Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/OQ4Mc76aAOJOmVl6DryFEBXupYE.roa
File:                     OQ4Mc76aAOJOmVl6DryFEBXupYE.roa (raw, json)
Hash identifier:          UpTBMpWxJB/PlscHN+CIMYSqEzo6tsJhfRCbQs6J9tw=
Subject key identifier:   39:0E:0C:73:BE:9A:00:E2:4E:99:59:7A:0E:BC:85:10:15:EE:A5:81
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D405F4367989BE4C49224285FF9B768B4
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/OQ4Mc76aAOJOmVl6DryFEBXupYE.roa
Signing time:             Mon 30 Mar 2026 20:11:18 +0000
ROA not before:           Mon 30 Mar 2026 20:11:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51722
IP address blocks:        193.23.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:40:5f:43:67:98:9b:e4:c4:92:24:28:5f:f9:b7:68:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 30 20:11:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=390e0c73be9a00e24e99597a0ebc851015eea581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:10:7a:dd:31:00:e0:47:34:45:cc:f0:80:53:
                    95:70:73:78:4a:c1:37:35:ad:e3:81:56:6f:d1:31:
                    7f:0b:bf:3d:62:5f:ae:69:9a:96:a7:b3:3c:15:08:
                    fa:90:12:66:18:6b:60:be:7e:da:15:84:8b:0f:f2:
                    f4:e0:40:3b:02:dd:68:6e:e4:19:9a:54:09:46:4e:
                    01:0d:fb:c5:7f:7a:a8:6b:4e:21:11:48:da:ef:dd:
                    c2:cf:c9:b8:fe:e5:ae:b2:2f:a4:b2:c8:44:05:34:
                    bd:46:b7:49:6c:95:b0:e6:d6:fd:75:25:42:0c:d3:
                    92:d5:d9:f1:8f:6b:49:72:c3:bf:8a:8c:04:49:4c:
                    3a:bc:f3:52:40:fb:29:e0:5f:de:03:e1:49:46:79:
                    47:e4:16:34:f0:f7:67:d0:14:8b:d5:0d:d1:cc:04:
                    25:40:5b:05:d0:c2:fe:e4:c8:75:f7:0a:67:ba:c3:
                    d4:67:dc:54:07:7b:0c:b0:4f:75:6b:64:44:c8:b3:
                    b6:e7:58:da:ab:41:b9:da:53:0e:7c:95:e8:17:76:
                    10:67:5f:2a:b6:ba:80:69:ce:ce:ec:fb:e1:d2:52:
                    75:27:41:c6:a9:12:29:ec:8d:5f:3c:67:ac:86:70:
                    ea:a0:33:35:ba:c6:8f:e9:12:32:24:ff:30:8b:e5:
                    b7:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:0E:0C:73:BE:9A:00:E2:4E:99:59:7A:0E:BC:85:10:15:EE:A5:81
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/OQ4Mc76aAOJOmVl6DryFEBXupYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:45:e8:6b:c4:39:99:3b:a2:68:f9:81:ef:95:d2:26:74:ac:
         1d:d2:ef:82:9a:60:82:3f:f1:4a:98:1f:60:a5:d4:f6:cb:b0:
         eb:e3:3a:f1:cd:54:4b:5d:71:b1:eb:fa:44:b8:e5:28:e9:2c:
         cc:81:fb:df:16:c5:01:18:18:cf:12:23:8c:30:bf:e4:a5:d2:
         65:ba:4f:80:d7:7a:76:db:be:eb:3f:c5:9a:06:af:e4:06:63:
         30:0b:6a:5e:e1:a7:d1:6b:9b:3d:98:7e:9b:4b:6d:75:f6:e1:
         ed:f7:f6:67:d7:db:a8:bb:7c:97:0e:af:80:20:ac:be:be:d2:
         50:5d:48:28:ad:2a:e5:bc:1d:1b:7f:33:71:ff:2d:00:44:d6:
         8c:a0:0e:e1:f7:8b:de:27:12:41:f1:4b:32:a2:92:98:17:f1:
         cc:74:89:bb:f9:79:49:9a:e7:cd:ed:31:a3:6e:6c:c2:e5:a0:
         94:cf:ec:3a:32:cb:37:79:e8:68:5a:61:13:ef:7b:0c:1c:3e:
         5b:bf:a4:7c:e9:c4:68:59:87:a5:d8:ff:8b:4b:f8:e1:f4:77:
         0a:0a:09:4e:81:88:2b:0b:6a:a7:43:c6:20:5e:b1:bf:cf:a4:
         a4:ef:ba:22:c3:08:be:c6:fa:da:3f:e4:69:0f:1d:c1:d5:15:
         dc:a3:1d:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1AX0NnmJvkxJIkKF/5t2i0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzMwMjAxMTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTBlMGM3M2JlOWEwMGUyNGU5OTU5N2EwZWJjODUxMDE1ZWVhNTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBB63TEA4Ec0RczwgFOVcHN4SsE3
Na3jgVZv0TF/C789Yl+uaZqWp7M8FQj6kBJmGGtgvn7aFYSLD/L04EA7At1obuQZ
mlQJRk4BDfvFf3qoa04hEUja793Cz8m4/uWusi+ksshEBTS9RrdJbJWw5tb9dSVC
DNOS1dnxj2tJcsO/iowESUw6vPNSQPsp4F/eA+FJRnlH5BY08Pdn0BSL1Q3RzAQl
QFsF0ML+5Mh19wpnusPUZ9xUB3sMsE91a2REyLO251jaq0G52lMOfJXoF3YQZ18q
trqAac7O7Pvh0lJ1J0HGqRIp7I1fPGeshnDqoDM1usaP6RIyJP8wi+W3cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkODHO+mgDiTplZeg68hRAV7qWBMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvT1E0TWM3NmFBT0pPbVZsNkRyeUZFQlh1cFlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRffMA0G
CSqGSIb3DQEBCwUAA4IBAQB+RehrxDmZO6Jo+YHvldImdKwd0u+CmmCCP/FKmB9g
pdT2y7Dr4zrxzVRLXXGx6/pEuOUo6SzMgfvfFsUBGBjPEiOMML/kpdJluk+A13p2
277rP8WaBq/kBmMwC2pe4afRa5s9mH6bS2119uHt9/Zn19uou3yXDq+AIKy+vtJQ
XUgorSrlvB0bfzNx/y0ARNaMoA7h94veJxJB8UsyopKYF/HMdIm7+XlJmufN7TGj
bmzC5aCUz+w6Mss3eehoWmET73sMHD5bv6R86cRoWYel2P+LS/jh9HcKCglOgYgr
C2qnQ8YgXrG/z6Sk77oiwwi+xvraP+RpDx3B1RXcox27
-----END CERTIFICATE-----