Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/O0e9J99nDHDBcPP1W09ssXrN96E.roa
File:                     O0e9J99nDHDBcPP1W09ssXrN96E.roa (raw, json)
Hash identifier:          aQvYlglowNCiS102CJiAb4sYyaW4lZND2gALby9zlgw=
Subject key identifier:   3B:47:BD:27:DF:67:0C:70:C1:70:F3:F5:5B:4F:6C:B1:7A:CD:F7:A1
Certificate issuer:       /CN=5dd39e1de18514bac2f5a23910f8c7d4672a0fd8
Certificate serial:       019D68391A63DFC1C4447B6C473AF1333217
Authority key identifier: 5D:D3:9E:1D:E1:85:14:BA:C2:F5:A2:39:10:F8:C7:D4:67:2A:0F:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XdOeHeGFFLrC9aI5EPjH1GcqD9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/O0e9J99nDHDBcPP1W09ssXrN96E.roa
Signing time:             Tue 07 Apr 2026 13:54:25 +0000
ROA not before:           Tue 07 Apr 2026 13:54:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214255
IP address blocks:        185.213.121.0/24 maxlen: 24
                          213.254.186.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/XdOeHeGFFLrC9aI5EPjH1GcqD9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/XdOeHeGFFLrC9aI5EPjH1GcqD9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XdOeHeGFFLrC9aI5EPjH1GcqD9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:68:39:1a:63:df:c1:c4:44:7b:6c:47:3a:f1:33:32:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd39e1de18514bac2f5a23910f8c7d4672a0fd8
        Validity
            Not Before: Apr  7 13:54:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b47bd27df670c70c170f3f55b4f6cb17acdf7a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:04:8c:f7:3f:ee:55:c3:f5:03:94:63:6f:da:
                    36:65:92:f1:01:7a:b5:a0:d5:46:2a:05:aa:8f:10:
                    c0:54:c7:87:db:dd:5c:dd:73:7c:56:14:15:e1:7f:
                    c6:51:15:b1:06:aa:58:0b:74:4d:c0:40:dd:89:2d:
                    87:dc:4f:c3:fa:9a:d8:72:7b:06:c5:14:d1:05:a9:
                    80:5d:a2:e9:31:9c:e7:a3:54:25:c4:72:34:0e:55:
                    3c:b5:a8:ea:86:84:88:56:c1:75:88:ab:a5:8f:cb:
                    a1:52:3b:0a:77:8c:16:5d:9c:d4:0c:e7:9d:94:82:
                    68:2e:ec:c9:98:88:1e:8a:5b:7b:57:9e:47:2e:3c:
                    5e:f1:33:fe:48:19:41:a9:39:8f:fd:52:50:d8:e7:
                    ad:49:5e:71:31:1e:54:0a:af:2d:5a:af:45:7d:2e:
                    ce:91:bc:c3:51:43:8e:99:17:c8:b3:63:e7:35:b1:
                    38:47:34:0e:91:82:af:80:05:2f:7b:03:d9:34:81:
                    47:5a:73:99:0c:75:e1:50:c4:74:04:ee:cb:8e:fc:
                    3c:e8:62:2e:21:0f:8a:b3:d0:6c:8b:24:c2:9f:94:
                    53:97:57:05:70:46:98:ed:4f:37:85:c5:6e:bc:00:
                    a6:d8:d2:bd:81:37:f0:3a:0e:46:a1:b9:10:f7:d9:
                    61:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:47:BD:27:DF:67:0C:70:C1:70:F3:F5:5B:4F:6C:B1:7A:CD:F7:A1
            X509v3 Authority Key Identifier:
                keyid:5D:D3:9E:1D:E1:85:14:BA:C2:F5:A2:39:10:F8:C7:D4:67:2A:0F:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XdOeHeGFFLrC9aI5EPjH1GcqD9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/O0e9J99nDHDBcPP1W09ssXrN96E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/XdOeHeGFFLrC9aI5EPjH1GcqD9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.121.0/24
                  213.254.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:63:16:f6:44:d1:f2:62:0a:83:dd:a6:34:63:ad:97:e0:08:
         6d:71:f7:05:ee:aa:5a:75:e6:38:2b:69:4f:2d:23:cc:c0:7e:
         0b:b8:03:12:e7:b6:ef:16:de:84:27:9d:d8:d0:79:05:0f:43:
         43:98:a6:b9:95:00:05:26:c5:37:1f:64:53:68:fb:2b:6d:19:
         a8:1f:ec:7f:bc:d2:c3:a6:52:0e:12:c8:6c:97:07:34:7e:0a:
         22:d6:77:8b:bb:54:d6:ef:59:0e:eb:bb:53:d6:60:21:b3:da:
         ce:52:ed:d8:92:3c:39:5b:39:11:00:a9:2d:f9:cc:ba:2f:47:
         ec:0c:87:32:dd:d6:83:34:d1:95:34:e6:bc:2e:3d:ed:53:b2:
         76:09:a5:84:4a:cb:15:a8:e8:98:c7:f5:a8:dd:56:e5:cd:de:
         29:e5:a7:fd:80:48:f5:8b:3a:a1:ac:c6:66:14:e9:a1:14:ab:
         12:b5:f5:0a:66:5f:cc:fb:a9:79:da:0a:77:39:2c:cf:6e:a9:
         0f:4f:fe:02:24:c6:5e:3c:c0:fd:1d:7f:84:0e:4f:1e:b9:6b:
         60:64:ed:5e:00:a9:5b:6f:22:1c:71:83:81:75:3a:8c:06:17:
         0d:69:2d:bd:78:49:bb:8c:09:05:89:e1:58:14:1a:bb:1a:ef:
         23:4c:e2:8b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1oORpj38HERHtsRzrxMzIXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDM5ZTFkZTE4NTE0YmFjMmY1YTIzOTEwZjhjN2Q0Njcy
YTBmZDgwHhcNMjYwNDA3MTM1NDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjQ3YmQyN2RmNjcwYzcwYzE3MGYzZjU1YjRmNmNiMTdhY2RmN2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwSM9z/uVcP1A5Rjb9o2ZZLxAXq1
oNVGKgWqjxDAVMeH291c3XN8VhQV4X/GURWxBqpYC3RNwEDdiS2H3E/D+prYcnsG
xRTRBamAXaLpMZzno1QlxHI0DlU8tajqhoSIVsF1iKulj8uhUjsKd4wWXZzUDOed
lIJoLuzJmIgeilt7V55HLjxe8TP+SBlBqTmP/VJQ2OetSV5xMR5UCq8tWq9FfS7O
kbzDUUOOmRfIs2PnNbE4RzQOkYKvgAUvewPZNIFHWnOZDHXhUMR0BO7Ljvw86GIu
IQ+Ks9BsiyTCn5RTl1cFcEaY7U83hcVuvACm2NK9gTfwOg5GobkQ99lhNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDtHvSffZwxwwXDz9VtPbLF6zfehMB8GA1UdIwQY
MBaAFF3Tnh3hhRS6wvWiORD4x9RnKg/YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRPZUhlR0ZGTHJDOWFJNUVQakgxR2NxRDlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS85Njg2NWUtYzE3Ny00ODQ0LThkYzMt
OWMyNmIwN2I3MThiLzEvTzBlOUo5OW5ESERCY1BQMVcwOXNzWHJOOTZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS85Njg2NWUtYzE3Ny00ODQ0LThkYzMtOWMyNmIwN2I3MThi
LzEvWGRPZUhlR0ZGTHJDOWFJNUVQakgxR2NxRDlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudV5AwQB
1f66MA0GCSqGSIb3DQEBCwUAA4IBAQBYYxb2RNHyYgqD3aY0Y62X4AhtcfcF7qpa
deY4K2lPLSPMwH4LuAMS57bvFt6EJ53Y0HkFD0NDmKa5lQAFJsU3H2RTaPsrbRmo
H+x/vNLDplIOEshslwc0fgoi1neLu1TW71kO67tT1mAhs9rOUu3Ykjw5WzkRAKkt
+cy6L0fsDIcy3daDNNGVNOa8Lj3tU7J2CaWESssVqOiYx/Wo3Vblzd4p5af9gEj1
izqhrMZmFOmhFKsStfUKZl/M+6l52gp3OSzPbqkPT/4CJMZePMD9HX+EDk8euWtg
ZO1eAKlbbyIccYOBdTqMBhcNaS29eEm7jAkFieFYFBq7Gu8jTOKL
-----END CERTIFICATE-----