Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/oiBa91T-6TshSnnJbJJgNlbw-W4.roa
File:                     oiBa91T-6TshSnnJbJJgNlbw-W4.roa (raw, json)
Hash identifier:          /fOoDD7jW7j76AriVOk5RIvTKIODzOTB/JdvoQUMItg=
Subject key identifier:   A2:20:5A:F7:54:FE:E9:3B:21:4A:79:C9:6C:92:60:36:56:F0:F9:6E
Certificate issuer:       /CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Certificate serial:       019D87F9112C7C65C9469C2AEFC487501259
Authority key identifier: C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/oiBa91T-6TshSnnJbJJgNlbw-W4.roa
Signing time:             Mon 13 Apr 2026 17:52:20 +0000
ROA not before:           Mon 13 Apr 2026 17:52:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153671
IP address blocks:        95.155.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:87:f9:11:2c:7c:65:c9:46:9c:2a:ef:c4:87:50:12:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
        Validity
            Not Before: Apr 13 17:52:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a2205af754fee93b214a79c96c92603656f0f96e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:4c:1c:ad:c8:d6:e4:57:95:39:c9:b5:63:78:
                    a2:e3:14:3d:35:9b:02:a8:b1:92:01:af:81:22:35:
                    f1:b4:65:59:5e:c9:81:4b:f6:12:06:bb:63:70:64:
                    4f:7c:63:fa:aa:92:59:97:a7:5c:a0:82:bc:95:29:
                    22:f6:00:ce:3c:6b:5d:18:e3:9a:3b:b0:f4:f6:72:
                    e9:e6:8e:8c:86:a7:09:00:5b:3b:cd:da:58:07:73:
                    6d:58:fb:b6:03:84:e1:d7:cb:f4:12:d4:85:08:b6:
                    21:b7:8a:72:a5:fd:14:26:62:61:b8:09:1d:4f:d3:
                    3e:5e:91:ae:73:f9:de:7c:fe:7c:8a:f5:c5:f8:77:
                    3e:06:63:bf:11:c0:84:24:76:ea:61:38:b3:6d:c3:
                    14:91:79:fa:c6:63:b4:f1:38:ef:35:54:16:8a:71:
                    13:ec:33:4b:d4:fd:f8:16:aa:a9:6b:8e:81:f6:48:
                    05:8f:5c:0b:e2:ef:58:f3:f9:71:99:15:e6:26:b1:
                    5c:3b:c6:c2:47:e4:f6:71:3a:09:3b:6e:fb:bc:71:
                    a1:82:44:4e:9a:92:2e:65:85:09:5e:c6:2a:f3:70:
                    19:dc:9d:0d:88:07:59:c5:0e:1e:3b:4a:a7:7f:82:
                    99:ef:3c:d4:76:c9:a3:58:70:42:f7:26:d1:7e:09:
                    68:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:20:5A:F7:54:FE:E9:3B:21:4A:79:C9:6C:92:60:36:56:F0:F9:6E
            X509v3 Authority Key Identifier:
                keyid:C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/oiBa91T-6TshSnnJbJJgNlbw-W4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.155.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:c6:ff:f0:48:a6:b8:4c:24:d7:f5:fc:b5:40:cd:92:60:58:
         18:ee:c6:7c:6c:40:b5:26:26:7e:9b:d2:a2:fa:7f:61:f9:69:
         4f:88:c7:8b:39:df:35:bf:8f:f2:2e:c2:c5:b0:d0:40:69:ab:
         98:42:69:9f:a0:c3:5c:88:34:ed:9b:84:05:a4:d9:14:5a:4e:
         71:b3:2d:68:34:bb:6d:41:68:41:e2:63:50:63:96:a8:d1:c1:
         9c:91:ce:26:48:09:4f:c3:f2:68:0e:52:5f:b0:6e:4d:06:3f:
         71:76:5a:81:a0:34:2c:50:a0:cc:8d:e6:a1:14:b6:9c:80:20:
         d9:3c:76:99:6a:5f:9e:09:43:9a:76:f0:b4:7d:99:ec:3f:dd:
         94:c2:40:af:52:0a:8d:30:08:e7:bf:11:41:28:dd:b9:d5:f5:
         98:ab:01:18:62:a3:7a:e0:32:7e:0b:28:c4:a3:3f:f0:8f:94:
         e9:96:82:9f:04:c6:31:c1:8b:5e:14:12:85:ca:7a:0c:0a:a5:
         8f:18:81:2f:a8:94:43:5d:48:86:de:e5:85:42:71:b8:ca:84:
         58:cf:2b:d1:a3:30:6a:24:e0:45:1b:35:b7:63:47:0a:84:86:
         4a:8a:9d:17:72:f7:4a:a4:5a:2a:51:7b:fb:95:21:1d:c0:29:
         ff:49:40:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2H+REsfGXJRpwq78SHUBJZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTI0OWEwZWFjZDhhYmNiZWEwZDgyZWY3MTAxNmQzODZl
OGVmOTQwHhcNMjYwNDEzMTc1MjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjIwNWFmNzU0ZmVlOTNiMjE0YTc5Yzk2YzkyNjAzNjU2ZjBmOTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6UwcrcjW5FeVOcm1Y3ii4xQ9NZsC
qLGSAa+BIjXxtGVZXsmBS/YSBrtjcGRPfGP6qpJZl6dcoIK8lSki9gDOPGtdGOOa
O7D09nLp5o6MhqcJAFs7zdpYB3NtWPu2A4Th18v0EtSFCLYht4pypf0UJmJhuAkd
T9M+XpGuc/nefP58ivXF+Hc+BmO/EcCEJHbqYTizbcMUkXn6xmO08TjvNVQWinET
7DNL1P34Fqqpa46B9kgFj1wL4u9Y8/lxmRXmJrFcO8bCR+T2cToJO277vHGhgkRO
mpIuZYUJXsYq83AZ3J0NiAdZxQ4eO0qnf4KZ7zzUdsmjWHBC9ybRfgloQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIgWvdU/uk7IUp5yWySYDZW8PluMB8GA1UdIwQY
MBaAFMaiSaDqzYq8vqDYLvcQFtOG6O+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2Ut
MjEwNTdkMjI4ZDA1LzEvb2lCYTkxVC02VHNoU25uSmJKSmdObGJ3LVc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2UtMjEwNTdkMjI4ZDA1
LzEveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX5uYMA0G
CSqGSIb3DQEBCwUAA4IBAQBOxv/wSKa4TCTX9fy1QM2SYFgY7sZ8bEC1JiZ+m9Ki
+n9h+WlPiMeLOd81v4/yLsLFsNBAaauYQmmfoMNciDTtm4QFpNkUWk5xsy1oNLtt
QWhB4mNQY5ao0cGckc4mSAlPw/JoDlJfsG5NBj9xdlqBoDQsUKDMjeahFLacgCDZ
PHaZal+eCUOadvC0fZnsP92UwkCvUgqNMAjnvxFBKN251fWYqwEYYqN64DJ+CyjE
oz/wj5TploKfBMYxwYteFBKFynoMCqWPGIEvqJRDXUiG3uWFQnG4yoRYzyvRozBq
JOBFGzW3Y0cKhIZKip0XcvdKpFoqUXv7lSEdwCn/SUBe
-----END CERTIFICATE-----