Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/ak_oIFZ0irbZMnReXAMcFtjQKqI.roa
File:                     ak_oIFZ0irbZMnReXAMcFtjQKqI.roa (raw, json)
Hash identifier:          x/hwjZvN5gTG9CQTOsiCYCBQLkFra2oGt8woSUkU3vg=
Subject key identifier:   6A:4F:E8:20:56:74:8A:B6:D9:32:74:5E:5C:03:1C:16:D8:D0:2A:A2
Certificate issuer:       /CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
Certificate serial:       019D30953576E62C4C4E1BE131712E9591E9
Authority key identifier: 36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/ak_oIFZ0irbZMnReXAMcFtjQKqI.roa
Signing time:             Fri 27 Mar 2026 18:36:18 +0000
ROA not before:           Fri 27 Mar 2026 18:36:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206787
IP address blocks:        95.181.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:30:95:35:76:e6:2c:4c:4e:1b:e1:31:71:2e:95:91:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363769f8644a5a718ae62b058dd1fb62cb5a3c20
        Validity
            Not Before: Mar 27 18:36:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a4fe82056748ab6d932745e5c031c16d8d02aa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:9b:92:e8:35:b8:0d:86:ee:45:67:e7:e2:71:
                    c5:26:d3:3e:93:c1:59:02:cc:e8:ef:d6:0b:54:c9:
                    55:7e:ff:8b:95:16:a1:25:16:f6:3f:71:fd:a7:69:
                    d0:8b:85:b8:4c:08:20:2c:f1:38:74:32:66:28:a5:
                    2c:fc:c7:a6:9e:c0:6c:aa:fe:eb:3d:26:7b:28:56:
                    11:06:62:36:0c:1d:a2:20:5c:7c:f3:3f:76:d3:20:
                    fb:6b:10:35:36:d9:a6:f9:f3:bd:75:4a:ea:7c:b5:
                    91:6e:b3:d0:43:09:cc:1a:80:e2:ff:fd:e1:86:a9:
                    54:a3:54:5a:25:3a:e4:ee:7c:79:35:0d:25:6c:06:
                    64:7b:e2:90:e2:44:61:f2:c3:b4:21:81:f0:27:61:
                    73:3c:76:3a:05:df:1e:8b:c0:d0:ba:f6:e0:7e:0d:
                    e0:7f:6c:69:dc:51:9d:41:50:4c:fc:af:7b:c3:ce:
                    6f:61:0c:e7:9e:95:1c:e5:fb:3a:6a:44:44:b9:14:
                    ab:32:5b:40:cf:65:34:ef:0a:0b:70:d7:90:a5:18:
                    a9:ba:1b:50:e6:25:7c:c7:95:34:24:84:50:e5:9d:
                    ef:b7:a5:74:92:56:6d:42:37:1a:26:a3:0f:4d:11:
                    db:f9:65:52:b4:35:84:57:66:91:41:01:42:aa:a1:
                    b7:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:4F:E8:20:56:74:8A:B6:D9:32:74:5E:5C:03:1C:16:D8:D0:2A:A2
            X509v3 Authority Key Identifier:
                keyid:36:37:69:F8:64:4A:5A:71:8A:E6:2B:05:8D:D1:FB:62:CB:5A:3C:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Njdp-GRKWnGK5isFjdH7YstaPCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/ak_oIFZ0irbZMnReXAMcFtjQKqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/0f8fea-f00a-4415-b396-399fc9693b22/1/Njdp-GRKWnGK5isFjdH7YstaPCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:6a:c3:ff:df:86:30:93:0c:06:17:40:e6:28:0f:c2:a6:01:
         a3:75:a9:4f:fd:ac:bd:9a:27:82:f2:e1:56:e7:2d:7c:c1:05:
         a2:5d:e7:72:b2:86:fb:bf:84:d2:71:67:e5:40:8f:34:ee:93:
         be:0b:d6:a9:8b:10:11:64:ec:9e:f5:f2:b3:33:10:54:da:3d:
         89:84:05:31:b1:e7:89:78:06:5f:96:c6:1c:f0:b5:1a:44:61:
         c4:77:07:2f:7a:74:68:b8:41:72:64:d1:81:57:80:bf:0a:c8:
         33:17:61:0d:dc:cd:2c:33:ac:4f:8f:e7:96:bd:a4:ad:64:36:
         bd:75:82:32:a4:69:50:94:b6:8e:8a:92:dd:f9:32:33:7f:c0:
         1f:bb:cf:2a:9e:93:36:d6:d4:c4:75:24:c6:12:48:f5:c3:f7:
         b0:a1:bf:e8:e1:90:12:6a:50:fa:93:78:ee:0a:ba:fe:c3:51:
         bd:2a:f4:4c:7a:bd:6a:92:3c:f8:31:d3:ef:72:53:e7:af:0f:
         65:66:48:73:3e:cd:8c:a6:3a:33:86:18:0c:16:ff:8b:31:77:
         27:c6:b6:91:c8:ed:36:65:9e:59:43:e2:e7:24:88:c8:8f:8d:
         8a:3e:54:44:18:34:8a:43:68:22:a7:c4:b4:03:82:7e:61:6a:
         49:96:d6:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0wlTV25ixMThvhMXEulZHpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Mzc2OWY4NjQ0YTVhNzE4YWU2MmIwNThkZDFmYjYyY2I1
YTNjMjAwHhcNMjYwMzI3MTgzNjE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTRmZTgyMDU2NzQ4YWI2ZDkzMjc0NWU1YzAzMWMxNmQ4ZDAyYWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJuS6DW4DYbuRWfn4nHFJtM+k8FZ
Aszo79YLVMlVfv+LlRahJRb2P3H9p2nQi4W4TAggLPE4dDJmKKUs/MemnsBsqv7r
PSZ7KFYRBmI2DB2iIFx88z920yD7axA1Ntmm+fO9dUrqfLWRbrPQQwnMGoDi//3h
hqlUo1RaJTrk7nx5NQ0lbAZke+KQ4kRh8sO0IYHwJ2FzPHY6Bd8ei8DQuvbgfg3g
f2xp3FGdQVBM/K97w85vYQznnpUc5fs6akREuRSrMltAz2U07woLcNeQpRipuhtQ
5iV8x5U0JIRQ5Z3vt6V0klZtQjcaJqMPTRHb+WVStDWEV2aRQQFCqqG38QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGpP6CBWdIq22TJ0XlwDHBbY0CqiMB8GA1UdIwQY
MBaAFDY3afhkSlpxiuYrBY3R+2LLWjwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYt
Mzk5ZmM5NjkzYjIyLzEvYWtfb0lGWjBpcmJaTW5SZVhBTWNGdGpRS3FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wZjhmZWEtZjAwYS00NDE1LWIzOTYtMzk5ZmM5NjkzYjIy
LzEvTmpkcC1HUktXbkdLNWlzRmpkSDdZc3RhUENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX7WYMA0G
CSqGSIb3DQEBCwUAA4IBAQA4asP/34YwkwwGF0DmKA/CpgGjdalP/ay9mieC8uFW
5y18wQWiXedysob7v4TScWflQI807pO+C9apixARZOye9fKzMxBU2j2JhAUxseeJ
eAZflsYc8LUaRGHEdwcvenRouEFyZNGBV4C/CsgzF2EN3M0sM6xPj+eWvaStZDa9
dYIypGlQlLaOipLd+TIzf8Afu88qnpM21tTEdSTGEkj1w/ewob/o4ZASalD6k3ju
Crr+w1G9KvRMer1qkjz4MdPvclPnrw9lZkhzPs2MpjozhhgMFv+LMXcnxraRyO02
ZZ5ZQ+LnJIjIj42KPlREGDSKQ2gip8S0A4J+YWpJltaz
-----END CERTIFICATE-----