Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/6ce70e-fc58-4158-9852-cae1b1871a16/1/uk5oJnqF0PODLJKkwCtzhu53pDE.roa
File:                     uk5oJnqF0PODLJKkwCtzhu53pDE.roa (raw, json)
Hash identifier:          3F33zr53N9ca1op6IC6X2t9KJw98HAgichDRUnHN0LE=
Subject key identifier:   BA:4E:68:26:7A:85:D0:F3:83:2C:92:A4:C0:2B:73:86:EE:77:A4:31
Certificate issuer:       /CN=3a178bffe30cdb60e1490d2ea7e712f4049bf9e5
Certificate serial:       019D76C38C6F6BD680A647C092D7868E3217
Authority key identifier: 3A:17:8B:FF:E3:0C:DB:60:E1:49:0D:2E:A7:E7:12:F4:04:9B:F9:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OheL_-MM22DhSQ0up-cS9ASb-eU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/6ce70e-fc58-4158-9852-cae1b1871a16/1/uk5oJnqF0PODLJKkwCtzhu53pDE.roa
Signing time:             Fri 10 Apr 2026 09:40:20 +0000
ROA not before:           Fri 10 Apr 2026 09:40:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216334
IP address blocks:        194.55.236.0/24 maxlen: 24
                          194.55.238.0/24 maxlen: 24
                          194.55.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/6ce70e-fc58-4158-9852-cae1b1871a16/1/OheL_-MM22DhSQ0up-cS9ASb-eU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/6ce70e-fc58-4158-9852-cae1b1871a16/1/OheL_-MM22DhSQ0up-cS9ASb-eU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OheL_-MM22DhSQ0up-cS9ASb-eU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 12:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:76:c3:8c:6f:6b:d6:80:a6:47:c0:92:d7:86:8e:32:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a178bffe30cdb60e1490d2ea7e712f4049bf9e5
        Validity
            Not Before: Apr 10 09:40:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba4e68267a85d0f3832c92a4c02b7386ee77a431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:03:00:f4:1a:e5:38:6b:f0:44:79:42:c9:80:
                    a6:c3:73:40:d3:97:80:e8:c7:2a:74:68:54:35:5d:
                    79:6d:24:a3:dc:2c:d0:3b:f2:08:10:6f:21:17:7d:
                    2b:f8:90:02:46:69:31:f9:52:a2:25:82:0d:18:72:
                    56:62:74:43:d6:22:61:0a:de:17:52:55:1c:56:bc:
                    52:8c:18:ec:f8:c8:7c:86:27:0c:e3:1f:b4:c3:ff:
                    90:fa:79:a0:96:2e:62:f6:f0:fb:13:71:40:25:24:
                    d2:2c:eb:3f:87:5a:90:cd:4d:1c:4a:bb:f4:f0:75:
                    26:ec:39:16:24:5a:8a:51:8e:87:c0:71:99:57:96:
                    d6:91:79:d7:7d:8e:dc:72:d0:ea:2a:65:3f:dc:95:
                    e8:63:47:63:65:f1:3e:14:db:4e:ef:36:7e:54:d5:
                    64:5a:81:a7:f0:b1:0f:b0:7a:6e:d1:33:b6:0b:f1:
                    4a:76:64:73:68:4a:cd:98:7f:9f:56:a6:e0:c2:8f:
                    ec:3b:3f:92:58:f4:d2:86:15:49:90:eb:2c:ea:26:
                    db:a2:e1:01:de:57:15:92:dc:d4:9f:11:02:ea:6e:
                    31:85:f4:81:85:7f:b8:58:af:07:1e:85:ff:13:0b:
                    72:10:3e:9b:45:10:68:7f:05:ed:fa:f7:81:8c:6c:
                    ea:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:4E:68:26:7A:85:D0:F3:83:2C:92:A4:C0:2B:73:86:EE:77:A4:31
            X509v3 Authority Key Identifier:
                keyid:3A:17:8B:FF:E3:0C:DB:60:E1:49:0D:2E:A7:E7:12:F4:04:9B:F9:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OheL_-MM22DhSQ0up-cS9ASb-eU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/6ce70e-fc58-4158-9852-cae1b1871a16/1/uk5oJnqF0PODLJKkwCtzhu53pDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/6ce70e-fc58-4158-9852-cae1b1871a16/1/OheL_-MM22DhSQ0up-cS9ASb-eU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.55.236.0/24
                  194.55.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:4c:1b:8d:8b:c0:93:b1:1e:aa:2f:d3:38:30:6d:7b:54:8d:
         6b:02:ef:77:23:b9:3e:06:97:36:44:00:3e:68:8b:02:17:7c:
         83:cc:f3:79:d6:52:c6:44:72:aa:86:05:1c:41:7c:28:9f:61:
         4a:f6:56:e5:5c:df:32:ea:71:a9:f7:fc:06:99:0a:5a:91:3e:
         6a:32:f8:4f:f4:74:51:a9:0a:a1:69:4f:2c:27:78:d9:6d:d9:
         99:f7:7d:2b:4d:40:b4:01:1f:dc:56:ea:06:fd:9f:ef:79:a0:
         e5:58:68:d0:41:a7:29:34:ea:d3:14:ab:7d:da:ef:93:12:5b:
         f7:3f:80:60:61:f3:c0:40:92:32:ac:a9:d8:9d:a8:74:43:2c:
         fb:d3:4e:51:9b:5c:dc:4e:24:84:55:40:8a:70:32:e4:60:ae:
         cc:f0:0a:c6:6a:5c:89:bf:ba:3c:6c:bd:f3:c5:d4:29:57:d4:
         ef:41:96:35:0a:20:e2:89:24:77:9d:c1:00:b3:a6:4d:07:a7:
         6b:c6:c9:aa:11:93:4c:18:67:67:b6:e0:67:76:d2:4b:05:82:
         bc:8e:31:5d:0d:4c:7b:26:72:3f:25:d4:2a:83:8f:98:74:07:
         fa:d1:ce:d2:3d:cc:b6:0d:71:55:70:4b:d6:b1:17:fc:83:ca:
         d4:5a:7b:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ12w4xva9aApkfAkteGjjIXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMTc4YmZmZTMwY2RiNjBlMTQ5MGQyZWE3ZTcxMmY0MDQ5
YmY5ZTUwHhcNMjYwNDEwMDk0MDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTRlNjgyNjdhODVkMGYzODMyYzkyYTRjMDJiNzM4NmVlNzdhNDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQMA9BrlOGvwRHlCyYCmw3NA05eA
6McqdGhUNV15bSSj3CzQO/IIEG8hF30r+JACRmkx+VKiJYINGHJWYnRD1iJhCt4X
UlUcVrxSjBjs+Mh8hicM4x+0w/+Q+nmgli5i9vD7E3FAJSTSLOs/h1qQzU0cSrv0
8HUm7DkWJFqKUY6HwHGZV5bWkXnXfY7cctDqKmU/3JXoY0djZfE+FNtO7zZ+VNVk
WoGn8LEPsHpu0TO2C/FKdmRzaErNmH+fVqbgwo/sOz+SWPTShhVJkOss6ibbouEB
3lcVktzUnxEC6m4xhfSBhX+4WK8HHoX/EwtyED6bRRBofwXt+veBjGzqjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLpOaCZ6hdDzgyySpMArc4bud6QxMB8GA1UdIwQY
MBaAFDoXi//jDNtg4UkNLqfnEvQEm/nlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2hlTF8tTU0yMkRoU1EwdXAtY1M5QVNiLWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My82Y2U3MGUtZmM1OC00MTU4LTk4NTIt
Y2FlMWIxODcxYTE2LzEvdWs1b0pucUYwUE9ETEpLa3dDdHpodTUzcERFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My82Y2U3MGUtZmM1OC00MTU4LTk4NTItY2FlMWIxODcxYTE2
LzEvT2hlTF8tTU0yMkRoU1EwdXAtY1M5QVNiLWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwjfsAwQB
wjfuMA0GCSqGSIb3DQEBCwUAA4IBAQBtTBuNi8CTsR6qL9M4MG17VI1rAu93I7k+
Bpc2RAA+aIsCF3yDzPN51lLGRHKqhgUcQXwon2FK9lblXN8y6nGp9/wGmQpakT5q
MvhP9HRRqQqhaU8sJ3jZbdmZ930rTUC0AR/cVuoG/Z/veaDlWGjQQacpNOrTFKt9
2u+TElv3P4BgYfPAQJIyrKnYnah0Qyz7005Rm1zcTiSEVUCKcDLkYK7M8ArGalyJ
v7o8bL3zxdQpV9TvQZY1CiDiiSR3ncEAs6ZNB6drxsmqEZNMGGdntuBndtJLBYK8
jjFdDUx7JnI/JdQqg4+YdAf60c7SPcy2DXFVcEvWsRf8g8rUWnu3
-----END CERTIFICATE-----