Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/b553ff-f4e6-45c6-b642-28b5037919d8/1/rnWVqX9eqFovrfevk0O-IB3LWLk.roa
File:                     rnWVqX9eqFovrfevk0O-IB3LWLk.roa (raw, json)
Hash identifier:          ivGFQd6C7WoMv4mXwi+meW326o68B9VxwgqnEk1HlCI=
Subject key identifier:   AE:75:95:A9:7F:5E:A8:5A:2F:AD:F7:AF:93:43:BE:20:1D:CB:58:B9
Certificate issuer:       /CN=3b8586e27e45368d39101fe2fcf534aed1c46a50
Certificate serial:       019D8FAC956DB928435891A32D2A22C8FF7C
Authority key identifier: 3B:85:86:E2:7E:45:36:8D:39:10:1F:E2:FC:F5:34:AE:D1:C4:6A:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O4WG4n5FNo05EB_i_PU0rtHEalA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/b553ff-f4e6-45c6-b642-28b5037919d8/1/rnWVqX9eqFovrfevk0O-IB3LWLk.roa
Signing time:             Wed 15 Apr 2026 05:45:45 +0000
ROA not before:           Wed 15 Apr 2026 05:45:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12302
IP address blocks:        194.102.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/b553ff-f4e6-45c6-b642-28b5037919d8/1/O4WG4n5FNo05EB_i_PU0rtHEalA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/b553ff-f4e6-45c6-b642-28b5037919d8/1/O4WG4n5FNo05EB_i_PU0rtHEalA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O4WG4n5FNo05EB_i_PU0rtHEalA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8f:ac:95:6d:b9:28:43:58:91:a3:2d:2a:22:c8:ff:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b8586e27e45368d39101fe2fcf534aed1c46a50
        Validity
            Not Before: Apr 15 05:45:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ae7595a97f5ea85a2fadf7af9343be201dcb58b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:15:48:b9:7f:15:0c:c0:e8:f2:bc:7a:e5:b0:
                    ef:e7:d2:48:cc:4e:00:56:6d:a4:5f:36:8a:8c:df:
                    03:e1:b2:c1:a4:88:80:e8:c6:61:05:7f:9d:0c:a6:
                    27:b4:eb:49:38:cc:2c:a3:97:11:11:3e:a6:a5:6c:
                    58:40:a8:ea:98:89:4e:22:f5:ea:10:85:f0:d0:8d:
                    c5:61:20:3e:6f:22:fc:85:c7:4d:3e:9e:b3:00:94:
                    56:86:1b:dc:b8:4a:66:de:d8:7d:20:c4:54:f7:f6:
                    e8:f6:ad:25:93:66:f9:ab:f2:e3:31:ad:be:79:34:
                    78:f0:03:99:7d:41:46:eb:12:17:f9:9a:80:e3:66:
                    66:4f:5e:8d:59:87:03:b1:ae:e3:c0:75:40:3b:e0:
                    b2:37:25:21:f9:f6:a8:ac:1f:11:29:db:85:67:6a:
                    dc:5c:e3:88:50:87:18:9f:d1:e1:60:f9:5d:f4:3a:
                    b7:71:29:c9:82:3a:6d:6c:8f:24:6f:7e:89:02:b6:
                    9a:fc:0a:94:9e:16:cc:f9:e5:87:3d:fb:3c:5b:3e:
                    3d:2a:ca:7f:e1:cb:73:1a:7e:ff:dd:a9:4a:b1:9a:
                    c2:fd:48:e3:46:1f:75:79:5d:49:5b:e8:d1:90:b3:
                    45:f0:81:70:cf:77:b3:a8:4e:99:63:30:7a:d2:4c:
                    e2:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:75:95:A9:7F:5E:A8:5A:2F:AD:F7:AF:93:43:BE:20:1D:CB:58:B9
            X509v3 Authority Key Identifier:
                keyid:3B:85:86:E2:7E:45:36:8D:39:10:1F:E2:FC:F5:34:AE:D1:C4:6A:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O4WG4n5FNo05EB_i_PU0rtHEalA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/b553ff-f4e6-45c6-b642-28b5037919d8/1/rnWVqX9eqFovrfevk0O-IB3LWLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/b553ff-f4e6-45c6-b642-28b5037919d8/1/O4WG4n5FNo05EB_i_PU0rtHEalA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:86:07:1f:ad:f1:43:bc:06:67:c3:a2:7c:8b:39:17:e2:fb:
         73:38:a3:83:b3:7f:8a:d8:b5:ae:44:f6:fc:b9:c7:67:57:75:
         b8:08:8f:8f:67:61:cd:9f:56:f1:7e:11:6b:6d:40:5e:03:50:
         64:a8:c9:71:3b:9f:48:a0:3a:cd:ca:b6:e2:b6:e2:a5:54:e2:
         12:fa:c3:48:30:b9:0f:47:a2:80:ef:38:c4:87:46:7f:f2:81:
         1b:11:7f:f7:11:e3:f6:80:95:c2:49:79:f5:5e:01:16:4e:f4:
         d2:9e:60:f8:46:aa:cc:5a:b1:03:ef:28:e6:e8:da:c2:bd:fd:
         00:c9:26:28:a0:58:ba:35:39:fc:3b:93:78:c4:8b:91:4e:14:
         c7:e2:68:b1:d8:52:c5:70:1c:ab:2b:f1:8d:08:d9:87:5a:0f:
         b7:dc:89:48:ed:63:87:ae:f5:6e:8d:df:26:f1:31:21:4d:8d:
         d9:22:d7:95:6b:b6:e0:fb:0d:18:5c:3d:99:0c:dc:01:9a:11:
         62:c3:4a:c4:20:19:42:25:4a:09:ff:48:d2:88:af:e4:16:1e:
         14:61:b9:e9:00:b8:59:98:c4:85:0d:11:97:9b:a2:e8:d0:7e:
         a2:69:62:57:7e:83:53:6b:28:9e:d1:84:32:fd:d1:b1:20:28:
         48:b6:30:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2PrJVtuShDWJGjLSoiyP98MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiODU4NmUyN2U0NTM2OGQzOTEwMWZlMmZjZjUzNGFlZDFj
NDZhNTAwHhcNMjYwNDE1MDU0NTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTc1OTVhOTdmNWVhODVhMmZhZGY3YWY5MzQzYmUyMDFkY2I1OGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBVIuX8VDMDo8rx65bDv59JIzE4A
Vm2kXzaKjN8D4bLBpIiA6MZhBX+dDKYntOtJOMwso5cRET6mpWxYQKjqmIlOIvXq
EIXw0I3FYSA+byL8hcdNPp6zAJRWhhvcuEpm3th9IMRU9/bo9q0lk2b5q/LjMa2+
eTR48AOZfUFG6xIX+ZqA42ZmT16NWYcDsa7jwHVAO+CyNyUh+faorB8RKduFZ2rc
XOOIUIcYn9HhYPld9Dq3cSnJgjptbI8kb36JAraa/AqUnhbM+eWHPfs8Wz49Ksp/
4ctzGn7/3alKsZrC/UjjRh91eV1JW+jRkLNF8IFwz3ezqE6ZYzB60kziwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK51lal/XqhaL633r5NDviAdy1i5MB8GA1UdIwQY
MBaAFDuFhuJ+RTaNORAf4vz1NK7RxGpQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzRXRzRuNUZObzA1RUJfaV9QVTBydEhFYWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9iNTUzZmYtZjRlNi00NWM2LWI2NDIt
MjhiNTAzNzkxOWQ4LzEvcm5XVnFYOWVxRm92cmZldmswTy1JQjNMV0xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9iNTUzZmYtZjRlNi00NWM2LWI2NDItMjhiNTAzNzkxOWQ4
LzEvTzRXRzRuNUZObzA1RUJfaV9QVTBydEhFYWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmbfMA0G
CSqGSIb3DQEBCwUAA4IBAQBFhgcfrfFDvAZnw6J8izkX4vtzOKODs3+K2LWuRPb8
ucdnV3W4CI+PZ2HNn1bxfhFrbUBeA1BkqMlxO59IoDrNyrbituKlVOIS+sNIMLkP
R6KA7zjEh0Z/8oEbEX/3EeP2gJXCSXn1XgEWTvTSnmD4RqrMWrED7yjm6NrCvf0A
ySYooFi6NTn8O5N4xIuRThTH4mix2FLFcByrK/GNCNmHWg+33IlI7WOHrvVujd8m
8TEhTY3ZIteVa7bg+w0YXD2ZDNwBmhFiw0rEIBlCJUoJ/0jSiK/kFh4UYbnpALhZ
mMSFDRGXm6Lo0H6iaWJXfoNTayie0YQy/dGxIChItjBg
-----END CERTIFICATE-----