Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/2a55f5-3cdc-43ea-9803-74ee83736e97/1/OY-F0hhlIFsLBb-jhlJlozNHKDw.roa
File:                     OY-F0hhlIFsLBb-jhlJlozNHKDw.roa (raw, json)
Hash identifier:          JseVfilW9clKoxV/EybNUEX+K2HrPNZ0B5i1na1LMg8=
Subject key identifier:   39:8F:85:D2:18:65:20:5B:0B:05:BF:A3:86:52:65:A3:33:47:28:3C
Certificate issuer:       /CN=6c895335ba98f7c626f0c819e9e2894c61d44754
Certificate serial:       019CE7558D78E989819BF95B55828009E660
Authority key identifier: 6C:89:53:35:BA:98:F7:C6:26:F0:C8:19:E9:E2:89:4C:61:D4:47:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bIlTNbqY98Ym8MgZ6eKJTGHUR1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/2a55f5-3cdc-43ea-9803-74ee83736e97/1/OY-F0hhlIFsLBb-jhlJlozNHKDw.roa
Signing time:             Fri 13 Mar 2026 13:14:29 +0000
ROA not before:           Fri 13 Mar 2026 13:14:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41088
IP address blocks:        89.190.64.0/19 maxlen: 19
                          2a00:bfe0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/2a55f5-3cdc-43ea-9803-74ee83736e97/1/bIlTNbqY98Ym8MgZ6eKJTGHUR1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/2a55f5-3cdc-43ea-9803-74ee83736e97/1/bIlTNbqY98Ym8MgZ6eKJTGHUR1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bIlTNbqY98Ym8MgZ6eKJTGHUR1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e7:55:8d:78:e9:89:81:9b:f9:5b:55:82:80:09:e6:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c895335ba98f7c626f0c819e9e2894c61d44754
        Validity
            Not Before: Mar 13 13:14:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=398f85d21865205b0b05bfa3865265a33347283c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d0:7f:9b:ef:ff:bb:55:68:97:65:b1:11:4d:
                    16:0c:aa:6e:95:96:8d:b0:71:5a:a4:8d:79:8b:5e:
                    0b:63:9e:b2:f2:ee:2e:cb:91:7d:99:1d:f0:c1:4e:
                    92:49:0d:44:63:ee:de:3b:45:58:02:df:d0:47:11:
                    07:ce:81:a2:99:10:05:e4:c7:4a:70:b5:5c:0c:47:
                    8a:36:ba:d6:86:c9:94:d2:d8:d7:86:39:98:2e:33:
                    f8:32:7e:25:49:20:1d:c2:f2:12:df:ae:cd:12:d6:
                    fd:79:5c:fa:5c:15:a4:f4:d4:2c:cf:fd:c7:19:fd:
                    65:5d:86:39:62:bf:31:22:d3:9c:46:19:69:66:d9:
                    15:6f:61:56:e3:11:d2:9c:66:63:95:73:6e:59:64:
                    19:ff:28:74:00:86:d7:db:27:c8:46:40:af:36:f2:
                    7c:c1:d1:40:6f:4e:22:3e:e5:72:25:c2:2a:f9:35:
                    b8:21:e1:0c:8b:f5:6c:50:91:55:60:1a:ba:a6:f2:
                    a5:68:22:c0:35:ad:71:77:e2:c4:17:39:71:a9:79:
                    d3:14:1a:0b:af:2d:a6:7f:fe:98:53:3a:a3:2e:69:
                    0f:7c:ba:77:4c:16:c6:0d:35:ce:f7:96:51:4d:66:
                    39:f5:ff:3e:f0:4d:c5:c3:9f:5d:8f:81:ae:0b:12:
                    7a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:8F:85:D2:18:65:20:5B:0B:05:BF:A3:86:52:65:A3:33:47:28:3C
            X509v3 Authority Key Identifier:
                keyid:6C:89:53:35:BA:98:F7:C6:26:F0:C8:19:E9:E2:89:4C:61:D4:47:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bIlTNbqY98Ym8MgZ6eKJTGHUR1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/2a55f5-3cdc-43ea-9803-74ee83736e97/1/OY-F0hhlIFsLBb-jhlJlozNHKDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/2a55f5-3cdc-43ea-9803-74ee83736e97/1/bIlTNbqY98Ym8MgZ6eKJTGHUR1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.190.64.0/19
                IPv6:
                  2a00:bfe0::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:28:66:9d:dd:2c:5a:d8:a9:2f:25:05:06:23:f1:24:7d:f4:
         ef:89:83:f4:2c:70:f5:df:4e:bd:51:0d:e4:36:d0:34:76:f4:
         de:9e:f1:57:7f:09:c6:f6:c5:e0:5f:25:a2:d3:f7:2f:be:3a:
         60:3d:60:c7:48:87:4a:bf:3d:4c:f4:45:88:4e:40:2a:ed:22:
         16:75:e8:bf:09:9b:60:85:02:7f:53:7d:de:3d:40:d6:74:ef:
         f5:94:98:97:df:59:ae:33:e0:46:e5:a4:d1:02:72:46:72:12:
         f0:06:e2:f6:5a:41:3b:2e:81:98:19:d3:3b:e8:49:25:86:55:
         aa:34:32:61:99:df:25:34:94:85:7d:9a:0b:d0:da:89:e6:04:
         1a:41:66:8f:47:e3:e5:76:80:db:b3:cd:e6:a4:a2:a7:0c:1e:
         7f:b8:a7:4e:02:e6:f6:f8:32:82:89:cf:cc:0c:5c:9c:4e:50:
         84:76:57:67:00:81:5f:a5:db:a9:9c:14:28:fb:f0:0c:31:60:
         0c:af:9b:ff:cc:10:13:08:53:f5:5f:b4:bc:6e:a6:d3:68:69:
         0a:b1:eb:99:72:bf:8d:d9:18:ed:c1:e4:3b:46:cc:78:af:cc:
         e3:a2:50:b9:b2:db:7e:3f:d0:d2:33:62:50:38:84:37:94:53:
         e6:b4:14:31
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZznVY146YmBm/lbVYKACeZgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjODk1MzM1YmE5OGY3YzYyNmYwYzgxOWU5ZTI4OTRjNjFk
NDQ3NTQwHhcNMjYwMzEzMTMxNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOThmODVkMjE4NjUyMDViMGIwNWJmYTM4NjUyNjVhMzMzNDcyODNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9B/m+//u1Vol2WxEU0WDKpulZaN
sHFapI15i14LY56y8u4uy5F9mR3wwU6SSQ1EY+7eO0VYAt/QRxEHzoGimRAF5MdK
cLVcDEeKNrrWhsmU0tjXhjmYLjP4Mn4lSSAdwvIS367NEtb9eVz6XBWk9NQsz/3H
Gf1lXYY5Yr8xItOcRhlpZtkVb2FW4xHSnGZjlXNuWWQZ/yh0AIbX2yfIRkCvNvJ8
wdFAb04iPuVyJcIq+TW4IeEMi/VsUJFVYBq6pvKlaCLANa1xd+LEFzlxqXnTFBoL
ry2mf/6YUzqjLmkPfLp3TBbGDTXO95ZRTWY59f8+8E3Fw59dj4GuCxJ6yQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDmPhdIYZSBbCwW/o4ZSZaMzRyg8MB8GA1UdIwQY
MBaAFGyJUzW6mPfGJvDIGeniiUxh1EdUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklsVE5icVk5OFltOE1nWjZlS0pUR0hVUjFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8yYTU1ZjUtM2NkYy00M2VhLTk4MDMt
NzRlZTgzNzM2ZTk3LzEvT1ktRjBoaGxJRnNMQmItamhsSmxvek5IS0R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8yYTU1ZjUtM2NkYy00M2VhLTk4MDMtNzRlZTgzNzM2ZTk3
LzEvYklsVE5icVk5OFltOE1nWjZlS0pUR0hVUjFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFWb5AMA0E
AgACMAcDBQAqAL/gMA0GCSqGSIb3DQEBCwUAA4IBAQBHKGad3Sxa2KkvJQUGI/Ek
ffTviYP0LHD13069UQ3kNtA0dvTenvFXfwnG9sXgXyWi0/cvvjpgPWDHSIdKvz1M
9EWITkAq7SIWdei/CZtghQJ/U33ePUDWdO/1lJiX31muM+BG5aTRAnJGchLwBuL2
WkE7LoGYGdM76EklhlWqNDJhmd8lNJSFfZoL0NqJ5gQaQWaPR+PldoDbs83mpKKn
DB5/uKdOAub2+DKCic/MDFycTlCEdldnAIFfpdupnBQo+/AMMWAMr5v/zBATCFP1
X7S8bqbTaGkKseuZcr+N2RjtweQ7Rsx4r8zjolC5stt+P9DSM2JQOIQ3lFPmtBQx
-----END CERTIFICATE-----