Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/Omx2c5JgRll5tSjDEuJtwzwkav4.roa
File:                     Omx2c5JgRll5tSjDEuJtwzwkav4.roa (raw, json)
Hash identifier:          qUzGUbtgtENuULnGx1ovtuwvuMvXXJaZGVQP/G1H7YY=
Subject key identifier:   3A:6C:76:73:92:60:46:59:79:B5:28:C3:12:E2:6D:C3:3C:24:6A:FE
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       019C8F508E84D6D7ADFAACEE9075FBC10294
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/Omx2c5JgRll5tSjDEuJtwzwkav4.roa
Signing time:             Tue 24 Feb 2026 11:02:26 +0000
ROA not before:           Tue 24 Feb 2026 11:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206654
IP address blocks:        194.224.112.0/24 maxlen: 24
                          195.57.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:50:8e:84:d6:d7:ad:fa:ac:ee:90:75:fb:c1:02:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Feb 24 11:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a6c76739260465979b528c312e26dc33c246afe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:97:b6:af:6d:a5:df:17:95:b9:55:e6:01:ae:
                    3c:3b:9a:cc:48:1d:a2:3d:17:c5:a7:bf:93:59:ef:
                    3c:42:cb:a4:bc:37:4d:1b:d5:9f:af:63:48:ed:f8:
                    ff:ae:49:6f:55:35:fd:d1:ef:96:37:77:f1:5f:13:
                    10:f0:f9:19:37:89:73:e5:46:e1:84:99:47:4d:30:
                    cc:36:ff:e8:0b:39:10:ff:ea:00:bd:cf:66:d6:f5:
                    56:b3:06:72:14:c8:1e:c2:d1:4c:36:ea:3b:77:3c:
                    0a:5b:d6:95:eb:49:7d:66:ee:87:ea:d9:2f:3e:60:
                    6c:a8:2c:15:d7:1a:5a:ff:97:1a:d2:09:8e:f8:f0:
                    06:db:20:68:21:9b:d0:e7:c3:4b:e7:78:82:27:66:
                    b7:4c:0b:b4:3e:35:71:f0:1e:20:cc:1d:26:ec:7e:
                    d9:96:f7:fe:f8:08:79:dc:8d:35:df:6c:55:06:db:
                    ef:3d:84:7b:de:bd:c4:dd:a3:29:25:f2:1a:52:33:
                    33:a0:95:51:a8:7d:c2:2d:8a:fb:e3:ad:98:87:f5:
                    2d:52:98:8e:94:96:0c:ca:b9:39:f9:e3:9d:46:c6:
                    06:51:2f:11:4b:27:20:d8:23:46:9c:de:91:d9:fa:
                    eb:e6:60:46:5c:8b:fa:f1:6b:3a:09:bc:f4:cc:c8:
                    63:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:6C:76:73:92:60:46:59:79:B5:28:C3:12:E2:6D:C3:3C:24:6A:FE
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/Omx2c5JgRll5tSjDEuJtwzwkav4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.224.112.0/24
                  195.57.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:e4:51:76:b8:fb:a1:98:a7:48:93:72:98:04:3d:02:3d:52:
         85:c8:85:15:a3:5f:e5:da:38:cf:a4:64:b5:79:47:b0:b5:ca:
         f0:a0:4d:8b:e1:da:35:09:c0:1e:bd:c7:dd:32:b9:5b:14:1a:
         34:8b:28:d3:94:44:d6:b2:57:ee:2f:4b:86:a5:ae:6e:d9:62:
         b8:bd:b1:92:4f:de:b6:7d:1e:6a:64:15:bb:77:05:33:1c:ac:
         d1:87:d1:71:13:2d:de:e9:30:91:93:44:82:1e:65:59:07:61:
         59:d7:52:45:8e:78:a0:5a:36:f9:af:23:c3:1f:e9:bf:c1:9d:
         cc:ee:cb:6d:2d:91:ad:17:a6:6c:ce:81:b8:2d:5f:32:08:49:
         b3:4e:3b:b3:fd:be:09:04:1b:40:6a:68:05:d2:f3:9a:5d:fc:
         e5:d9:ef:43:7f:52:3b:95:57:29:8e:ee:da:17:e5:a9:06:4c:
         42:40:26:03:27:cd:96:33:74:0c:fa:dc:c3:83:b9:07:03:85:
         c7:b7:3c:31:2a:4f:e9:a7:a7:fc:a9:1e:04:9c:77:9c:c7:ae:
         a7:a4:db:26:30:94:d7:1c:66:81:19:09:17:10:f9:98:50:e2:
         32:c3:88:a6:a3:85:67:c5:c8:ff:82:b1:a7:d2:95:18:94:d8:
         83:ee:32:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyPUI6E1tet+qzukHX7wQKUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjYwMjI0MTEwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTZjNzY3MzkyNjA0NjU5NzliNTI4YzMxMmUyNmRjMzNjMjQ2YWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35e2r22l3xeVuVXmAa48O5rMSB2i
PRfFp7+TWe88QsukvDdNG9Wfr2NI7fj/rklvVTX90e+WN3fxXxMQ8PkZN4lz5Ubh
hJlHTTDMNv/oCzkQ/+oAvc9m1vVWswZyFMgewtFMNuo7dzwKW9aV60l9Zu6H6tkv
PmBsqCwV1xpa/5ca0gmO+PAG2yBoIZvQ58NL53iCJ2a3TAu0PjVx8B4gzB0m7H7Z
lvf++Ah53I0132xVBtvvPYR73r3E3aMpJfIaUjMzoJVRqH3CLYr7462Yh/UtUpiO
lJYMyrk5+eOdRsYGUS8RSycg2CNGnN6R2frr5mBGXIv68Ws6Cbz0zMhjxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDpsdnOSYEZZebUowxLibcM8JGr+MB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvT214MmM1SmdSbGw1dFNqREV1SnR3endrYXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwuBwAwQA
wzkUMA0GCSqGSIb3DQEBCwUAA4IBAQDG5FF2uPuhmKdIk3KYBD0CPVKFyIUVo1/l
2jjPpGS1eUewtcrwoE2L4do1CcAevcfdMrlbFBo0iyjTlETWslfuL0uGpa5u2WK4
vbGST962fR5qZBW7dwUzHKzRh9FxEy3e6TCRk0SCHmVZB2FZ11JFjnigWjb5ryPD
H+m/wZ3M7sttLZGtF6ZszoG4LV8yCEmzTjuz/b4JBBtAamgF0vOaXfzl2e9Df1I7
lVcpju7aF+WpBkxCQCYDJ82WM3QM+tzDg7kHA4XHtzwxKk/pp6f8qR4EnHecx66n
pNsmMJTXHGaBGQkXEPmYUOIyw4imo4Vnxcj/grGn0pUYlNiD7jJJ
-----END CERTIFICATE-----