Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Dkh1rW5DHoq6fRphX-ebBx6X8H8.roa
File:                     Dkh1rW5DHoq6fRphX-ebBx6X8H8.roa (raw, json)
Hash identifier:          UHHj/YoTvgsqicvqx31s4K0KH2JQ2SiBwNWS1XTnEco=
Subject key identifier:   0E:48:75:AD:6E:43:1E:8A:BA:7D:1A:61:5F:E7:9B:07:1E:97:F0:7F
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019CFFD1420C49FA0B322493A03F72EC46BA
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Dkh1rW5DHoq6fRphX-ebBx6X8H8.roa
Signing time:             Wed 18 Mar 2026 07:20:29 +0000
ROA not before:           Wed 18 Mar 2026 07:20:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3491
IP address blocks:        195.21.160.0/19 maxlen: 24
                          195.21.192.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 20:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ff:d1:42:0c:49:fa:0b:32:24:93:a0:3f:72:ec:46:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Mar 18 07:20:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0e4875ad6e431e8aba7d1a615fe79b071e97f07f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f7:70:7c:c3:d2:55:f4:f0:4c:43:b0:be:4f:
                    f6:02:a2:3a:50:a0:d1:0e:cd:d8:e2:82:34:fe:40:
                    34:9d:8f:7a:40:b3:0c:a2:fe:b3:55:9e:56:2b:be:
                    0e:ea:e0:01:3f:b4:0e:39:83:25:11:d2:bb:8e:5c:
                    3f:d7:2f:1a:21:7d:53:50:97:81:ab:c3:db:f2:d1:
                    67:36:f6:12:50:b2:25:ed:00:81:69:c0:73:9f:4b:
                    5c:df:f8:9c:d0:de:49:03:ec:49:4b:03:ce:1b:69:
                    17:f1:17:42:c2:66:a2:cd:3c:7f:de:b7:d7:42:ba:
                    ea:a0:d5:82:1c:ae:ce:1a:5a:2b:98:8a:42:ce:4e:
                    da:98:3d:dd:e4:d5:d2:cf:4e:37:d8:02:eb:b0:09:
                    be:fa:61:0c:ac:fc:d9:5d:39:57:7a:c9:ef:57:a8:
                    b8:4b:71:30:1c:23:a2:19:b6:e6:c2:f6:d3:5e:f7:
                    9c:4a:e6:a4:6b:5e:f1:f6:ce:3c:65:43:8f:00:3b:
                    b5:3b:36:6e:18:0a:90:f8:a7:79:3a:28:0a:50:0c:
                    99:49:7d:0d:d5:b8:0e:08:ea:36:be:da:9e:39:f1:
                    96:bb:8a:b6:a1:ac:22:54:cc:de:25:79:b6:6e:cc:
                    eb:ba:30:58:27:bb:51:a7:be:98:e4:be:0e:b2:08:
                    b3:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:48:75:AD:6E:43:1E:8A:BA:7D:1A:61:5F:E7:9B:07:1E:97:F0:7F
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Dkh1rW5DHoq6fRphX-ebBx6X8H8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.21.160.0-195.21.255.255

    Signature Algorithm: sha256WithRSAEncryption
         65:2c:6b:bd:48:24:65:6f:6c:41:77:34:cc:13:3d:b5:9d:19:
         dc:f9:c4:3c:b1:2a:52:28:c8:a7:39:03:6e:93:91:05:e8:ec:
         58:1e:2e:4a:cb:26:ea:90:d5:27:a9:df:5f:a5:6d:ee:22:39:
         5a:1c:ae:37:ac:20:6b:fb:76:76:fe:58:8e:ee:d4:6b:80:1d:
         0d:70:5b:af:68:f8:46:4c:68:02:53:89:02:cb:4b:e8:27:89:
         c4:2a:d5:b5:85:3d:31:06:89:4b:54:3e:31:1c:2c:5f:38:bf:
         4c:9f:c3:bc:61:d5:19:3f:f9:67:ee:da:18:aa:f2:b5:bd:d7:
         fb:61:c6:e9:39:27:8e:7a:9e:86:21:76:ba:43:6a:18:23:16:
         4b:15:bc:84:50:31:1f:78:01:a6:51:71:48:a9:a1:d3:6a:8c:
         0b:51:8a:30:5b:e0:d1:f6:4f:4a:f8:2b:28:8c:94:bd:c4:fb:
         3b:08:42:15:e8:46:eb:d4:76:1a:d2:c9:e3:9d:d9:5a:fc:2e:
         ed:e2:9b:f9:5d:5e:c7:ea:59:50:f3:a4:69:9c:d1:6d:0a:ea:
         0d:fe:41:0c:8c:67:b9:57:df:13:a1:39:85:1e:f0:20:08:70:
         c3:2e:25:8f:3b:34:66:e3:69:6e:8c:a1:9a:1d:a4:42:da:d2:
         8c:ae:1f:07
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZz/0UIMSfoLMiSToD9y7Ea6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMzE4MDcyMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTQ4NzVhZDZlNDMxZThhYmE3ZDFhNjE1ZmU3OWIwNzFlOTdmMDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvdwfMPSVfTwTEOwvk/2AqI6UKDR
Ds3Y4oI0/kA0nY96QLMMov6zVZ5WK74O6uABP7QOOYMlEdK7jlw/1y8aIX1TUJeB
q8Pb8tFnNvYSULIl7QCBacBzn0tc3/ic0N5JA+xJSwPOG2kX8RdCwmaizTx/3rfX
QrrqoNWCHK7OGlormIpCzk7amD3d5NXSz0432ALrsAm++mEMrPzZXTlXesnvV6i4
S3EwHCOiGbbmwvbTXvecSuaka17x9s48ZUOPADu1OzZuGAqQ+Kd5OigKUAyZSX0N
1bgOCOo2vtqeOfGWu4q2oawiVMzeJXm2bszrujBYJ7tRp76Y5L4Osgiz4QIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFA5Ida1uQx6Kun0aYV/nmwcel/B/MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvRGtoMXJXNURIb3E2ZlJwaFgtZWJCeDZYOEg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDBAXDFaAD
AwHDFDANBgkqhkiG9w0BAQsFAAOCAQEAZSxrvUgkZW9sQXc0zBM9tZ0Z3PnEPLEq
UijIpzkDbpORBejsWB4uSssm6pDVJ6nfX6Vt7iI5WhyuN6wga/t2dv5Yju7Ua4Ad
DXBbr2j4RkxoAlOJAstL6CeJxCrVtYU9MQaJS1Q+MRwsXzi/TJ/DvGHVGT/5Z+7a
GKrytb3X+2HG6TknjnqehiF2ukNqGCMWSxW8hFAxH3gBplFxSKmh02qMC1GKMFvg
0fZPSvgrKIyUvcT7OwhCFehG69R2GtLJ453ZWvwu7eKb+V1ex+pZUPOkaZzRbQrq
Df5BDIxnuVffE6E5hR7wIAhwwy4ljzs0ZuNpboyhmh2kQtrSjK4fBw==
-----END CERTIFICATE-----