjfwlkUrlo9PzpOdISuriAN6XFnITAmAYAB+8Mxo
GA3TfJEacsu0cnJ5hLNCGUSxMuxv1svg8doNwd7tJTpQiD/Y5geq0OBGdNQV/SrM
DWi652FwPue0yiUplS9OHRqdotZGARPYVZkqmWtPEKia4iJUKgF8+pTc+h1HIeTn
qHsOTprRpPfOrV2ZG3UCd+Gywy0+DxcsAe6Pe80906Em
-----END CERTIFICATE-----