Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/f16b51-5a22-4db4-b890-43125bf096b1/1/oUxyNiL8a-AOoVb7hvCWizwaEaI.roa
File:                     oUxyNiL8a-AOoVb7hvCWizwaEaI.roa (raw, json)
Hash identifier:          s30Arx9jmVniBQHeZV05te3a62N7rkcg5xppFWIofXA=
Subject key identifier:   A1:4C:72:36:22:FC:6B:E0:0E:A1:56:FB:86:F0:96:8B:3C:1A:11:A2
Certificate issuer:       /CN=901642c0d46f8d4e4c234c33afbef5a4839c6a22
Certificate serial:       019D9A4B51814BE57D99890D67A4D3797222
Authority key identifier: 90:16:42:C0:D4:6F:8D:4E:4C:23:4C:33:AF:BE:F5:A4:83:9C:6A:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kBZCwNRvjU5MI0wzr771pIOcaiI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/f16b51-5a22-4db4-b890-43125bf096b1/1/oUxyNiL8a-AOoVb7hvCWizwaEaI.roa
Signing time:             Fri 17 Apr 2026 07:15:20 +0000
ROA not before:           Fri 17 Apr 2026 07:15:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39686
IP address blocks:        185.30.56.0/24 maxlen: 24
                          2a00:52c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/f16b51-5a22-4db4-b890-43125bf096b1/1/kBZCwNRvjU5MI0wzr771pIOcaiI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/f16b51-5a22-4db4-b890-43125bf096b1/1/kBZCwNRvjU5MI0wzr771pIOcaiI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kBZCwNRvjU5MI0wzr771pIOcaiI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:4b:51:81:4b:e5:7d:99:89:0d:67:a4:d3:79:72:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=901642c0d46f8d4e4c234c33afbef5a4839c6a22
        Validity
            Not Before: Apr 17 07:15:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a14c723622fc6be00ea156fb86f0968b3c1a11a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f7:c1:b0:ae:61:8e:31:93:d3:3f:2c:bb:5f:
                    db:0c:aa:c7:a9:7d:65:11:3e:6a:f1:44:23:21:17:
                    36:97:b1:b5:62:be:d7:91:09:d5:cd:7f:11:75:af:
                    cb:99:6e:cd:da:00:c8:bd:ce:2a:ce:bd:77:9a:16:
                    b4:b0:e0:7e:6c:52:ee:1d:1c:78:c7:cd:41:20:d9:
                    79:cf:45:c5:a0:b2:cc:b8:42:b3:17:05:08:f8:bc:
                    b6:bf:56:81:3a:5c:f9:d1:85:54:59:d0:c7:f0:92:
                    cb:0d:aa:f7:a1:e0:75:c1:f4:fc:58:31:d0:17:14:
                    f2:0f:1e:33:a4:bc:6d:fc:cd:a8:c2:d7:10:84:3e:
                    af:7d:29:c8:c1:02:14:dc:e2:e3:6c:b4:fb:b4:79:
                    a2:39:bf:44:f2:18:6a:ec:64:98:4e:3e:5a:ea:7f:
                    69:fe:a3:15:a6:4b:7d:fc:1a:c6:04:8e:73:66:08:
                    d4:62:85:cd:43:0a:f7:37:fb:86:a0:0f:3f:ac:44:
                    5b:36:ea:bd:55:3c:90:f8:2a:b7:70:89:ca:18:77:
                    42:8b:9a:db:a9:93:4c:43:db:01:bc:22:df:d3:81:
                    4f:d6:55:7b:20:28:c9:44:26:33:b8:eb:73:b4:3f:
                    fe:2a:87:10:51:c5:13:7a:0f:b7:d1:20:96:75:19:
                    b8:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:4C:72:36:22:FC:6B:E0:0E:A1:56:FB:86:F0:96:8B:3C:1A:11:A2
            X509v3 Authority Key Identifier:
                keyid:90:16:42:C0:D4:6F:8D:4E:4C:23:4C:33:AF:BE:F5:A4:83:9C:6A:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kBZCwNRvjU5MI0wzr771pIOcaiI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/f16b51-5a22-4db4-b890-43125bf096b1/1/oUxyNiL8a-AOoVb7hvCWizwaEaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/f16b51-5a22-4db4-b890-43125bf096b1/1/kBZCwNRvjU5MI0wzr771pIOcaiI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.56.0/24
                IPv6:
                  2a00:52c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         20:bf:b7:d1:0a:db:d4:48:8d:39:f9:c9:93:e0:8e:6c:5a:98:
         0b:4c:d0:f1:68:2e:e6:1b:e9:2a:bd:d1:31:19:8d:62:b7:c3:
         fb:e7:6b:93:42:5c:59:58:80:9f:89:2b:92:60:b2:26:40:a8:
         39:66:1a:11:8e:19:f6:b7:67:be:01:27:2c:f1:32:28:98:52:
         0f:61:59:c4:56:00:48:b7:c8:cb:25:68:84:28:e6:d0:d9:f1:
         02:d9:22:96:de:1e:d6:ae:8d:58:32:52:8e:4d:c1:cb:cb:58:
         e9:67:dc:67:d0:63:63:46:ad:49:60:8d:e4:3d:1b:e4:9b:49:
         0c:00:1f:5b:30:83:16:e1:63:3b:87:b2:0e:90:ff:ee:7c:2c:
         23:1e:7f:fc:41:48:1d:f5:55:0e:63:dc:4b:16:de:73:12:4b:
         78:37:9b:e9:40:fe:61:fc:6a:f3:f6:51:07:4a:10:f1:14:40:
         f7:87:c0:c9:5b:f3:df:da:ee:cb:7d:bf:c6:3f:9b:7a:ee:e5:
         5b:98:04:c8:03:95:a8:92:0b:b2:c8:04:0a:da:7c:f3:45:b3:
         d6:b1:31:47:52:ec:b4:2f:c4:64:c0:89:1f:58:60:84:0c:13:
         47:82:fc:b4:aa:16:18:45:01:96:9b:7a:f3:be:97:f1:9c:38:
         c9:46:06:ef
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ2aS1GBS+V9mYkNZ6TTeXIiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwMTY0MmMwZDQ2ZjhkNGU0YzIzNGMzM2FmYmVmNWE0ODM5
YzZhMjIwHhcNMjYwNDE3MDcxNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTRjNzIzNjIyZmM2YmUwMGVhMTU2ZmI4NmYwOTY4YjNjMWExMWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArffBsK5hjjGT0z8su1/bDKrHqX1l
ET5q8UQjIRc2l7G1Yr7XkQnVzX8Rda/LmW7N2gDIvc4qzr13mha0sOB+bFLuHRx4
x81BINl5z0XFoLLMuEKzFwUI+Ly2v1aBOlz50YVUWdDH8JLLDar3oeB1wfT8WDHQ
FxTyDx4zpLxt/M2owtcQhD6vfSnIwQIU3OLjbLT7tHmiOb9E8hhq7GSYTj5a6n9p
/qMVpkt9/BrGBI5zZgjUYoXNQwr3N/uGoA8/rERbNuq9VTyQ+Cq3cInKGHdCi5rb
qZNMQ9sBvCLf04FP1lV7ICjJRCYzuOtztD/+KocQUcUTeg+30SCWdRm4UwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKFMcjYi/GvgDqFW+4bwlos8GhGiMB8GA1UdIwQY
MBaAFJAWQsDUb41OTCNMM6++9aSDnGoiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0JaQ3dOUnZqVTVNSTB3enI3NzFwSU9jYWlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9mMTZiNTEtNWEyMi00ZGI0LWI4OTAt
NDMxMjViZjA5NmIxLzEvb1V4eU5pTDhhLUFPb1ZiN2h2Q1dpendhRWFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9mMTZiNTEtNWEyMi00ZGI0LWI4OTAtNDMxMjViZjA5NmIx
LzEva0JaQ3dOUnZqVTVNSTB3enI3NzFwSU9jYWlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuR44MA0E
AgACMAcDBQAqAFLAMA0GCSqGSIb3DQEBCwUAA4IBAQAgv7fRCtvUSI05+cmT4I5s
WpgLTNDxaC7mG+kqvdExGY1it8P752uTQlxZWICfiSuSYLImQKg5ZhoRjhn2t2e+
AScs8TIomFIPYVnEVgBIt8jLJWiEKObQ2fEC2SKW3h7Wro1YMlKOTcHLy1jpZ9xn
0GNjRq1JYI3kPRvkm0kMAB9bMIMW4WM7h7IOkP/ufCwjHn/8QUgd9VUOY9xLFt5z
Ekt4N5vpQP5h/Grz9lEHShDxFED3h8DJW/Pf2u7Lfb/GP5t67uVbmATIA5Wokguy
yAQK2nzzRbPWsTFHUuy0L8RkwIkfWGCEDBNHgvy0qhYYRQGWm3rzvpfxnDjJRgbv
-----END CERTIFICATE-----