Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/b553ff-f4e6-45c6-b642-28b5037919d8/1/rZsOxkLzrWkNoLU39zK5NWcPBZ4.roa
File:                     rZsOxkLzrWkNoLU39zK5NWcPBZ4.roa (raw, json)
Hash identifier:          gmXylVZppIFvB02SB5eduGVSfGJU8u2Cj+PDV9pwk1s=
Subject key identifier:   AD:9B:0E:C6:42:F3:AD:69:0D:A0:B5:37:F7:32:B9:35:67:0F:05:9E
Certificate issuer:       /CN=3b8586e27e45368d39101fe2fcf534aed1c46a50
Certificate serial:       019D8FAC9749AAC99F82D945C1783C4FEA5E
Authority key identifier: 3B:85:86:E2:7E:45:36:8D:39:10:1F:E2:FC:F5:34:AE:D1:C4:6A:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O4WG4n5FNo05EB_i_PU0rtHEalA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/b553ff-f4e6-45c6-b642-28b5037919d8/1/rZsOxkLzrWkNoLU39zK5NWcPBZ4.roa
Signing time:             Wed 15 Apr 2026 05:45:45 +0000
ROA not before:           Wed 15 Apr 2026 05:45:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21294
IP address blocks:        194.102.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/b553ff-f4e6-45c6-b642-28b5037919d8/1/O4WG4n5FNo05EB_i_PU0rtHEalA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/b553ff-f4e6-45c6-b642-28b5037919d8/1/O4WG4n5FNo05EB_i_PU0rtHEalA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O4WG4n5FNo05EB_i_PU0rtHEalA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8f:ac:97:49:aa:c9:9f:82:d9:45:c1:78:3c:4f:ea:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b8586e27e45368d39101fe2fcf534aed1c46a50
        Validity
            Not Before: Apr 15 05:45:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad9b0ec642f3ad690da0b537f732b935670f059e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:69:10:e3:55:84:60:07:11:4a:5f:32:6a:42:
                    33:8d:e1:48:dc:0a:a5:a0:d4:16:83:5f:11:99:ce:
                    df:ed:61:52:00:4b:09:4b:e5:98:86:2c:b1:47:bd:
                    a1:88:9f:b9:3d:f6:18:f1:af:9c:3e:14:bf:64:fa:
                    cc:e3:ee:c4:ff:1a:66:cd:20:b6:21:b1:13:bc:8a:
                    00:f6:c2:1c:25:b6:0d:47:23:8e:4e:74:a4:20:b5:
                    99:53:cc:4a:1b:23:07:c5:90:47:02:05:d0:2f:41:
                    83:58:af:6d:74:d0:b0:be:10:5b:a1:d5:43:7d:ee:
                    07:07:ff:59:d6:32:d7:32:c6:0a:14:34:26:01:43:
                    ac:d7:85:a4:01:9a:a6:09:b5:8d:a2:3e:b4:cc:c4:
                    a1:bd:7f:93:0c:06:44:88:8e:73:1f:65:6f:58:2f:
                    eb:5d:cf:84:11:5b:c1:0b:f0:dd:3c:71:0d:f5:8c:
                    af:4d:6b:b0:35:6d:5c:a3:fa:34:f8:d2:38:49:f5:
                    3d:1d:b2:46:4a:38:26:61:e6:57:89:9f:e6:c0:be:
                    11:3c:01:19:2d:51:46:a3:fd:dc:7a:50:30:a6:f7:
                    26:4b:3b:1f:7f:e1:90:ec:9a:72:b4:b2:99:f1:2a:
                    3e:ca:8d:d1:17:3c:b7:6b:95:02:ce:a8:b9:61:48:
                    31:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:9B:0E:C6:42:F3:AD:69:0D:A0:B5:37:F7:32:B9:35:67:0F:05:9E
            X509v3 Authority Key Identifier:
                keyid:3B:85:86:E2:7E:45:36:8D:39:10:1F:E2:FC:F5:34:AE:D1:C4:6A:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O4WG4n5FNo05EB_i_PU0rtHEalA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/b553ff-f4e6-45c6-b642-28b5037919d8/1/rZsOxkLzrWkNoLU39zK5NWcPBZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/b553ff-f4e6-45c6-b642-28b5037919d8/1/O4WG4n5FNo05EB_i_PU0rtHEalA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:2e:44:cf:29:ef:98:69:f5:ca:76:8b:64:8a:26:4a:2b:89:
         77:51:5e:41:db:59:74:c6:22:5c:81:61:18:8c:47:21:5e:2d:
         93:1d:e8:86:1c:79:bc:a9:b2:81:f0:54:8b:55:70:f0:a6:fd:
         ed:16:c0:56:51:d9:91:7c:5f:a1:a8:09:a2:c0:4f:fe:1c:86:
         f6:29:3f:a3:d3:95:ec:57:e0:9f:67:4b:17:98:bd:6c:ed:1b:
         b4:af:92:fd:59:ec:6e:e7:85:19:35:2c:f6:f6:c1:b4:41:95:
         ba:43:ff:8a:ed:4a:7b:ba:45:eb:24:62:74:65:48:2e:dc:c0:
         da:dc:ad:1f:55:4f:62:71:f0:f4:4c:1c:1f:6e:a1:3c:31:a3:
         da:c1:86:22:11:b7:c3:58:92:aa:8f:47:79:c0:bf:67:c1:5f:
         77:24:f7:24:b0:95:50:8b:9a:44:f8:50:f6:21:59:53:b6:22:
         4b:75:cc:42:8b:1a:c8:37:3a:10:93:ad:55:94:88:73:68:5d:
         5c:16:00:fa:0c:86:e9:22:0f:f8:40:16:14:73:02:01:2d:a6:
         8d:e6:8f:5c:cc:c3:3d:7a:93:9f:44:28:de:e3:88:fd:5e:fc:
         8e:3f:57:d5:a4:6f:6c:a3:f0:0c:12:94:cc:fc:4a:5d:2c:ce:
         e2:85:e4:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2PrJdJqsmfgtlFwXg8T+peMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiODU4NmUyN2U0NTM2OGQzOTEwMWZlMmZjZjUzNGFlZDFj
NDZhNTAwHhcNMjYwNDE1MDU0NTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDliMGVjNjQyZjNhZDY5MGRhMGI1MzdmNzMyYjkzNTY3MGYwNTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2kQ41WEYAcRSl8yakIzjeFI3Aql
oNQWg18Rmc7f7WFSAEsJS+WYhiyxR72hiJ+5PfYY8a+cPhS/ZPrM4+7E/xpmzSC2
IbETvIoA9sIcJbYNRyOOTnSkILWZU8xKGyMHxZBHAgXQL0GDWK9tdNCwvhBbodVD
fe4HB/9Z1jLXMsYKFDQmAUOs14WkAZqmCbWNoj60zMShvX+TDAZEiI5zH2VvWC/r
Xc+EEVvBC/DdPHEN9YyvTWuwNW1co/o0+NI4SfU9HbJGSjgmYeZXiZ/mwL4RPAEZ
LVFGo/3celAwpvcmSzsff+GQ7JpytLKZ8So+yo3RFzy3a5UCzqi5YUgxzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK2bDsZC861pDaC1N/cyuTVnDwWeMB8GA1UdIwQY
MBaAFDuFhuJ+RTaNORAf4vz1NK7RxGpQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzRXRzRuNUZObzA1RUJfaV9QVTBydEhFYWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9iNTUzZmYtZjRlNi00NWM2LWI2NDIt
MjhiNTAzNzkxOWQ4LzEvclpzT3hrTHpyV2tOb0xVMzl6SzVOV2NQQlo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9iNTUzZmYtZjRlNi00NWM2LWI2NDItMjhiNTAzNzkxOWQ4
LzEvTzRXRzRuNUZObzA1RUJfaV9QVTBydEhFYWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmbcMA0G
CSqGSIb3DQEBCwUAA4IBAQAbLkTPKe+YafXKdotkiiZKK4l3UV5B21l0xiJcgWEY
jEchXi2THeiGHHm8qbKB8FSLVXDwpv3tFsBWUdmRfF+hqAmiwE/+HIb2KT+j05Xs
V+CfZ0sXmL1s7Ru0r5L9Wexu54UZNSz29sG0QZW6Q/+K7Up7ukXrJGJ0ZUgu3MDa
3K0fVU9icfD0TBwfbqE8MaPawYYiEbfDWJKqj0d5wL9nwV93JPcksJVQi5pE+FD2
IVlTtiJLdcxCixrINzoQk61VlIhzaF1cFgD6DIbpIg/4QBYUcwIBLaaN5o9czMM9
epOfRCje44j9XvyOP1fVpG9so/AMEpTM/EpdLM7iheRO
-----END CERTIFICATE-----