Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/oJnSQeIXrSguMZBEca9HDxsfZXk.roa
File:                     oJnSQeIXrSguMZBEca9HDxsfZXk.roa (raw, json)
Hash identifier:          8ODckuk5inp4bNawyplk5MjcecGSTGc3tlbkAa62ayA=
Subject key identifier:   A0:99:D2:41:E2:17:AD:28:2E:31:90:44:71:AF:47:0F:1B:1F:65:79
Certificate issuer:       /CN=0bebcee4d23379aed81aecffc7a742b35acdddb3
Certificate serial:       019D304DAA8896220EB66B9D1F2E90943923
Authority key identifier: 0B:EB:CE:E4:D2:33:79:AE:D8:1A:EC:FF:C7:A7:42:B3:5A:CD:DD:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C-vO5NIzea7YGuz_x6dCs1rN3bM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/oJnSQeIXrSguMZBEca9HDxsfZXk.roa
Signing time:             Fri 27 Mar 2026 17:18:09 +0000
ROA not before:           Fri 27 Mar 2026 17:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203446
IP address blocks:        185.50.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/C-vO5NIzea7YGuz_x6dCs1rN3bM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/C-vO5NIzea7YGuz_x6dCs1rN3bM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C-vO5NIzea7YGuz_x6dCs1rN3bM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:30:4d:aa:88:96:22:0e:b6:6b:9d:1f:2e:90:94:39:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bebcee4d23379aed81aecffc7a742b35acdddb3
        Validity
            Not Before: Mar 27 17:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a099d241e217ad282e31904471af470f1b1f6579
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:19:00:a5:a4:3a:47:7c:a6:9b:67:34:af:18:
                    ac:f3:d4:43:4a:71:2b:27:03:d0:be:18:9b:b3:b3:
                    ae:92:67:4e:5b:ed:ef:8f:5c:5f:09:54:34:7e:1c:
                    18:48:d6:a3:2f:a3:79:3c:55:25:5b:8d:5e:57:1d:
                    d4:76:fc:45:13:1c:26:19:ac:0f:b9:c8:45:f0:b9:
                    42:b4:dd:42:59:86:6b:15:2f:62:49:76:96:ee:84:
                    89:88:b5:e9:0e:16:6e:4d:9b:ae:8d:94:33:26:02:
                    89:26:86:e2:4d:82:a3:35:b2:c2:c9:4a:82:6b:eb:
                    a6:e4:cd:b5:35:c7:66:ec:a1:af:66:32:c0:62:87:
                    04:8c:76:82:87:ab:61:c4:c5:71:7d:da:61:19:95:
                    b2:70:89:07:81:a7:fa:e2:6d:d1:11:2f:66:9c:ea:
                    ca:71:32:b6:52:1a:65:6b:99:5d:ae:14:e7:c1:aa:
                    78:84:07:40:62:2b:11:4f:30:01:55:6a:1e:7a:33:
                    4f:e4:3d:68:7b:84:b2:90:ce:72:de:a5:f9:74:46:
                    c1:c1:1a:d1:f9:7b:04:af:69:32:72:80:6e:a4:f1:
                    48:15:5c:f9:bd:e8:f4:87:4d:d5:c4:81:47:52:3d:
                    73:3c:ba:30:bf:d5:4b:16:9a:93:ca:c5:4a:b2:4f:
                    9b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:99:D2:41:E2:17:AD:28:2E:31:90:44:71:AF:47:0F:1B:1F:65:79
            X509v3 Authority Key Identifier:
                keyid:0B:EB:CE:E4:D2:33:79:AE:D8:1A:EC:FF:C7:A7:42:B3:5A:CD:DD:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C-vO5NIzea7YGuz_x6dCs1rN3bM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/oJnSQeIXrSguMZBEca9HDxsfZXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1f3322-6af7-47ab-8dc5-99a11f6385ab/1/C-vO5NIzea7YGuz_x6dCs1rN3bM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.50.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:0a:ea:b4:ea:8c:ce:cd:51:3b:b3:33:59:bb:6f:3e:68:b4:
         e9:54:63:40:2f:3e:77:6b:d6:f2:e7:4a:7c:f7:fb:00:b5:97:
         e7:a2:a7:af:fe:c5:5d:94:cc:e6:e9:88:a4:14:1b:82:bd:ff:
         c8:e5:b5:92:b6:a1:11:4f:0c:b5:e3:21:7e:1d:c6:20:32:3e:
         6f:15:0c:70:a9:7f:73:fd:7b:7b:1c:2a:7d:67:26:4e:b9:b5:
         0b:9e:6b:95:bc:3f:de:c8:1e:33:1a:24:61:b7:15:9a:6b:fa:
         65:16:cb:22:50:9a:e5:3e:7c:5c:4e:70:41:1d:0e:8d:0e:03:
         bc:4a:18:49:a7:35:e3:43:48:42:f7:bc:dc:e1:f9:76:af:2f:
         30:50:30:aa:c2:c8:93:39:17:d3:29:2a:2f:0d:5f:b6:79:11:
         59:c3:5d:05:8e:ac:1b:de:88:8e:51:40:ca:e1:5f:f4:54:a2:
         91:2b:81:ff:59:f7:f1:dd:87:19:1d:df:7a:c5:16:06:b0:73:
         88:aa:f3:69:30:aa:46:30:08:0f:5c:73:52:da:21:ab:6c:e7:
         98:35:79:ff:e8:e3:de:9b:27:d8:44:42:e7:cc:7d:de:13:0e:
         10:ad:84:e1:6b:11:32:7b:3a:ac:b9:e9:99:77:65:6d:ac:f9:
         37:ad:d7:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0wTaqIliIOtmudHy6QlDkjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZWJjZWU0ZDIzMzc5YWVkODFhZWNmZmM3YTc0MmIzNWFj
ZGRkYjMwHhcNMjYwMzI3MTcxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDk5ZDI0MWUyMTdhZDI4MmUzMTkwNDQ3MWFmNDcwZjFiMWY2NTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBkApaQ6R3ymm2c0rxis89RDSnEr
JwPQvhibs7OukmdOW+3vj1xfCVQ0fhwYSNajL6N5PFUlW41eVx3UdvxFExwmGawP
uchF8LlCtN1CWYZrFS9iSXaW7oSJiLXpDhZuTZuujZQzJgKJJobiTYKjNbLCyUqC
a+um5M21Ncdm7KGvZjLAYocEjHaCh6thxMVxfdphGZWycIkHgaf64m3RES9mnOrK
cTK2Uhpla5ldrhTnwap4hAdAYisRTzABVWoeejNP5D1oe4SykM5y3qX5dEbBwRrR
+XsEr2kycoBupPFIFVz5vej0h03VxIFHUj1zPLowv9VLFpqTysVKsk+b2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKCZ0kHiF60oLjGQRHGvRw8bH2V5MB8GA1UdIwQY
MBaAFAvrzuTSM3mu2Brs/8enQrNazd2zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQy12TzVOSXplYTdZR3V6X3g2ZENzMXJOM2JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8xZjMzMjItNmFmNy00N2FiLThkYzUt
OTlhMTFmNjM4NWFiLzEvb0puU1FlSVhyU2d1TVpCRWNhOUhEeHNmWlhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8xZjMzMjItNmFmNy00N2FiLThkYzUtOTlhMTFmNjM4NWFi
LzEvQy12TzVOSXplYTdZR3V6X3g2ZENzMXJOM2JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTL/MA0G
CSqGSIb3DQEBCwUAA4IBAQACCuq06ozOzVE7szNZu28+aLTpVGNALz53a9by50p8
9/sAtZfnoqev/sVdlMzm6YikFBuCvf/I5bWStqERTwy14yF+HcYgMj5vFQxwqX9z
/Xt7HCp9ZyZOubULnmuVvD/eyB4zGiRhtxWaa/plFssiUJrlPnxcTnBBHQ6NDgO8
ShhJpzXjQ0hC97zc4fl2ry8wUDCqwsiTORfTKSovDV+2eRFZw10Fjqwb3oiOUUDK
4V/0VKKRK4H/Wffx3YcZHd96xRYGsHOIqvNpMKpGMAgPXHNS2iGrbOeYNXn/6OPe
myfYRELnzH3eEw4QrYThaxEyezqsuemZd2VtrPk3rddo
-----END CERTIFICATE-----