Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/bbd8d6-8f8a-4dcb-8c80-71f125f5f4c7/1/OMAfxlKlArt8nhDTTD6Xvr--tCg.roa
File:                     OMAfxlKlArt8nhDTTD6Xvr--tCg.roa (raw, json)
Hash identifier:          qjVFBgoWq2ZsGj3ZMQWgpCZMEuEApEEAzRA1asj0/Ns=
Subject key identifier:   38:C0:1F:C6:52:A5:02:BB:7C:9E:10:D3:4C:3E:97:BE:BF:BE:B4:28
Certificate issuer:       /CN=96ce931f852f4046ff8db482b39450219f8b383a
Certificate serial:       019DE3E7238DD648D15C9C604AC8A099986F
Authority key identifier: 96:CE:93:1F:85:2F:40:46:FF:8D:B4:82:B3:94:50:21:9F:8B:38:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ls6TH4UvQEb_jbSCs5RQIZ-LODo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/bbd8d6-8f8a-4dcb-8c80-71f125f5f4c7/1/OMAfxlKlArt8nhDTTD6Xvr--tCg.roa
Signing time:             Fri 01 May 2026 14:17:49 +0000
ROA not before:           Fri 01 May 2026 14:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        46.248.20.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/bbd8d6-8f8a-4dcb-8c80-71f125f5f4c7/1/ls6TH4UvQEb_jbSCs5RQIZ-LODo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/bbd8d6-8f8a-4dcb-8c80-71f125f5f4c7/1/ls6TH4UvQEb_jbSCs5RQIZ-LODo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ls6TH4UvQEb_jbSCs5RQIZ-LODo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 11:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e3:e7:23:8d:d6:48:d1:5c:9c:60:4a:c8:a0:99:98:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96ce931f852f4046ff8db482b39450219f8b383a
        Validity
            Not Before: May  1 14:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=38c01fc652a502bb7c9e10d34c3e97bebfbeb428
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7b:8a:60:2a:87:d5:1d:e7:82:45:db:55:5f:
                    e3:ee:81:98:16:fb:12:b1:3f:b8:96:12:30:dc:96:
                    58:c2:69:89:d9:9e:65:f1:5b:f9:6c:6f:0a:20:ac:
                    ae:e7:27:c5:3b:f9:a7:ea:b9:8d:0a:0f:39:4c:cc:
                    42:ad:eb:6e:c2:60:ff:81:c0:cd:a0:3f:83:5a:a2:
                    0b:8c:84:56:de:b1:de:f3:a4:d4:a2:fc:1e:27:47:
                    4d:66:23:32:e3:86:d9:f9:e5:7d:13:b2:b0:61:d0:
                    05:7b:a9:33:c6:68:a7:45:9f:82:d9:e6:e9:9b:0b:
                    18:84:5c:ce:89:1f:92:0b:f4:d6:c2:23:39:8a:bf:
                    c4:df:2b:59:0b:f8:36:f9:15:99:57:42:0e:25:3b:
                    a3:bb:5b:40:3a:96:15:19:7a:4e:db:63:27:28:42:
                    bb:0e:db:0c:5c:9a:16:f5:b0:bb:1c:dd:2a:30:5c:
                    e0:b4:f7:6e:3d:96:bd:d7:a8:a2:20:c7:40:a5:44:
                    5c:27:d5:f0:1d:8c:ec:dc:5a:bc:ba:7a:83:5e:d9:
                    32:54:df:54:d1:45:23:a6:e0:ac:a5:bc:66:0e:54:
                    f7:b1:0b:ca:94:0a:f0:55:1f:34:4c:bc:23:b8:bf:
                    43:ea:29:3a:d0:6d:82:f4:3d:3d:eb:5a:4f:04:f3:
                    55:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:C0:1F:C6:52:A5:02:BB:7C:9E:10:D3:4C:3E:97:BE:BF:BE:B4:28
            X509v3 Authority Key Identifier:
                keyid:96:CE:93:1F:85:2F:40:46:FF:8D:B4:82:B3:94:50:21:9F:8B:38:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ls6TH4UvQEb_jbSCs5RQIZ-LODo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/bbd8d6-8f8a-4dcb-8c80-71f125f5f4c7/1/OMAfxlKlArt8nhDTTD6Xvr--tCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/bbd8d6-8f8a-4dcb-8c80-71f125f5f4c7/1/ls6TH4UvQEb_jbSCs5RQIZ-LODo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.248.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:2f:d0:09:da:a1:65:e5:e5:d9:74:8e:fa:29:c0:f5:5f:a2:
         6e:5f:57:3a:7a:3d:fd:a3:b2:23:2b:da:da:f3:a6:79:c6:bd:
         ec:df:58:ea:99:59:44:b0:a1:90:00:94:3d:0d:13:fc:9c:10:
         d9:04:72:6d:5c:5c:2a:e5:4b:66:9b:96:b1:aa:d9:69:51:78:
         34:d8:cc:af:69:be:b8:46:3c:13:36:0d:ae:45:61:b4:d9:a6:
         2b:f3:65:f7:48:ec:ff:70:92:71:35:f8:f3:73:c1:a8:ea:05:
         12:d6:77:6f:be:d7:eb:aa:cf:85:56:8f:1d:37:56:35:c0:1e:
         1c:a4:9f:b8:57:48:bd:29:19:cb:4c:f8:c1:57:c7:9b:8f:fd:
         14:5c:bd:f7:c7:37:db:ec:f1:00:15:ac:97:f8:ff:09:ef:e2:
         10:3c:b1:54:37:be:20:e0:ef:3c:cd:c7:0f:bc:78:4a:08:ee:
         0f:df:23:96:b7:c6:b1:ed:1d:5c:e3:70:fe:4b:b6:dd:8c:d0:
         00:95:4d:11:45:b6:27:5b:fb:0e:7f:f8:2e:3a:b8:ab:1a:07:
         ad:78:a9:15:84:a6:6d:fe:e9:d1:00:4d:69:85:41:32:c7:d0:
         29:df:d5:2c:fe:8a:c6:df:2b:7d:f9:44:01:5b:cc:80:74:93:
         8e:12:e4:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3j5yON1kjRXJxgSsigmZhvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2Y2U5MzFmODUyZjQwNDZmZjhkYjQ4MmIzOTQ1MDIxOWY4
YjM4M2EwHhcNMjYwNTAxMTQxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGMwMWZjNjUyYTUwMmJiN2M5ZTEwZDM0YzNlOTdiZWJmYmViNDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnuKYCqH1R3ngkXbVV/j7oGYFvsS
sT+4lhIw3JZYwmmJ2Z5l8Vv5bG8KIKyu5yfFO/mn6rmNCg85TMxCretuwmD/gcDN
oD+DWqILjIRW3rHe86TUovweJ0dNZiMy44bZ+eV9E7KwYdAFe6kzxminRZ+C2ebp
mwsYhFzOiR+SC/TWwiM5ir/E3ytZC/g2+RWZV0IOJTuju1tAOpYVGXpO22MnKEK7
DtsMXJoW9bC7HN0qMFzgtPduPZa916iiIMdApURcJ9XwHYzs3Fq8unqDXtkyVN9U
0UUjpuCspbxmDlT3sQvKlArwVR80TLwjuL9D6ik60G2C9D0961pPBPNVwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjAH8ZSpQK7fJ4Q00w+l76/vrQoMB8GA1UdIwQY
MBaAFJbOkx+FL0BG/420grOUUCGfizg6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHM2VEg0VXZRRWJfamJTQ3M1UlFJWi1MT0RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9iYmQ4ZDYtOGY4YS00ZGNiLThjODAt
NzFmMTI1ZjVmNGM3LzEvT01BZnhsS2xBcnQ4bmhEVFRENlh2ci0tdENnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9iYmQ4ZDYtOGY4YS00ZGNiLThjODAtNzFmMTI1ZjVmNGM3
LzEvbHM2VEg0VXZRRWJfamJTQ3M1UlFJWi1MT0RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLvgUMA0G
CSqGSIb3DQEBCwUAA4IBAQBnL9AJ2qFl5eXZdI76KcD1X6JuX1c6ej39o7IjK9ra
86Z5xr3s31jqmVlEsKGQAJQ9DRP8nBDZBHJtXFwq5Utmm5axqtlpUXg02Myvab64
RjwTNg2uRWG02aYr82X3SOz/cJJxNfjzc8Go6gUS1ndvvtfrqs+FVo8dN1Y1wB4c
pJ+4V0i9KRnLTPjBV8ebj/0UXL33xzfb7PEAFayX+P8J7+IQPLFUN74g4O88zccP
vHhKCO4P3yOWt8ax7R1c43D+S7bdjNAAlU0RRbYnW/sOf/guOrirGgeteKkVhKZt
/unRAE1phUEyx9Ap39Us/orG3yt9+UQBW8yAdJOOEuQn
-----END CERTIFICATE-----