Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/38-MCJOaTJoM1CkppxZwpGFrvio.roa
File:                     38-MCJOaTJoM1CkppxZwpGFrvio.roa (raw, json)
Hash identifier:          yfCYUOzlp8V1kp+Ja7kyxxyMARHD43o08wLOzsQTFn8=
Subject key identifier:   DF:CF:8C:08:93:9A:4C:9A:0C:D4:29:29:A7:16:70:A4:61:6B:BE:2A
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019D1E861DDD1F476767C6683336BDA792AB
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/38-MCJOaTJoM1CkppxZwpGFrvio.roa
Signing time:             Tue 24 Mar 2026 06:26:39 +0000
ROA not before:           Tue 24 Mar 2026 06:26:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402187
IP address blocks:        188.255.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1e:86:1d:dd:1f:47:67:67:c6:68:33:36:bd:a7:92:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Mar 24 06:26:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dfcf8c08939a4c9a0cd42929a71670a4616bbe2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:49:92:46:d2:d3:e0:ec:cf:5b:e0:ef:8e:3d:
                    17:a2:8a:d8:60:01:3d:f2:94:36:51:9f:50:29:3c:
                    eb:ea:7b:95:78:b4:ba:c8:18:a7:cc:07:17:bf:da:
                    a3:c7:71:b2:e8:5e:e6:d5:65:56:89:7b:11:75:39:
                    2f:ac:b1:9f:5b:8b:2c:21:68:1e:37:5f:2b:98:9c:
                    7e:50:79:7a:12:8e:f2:ee:f7:3d:44:ac:c0:51:27:
                    8f:07:28:be:89:e3:9b:39:62:2a:3a:4d:6d:2c:6e:
                    e5:9e:99:d4:90:05:4a:32:7f:80:be:b6:a9:67:89:
                    dd:e8:34:fd:81:d1:91:b8:24:24:e2:0c:0a:04:c9:
                    4e:dc:3c:1b:11:87:1f:75:eb:78:15:62:ff:b7:d5:
                    5b:9d:4c:c8:64:75:61:25:ab:8c:e6:63:04:fd:9e:
                    02:a1:7b:d7:17:46:42:37:df:4c:57:7d:4f:4b:95:
                    4e:8c:a3:f9:95:9c:73:bb:1b:ba:05:5d:33:86:9c:
                    4a:36:4d:70:49:0e:11:38:1e:b6:f6:4c:37:9d:8a:
                    65:ea:1a:fe:b6:09:a9:8f:16:b4:01:c6:51:48:36:
                    a1:5a:c7:33:1e:69:77:46:86:dd:a1:b4:7d:a4:16:
                    b9:47:29:cc:e6:ec:e0:d2:7c:2e:11:82:3b:7d:5b:
                    71:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:CF:8C:08:93:9A:4C:9A:0C:D4:29:29:A7:16:70:A4:61:6B:BE:2A
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/38-MCJOaTJoM1CkppxZwpGFrvio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:4e:23:5b:43:23:9f:d8:73:1f:cb:e9:17:fd:fa:f7:2d:c4:
         44:0c:4a:b0:8b:45:52:e3:42:44:06:ed:79:9b:b8:3d:f4:05:
         b9:c2:34:9c:85:5e:f0:03:05:67:be:19:e3:8d:bd:55:28:b3:
         2b:dc:ec:40:6f:33:ec:e2:29:1a:d5:10:94:88:2e:3e:4d:42:
         3e:ec:08:5e:65:01:3d:99:a2:f1:cf:06:3d:d9:19:53:37:53:
         ec:13:70:30:aa:50:a9:fc:14:de:3d:2b:68:df:36:20:cc:2a:
         90:9a:78:ea:5d:22:48:17:ef:fa:55:a0:dd:c1:04:31:ed:b2:
         90:9a:4c:9b:a1:8d:7b:3a:69:3f:75:08:44:e6:b1:f7:b5:2f:
         aa:46:d8:ab:94:b2:da:96:80:13:8e:1d:a2:c1:e5:45:88:b2:
         6b:a7:14:04:e9:5e:5c:91:8b:85:87:de:29:4d:27:61:98:ae:
         e4:7e:e5:c3:c8:1f:e3:af:11:19:e8:0c:a8:a9:31:87:51:00:
         9c:02:b0:e3:24:7c:07:69:c1:93:ff:c9:a4:df:ff:39:e5:1a:
         e8:2f:fd:fc:65:be:05:0a:06:17:93:33:64:ca:77:bc:df:4a:
         2d:30:4c:0f:01:1e:dd:1e:08:83:1b:ce:e6:42:df:10:e0:f0:
         19:d0:46:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0ehh3dH0dnZ8ZoMza9p5KrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMzI0MDYyNjM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmNmOGMwODkzOWE0YzlhMGNkNDI5MjlhNzE2NzBhNDYxNmJiZTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkmSRtLT4OzPW+Dvjj0XoorYYAE9
8pQ2UZ9QKTzr6nuVeLS6yBinzAcXv9qjx3Gy6F7m1WVWiXsRdTkvrLGfW4ssIWge
N18rmJx+UHl6Eo7y7vc9RKzAUSePByi+ieObOWIqOk1tLG7lnpnUkAVKMn+Avrap
Z4nd6DT9gdGRuCQk4gwKBMlO3DwbEYcfdet4FWL/t9VbnUzIZHVhJauM5mME/Z4C
oXvXF0ZCN99MV31PS5VOjKP5lZxzuxu6BV0zhpxKNk1wSQ4ROB629kw3nYpl6hr+
tgmpjxa0AcZRSDahWsczHml3RobdobR9pBa5RynM5uzg0nwuEYI7fVtxXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/PjAiTmkyaDNQpKacWcKRha74qMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvMzgtTUNKT2FUSm9NMUNrcHB4WndwR0ZydmlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP+qMA0G
CSqGSIb3DQEBCwUAA4IBAQCqTiNbQyOf2HMfy+kX/fr3LcREDEqwi0VS40JEBu15
m7g99AW5wjSchV7wAwVnvhnjjb1VKLMr3OxAbzPs4ika1RCUiC4+TUI+7AheZQE9
maLxzwY92RlTN1PsE3AwqlCp/BTePSto3zYgzCqQmnjqXSJIF+/6VaDdwQQx7bKQ
mkyboY17Omk/dQhE5rH3tS+qRtirlLLaloATjh2iweVFiLJrpxQE6V5ckYuFh94p
TSdhmK7kfuXDyB/jrxEZ6AyoqTGHUQCcArDjJHwHacGT/8mk3/855RroL/38Zb4F
CgYXkzNkyne830otMEwPAR7dHgiDG87mQt8Q4PAZ0EYZ
-----END CERTIFICATE-----