Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/dQcB5Ov2wE59-KcBWX_C-jPEF30.roa
File:                     dQcB5Ov2wE59-KcBWX_C-jPEF30.roa (raw, json)
Hash identifier:          j3Lsz8/4/F+fGa7qOJ+aR2Em82VTSSmtIIUmkzNZHuE=
Subject key identifier:   75:07:01:E4:EB:F6:C0:4E:7D:F8:A7:01:59:7F:C2:FA:33:C4:17:7D
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       019D212E5A5289903D73B9EB4B18C9D14E54
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/dQcB5Ov2wE59-KcBWX_C-jPEF30.roa
Signing time:             Tue 24 Mar 2026 18:49:38 +0000
ROA not before:           Tue 24 Mar 2026 18:49:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50340
IP address blocks:        213.209.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 21:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:21:2e:5a:52:89:90:3d:73:b9:eb:4b:18:c9:d1:4e:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Mar 24 18:49:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=750701e4ebf6c04e7df8a701597fc2fa33c4177d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c6:8b:bc:37:e3:24:28:b7:2a:52:b3:91:28:
                    aa:13:f1:a9:43:a5:5a:65:dd:c6:24:98:ba:6a:91:
                    2e:de:67:ad:b3:8b:b2:0f:ee:31:7a:1a:45:7c:d4:
                    c2:17:5b:56:41:9e:63:1d:4b:cb:e0:dc:e1:0d:e8:
                    56:84:96:11:1b:2c:45:0b:25:00:5f:e1:8f:1f:df:
                    87:c0:5a:bb:85:d4:2b:4c:87:64:ef:42:5c:49:69:
                    d2:44:1d:d5:07:8f:d7:93:5b:9d:4e:ec:03:ae:92:
                    60:61:68:fb:24:4f:e5:b5:ad:cd:bb:a4:2c:26:c1:
                    62:87:74:3a:8f:75:88:bf:eb:01:14:3e:e6:8c:59:
                    3f:bd:56:af:7d:d6:a9:8d:bb:fa:2a:98:be:11:2c:
                    ec:53:d3:a5:69:33:31:0f:f3:48:00:76:d7:1e:27:
                    8f:d6:1f:96:15:4d:59:ec:3a:a4:1b:3d:3b:00:ee:
                    06:2a:ad:24:b9:67:7f:c5:59:00:bc:79:ec:ae:20:
                    ca:45:82:8b:e0:f3:f9:a1:c3:39:ba:f0:11:eb:f1:
                    d1:ce:6d:03:cd:48:11:42:03:2e:54:b3:1f:bf:48:
                    e8:43:6f:8f:e3:bf:6c:99:4f:5e:b8:e3:2e:b1:3e:
                    17:f3:d6:71:86:5a:72:81:91:21:64:63:04:d2:58:
                    97:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:07:01:E4:EB:F6:C0:4E:7D:F8:A7:01:59:7F:C2:FA:33:C4:17:7D
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/dQcB5Ov2wE59-KcBWX_C-jPEF30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.209.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:de:20:45:cc:ce:05:47:3b:27:64:a3:f8:76:a2:12:b5:55:
         72:e7:6e:73:0f:fa:0c:4d:77:11:f4:93:e5:44:05:25:53:0e:
         79:bd:67:42:90:0f:4a:4a:5d:7f:01:b1:73:59:4f:eb:ad:d4:
         3c:68:5c:1c:51:4b:f3:96:16:f7:03:f5:6b:3f:8b:d6:1a:48:
         9d:63:42:7b:95:b2:ff:eb:96:4c:48:45:e6:a9:ef:1a:fe:48:
         ca:a2:c4:29:37:7b:70:01:1b:fa:10:5d:90:bb:12:b5:65:84:
         12:5a:09:7b:77:8c:f8:78:50:ba:4b:69:65:3d:05:44:af:52:
         72:5f:58:6a:93:a1:de:38:0c:99:5a:58:13:f3:0f:66:07:f1:
         73:27:eb:de:f9:5a:d7:8b:b7:13:1b:cf:04:8a:1e:16:2b:b8:
         f1:87:d5:98:57:cb:e7:5c:30:09:d6:a9:06:c2:3d:38:6c:2d:
         67:7f:a5:3c:95:8b:1a:c5:96:3c:7c:05:a3:90:44:c2:00:10:
         61:fb:1c:5a:bf:88:3e:cd:d5:9d:57:73:6d:3c:25:8a:73:97:
         0f:42:f4:f9:6a:48:78:89:30:1c:5c:fb:d9:60:34:bb:b3:19:
         de:df:49:d0:ef:b8:24:9d:4d:fc:d0:eb:c7:17:b6:77:39:bf:
         81:2e:7b:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0hLlpSiZA9c7nrSxjJ0U5UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjYwMzI0MTg0OTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTA3MDFlNGViZjZjMDRlN2RmOGE3MDE1OTdmYzJmYTMzYzQxNzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMaLvDfjJCi3KlKzkSiqE/GpQ6Va
Zd3GJJi6apEu3mets4uyD+4xehpFfNTCF1tWQZ5jHUvL4NzhDehWhJYRGyxFCyUA
X+GPH9+HwFq7hdQrTIdk70JcSWnSRB3VB4/Xk1udTuwDrpJgYWj7JE/lta3Nu6Qs
JsFih3Q6j3WIv+sBFD7mjFk/vVavfdapjbv6Kpi+ESzsU9OlaTMxD/NIAHbXHieP
1h+WFU1Z7DqkGz07AO4GKq0kuWd/xVkAvHnsriDKRYKL4PP5ocM5uvAR6/HRzm0D
zUgRQgMuVLMfv0joQ2+P479smU9euOMusT4X89ZxhlpygZEhZGME0liXAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUHAeTr9sBOffinAVl/wvozxBd9MB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvZFFjQjVPdjJ3RTU5LUtjQldYX0MtalBFRjMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dGJMA0G
CSqGSIb3DQEBCwUAA4IBAQBC3iBFzM4FRzsnZKP4dqIStVVy525zD/oMTXcR9JPl
RAUlUw55vWdCkA9KSl1/AbFzWU/rrdQ8aFwcUUvzlhb3A/VrP4vWGkidY0J7lbL/
65ZMSEXmqe8a/kjKosQpN3twARv6EF2QuxK1ZYQSWgl7d4z4eFC6S2llPQVEr1Jy
X1hqk6HeOAyZWlgT8w9mB/FzJ+ve+VrXi7cTG88Eih4WK7jxh9WYV8vnXDAJ1qkG
wj04bC1nf6U8lYsaxZY8fAWjkETCABBh+xxav4g+zdWdV3NtPCWKc5cPQvT5akh4
iTAcXPvZYDS7sxne30nQ77gknU380OvHF7Z3Ob+BLnsS
-----END CERTIFICATE-----