Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/OUZSYrACRb0MtweQQlW8oQ6czSY.roa
File:                     OUZSYrACRb0MtweQQlW8oQ6czSY.roa (raw, json)
Hash identifier:          4jVqaEPhxVWedKUSlq4RiAa7WXShcsBViIUW7w7OLjM=
Subject key identifier:   39:46:52:62:B0:02:45:BD:0C:B7:07:90:42:55:BC:A1:0E:9C:CD:26
Certificate issuer:       /CN=95d108f0e85868c2bbe7db6d7377034c131eb224
Certificate serial:       019E929A0DEDA250197A34AB59F491631D53
Authority key identifier: 95:D1:08:F0:E8:58:68:C2:BB:E7:DB:6D:73:77:03:4C:13:1E:B2:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/OUZSYrACRb0MtweQQlW8oQ6czSY.roa
Signing time:             Thu 04 Jun 2026 12:27:10 +0000
ROA not before:           Thu 04 Jun 2026 12:27:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        189.74.120.0/24 maxlen: 24
                          189.74.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:9a:0d:ed:a2:50:19:7a:34:ab:59:f4:91:63:1d:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95d108f0e85868c2bbe7db6d7377034c131eb224
        Validity
            Not Before: Jun  4 12:27:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=39465262b00245bd0cb707904255bca10e9ccd26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:1a:9e:1f:69:4d:30:d9:c1:9b:09:55:ec:c2:
                    fb:53:dc:14:08:95:f4:fa:57:d6:bf:d0:a9:50:36:
                    d2:2c:8f:48:0e:90:28:ab:ce:6d:19:7a:bd:ba:5d:
                    2d:9a:de:ad:2c:0c:1b:6f:86:a4:6e:a9:ee:b3:19:
                    ff:9e:b1:15:ab:ae:b8:ee:ca:27:31:38:b9:a7:bc:
                    59:e6:d3:30:ba:ae:9b:af:78:b3:d8:89:a2:dc:47:
                    09:0c:7e:03:7a:52:20:29:8b:26:56:bb:3e:cc:0b:
                    08:76:65:f8:1e:fa:1f:31:07:f7:a2:85:57:5d:03:
                    6a:29:eb:32:86:b0:fd:98:b7:28:ee:d0:b0:e0:96:
                    3f:13:57:d1:f5:d0:a3:ea:96:c8:82:07:c1:5a:00:
                    81:09:22:c9:82:3a:78:24:26:ef:90:0c:a5:72:a1:
                    95:48:b1:e5:56:a3:e8:95:64:c0:ca:df:e6:c8:84:
                    d7:54:77:b5:a9:f3:9b:ac:a3:e3:51:c7:e4:e7:1a:
                    c6:41:49:64:33:09:32:d1:cc:6c:26:b7:fd:6c:a3:
                    cf:6d:fc:8b:3b:b2:a8:97:01:1e:8c:9d:07:f1:60:
                    c7:ab:cd:8a:7d:8a:91:12:4e:60:4f:c7:c3:24:b3:
                    e9:be:7c:71:bc:95:ca:2e:65:1f:80:a8:b4:cc:67:
                    5a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:46:52:62:B0:02:45:BD:0C:B7:07:90:42:55:BC:A1:0E:9C:CD:26
            X509v3 Authority Key Identifier:
                keyid:95:D1:08:F0:E8:58:68:C2:BB:E7:DB:6D:73:77:03:4C:13:1E:B2:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/OUZSYrACRb0MtweQQlW8oQ6czSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.74.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:d6:53:93:7a:4e:07:3a:e0:a3:fc:b5:da:21:45:9c:d1:bf:
         95:a5:13:7a:74:69:58:87:66:90:13:31:46:a9:d5:1a:96:ea:
         4e:b2:4d:f6:e4:b6:e4:25:bb:9c:c4:58:e2:e4:fc:1b:32:c4:
         a9:6d:bf:74:f3:74:84:66:0d:4e:84:b5:cd:4b:ed:98:6d:08:
         cd:21:db:aa:c6:5f:43:42:c7:75:65:78:65:30:61:62:77:61:
         b8:34:ef:ee:44:fc:6b:6a:c3:fe:cc:16:db:cf:ef:31:51:2a:
         a2:de:08:6e:fa:cf:fa:62:21:3e:ff:9f:05:54:18:cd:a5:34:
         74:87:b7:19:e9:b7:a4:78:1c:a7:c6:d8:dc:49:e5:2b:08:1a:
         0b:ef:84:a5:03:d4:a8:25:c5:a4:08:81:a3:e4:40:bd:34:db:
         f6:7a:d8:24:6d:85:92:c4:84:12:e8:2d:27:92:33:88:33:d4:
         98:9d:98:51:f3:29:f2:b5:0d:bc:be:00:c0:b4:98:8a:c2:07:
         1f:13:a8:04:56:f5:ba:f2:da:c5:77:c1:b4:66:05:17:95:35:
         2b:da:86:f6:48:3a:f0:ff:cc:fc:6f:1f:da:1a:ea:ce:94:a0:
         d6:f0:1c:95:00:20:90:f4:9e:80:4f:50:18:20:30:9a:6c:40:
         19:0e:25:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6Smg3tolAZejSrWfSRYx1TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ZDEwOGYwZTg1ODY4YzJiYmU3ZGI2ZDczNzcwMzRjMTMx
ZWIyMjQwHhcNMjYwNjA0MTIyNzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTQ2NTI2MmIwMDI0NWJkMGNiNzA3OTA0MjU1YmNhMTBlOWNjZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1RqeH2lNMNnBmwlV7ML7U9wUCJX0
+lfWv9CpUDbSLI9IDpAoq85tGXq9ul0tmt6tLAwbb4akbqnusxn/nrEVq6647son
MTi5p7xZ5tMwuq6br3iz2Imi3EcJDH4DelIgKYsmVrs+zAsIdmX4HvofMQf3ooVX
XQNqKesyhrD9mLco7tCw4JY/E1fR9dCj6pbIggfBWgCBCSLJgjp4JCbvkAylcqGV
SLHlVqPolWTAyt/myITXVHe1qfObrKPjUcfk5xrGQUlkMwky0cxsJrf9bKPPbfyL
O7KolwEejJ0H8WDHq82KfYqREk5gT8fDJLPpvnxxvJXKLmUfgKi0zGda+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlGUmKwAkW9DLcHkEJVvKEOnM0mMB8GA1UdIwQY
MBaAFJXRCPDoWGjCu+fbbXN3A0wTHrIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGRFSThPaFlhTUs3NTl0dGMzY0RUQk1lc2lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9kZGI0MjQtN2ViMi00OTVlLThiYjYt
NzJmYjk3ZDU5Y2U0LzEvT1VaU1lyQUNSYjBNdHdlUVFsVzhvUTZjelNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9kZGI0MjQtN2ViMi00OTVlLThiYjYtNzJmYjk3ZDU5Y2U0
LzEvbGRFSThPaFlhTUs3NTl0dGMzY0RUQk1lc2lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvUp4MA0G
CSqGSIb3DQEBCwUAA4IBAQBi1lOTek4HOuCj/LXaIUWc0b+VpRN6dGlYh2aQEzFG
qdUalupOsk325LbkJbucxFji5PwbMsSpbb9083SEZg1OhLXNS+2YbQjNIduqxl9D
Qsd1ZXhlMGFid2G4NO/uRPxrasP+zBbbz+8xUSqi3ghu+s/6YiE+/58FVBjNpTR0
h7cZ6bekeBynxtjcSeUrCBoL74SlA9SoJcWkCIGj5EC9NNv2etgkbYWSxIQS6C0n
kjOIM9SYnZhR8ynytQ28vgDAtJiKwgcfE6gEVvW68trFd8G0ZgUXlTUr2ob2SDrw
/8z8bx/aGurOlKDW8ByVACCQ9J6AT1AYIDCabEAZDiWc
-----END CERTIFICATE-----