Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/6ce70e-fc58-4158-9852-cae1b1871a16/1/3NvQLbl2JPb-Gx07toKt-8TX1FA.roa
File:                     3NvQLbl2JPb-Gx07toKt-8TX1FA.roa (raw, json)
Hash identifier:          DJnggPoVXnYpKJsX86Ol2F0P4IpRyrVC4wg+ZYq8L+A=
Subject key identifier:   DC:DB:D0:2D:B9:76:24:F6:FE:1B:1D:3B:B6:82:AD:FB:C4:D7:D4:50
Certificate issuer:       /CN=3a178bffe30cdb60e1490d2ea7e712f4049bf9e5
Certificate serial:       019DEEEF8A9A4387230AE66754873E75226A
Authority key identifier: 3A:17:8B:FF:E3:0C:DB:60:E1:49:0D:2E:A7:E7:12:F4:04:9B:F9:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OheL_-MM22DhSQ0up-cS9ASb-eU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/6ce70e-fc58-4158-9852-cae1b1871a16/1/3NvQLbl2JPb-Gx07toKt-8TX1FA.roa
Signing time:             Sun 03 May 2026 17:42:49 +0000
ROA not before:           Sun 03 May 2026 17:42:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216334
IP address blocks:        194.55.236.0/24 maxlen: 24
                          194.55.237.0/24 maxlen: 24
                          194.55.238.0/24 maxlen: 24
                          194.55.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/6ce70e-fc58-4158-9852-cae1b1871a16/1/OheL_-MM22DhSQ0up-cS9ASb-eU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/6ce70e-fc58-4158-9852-cae1b1871a16/1/OheL_-MM22DhSQ0up-cS9ASb-eU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OheL_-MM22DhSQ0up-cS9ASb-eU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ee:ef:8a:9a:43:87:23:0a:e6:67:54:87:3e:75:22:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a178bffe30cdb60e1490d2ea7e712f4049bf9e5
        Validity
            Not Before: May  3 17:42:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dcdbd02db97624f6fe1b1d3bb682adfbc4d7d450
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ef:db:87:46:6b:31:15:07:16:19:8f:a5:c4:
                    f0:85:3d:69:c6:97:46:a6:90:c8:93:1b:c4:aa:c9:
                    bb:00:b5:de:e3:42:56:25:5e:73:56:ad:35:fe:a5:
                    0e:a9:01:2e:d4:1c:d7:2b:a3:0e:5e:a3:ee:ea:6f:
                    df:2c:f9:13:21:70:d4:f9:e0:92:bf:92:32:6c:9e:
                    37:9c:0c:ba:71:50:62:85:10:91:0e:12:68:e2:f1:
                    14:5a:c6:5c:47:15:dd:97:e0:83:11:7b:db:7a:bb:
                    20:33:d4:2e:61:dc:34:d3:64:82:7d:1f:ef:0b:7e:
                    a4:7c:5f:8e:b2:0a:b7:c4:c8:4d:4d:ea:81:3e:38:
                    a7:b5:ac:50:6a:72:e5:0e:30:76:d5:05:a4:97:ba:
                    01:24:0d:40:8b:04:25:43:87:33:9c:ef:fa:d4:44:
                    e6:ba:ea:08:f1:81:25:4b:39:c9:78:96:9c:14:de:
                    f6:57:de:9a:38:c5:d2:60:ce:ee:d4:1b:76:9a:54:
                    82:e3:0d:31:0c:ad:9c:cb:ed:1c:7f:ef:53:22:b4:
                    42:f8:2a:8c:0d:f7:d4:c7:b8:51:53:59:92:7c:2c:
                    c8:3d:1e:2a:c6:e0:7f:5d:9d:35:f8:b6:c9:9f:cf:
                    64:23:76:ac:c8:7d:99:f1:a6:34:b0:08:b4:bd:49:
                    88:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:DB:D0:2D:B9:76:24:F6:FE:1B:1D:3B:B6:82:AD:FB:C4:D7:D4:50
            X509v3 Authority Key Identifier:
                keyid:3A:17:8B:FF:E3:0C:DB:60:E1:49:0D:2E:A7:E7:12:F4:04:9B:F9:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OheL_-MM22DhSQ0up-cS9ASb-eU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/6ce70e-fc58-4158-9852-cae1b1871a16/1/3NvQLbl2JPb-Gx07toKt-8TX1FA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/6ce70e-fc58-4158-9852-cae1b1871a16/1/OheL_-MM22DhSQ0up-cS9ASb-eU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.55.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:ab:7b:ad:dd:80:98:78:2d:5d:0a:92:ab:6a:f0:11:87:3e:
         bd:2b:fe:71:10:48:88:be:ed:20:20:bf:84:5a:4c:1c:29:8c:
         55:d2:d6:96:b8:f6:93:c4:9d:7d:d7:ae:e7:5d:94:1b:1c:ac:
         2b:b3:73:52:d2:d3:42:53:db:13:aa:2f:f7:e0:1f:b9:33:88:
         d0:f3:e2:bf:08:be:2b:2b:da:aa:f3:58:f3:cd:7f:e6:00:45:
         b3:6c:42:79:52:ab:19:ac:33:10:9d:34:0d:ed:7a:4b:e9:82:
         f6:56:e3:a7:d4:9c:7b:37:ae:75:8c:4f:5f:e7:fd:57:c1:9a:
         38:50:f9:4a:ac:e4:c8:4a:82:c7:e7:22:71:7d:c3:30:40:ca:
         3c:03:be:82:94:87:67:d9:53:ad:40:cb:06:c0:a2:b2:46:f5:
         08:3f:e8:03:c8:49:bc:b7:28:eb:6d:3d:d9:bf:5e:b0:86:78:
         ad:a1:79:1b:9b:c3:a9:38:dc:ec:3a:bc:87:cc:37:40:42:68:
         f4:e0:e2:53:0b:99:36:9b:dc:ec:c1:1e:10:2d:8c:87:04:db:
         c2:8c:95:23:e0:8e:b5:10:c7:d1:a1:cf:0b:a1:5e:00:fc:ad:
         fc:74:e6:8d:1e:e9:c4:dc:2f:3f:d5:76:b4:07:0b:6a:a7:b6:
         45:ea:19:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3u74qaQ4cjCuZnVIc+dSJqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMTc4YmZmZTMwY2RiNjBlMTQ5MGQyZWE3ZTcxMmY0MDQ5
YmY5ZTUwHhcNMjYwNTAzMTc0MjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2RiZDAyZGI5NzYyNGY2ZmUxYjFkM2JiNjgyYWRmYmM0ZDdkNDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+/bh0ZrMRUHFhmPpcTwhT1pxpdG
ppDIkxvEqsm7ALXe40JWJV5zVq01/qUOqQEu1BzXK6MOXqPu6m/fLPkTIXDU+eCS
v5IybJ43nAy6cVBihRCRDhJo4vEUWsZcRxXdl+CDEXvbersgM9QuYdw002SCfR/v
C36kfF+Osgq3xMhNTeqBPjintaxQanLlDjB21QWkl7oBJA1AiwQlQ4cznO/61ETm
uuoI8YElSznJeJacFN72V96aOMXSYM7u1Bt2mlSC4w0xDK2cy+0cf+9TIrRC+CqM
DffUx7hRU1mSfCzIPR4qxuB/XZ01+LbJn89kI3asyH2Z8aY0sAi0vUmI6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNzb0C25diT2/hsdO7aCrfvE19RQMB8GA1UdIwQY
MBaAFDoXi//jDNtg4UkNLqfnEvQEm/nlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2hlTF8tTU0yMkRoU1EwdXAtY1M5QVNiLWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My82Y2U3MGUtZmM1OC00MTU4LTk4NTIt
Y2FlMWIxODcxYTE2LzEvM052UUxibDJKUGItR3gwN3RvS3QtOFRYMUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My82Y2U3MGUtZmM1OC00MTU4LTk4NTItY2FlMWIxODcxYTE2
LzEvT2hlTF8tTU0yMkRoU1EwdXAtY1M5QVNiLWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjfsMA0G
CSqGSIb3DQEBCwUAA4IBAQAOq3ut3YCYeC1dCpKravARhz69K/5xEEiIvu0gIL+E
WkwcKYxV0taWuPaTxJ19167nXZQbHKwrs3NS0tNCU9sTqi/34B+5M4jQ8+K/CL4r
K9qq81jzzX/mAEWzbEJ5UqsZrDMQnTQN7XpL6YL2VuOn1Jx7N651jE9f5/1XwZo4
UPlKrOTISoLH5yJxfcMwQMo8A76ClIdn2VOtQMsGwKKyRvUIP+gDyEm8tyjrbT3Z
v16whnitoXkbm8OpONzsOryHzDdAQmj04OJTC5k2m9zswR4QLYyHBNvCjJUj4I61
EMfRoc8LoV4A/K38dOaNHunE3C8/1Xa0Bwtqp7ZF6hnG
-----END CERTIFICATE-----