Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/O4vFFK6LturH-tOvCL7dvJAVqgc.roa
File:                     O4vFFK6LturH-tOvCL7dvJAVqgc.roa (raw, json)
Hash identifier:          MtKHjo0OncbkpjKylbUKlu6dZVBHbPPJcw5CArd2U3U=
Subject key identifier:   3B:8B:C5:14:AE:8B:B6:EA:C7:FA:D3:AF:08:BE:DD:BC:90:15:AA:07
Certificate issuer:       /CN=36f76211f3c58f6c98af99cf65a6f1e8ff7c43ba
Certificate serial:       019B7C12340B71E538728D6A3B81BF14C58C
Authority key identifier: 36:F7:62:11:F3:C5:8F:6C:98:AF:99:CF:65:A6:F1:E8:FF:7C:43:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NvdiEfPFj2yYr5nPZabx6P98Q7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/O4vFFK6LturH-tOvCL7dvJAVqgc.roa
Signing time:             Fri 02 Jan 2026 00:18:46 +0000
ROA not before:           Fri 02 Jan 2026 00:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210350
IP address blocks:        185.230.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/NvdiEfPFj2yYr5nPZabx6P98Q7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/NvdiEfPFj2yYr5nPZabx6P98Q7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NvdiEfPFj2yYr5nPZabx6P98Q7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 21:16:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:34:0b:71:e5:38:72:8d:6a:3b:81:bf:14:c5:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36f76211f3c58f6c98af99cf65a6f1e8ff7c43ba
        Validity
            Not Before: Jan  2 00:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b8bc514ae8bb6eac7fad3af08beddbc9015aa07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a9:e0:47:c4:25:c3:be:27:60:9e:f6:7a:c1:
                    a5:37:0e:a8:4d:8a:8d:dc:16:a0:d6:48:96:99:93:
                    55:9a:0e:78:13:cd:9f:ec:4d:17:f6:53:94:04:2b:
                    f8:23:db:95:38:4c:da:01:a1:01:47:49:7e:95:bc:
                    26:89:c2:0b:b0:b0:2b:32:0b:a4:b4:fa:e7:cb:7c:
                    eb:90:02:bc:9f:ef:79:96:ea:97:60:e7:f9:51:94:
                    f2:ba:80:b0:5f:c6:dd:39:94:c3:09:07:f1:64:f9:
                    c0:25:3f:f2:7a:54:be:5e:7a:55:18:71:3c:ea:15:
                    ee:8d:76:e9:95:c3:d4:fb:9a:b7:89:61:c2:de:dd:
                    6f:fc:5e:f8:c6:be:a6:e4:b8:82:0b:d5:a2:76:c5:
                    8b:dd:11:08:1e:e4:83:c0:c6:55:22:2b:3f:60:06:
                    e2:f6:b1:53:d8:54:57:d5:4b:78:68:4a:c0:5d:68:
                    11:a0:b2:10:28:80:54:5e:99:a7:69:73:35:31:dc:
                    0d:e9:d1:70:35:cb:ba:bc:81:e3:f1:65:d2:9d:67:
                    53:87:2f:3b:65:bd:84:3f:87:5d:f2:94:b3:dd:89:
                    b3:a2:a7:a9:e1:31:2c:e1:bb:67:2d:24:dc:59:c1:
                    f9:63:28:89:5c:3e:58:aa:5a:0b:09:6f:6b:ee:6d:
                    d4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:8B:C5:14:AE:8B:B6:EA:C7:FA:D3:AF:08:BE:DD:BC:90:15:AA:07
            X509v3 Authority Key Identifier:
                keyid:36:F7:62:11:F3:C5:8F:6C:98:AF:99:CF:65:A6:F1:E8:FF:7C:43:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NvdiEfPFj2yYr5nPZabx6P98Q7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/O4vFFK6LturH-tOvCL7dvJAVqgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/NvdiEfPFj2yYr5nPZabx6P98Q7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:a1:5c:15:f9:6e:37:c2:75:27:a5:e5:25:cf:dc:1a:74:0b:
         42:67:29:22:73:fb:08:f2:c9:b9:4a:50:58:74:63:4d:e3:b0:
         58:73:1a:f7:ce:8c:f6:94:bd:32:9e:d2:2f:1b:11:cd:9f:e8:
         cd:8d:d5:d5:11:ef:35:06:e2:2b:91:c7:2a:9f:c3:9d:b0:34:
         c4:9b:b6:f2:42:3d:be:64:2a:20:3f:6b:4a:b6:d8:9f:30:fc:
         11:75:b4:f9:3b:65:8b:ec:b1:63:95:15:04:8e:2b:83:c7:c3:
         93:a4:1b:01:77:d2:b0:be:e7:5f:8d:aa:db:bc:59:ec:23:43:
         e1:8e:b5:9f:74:3e:79:60:25:cb:7a:60:88:ef:1a:ca:25:9c:
         e5:a6:fc:ac:51:69:da:74:c3:16:6a:71:ce:17:a4:86:a7:de:
         62:bf:15:a7:3a:d9:05:ed:f9:35:ef:af:3d:2a:ad:e3:24:cd:
         b2:a4:4a:9f:47:0e:31:6b:33:de:03:83:bb:00:38:06:7a:d0:
         7f:cc:9f:64:98:47:77:98:90:de:a9:e9:32:1b:0d:63:fc:4a:
         8c:72:c7:79:0c:65:b4:40:4a:83:3b:42:c9:5d:bc:75:b4:4b:
         d6:49:b3:22:5e:52:4c:a9:a1:69:b9:df:60:76:c6:7a:b9:77:
         b8:ba:ea:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EjQLceU4co1qO4G/FMWMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Zjc2MjExZjNjNThmNmM5OGFmOTljZjY1YTZmMWU4ZmY3
YzQzYmEwHhcNMjYwMTAyMDAxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjhiYzUxNGFlOGJiNmVhYzdmYWQzYWYwOGJlZGRiYzkwMTVhYTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqngR8Qlw74nYJ72esGlNw6oTYqN
3Bag1kiWmZNVmg54E82f7E0X9lOUBCv4I9uVOEzaAaEBR0l+lbwmicILsLArMguk
tPrny3zrkAK8n+95luqXYOf5UZTyuoCwX8bdOZTDCQfxZPnAJT/yelS+XnpVGHE8
6hXujXbplcPU+5q3iWHC3t1v/F74xr6m5LiCC9WidsWL3REIHuSDwMZVIis/YAbi
9rFT2FRX1Ut4aErAXWgRoLIQKIBUXpmnaXM1MdwN6dFwNcu6vIHj8WXSnWdThy87
Zb2EP4dd8pSz3Ymzoqep4TEs4btnLSTcWcH5YyiJXD5YqloLCW9r7m3U0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuLxRSui7bqx/rTrwi+3byQFaoHMB8GA1UdIwQY
MBaAFDb3YhHzxY9smK+Zz2Wm8ej/fEO6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnZkaUVmUEZqMnlZcjVuUFphYng2UDk4UTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9mY2FkMmQtODZkOS00MmIxLWIxMTUt
MmZjZjM5NjI1M2I4LzEvTzR2RkZLNkx0dXJILXRPdkNMN2R2SkFWcWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9mY2FkMmQtODZkOS00MmIxLWIxMTUtMmZjZjM5NjI1M2I4
LzEvTnZkaUVmUEZqMnlZcjVuUFphYng2UDk4UTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuebvMA0G
CSqGSIb3DQEBCwUAA4IBAQADoVwV+W43wnUnpeUlz9wadAtCZykic/sI8sm5SlBY
dGNN47BYcxr3zoz2lL0yntIvGxHNn+jNjdXVEe81BuIrkccqn8OdsDTEm7byQj2+
ZCogP2tKttifMPwRdbT5O2WL7LFjlRUEjiuDx8OTpBsBd9KwvudfjarbvFnsI0Ph
jrWfdD55YCXLemCI7xrKJZzlpvysUWnadMMWanHOF6SGp95ivxWnOtkF7fk17689
Kq3jJM2ypEqfRw4xazPeA4O7ADgGetB/zJ9kmEd3mJDeqekyGw1j/EqMcsd5DGW0
QEqDO0LJXbx1tEvWSbMiXlJMqaFpud9gdsZ6uXe4uurc
-----END CERTIFICATE-----