Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/ae3cc8-ce74-4d57-819a-9fa02cc248e5/1/ocvm0IdE2g81VMWQHWvGerIOuso.roa
File:                     ocvm0IdE2g81VMWQHWvGerIOuso.roa (raw, json)
Hash identifier:          vva88+yWqRlVE96LUlXUKJ3JPb4q0jP0+58DLgtlF9A=
Subject key identifier:   A1:CB:E6:D0:87:44:DA:0F:35:54:C5:90:1D:6B:C6:7A:B2:0E:BA:CA
Certificate issuer:       /CN=4e89bb14e809aff3ec96308bd9ae8651a7e7762a
Certificate serial:       019B78A34912D930E67BF176D5462D11537A
Authority key identifier: 4E:89:BB:14:E8:09:AF:F3:EC:96:30:8B:D9:AE:86:51:A7:E7:76:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tom7FOgJr_PsljCL2a6GUafndio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/ae3cc8-ce74-4d57-819a-9fa02cc248e5/1/ocvm0IdE2g81VMWQHWvGerIOuso.roa
Signing time:             Thu 01 Jan 2026 08:18:45 +0000
ROA not before:           Thu 01 Jan 2026 08:18:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52144
IP address blocks:        185.247.152.0/22 maxlen: 24
                          195.20.144.0/24 maxlen: 24
                          2a03:e100::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/ae3cc8-ce74-4d57-819a-9fa02cc248e5/1/Tom7FOgJr_PsljCL2a6GUafndio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/ae3cc8-ce74-4d57-819a-9fa02cc248e5/1/Tom7FOgJr_PsljCL2a6GUafndio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tom7FOgJr_PsljCL2a6GUafndio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:49:12:d9:30:e6:7b:f1:76:d5:46:2d:11:53:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e89bb14e809aff3ec96308bd9ae8651a7e7762a
        Validity
            Not Before: Jan  1 08:18:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a1cbe6d08744da0f3554c5901d6bc67ab20ebaca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:51:bb:7a:c1:77:5d:45:5a:22:1d:70:11:58:
                    59:dd:02:42:09:b2:de:78:fe:3e:c2:fc:b9:f9:30:
                    d8:ae:39:db:8f:fc:60:7d:0a:60:55:90:10:00:68:
                    b2:b5:bb:40:5c:44:11:c7:0a:85:8b:f6:e6:44:ef:
                    1e:5f:e5:5a:7b:32:56:10:a3:ef:bc:61:08:88:f9:
                    e1:41:15:a0:0d:6d:38:d0:9e:f0:cf:ca:2e:54:6d:
                    dc:e5:74:72:a5:dc:72:13:4e:62:cb:0e:7e:bb:21:
                    75:d3:09:8e:05:03:80:af:a7:26:e9:71:63:86:79:
                    36:bb:fc:54:cd:55:43:0d:22:87:1b:96:d9:f8:99:
                    8d:fd:5f:f9:af:2e:6a:c8:a2:08:3d:ea:9f:90:b1:
                    c7:2d:13:02:b5:52:85:64:b3:c8:39:ce:8e:8e:62:
                    0e:70:6d:d0:30:74:a9:23:a2:24:79:dc:ad:de:05:
                    94:3a:97:67:28:dd:12:58:bc:b5:ae:07:58:45:07:
                    b5:68:2a:fa:0d:2b:de:3e:b3:8a:75:2b:05:07:f9:
                    95:d1:8c:88:91:93:d2:13:af:da:0b:8c:81:fd:b1:
                    fb:cf:09:f2:d5:64:a9:0f:83:ea:8a:01:70:8d:74:
                    06:35:f0:53:07:21:08:7f:65:bb:b2:3c:d4:3b:6b:
                    39:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:CB:E6:D0:87:44:DA:0F:35:54:C5:90:1D:6B:C6:7A:B2:0E:BA:CA
            X509v3 Authority Key Identifier:
                keyid:4E:89:BB:14:E8:09:AF:F3:EC:96:30:8B:D9:AE:86:51:A7:E7:76:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tom7FOgJr_PsljCL2a6GUafndio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ae3cc8-ce74-4d57-819a-9fa02cc248e5/1/ocvm0IdE2g81VMWQHWvGerIOuso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ae3cc8-ce74-4d57-819a-9fa02cc248e5/1/Tom7FOgJr_PsljCL2a6GUafndio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.247.152.0/22
                  195.20.144.0/24
                IPv6:
                  2a03:e100::/29

    Signature Algorithm: sha256WithRSAEncryption
         3f:eb:b2:2c:e2:57:e0:71:8e:69:a9:16:a0:00:5d:39:2d:cb:
         a2:11:8a:18:18:d6:84:a0:2a:42:63:5d:e1:7c:22:63:44:5c:
         a2:f2:5a:56:2a:67:1e:87:5e:6b:10:bb:f2:a4:48:65:b1:e0:
         2e:d6:4a:ce:05:d3:ad:e6:d5:60:ec:9c:9e:f8:bc:ec:42:04:
         31:c5:2d:1d:16:8e:4d:02:48:41:e6:c1:ea:4a:23:9a:10:5b:
         f7:2f:a9:ec:9c:34:c1:3c:c9:6c:bc:a3:52:42:0f:12:99:26:
         ad:2e:dc:22:e1:88:73:07:27:72:25:bc:cc:9c:d0:f7:a6:ff:
         0a:34:dd:51:c7:6b:1e:c2:65:49:2c:dc:6b:86:33:2e:9f:5b:
         d5:9f:32:61:42:ea:b7:03:cb:a9:ab:02:18:05:04:86:e6:7d:
         1d:44:81:57:9d:11:48:5c:cc:29:70:3b:c3:dd:c5:3c:7a:3e:
         1e:cf:16:d1:22:2f:49:bc:0c:09:0b:a7:f2:70:49:87:68:12:
         4c:f2:79:61:36:a7:47:6f:71:4f:1a:aa:ff:20:4e:3e:a1:bc:
         eb:64:7d:2d:45:33:2b:a2:f4:3f:ef:d7:2b:50:e9:b7:8c:a5:
         b1:42:c0:e2:3b:e5:0b:a7:3d:a2:0c:5f:43:42:ee:d0:67:4c:
         61:3b:f9:22
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt4o0kS2TDme/F21UYtEVN6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlODliYjE0ZTgwOWFmZjNlYzk2MzA4YmQ5YWU4NjUxYTdl
Nzc2MmEwHhcNMjYwMTAxMDgxODQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWNiZTZkMDg3NDRkYTBmMzU1NGM1OTAxZDZiYzY3YWIyMGViYWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3FG7esF3XUVaIh1wEVhZ3QJCCbLe
eP4+wvy5+TDYrjnbj/xgfQpgVZAQAGiytbtAXEQRxwqFi/bmRO8eX+VaezJWEKPv
vGEIiPnhQRWgDW040J7wz8ouVG3c5XRypdxyE05iyw5+uyF10wmOBQOAr6cm6XFj
hnk2u/xUzVVDDSKHG5bZ+JmN/V/5ry5qyKIIPeqfkLHHLRMCtVKFZLPIOc6OjmIO
cG3QMHSpI6Ikedyt3gWUOpdnKN0SWLy1rgdYRQe1aCr6DSvePrOKdSsFB/mV0YyI
kZPSE6/aC4yB/bH7zwny1WSpD4PqigFwjXQGNfBTByEIf2W7sjzUO2s5jQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKHL5tCHRNoPNVTFkB1rxnqyDrrKMB8GA1UdIwQY
MBaAFE6JuxToCa/z7JYwi9muhlGn53YqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVG9tN0ZPZ0pyX1BzbGpDTDJhNkdVYWZuZGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9hZTNjYzgtY2U3NC00ZDU3LTgxOWEt
OWZhMDJjYzI0OGU1LzEvb2N2bTBJZEUyZzgxVk1XUUhXdkdlcklPdXNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9hZTNjYzgtY2U3NC00ZDU3LTgxOWEtOWZhMDJjYzI0OGU1
LzEvVG9tN0ZPZ0pyX1BzbGpDTDJhNkdVYWZuZGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCufeYAwQA
wxSQMA0EAgACMAcDBQMqA+EAMA0GCSqGSIb3DQEBCwUAA4IBAQA/67Is4lfgcY5p
qRagAF05LcuiEYoYGNaEoCpCY13hfCJjRFyi8lpWKmceh15rELvypEhlseAu1krO
BdOt5tVg7Jye+LzsQgQxxS0dFo5NAkhB5sHqSiOaEFv3L6nsnDTBPMlsvKNSQg8S
mSatLtwi4YhzBydyJbzMnND3pv8KNN1Rx2sewmVJLNxrhjMun1vVnzJhQuq3A8up
qwIYBQSG5n0dRIFXnRFIXMwpcDvD3cU8ej4ezxbRIi9JvAwJC6fycEmHaBJM8nlh
NqdHb3FPGqr/IE4+obzrZH0tRTMrovQ/79crUOm3jKWxQsDiO+ULpz2iDF9DQu7Q
Z0xhO/ki
-----END CERTIFICATE-----