Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/OUBXBk7uM8clkpPuDWm8B29LkK0.roa
File:                     OUBXBk7uM8clkpPuDWm8B29LkK0.roa (raw, json)
Hash identifier:          pImjUWu6gOSXuba4xU+/2hzuFLuVC5OZXuTBsyPCp6g=
Subject key identifier:   39:40:57:06:4E:EE:33:C7:25:92:93:EE:0D:69:BC:07:6F:4B:90:AD
Certificate issuer:       /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial:       019EA9157A492EE83797F3ECE6D03E4C1E5D
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/OUBXBk7uM8clkpPuDWm8B29LkK0.roa
Signing time:             Mon 08 Jun 2026 21:13:37 +0000
ROA not before:           Mon 08 Jun 2026 21:13:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        5.102.39.0/24 maxlen: 24
                          195.5.125.0/24 maxlen: 24
                          195.222.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a9:15:7a:49:2e:e8:37:97:f3:ec:e6:d0:3e:4c:1e:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
        Validity
            Not Before: Jun  8 21:13:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=394057064eee33c7259293ee0d69bc076f4b90ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:aa:c0:85:2c:14:4f:db:18:24:d7:3d:7c:b2:
                    89:26:28:fa:34:54:b6:5f:8f:a8:db:12:55:45:95:
                    97:6e:52:b5:4f:66:f7:6c:d5:96:4a:82:e3:9f:22:
                    06:43:24:a1:ef:ce:35:08:16:ae:45:d7:52:bb:6e:
                    6f:c6:b7:ec:42:72:3c:0b:88:a2:16:28:17:b0:ec:
                    d6:fa:de:ba:96:6a:b0:2d:ed:00:89:40:b4:32:d3:
                    80:4d:21:7e:37:78:9f:f0:e6:d6:80:f8:75:6f:c5:
                    33:fe:aa:ed:68:1e:eb:1f:03:ef:d2:00:07:2c:6b:
                    c6:0d:6f:eb:38:64:3f:f6:4c:aa:b3:2c:0b:6b:dd:
                    34:5c:f0:93:31:02:73:2f:ec:2a:80:6b:b8:3f:95:
                    45:b0:a4:c1:3c:87:69:ce:99:0b:1f:3c:86:f3:0c:
                    4e:04:97:ac:92:74:c1:88:e1:03:aa:0a:97:46:09:
                    cc:3c:35:f8:21:bb:56:f8:f1:16:e3:dd:06:61:73:
                    99:f5:4c:eb:dc:24:41:ab:c8:fe:07:2f:6b:83:76:
                    89:a0:ba:10:42:76:43:c0:21:bd:1a:0c:89:04:ec:
                    cf:f8:be:25:ab:d1:50:ff:1b:e9:9a:6c:66:8c:e4:
                    88:44:1b:c0:41:86:6b:35:59:01:85:2a:5a:2e:90:
                    86:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:40:57:06:4E:EE:33:C7:25:92:93:EE:0D:69:BC:07:6F:4B:90:AD
            X509v3 Authority Key Identifier:
                keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/OUBXBk7uM8clkpPuDWm8B29LkK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.39.0/24
                  195.5.125.0/24
                  195.222.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:2b:81:cb:59:f1:39:70:bb:76:44:04:74:9b:46:f5:e8:40:
         0f:5c:6a:c4:c2:53:a2:80:95:46:53:e9:e4:05:43:6c:83:c3:
         96:15:57:a3:27:dc:36:e8:14:00:b7:33:62:4b:a5:ef:5e:fb:
         db:a6:7a:c8:c3:07:79:a9:f6:29:89:75:47:23:9f:d8:b7:6e:
         03:76:ca:3f:5c:fa:b0:98:a5:fc:8e:cb:e7:2f:fe:f7:33:f3:
         f8:58:93:35:19:45:06:23:0f:1f:b9:97:c9:b5:69:a3:85:a0:
         34:f4:5d:ee:a9:52:da:55:53:be:62:10:e6:91:ba:86:11:fa:
         76:57:39:b2:9c:e7:fb:aa:08:d3:64:f9:f4:ed:e2:f5:79:3c:
         07:9e:29:6a:c0:de:cc:59:82:72:bb:f6:fd:f2:85:96:10:02:
         08:9f:44:cd:9a:bf:44:60:02:de:d6:58:ae:47:90:94:f0:0c:
         61:59:2d:d8:0d:af:be:53:73:e1:44:d0:14:f2:d0:31:b6:09:
         1d:fe:ef:10:46:76:24:06:78:ac:ed:35:af:29:fc:e4:c6:77:
         35:b4:66:0d:c8:9b:03:77:dc:8b:a0:b5:ed:42:d0:53:8d:5e:
         98:78:a5:46:ea:23:17:97:df:17:6d:19:64:87:9d:e0:45:43:
         e9:dd:a0:38
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6pFXpJLug3l/Ps5tA+TB5dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjYwNjA4MjExMzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTQwNTcwNjRlZWUzM2M3MjU5MjkzZWUwZDY5YmMwNzZmNGI5MGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKrAhSwUT9sYJNc9fLKJJij6NFS2
X4+o2xJVRZWXblK1T2b3bNWWSoLjnyIGQySh7841CBauRddSu25vxrfsQnI8C4ii
FigXsOzW+t66lmqwLe0AiUC0MtOATSF+N3if8ObWgPh1b8Uz/qrtaB7rHwPv0gAH
LGvGDW/rOGQ/9kyqsywLa900XPCTMQJzL+wqgGu4P5VFsKTBPIdpzpkLHzyG8wxO
BJesknTBiOEDqgqXRgnMPDX4IbtW+PEW490GYXOZ9Uzr3CRBq8j+By9rg3aJoLoQ
QnZDwCG9GgyJBOzP+L4lq9FQ/xvpmmxmjOSIRBvAQYZrNVkBhSpaLpCGJQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDlAVwZO7jPHJZKT7g1pvAdvS5CtMB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEvT1VCWEJrN3VNOGNsa3BQdURXbThCMjlMa0swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABWYnAwQA
wwV9AwQAw95/MA0GCSqGSIb3DQEBCwUAA4IBAQBJK4HLWfE5cLt2RAR0m0b16EAP
XGrEwlOigJVGU+nkBUNsg8OWFVejJ9w26BQAtzNiS6XvXvvbpnrIwwd5qfYpiXVH
I5/Yt24Ddso/XPqwmKX8jsvnL/73M/P4WJM1GUUGIw8fuZfJtWmjhaA09F3uqVLa
VVO+YhDmkbqGEfp2VzmynOf7qgjTZPn07eL1eTwHnilqwN7MWYJyu/b98oWWEAII
n0TNmr9EYALe1liuR5CU8AxhWS3YDa++U3PhRNAU8tAxtgkd/u8QRnYkBnis7TWv
Kfzkxnc1tGYNyJsDd9yLoLXtQtBTjV6YeKVG6iMXl98XbRlkh53gRUPp3aA4
-----END CERTIFICATE-----