Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/90e923-2f2d-4086-819c-4e655b5b6427/1/XO3NtH2XUUrbu3EZOVQJj7vU_gU.roa
File:                     XO3NtH2XUUrbu3EZOVQJj7vU_gU.roa (raw, json)
Hash identifier:          uxHwXjPpL13fWGLwP3WFIzZ1V+yUDv8CRXMBodsfHIc=
Subject key identifier:   5C:ED:CD:B4:7D:97:51:4A:DB:BB:71:19:39:54:09:8F:BB:D4:FE:05
Certificate issuer:       /CN=39f873cd3939203c778a8eaaf1683e9464ac3400
Certificate serial:       019DDD947CC2B171C8C8D534E126C5FDADAB
Authority key identifier: 39:F8:73:CD:39:39:20:3C:77:8A:8E:AA:F1:68:3E:94:64:AC:34:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OfhzzTk5IDx3io6q8Wg-lGSsNAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/90e923-2f2d-4086-819c-4e655b5b6427/1/XO3NtH2XUUrbu3EZOVQJj7vU_gU.roa
Signing time:             Thu 30 Apr 2026 08:49:49 +0000
ROA not before:           Thu 30 Apr 2026 08:49:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     132883
IP address blocks:        194.32.148.0/24 maxlen: 24
                          194.32.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/90e923-2f2d-4086-819c-4e655b5b6427/1/OfhzzTk5IDx3io6q8Wg-lGSsNAA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/90e923-2f2d-4086-819c-4e655b5b6427/1/OfhzzTk5IDx3io6q8Wg-lGSsNAA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OfhzzTk5IDx3io6q8Wg-lGSsNAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:dd:94:7c:c2:b1:71:c8:c8:d5:34:e1:26:c5:fd:ad:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f873cd3939203c778a8eaaf1683e9464ac3400
        Validity
            Not Before: Apr 30 08:49:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5cedcdb47d97514adbbb71193954098fbbd4fe05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:6c:63:73:99:d2:94:d2:c8:87:b9:23:04:21:
                    a3:8c:fb:44:d9:fc:0d:ef:bc:db:f6:5b:98:89:df:
                    47:ac:a2:fe:de:bc:6a:f0:b7:9e:cf:8c:2f:9c:1e:
                    53:e2:e8:00:0f:06:ed:f5:d0:6b:2e:bd:c7:71:12:
                    3a:39:f7:6f:16:b1:d8:0a:e2:7c:3e:ae:6d:8d:24:
                    f1:10:b9:f1:23:dc:ad:b3:f3:81:5d:b6:f6:5e:f2:
                    a3:1e:d7:07:9c:f9:b8:84:5b:ce:59:3d:c9:9c:bf:
                    c8:c1:19:ce:ef:01:af:8a:c6:8c:bc:ea:9f:0f:94:
                    96:26:0e:6d:df:27:b2:2e:c8:f6:85:35:dc:32:17:
                    ca:90:85:8f:07:44:59:9c:e8:b0:de:c6:06:9d:64:
                    a4:e3:32:8a:23:5a:72:a3:55:90:69:02:7f:2e:ed:
                    f5:3f:8c:75:1a:96:a0:d7:f0:6c:6d:fb:34:97:b1:
                    1c:7a:39:01:48:de:18:23:32:1b:f4:dd:92:07:25:
                    7b:50:5d:db:22:82:87:72:fb:29:3f:da:ca:cb:ed:
                    12:97:53:f2:40:1e:d1:f1:5f:7a:2d:a5:67:d2:72:
                    20:12:29:08:26:63:f2:8e:6b:97:0a:9e:f5:5b:14:
                    fc:82:2c:bc:eb:d5:aa:5a:15:ab:b9:37:a2:0f:7f:
                    de:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:ED:CD:B4:7D:97:51:4A:DB:BB:71:19:39:54:09:8F:BB:D4:FE:05
            X509v3 Authority Key Identifier:
                keyid:39:F8:73:CD:39:39:20:3C:77:8A:8E:AA:F1:68:3E:94:64:AC:34:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfhzzTk5IDx3io6q8Wg-lGSsNAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/90e923-2f2d-4086-819c-4e655b5b6427/1/XO3NtH2XUUrbu3EZOVQJj7vU_gU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/90e923-2f2d-4086-819c-4e655b5b6427/1/OfhzzTk5IDx3io6q8Wg-lGSsNAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:c0:fd:e3:57:4c:d8:f1:56:f1:43:69:a7:06:23:94:0e:14:
         f5:84:2b:f4:86:c1:0b:7e:af:72:d1:0f:49:0d:af:98:73:91:
         27:f9:b8:48:c7:be:47:a4:94:62:98:4b:eb:a7:8b:af:91:bc:
         6c:d3:4e:13:5d:d1:76:a9:b3:9e:8c:73:84:93:ca:2f:41:82:
         79:ac:ba:9d:54:a5:9c:8d:a6:40:55:60:f4:f3:40:e5:bf:82:
         39:00:ea:ed:03:2c:62:da:f2:48:d4:db:dd:ea:60:ca:93:e5:
         c9:fa:b8:c8:3c:b8:a4:96:c0:d6:ee:9e:b5:ea:52:4f:fe:c1:
         03:b1:6b:87:28:fe:05:db:b2:56:2d:52:72:c6:16:10:c9:74:
         04:e3:73:14:c4:41:4e:56:82:5a:ca:ce:a0:2a:7c:01:b7:eb:
         55:95:c2:00:02:ba:1f:fd:93:26:18:5e:ea:db:74:2c:f6:97:
         67:41:16:04:13:89:18:09:24:c5:51:bd:84:0a:c5:0b:b1:43:
         96:9b:7f:a0:ff:2c:cb:28:0e:0b:2f:4a:7c:6e:27:17:be:37:
         d5:e5:21:b0:80:e4:12:2f:27:10:f0:ce:8f:6b:91:20:99:8a:
         12:47:b9:59:f2:72:81:19:d7:49:c1:94:3c:cf:5b:3f:08:89:
         32:08:d7:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3dlHzCsXHIyNU04SbF/a2rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5Zjg3M2NkMzkzOTIwM2M3NzhhOGVhYWYxNjgzZTk0NjRh
YzM0MDAwHhcNMjYwNDMwMDg0OTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2VkY2RiNDdkOTc1MTRhZGJiYjcxMTkzOTU0MDk4ZmJiZDRmZTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGxjc5nSlNLIh7kjBCGjjPtE2fwN
77zb9luYid9HrKL+3rxq8Leez4wvnB5T4ugADwbt9dBrLr3HcRI6OfdvFrHYCuJ8
Pq5tjSTxELnxI9yts/OBXbb2XvKjHtcHnPm4hFvOWT3JnL/IwRnO7wGvisaMvOqf
D5SWJg5t3yeyLsj2hTXcMhfKkIWPB0RZnOiw3sYGnWSk4zKKI1pyo1WQaQJ/Lu31
P4x1Gpag1/Bsbfs0l7EcejkBSN4YIzIb9N2SByV7UF3bIoKHcvspP9rKy+0Sl1Py
QB7R8V96LaVn0nIgEikIJmPyjmuXCp71WxT8giy869WqWhWruTeiD3/eMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFztzbR9l1FK27txGTlUCY+71P4FMB8GA1UdIwQY
MBaAFDn4c805OSA8d4qOqvFoPpRkrDQAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2ZoenpUazVJRHgzaW82cThXZy1sR1NzTkFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi85MGU5MjMtMmYyZC00MDg2LTgxOWMt
NGU2NTViNWI2NDI3LzEvWE8zTnRIMlhVVXJidTNFWk9WUUpqN3ZVX2dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi85MGU5MjMtMmYyZC00MDg2LTgxOWMtNGU2NTViNWI2NDI3
LzEvT2ZoenpUazVJRHgzaW82cThXZy1sR1NzTkFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwiCUMA0G
CSqGSIb3DQEBCwUAA4IBAQADwP3jV0zY8VbxQ2mnBiOUDhT1hCv0hsELfq9y0Q9J
Da+Yc5En+bhIx75HpJRimEvrp4uvkbxs004TXdF2qbOejHOEk8ovQYJ5rLqdVKWc
jaZAVWD080Dlv4I5AOrtAyxi2vJI1Nvd6mDKk+XJ+rjIPLiklsDW7p616lJP/sED
sWuHKP4F27JWLVJyxhYQyXQE43MUxEFOVoJays6gKnwBt+tVlcIAArof/ZMmGF7q
23Qs9pdnQRYEE4kYCSTFUb2ECsULsUOWm3+g/yzLKA4LL0p8bicXvjfV5SGwgOQS
LycQ8M6Pa5EgmYoSR7lZ8nKBGddJwZQ8z1s/CIkyCNe/
-----END CERTIFICATE-----