Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/d13526-c1ac-45e4-bebc-66f4167f83b2/1/OA-_Q29g0KuA0aONpveSxXZxFSk.roa
File:                     OA-_Q29g0KuA0aONpveSxXZxFSk.roa (raw, json)
Hash identifier:          tbSm3k3UWVaAwspyDOSHzLXBvf5BTv6nxCBnDZfco98=
Subject key identifier:   38:0F:BF:43:6F:60:D0:AB:80:D1:A3:8D:A6:F7:92:C5:76:71:15:29
Certificate issuer:       /CN=bb4dff5faeb944453a7c84b097e57c71c04f11fc
Certificate serial:       019B797EB4B9D56813209A602A23F451032B
Authority key identifier: BB:4D:FF:5F:AE:B9:44:45:3A:7C:84:B0:97:E5:7C:71:C0:4F:11:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u03_X665REU6fISwl-V8ccBPEfw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/d13526-c1ac-45e4-bebc-66f4167f83b2/1/OA-_Q29g0KuA0aONpveSxXZxFSk.roa
Signing time:             Thu 01 Jan 2026 12:18:25 +0000
ROA not before:           Thu 01 Jan 2026 12:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25053
IP address blocks:        194.48.84.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/d13526-c1ac-45e4-bebc-66f4167f83b2/1/u03_X665REU6fISwl-V8ccBPEfw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/d13526-c1ac-45e4-bebc-66f4167f83b2/1/u03_X665REU6fISwl-V8ccBPEfw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u03_X665REU6fISwl-V8ccBPEfw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:b4:b9:d5:68:13:20:9a:60:2a:23:f4:51:03:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb4dff5faeb944453a7c84b097e57c71c04f11fc
        Validity
            Not Before: Jan  1 12:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=380fbf436f60d0ab80d1a38da6f792c576711529
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:63:f1:aa:68:cf:39:3b:f9:a6:a7:13:9c:19:
                    b8:89:b5:f7:a0:c8:5e:0d:65:56:fa:fe:97:6f:b6:
                    39:31:68:e2:68:1a:5f:91:f7:09:b8:4d:b1:7e:40:
                    06:cb:64:08:52:89:f0:26:b4:03:83:91:7e:e7:df:
                    e4:48:35:71:e4:71:ad:10:de:76:bc:86:c9:32:98:
                    c8:22:84:b1:60:a6:95:45:24:2a:e1:d8:27:80:c7:
                    f0:e8:34:33:d0:aa:93:c2:1c:db:d5:3a:57:94:72:
                    18:ea:9d:54:e6:14:40:a3:9c:d9:ab:c5:f3:e8:a5:
                    0b:80:e0:9f:ea:51:52:af:50:e4:57:0a:b3:a2:27:
                    c6:8e:07:62:e8:55:93:1c:d0:d4:03:3a:8c:07:7d:
                    31:1e:c7:12:3e:03:1f:00:cd:db:e7:16:55:9b:38:
                    60:e6:1d:19:17:98:88:20:b0:33:2f:65:f5:e1:36:
                    28:e0:af:80:7d:d4:79:68:41:dc:ae:26:53:b5:39:
                    97:2d:85:5a:6b:35:2e:b2:c4:84:a4:3f:2d:53:8b:
                    39:87:d3:fe:5a:11:dc:06:f6:70:2d:bd:f1:77:5f:
                    ea:ed:57:bf:d4:b0:9d:7d:04:37:c3:ae:41:56:15:
                    8d:45:d0:6b:36:5d:e2:d6:e8:fb:38:4e:d5:d0:01:
                    36:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:0F:BF:43:6F:60:D0:AB:80:D1:A3:8D:A6:F7:92:C5:76:71:15:29
            X509v3 Authority Key Identifier:
                keyid:BB:4D:FF:5F:AE:B9:44:45:3A:7C:84:B0:97:E5:7C:71:C0:4F:11:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u03_X665REU6fISwl-V8ccBPEfw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/d13526-c1ac-45e4-bebc-66f4167f83b2/1/OA-_Q29g0KuA0aONpveSxXZxFSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/d13526-c1ac-45e4-bebc-66f4167f83b2/1/u03_X665REU6fISwl-V8ccBPEfw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:fc:50:01:ba:23:8f:86:4b:c2:c2:90:f9:04:d1:7d:4b:2d:
         7a:86:79:da:db:7a:aa:2e:50:73:c2:2e:d0:e3:57:4b:e4:83:
         1d:c5:2d:33:a5:47:5d:ed:17:15:d7:d1:b5:c8:f5:62:e3:47:
         9e:41:b2:d8:41:2e:76:a1:fa:1e:74:05:38:65:ec:f6:f3:a0:
         a1:69:27:56:c2:0e:b5:36:7b:57:0d:af:5c:6e:93:cc:71:5c:
         fd:2c:d4:e3:36:04:ef:05:2d:f0:b8:81:2a:f2:47:ac:6e:7d:
         ff:7a:a2:0f:12:53:97:b7:74:49:52:f6:46:49:57:07:13:81:
         19:13:bb:6a:ef:50:d3:0d:47:8e:a6:c4:f7:46:44:19:55:84:
         51:96:ca:76:55:d5:fa:48:cd:79:2a:22:73:f4:02:7c:a8:56:
         e0:44:f9:6d:3b:af:d8:6a:ac:65:fa:7a:43:39:0a:a8:2e:14:
         d6:8e:d5:80:88:f9:42:37:e9:9c:c0:08:8c:00:8c:29:77:7e:
         56:ea:43:db:2a:34:64:d6:c0:cc:da:07:84:9a:02:75:a2:fd:
         ac:35:10:87:9a:b3:39:e6:c0:e2:1e:cd:80:07:14:29:9c:5a:
         7a:90:80:51:6b:93:3e:ca:2b:dc:13:7a:23:17:7f:b6:6b:35:
         17:22:e1:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5frS51WgTIJpgKiP0UQMrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiNGRmZjVmYWViOTQ0NDUzYTdjODRiMDk3ZTU3YzcxYzA0
ZjExZmMwHhcNMjYwMTAxMTIxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODBmYmY0MzZmNjBkMGFiODBkMWEzOGRhNmY3OTJjNTc2NzExNTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2PxqmjPOTv5pqcTnBm4ibX3oMhe
DWVW+v6Xb7Y5MWjiaBpfkfcJuE2xfkAGy2QIUonwJrQDg5F+59/kSDVx5HGtEN52
vIbJMpjIIoSxYKaVRSQq4dgngMfw6DQz0KqTwhzb1TpXlHIY6p1U5hRAo5zZq8Xz
6KULgOCf6lFSr1DkVwqzoifGjgdi6FWTHNDUAzqMB30xHscSPgMfAM3b5xZVmzhg
5h0ZF5iIILAzL2X14TYo4K+AfdR5aEHcriZTtTmXLYVaazUussSEpD8tU4s5h9P+
WhHcBvZwLb3xd1/q7Ve/1LCdfQQ3w65BVhWNRdBrNl3i1uj7OE7V0AE2hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgPv0NvYNCrgNGjjab3ksV2cRUpMB8GA1UdIwQY
MBaAFLtN/1+uuURFOnyEsJflfHHATxH8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTAzX1g2NjVSRVU2ZklTd2wtVjhjY0JQRWZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9kMTM1MjYtYzFhYy00NWU0LWJlYmMt
NjZmNDE2N2Y4M2IyLzEvT0EtX1EyOWcwS3VBMGFPTnB2ZVN4WFp4RlNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9kMTM1MjYtYzFhYy00NWU0LWJlYmMtNjZmNDE2N2Y4M2Iy
LzEvdTAzX1g2NjVSRVU2ZklTd2wtVjhjY0JQRWZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjBUMA0G
CSqGSIb3DQEBCwUAA4IBAQAK/FABuiOPhkvCwpD5BNF9Sy16hnna23qqLlBzwi7Q
41dL5IMdxS0zpUdd7RcV19G1yPVi40eeQbLYQS52ofoedAU4Zez286ChaSdWwg61
NntXDa9cbpPMcVz9LNTjNgTvBS3wuIEq8kesbn3/eqIPElOXt3RJUvZGSVcHE4EZ
E7tq71DTDUeOpsT3RkQZVYRRlsp2VdX6SM15KiJz9AJ8qFbgRPltO6/Yaqxl+npD
OQqoLhTWjtWAiPlCN+mcwAiMAIwpd35W6kPbKjRk1sDM2geEmgJ1ov2sNRCHmrM5
5sDiHs2ABxQpnFp6kIBRa5M+yivcE3ojF3+2azUXIuGz
-----END CERTIFICATE-----