Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/OyDJxa-IKI9M6DEab_QdT2ZiPxM.roa
File:                     OyDJxa-IKI9M6DEab_QdT2ZiPxM.roa (raw, json)
Hash identifier:          TllnG1yiPkW1Kik3L852N3VXwGZ/qaH7M72QCj3GUaE=
Subject key identifier:   3B:20:C9:C5:AF:88:28:8F:4C:E8:31:1A:6F:F4:1D:4F:66:62:3F:13
Certificate issuer:       /CN=d5f065c8bdb78ff294f7c5454971dbfabfb6c184
Certificate serial:       019D71ADAB8133205AAAC412094A5D1DCEDC
Authority key identifier: D5:F0:65:C8:BD:B7:8F:F2:94:F7:C5:45:49:71:DB:FA:BF:B6:C1:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/OyDJxa-IKI9M6DEab_QdT2ZiPxM.roa
Signing time:             Thu 09 Apr 2026 09:58:20 +0000
ROA not before:           Thu 09 Apr 2026 09:58:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        193.178.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:71:ad:ab:81:33:20:5a:aa:c4:12:09:4a:5d:1d:ce:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5f065c8bdb78ff294f7c5454971dbfabfb6c184
        Validity
            Not Before: Apr  9 09:58:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b20c9c5af88288f4ce8311a6ff41d4f66623f13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:87:7d:63:88:fa:85:56:bc:29:e9:8d:4a:87:
                    6b:7c:88:90:1d:e3:31:01:26:f5:f7:6e:4c:3d:7b:
                    ab:bb:83:49:b4:bc:d5:4d:3b:9c:e4:31:e4:e6:ed:
                    16:49:45:07:5b:b7:26:eb:46:e8:93:28:83:4a:b6:
                    d5:17:91:ac:2e:ad:dc:a4:54:fd:a0:a3:2b:68:06:
                    f1:65:d9:d4:03:c5:7c:92:10:b8:ca:f2:37:83:7f:
                    d3:c4:5f:2c:59:92:0c:dd:46:b9:74:bf:8e:4a:9e:
                    84:72:38:98:41:4d:dc:a2:55:9c:59:9d:d8:0b:73:
                    9e:f2:01:f1:dd:28:cb:63:f2:b6:12:2d:03:83:ba:
                    84:10:e0:7a:c9:24:6a:7e:5d:a7:9c:49:c2:90:04:
                    3f:c6:e4:a7:76:e7:d9:0c:9e:96:01:04:9c:1c:a8:
                    25:af:2b:79:01:ae:23:44:41:b7:2d:3f:67:31:71:
                    d2:d9:78:82:89:ec:20:4d:cb:c7:b0:f9:55:b9:e7:
                    32:6d:9e:42:31:5d:25:8c:34:89:13:6f:d0:d3:4d:
                    aa:27:07:ec:d6:ac:f2:fb:0c:3d:e6:53:38:53:c2:
                    39:b9:04:e9:9f:e9:61:ae:c6:47:b3:96:ea:e2:ef:
                    96:04:42:8f:69:9a:9a:6a:c1:a7:77:f1:1c:d0:06:
                    92:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:20:C9:C5:AF:88:28:8F:4C:E8:31:1A:6F:F4:1D:4F:66:62:3F:13
            X509v3 Authority Key Identifier:
                keyid:D5:F0:65:C8:BD:B7:8F:F2:94:F7:C5:45:49:71:DB:FA:BF:B6:C1:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1fBlyL23j_KU98VFSXHb-r-2wYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/OyDJxa-IKI9M6DEab_QdT2ZiPxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f277ea-726a-4052-8e5b-35a5dc2c792c/1/1fBlyL23j_KU98VFSXHb-r-2wYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:1b:9e:0a:d2:e1:bd:b7:7c:b2:7b:76:46:69:9c:20:99:4a:
         5d:6d:a5:36:44:9a:81:89:77:6f:d2:3c:72:82:6f:26:ad:95:
         d9:a2:ee:83:3a:4f:36:fe:6c:96:6b:56:27:7b:e8:c6:d7:fd:
         4d:b6:de:83:83:93:59:c0:6f:39:5c:a2:65:42:d7:e3:b8:60:
         fa:5e:92:e4:47:26:f2:85:97:20:b1:5f:bb:a4:87:ef:43:f6:
         9f:8c:0a:d6:06:65:fb:c4:1a:34:1b:81:d8:e4:97:72:48:e2:
         9b:5e:d1:c5:b0:ca:47:df:42:20:a2:80:f9:9e:95:60:90:1d:
         d5:2f:3b:ea:c7:f3:f4:6a:a2:3c:c7:2a:5e:fe:83:ba:2c:d7:
         7e:ab:bb:6a:74:be:28:5c:2f:64:d8:70:d5:85:7d:da:fc:d4:
         9e:76:f5:d0:ae:89:bd:67:ce:0d:56:8a:1b:58:3f:7f:1e:97:
         b7:25:01:a6:00:72:37:7d:82:98:ac:63:89:64:2a:26:44:a8:
         29:5e:c6:c6:c3:96:f5:af:74:96:83:f3:43:36:37:66:f0:04:
         dd:44:80:c0:7c:36:45:0c:6e:85:da:c1:78:36:53:b3:65:54:
         81:3f:e2:e6:24:c4:dd:d3:4d:f0:be:95:42:97:29:8b:7e:24:
         b3:c2:4c:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1xrauBMyBaqsQSCUpdHc7cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZjA2NWM4YmRiNzhmZjI5NGY3YzU0NTQ5NzFkYmZhYmZi
NmMxODQwHhcNMjYwNDA5MDk1ODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjIwYzljNWFmODgyODhmNGNlODMxMWE2ZmY0MWQ0ZjY2NjIzZjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuId9Y4j6hVa8KemNSodrfIiQHeMx
ASb1925MPXuru4NJtLzVTTuc5DHk5u0WSUUHW7cm60bokyiDSrbVF5GsLq3cpFT9
oKMraAbxZdnUA8V8khC4yvI3g3/TxF8sWZIM3Ua5dL+OSp6EcjiYQU3colWcWZ3Y
C3Oe8gHx3SjLY/K2Ei0Dg7qEEOB6ySRqfl2nnEnCkAQ/xuSndufZDJ6WAQScHKgl
ryt5Aa4jREG3LT9nMXHS2XiCiewgTcvHsPlVuecybZ5CMV0ljDSJE2/Q002qJwfs
1qzy+ww95lM4U8I5uQTpn+lhrsZHs5bq4u+WBEKPaZqaasGnd/Ec0AaSdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDsgycWviCiPTOgxGm/0HU9mYj8TMB8GA1UdIwQY
MBaAFNXwZci9t4/ylPfFRUlx2/q/tsGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWZCbHlMMjNqX0tVOThWRlNYSGItci0yd1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9mMjc3ZWEtNzI2YS00MDUyLThlNWIt
MzVhNWRjMmM3OTJjLzEvT3lESnhhLUlLSTlNNkRFYWJfUWRUMlppUHhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9mMjc3ZWEtNzI2YS00MDUyLThlNWItMzVhNWRjMmM3OTJj
LzEvMWZCbHlMMjNqX0tVOThWRlNYSGItci0yd1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbIhMA0G
CSqGSIb3DQEBCwUAA4IBAQBjG54K0uG9t3yye3ZGaZwgmUpdbaU2RJqBiXdv0jxy
gm8mrZXZou6DOk82/myWa1Yne+jG1/1Ntt6Dg5NZwG85XKJlQtfjuGD6XpLkRyby
hZcgsV+7pIfvQ/afjArWBmX7xBo0G4HY5JdySOKbXtHFsMpH30IgooD5npVgkB3V
Lzvqx/P0aqI8xype/oO6LNd+q7tqdL4oXC9k2HDVhX3a/NSedvXQrom9Z84NVoob
WD9/Hpe3JQGmAHI3fYKYrGOJZComRKgpXsbGw5b1r3SWg/NDNjdm8ATdRIDAfDZF
DG6F2sF4NlOzZVSBP+LmJMTd003wvpVClymLfiSzwkyT
-----END CERTIFICATE-----