Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/O3vmQkWtQ8jA_byW0p80azS_bm0.roa
File:                     O3vmQkWtQ8jA_byW0p80azS_bm0.roa (raw, json)
Hash identifier:          qGR6plYOUEV1nUD7R/C1+fRecdZczYOW+JuIU7iIVQ4=
Subject key identifier:   3B:7B:E6:42:45:AD:43:C8:C0:FD:BC:96:D2:9F:34:6B:34:BF:6E:6D
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019D05EE79072DFE930C343EFEE2E5A93334
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/O3vmQkWtQ8jA_byW0p80azS_bm0.roa
Signing time:             Thu 19 Mar 2026 11:50:07 +0000
ROA not before:           Thu 19 Mar 2026 11:50:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        85.239.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:05:ee:79:07:2d:fe:93:0c:34:3e:fe:e2:e5:a9:33:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Mar 19 11:50:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b7be64245ad43c8c0fdbc96d29f346b34bf6e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c5:a6:a4:a3:0f:ca:03:7b:88:ac:57:a1:ef:
                    e5:a0:cb:b8:bc:88:d8:63:4c:ff:55:b4:72:c2:2b:
                    df:f8:77:91:b7:a1:d5:69:a9:f2:6a:ed:99:32:fe:
                    fe:18:16:f2:fe:69:db:90:93:4c:a3:31:ba:88:55:
                    8e:59:81:f1:d4:89:51:9a:79:70:56:41:2e:ba:da:
                    68:06:04:8b:e4:86:f4:c8:8e:62:a5:00:94:00:55:
                    22:6c:00:32:f0:fd:98:15:aa:92:c3:23:64:77:66:
                    5a:d0:b0:f5:5b:9d:17:b2:62:6a:32:8e:2f:48:4b:
                    f3:50:87:f7:11:36:86:08:af:27:bb:51:80:cd:33:
                    11:62:6f:3b:14:a7:12:1b:c7:7a:aa:47:38:2f:91:
                    2e:e7:15:f7:77:40:47:ba:dc:08:91:13:39:49:c8:
                    72:8f:c1:57:0d:ea:95:0e:4a:6c:17:bc:0f:c1:42:
                    a6:f5:67:34:81:e8:2f:79:2a:5c:c8:09:2e:1a:db:
                    58:13:21:d4:26:18:bc:1f:8a:0b:76:8b:38:e3:dc:
                    df:b7:83:68:e7:0a:76:09:b1:73:93:f1:df:22:5b:
                    a9:f4:47:c3:1a:9f:a9:da:78:bd:6f:0f:ab:d9:42:
                    65:06:29:31:ad:4c:ea:de:22:4e:90:86:56:2d:67:
                    f0:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:7B:E6:42:45:AD:43:C8:C0:FD:BC:96:D2:9F:34:6B:34:BF:6E:6D
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/O3vmQkWtQ8jA_byW0p80azS_bm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:44:f4:b3:cd:06:b9:95:2c:f2:96:25:ba:57:45:c5:ba:0d:
         ca:a1:bf:e1:2a:90:32:6b:f8:07:f9:9b:17:1b:c0:ec:55:f0:
         1a:71:8f:f4:1d:95:cd:79:66:9a:3c:44:3c:9e:f4:b2:33:59:
         df:56:b1:01:e4:c5:c8:d9:82:76:9c:60:5f:6c:87:b6:21:fc:
         57:46:16:ee:87:92:0d:af:ea:59:8d:ea:18:29:0d:b4:7a:3d:
         d0:6d:43:37:1b:a2:c9:4a:d7:7e:07:0f:9f:d6:a9:d2:97:8d:
         cc:c8:5c:07:57:6f:6b:e8:20:36:3b:ae:6e:e0:4b:d8:75:bd:
         59:c0:cc:76:ad:ea:02:d3:cb:21:c6:f0:9a:87:99:9c:42:33:
         4a:de:c9:6f:54:c6:ff:6f:72:50:03:34:af:5a:82:50:21:6e:
         9f:15:0e:61:c2:4d:a0:42:1d:89:9b:56:f7:39:cd:24:6a:d1:
         14:78:d3:13:a8:65:5c:29:d6:c4:25:e6:8b:80:36:a9:07:60:
         b2:e4:11:05:fd:36:1e:28:ec:56:96:e1:72:8c:e8:4b:a2:ea:
         06:af:d7:ac:88:f8:e7:d0:54:f7:31:aa:af:ed:8c:4b:ff:13:
         d1:97:6c:27:5a:c4:78:7c:3e:92:f6:3b:0f:bc:e5:f1:a7:df:
         74:7c:6b:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0F7nkHLf6TDDQ+/uLlqTM0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwMzE5MTE1MDA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjdiZTY0MjQ1YWQ0M2M4YzBmZGJjOTZkMjlmMzQ2YjM0YmY2ZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8WmpKMPygN7iKxXoe/loMu4vIjY
Y0z/VbRywivf+HeRt6HVaanyau2ZMv7+GBby/mnbkJNMozG6iFWOWYHx1IlRmnlw
VkEuutpoBgSL5Ib0yI5ipQCUAFUibAAy8P2YFaqSwyNkd2Za0LD1W50XsmJqMo4v
SEvzUIf3ETaGCK8nu1GAzTMRYm87FKcSG8d6qkc4L5Eu5xX3d0BHutwIkRM5Schy
j8FXDeqVDkpsF7wPwUKm9Wc0gegveSpcyAkuGttYEyHUJhi8H4oLdos449zft4No
5wp2CbFzk/HfIlup9EfDGp+p2ni9bw+r2UJlBikxrUzq3iJOkIZWLWfwHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDt75kJFrUPIwP28ltKfNGs0v25tMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvTzN2bVFrV3RROGpBX2J5VzBwODBhelNfYm0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe+YMA0G
CSqGSIb3DQEBCwUAA4IBAQBbRPSzzQa5lSzyliW6V0XFug3Kob/hKpAya/gH+ZsX
G8DsVfAacY/0HZXNeWaaPEQ8nvSyM1nfVrEB5MXI2YJ2nGBfbIe2IfxXRhbuh5IN
r+pZjeoYKQ20ej3QbUM3G6LJStd+Bw+f1qnSl43MyFwHV29r6CA2O65u4EvYdb1Z
wMx2reoC08shxvCah5mcQjNK3slvVMb/b3JQAzSvWoJQIW6fFQ5hwk2gQh2Jm1b3
Oc0katEUeNMTqGVcKdbEJeaLgDapB2Cy5BEF/TYeKOxWluFyjOhLouoGr9esiPjn
0FT3Maqv7YxL/xPRl2wnWsR4fD6S9jsPvOXxp990fGuU
-----END CERTIFICATE-----