Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/hoZB4uwEY_q6KMB_f7K8Wv-PN1E.roa
File:                     hoZB4uwEY_q6KMB_f7K8Wv-PN1E.roa (raw, json)
Hash identifier:          oRaNPiY2nbAHYZp302rtEoBRBq8TpuSrhYRfxHIcF88=
Subject key identifier:   86:86:41:E2:EC:04:63:FA:BA:28:C0:7F:7F:B2:BC:5A:FF:8F:37:51
Certificate issuer:       /CN=3a3c63cbd934825e55bbe359cb7306869ed451cd
Certificate serial:       019D3E45D730E553CC070100D4DA4D42982F
Authority key identifier: 3A:3C:63:CB:D9:34:82:5E:55:BB:E3:59:CB:73:06:86:9E:D4:51:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/hoZB4uwEY_q6KMB_f7K8Wv-PN1E.roa
Signing time:             Mon 30 Mar 2026 10:24:17 +0000
ROA not before:           Mon 30 Mar 2026 10:24:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25264
IP address blocks:        109.206.252.0/24 maxlen: 24
                          109.206.253.0/24 maxlen: 24
                          109.206.254.0/24 maxlen: 24
                          109.206.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3e:45:d7:30:e5:53:cc:07:01:00:d4:da:4d:42:98:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a3c63cbd934825e55bbe359cb7306869ed451cd
        Validity
            Not Before: Mar 30 10:24:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=868641e2ec0463faba28c07f7fb2bc5aff8f3751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d2:54:44:a2:04:9b:e7:95:34:ff:8e:bc:22:
                    16:93:2e:01:a3:c3:b4:1a:50:0d:9b:2e:de:a6:83:
                    b4:fa:99:4e:f0:22:2b:48:93:2b:67:48:5e:3e:07:
                    a3:05:ba:2b:9c:44:93:c0:8e:12:df:75:49:88:b1:
                    92:36:ad:2d:6b:90:e1:9d:42:ab:ee:b6:14:2a:3e:
                    9f:d8:0c:b6:e8:dd:a3:50:52:bf:bb:b1:01:26:7a:
                    7a:9f:49:e1:e8:dd:0a:bb:f9:1f:d4:f2:da:16:6c:
                    13:5b:d5:b3:9f:69:1d:37:8d:5c:d1:17:41:fc:93:
                    e1:78:46:66:9a:05:e7:86:c7:ef:4d:67:8b:ac:9f:
                    e7:0b:54:3b:71:da:92:10:d2:95:6c:a5:7c:dc:48:
                    c4:f2:9e:64:e3:1f:37:62:c7:27:15:10:09:3e:6c:
                    08:69:54:18:15:c3:45:f9:14:4b:6e:be:e2:fc:7e:
                    aa:c4:40:06:a5:a0:1a:df:6c:29:6e:9e:4f:c8:c7:
                    85:05:20:22:04:30:d5:3a:e4:10:33:8f:6c:99:a0:
                    6f:64:d9:55:24:fd:b8:96:d0:ea:40:07:eb:d5:d7:
                    b9:27:15:30:17:de:ab:d9:cf:52:52:f8:18:01:16:
                    be:fb:43:bc:52:95:25:3d:57:3c:dc:8c:af:c7:06:
                    c3:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:86:41:E2:EC:04:63:FA:BA:28:C0:7F:7F:B2:BC:5A:FF:8F:37:51
            X509v3 Authority Key Identifier:
                keyid:3A:3C:63:CB:D9:34:82:5E:55:BB:E3:59:CB:73:06:86:9E:D4:51:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/hoZB4uwEY_q6KMB_f7K8Wv-PN1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.206.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:31:84:0d:33:ac:bd:05:7f:ba:06:e7:f9:c6:cb:f0:89:9b:
         a3:82:b8:52:8e:89:03:d1:1d:cf:9c:c8:99:82:6f:79:66:e4:
         8e:60:f9:06:99:2e:6b:63:60:c2:26:2f:ac:21:57:31:fb:be:
         87:c7:32:5b:63:fb:cd:73:e3:8c:9a:f4:d2:ec:0e:69:4e:c9:
         3e:6f:52:cd:08:8d:a9:a6:1c:bc:79:62:64:2a:ba:2e:49:8a:
         7c:24:0e:7f:7c:a4:d1:b8:7f:95:f4:34:58:62:83:65:ec:76:
         75:f6:91:c0:17:79:78:e4:d7:df:ab:8c:3d:47:65:11:46:f6:
         1f:37:e4:de:3e:fb:d1:fb:43:da:f1:c3:c8:c5:10:6c:c9:da:
         6d:a1:00:f5:64:8d:67:91:91:56:b0:3f:d6:69:30:21:f4:9d:
         c2:a4:7f:7e:a1:03:ae:66:f1:6b:cb:f5:e9:7e:09:50:c1:b8:
         78:b7:17:91:b7:4c:b4:d8:16:9b:7e:7a:5b:f8:b5:f2:1d:06:
         05:bb:cc:d0:35:57:b4:06:99:c4:fa:a7:e8:41:d8:22:1e:33:
         d0:93:6f:96:65:41:0a:6f:13:0b:99:20:77:4c:7c:14:0a:6a:
         7e:4d:2f:05:98:9e:d9:12:7f:33:c2:a0:bb:71:ce:11:28:80:
         03:88:30:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0+Rdcw5VPMBwEA1NpNQpgvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhM2M2M2NiZDkzNDgyNWU1NWJiZTM1OWNiNzMwNjg2OWVk
NDUxY2QwHhcNMjYwMzMwMTAyNDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njg2NDFlMmVjMDQ2M2ZhYmEyOGMwN2Y3ZmIyYmM1YWZmOGYzNzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtJURKIEm+eVNP+OvCIWky4Bo8O0
GlANmy7epoO0+plO8CIrSJMrZ0hePgejBbornESTwI4S33VJiLGSNq0ta5DhnUKr
7rYUKj6f2Ay26N2jUFK/u7EBJnp6n0nh6N0Ku/kf1PLaFmwTW9Wzn2kdN41c0RdB
/JPheEZmmgXnhsfvTWeLrJ/nC1Q7cdqSENKVbKV83EjE8p5k4x83YscnFRAJPmwI
aVQYFcNF+RRLbr7i/H6qxEAGpaAa32wpbp5PyMeFBSAiBDDVOuQQM49smaBvZNlV
JP24ltDqQAfr1de5JxUwF96r2c9SUvgYARa++0O8UpUlPVc83IyvxwbDywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaGQeLsBGP6uijAf3+yvFr/jzdRMB8GA1UdIwQY
MBaAFDo8Y8vZNIJeVbvjWctzBoae1FHNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2p4ank5azBnbDVWdS1OWnkzTUdocDdVVWMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zNzcwZjgtNjJmZS00MGE1LTk0YjUt
NTQ4ZTdlNGIxMDJiLzEvaG9aQjR1d0VZX3E2S01CX2Y3SzhXdi1QTjFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zNzcwZjgtNjJmZS00MGE1LTk0YjUtNTQ4ZTdlNGIxMDJi
LzEvT2p4ank5azBnbDVWdS1OWnkzTUdocDdVVWMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbc78MA0G
CSqGSIb3DQEBCwUAA4IBAQAWMYQNM6y9BX+6Buf5xsvwiZujgrhSjokD0R3PnMiZ
gm95ZuSOYPkGmS5rY2DCJi+sIVcx+76HxzJbY/vNc+OMmvTS7A5pTsk+b1LNCI2p
phy8eWJkKrouSYp8JA5/fKTRuH+V9DRYYoNl7HZ19pHAF3l45Nffq4w9R2URRvYf
N+TePvvR+0Pa8cPIxRBsydptoQD1ZI1nkZFWsD/WaTAh9J3CpH9+oQOuZvFry/Xp
fglQwbh4txeRt0y02Babfnpb+LXyHQYFu8zQNVe0BpnE+qfoQdgiHjPQk2+WZUEK
bxMLmSB3THwUCmp+TS8FmJ7ZEn8zwqC7cc4RKIADiDDp
-----END CERTIFICATE-----