Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/op0ybMx9Ox8ar-Ql_fTiMNqM5dA.roa
File:                     op0ybMx9Ox8ar-Ql_fTiMNqM5dA.roa (raw, json)
Hash identifier:          cQ2vog/4jNLPjN4mUWpx2d+8ISMw3Y0jLzHVifAWkxA=
Subject key identifier:   A2:9D:32:6C:CC:7D:3B:1F:1A:AF:E4:25:FD:F4:E2:30:DA:8C:E5:D0
Certificate issuer:       /CN=465ef7bd2eb3dcdbab04908380d48a8f2febc62c
Certificate serial:       019DDF84B3A88796FBAC9EE27F837F1BED66
Authority key identifier: 46:5E:F7:BD:2E:B3:DC:DB:AB:04:90:83:80:D4:8A:8F:2F:EB:C6:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rl73vS6z3NurBJCDgNSKjy_rxiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/op0ybMx9Ox8ar-Ql_fTiMNqM5dA.roa
Signing time:             Thu 30 Apr 2026 17:51:49 +0000
ROA not before:           Thu 30 Apr 2026 17:51:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203576
IP address blocks:        194.113.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/Rl73vS6z3NurBJCDgNSKjy_rxiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/Rl73vS6z3NurBJCDgNSKjy_rxiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rl73vS6z3NurBJCDgNSKjy_rxiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:df:84:b3:a8:87:96:fb:ac:9e:e2:7f:83:7f:1b:ed:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=465ef7bd2eb3dcdbab04908380d48a8f2febc62c
        Validity
            Not Before: Apr 30 17:51:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a29d326ccc7d3b1f1aafe425fdf4e230da8ce5d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:3e:33:b4:4b:68:c7:de:94:a4:4d:81:8f:9e:
                    c2:10:55:ba:60:bd:74:21:4b:19:45:6e:55:68:79:
                    10:1b:f9:e6:c1:ee:21:da:db:c0:97:03:27:c9:cf:
                    04:f8:f7:0e:dd:50:48:70:7c:48:63:d2:8c:5c:96:
                    a7:55:0d:0f:66:21:ea:20:59:00:22:47:ef:bb:80:
                    04:bf:d4:45:e5:6b:c9:68:66:34:fc:67:80:08:89:
                    bd:78:08:c3:76:45:45:cd:d1:3f:c4:9c:63:ba:b5:
                    82:ab:12:e9:d3:18:8d:e0:3b:7a:b9:1c:93:79:87:
                    30:47:dd:63:47:fb:6a:e1:1b:d8:0b:1c:e2:80:7f:
                    56:fa:d2:0f:6f:2f:97:6f:5e:6c:ce:7b:f4:a4:da:
                    7d:25:e7:eb:b9:81:9d:e2:f6:74:e4:92:bd:dc:fe:
                    22:fe:c8:3a:4a:cf:69:70:05:84:b6:e2:58:65:41:
                    ec:3e:43:24:e0:97:c7:e1:98:e5:4f:ba:93:8a:a0:
                    b6:6a:3f:96:c6:97:cd:f3:6e:87:82:85:a2:fa:35:
                    f4:75:bf:d4:77:ed:2b:df:90:96:71:81:27:6f:49:
                    25:c6:12:95:71:c8:ff:ce:74:b9:c5:fc:60:e8:0c:
                    30:95:86:2e:77:75:26:24:81:b1:d9:41:99:d3:d9:
                    b2:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:9D:32:6C:CC:7D:3B:1F:1A:AF:E4:25:FD:F4:E2:30:DA:8C:E5:D0
            X509v3 Authority Key Identifier:
                keyid:46:5E:F7:BD:2E:B3:DC:DB:AB:04:90:83:80:D4:8A:8F:2F:EB:C6:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl73vS6z3NurBJCDgNSKjy_rxiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/op0ybMx9Ox8ar-Ql_fTiMNqM5dA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/409949-f229-498d-9315-34b67df7cb03/1/Rl73vS6z3NurBJCDgNSKjy_rxiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:d4:c7:e4:39:4d:cb:d2:3f:dd:01:96:9d:6d:32:fd:22:01:
         2b:91:93:11:8f:38:bc:20:3d:81:1a:59:0e:98:01:9a:94:b0:
         1a:e8:bb:6d:ce:4e:b9:c4:d5:2c:03:66:f7:86:d5:80:c0:58:
         33:26:4a:3b:5f:1b:bf:55:24:3a:b5:1e:f1:76:db:06:0f:2f:
         f9:bc:fb:b3:eb:80:40:12:3d:f2:59:ef:79:83:b0:c3:54:10:
         aa:d7:32:48:36:ef:53:b4:b3:28:07:8d:18:53:7c:af:2d:f7:
         ae:09:44:95:01:2a:1b:57:98:cc:35:5d:cd:80:2f:d8:db:ec:
         9e:57:f5:f6:99:9d:d4:ee:95:e3:18:c3:8d:41:ba:be:f5:86:
         a7:2a:23:26:c1:d7:0b:f1:3e:ee:bc:4a:fd:51:c6:c8:07:73:
         6f:ee:2d:cc:82:bf:71:68:38:8d:b6:a6:1c:74:96:42:01:9f:
         8f:fa:15:04:21:17:ef:e6:6b:47:98:33:cd:df:2d:14:ec:97:
         77:dc:14:7a:d8:26:f2:40:42:70:02:9c:4e:dd:93:32:a4:2e:
         0b:eb:59:28:ba:75:02:e0:16:04:b1:84:70:99:fd:25:fb:02:
         7f:4c:05:93:24:ed:fd:a1:3a:8d:40:83:07:67:02:0a:26:76:
         0f:11:e1:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3fhLOoh5b7rJ7if4N/G+1mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWVmN2JkMmViM2RjZGJhYjA0OTA4MzgwZDQ4YThmMmZl
YmM2MmMwHhcNMjYwNDMwMTc1MTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjlkMzI2Y2NjN2QzYjFmMWFhZmU0MjVmZGY0ZTIzMGRhOGNlNWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuD4ztEtox96UpE2Bj57CEFW6YL10
IUsZRW5VaHkQG/nmwe4h2tvAlwMnyc8E+PcO3VBIcHxIY9KMXJanVQ0PZiHqIFkA
Ikfvu4AEv9RF5WvJaGY0/GeACIm9eAjDdkVFzdE/xJxjurWCqxLp0xiN4Dt6uRyT
eYcwR91jR/tq4RvYCxzigH9W+tIPby+Xb15sznv0pNp9JefruYGd4vZ05JK93P4i
/sg6Ss9pcAWEtuJYZUHsPkMk4JfH4ZjlT7qTiqC2aj+WxpfN826HgoWi+jX0db/U
d+0r35CWcYEnb0klxhKVccj/znS5xfxg6AwwlYYud3UmJIGx2UGZ09myPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKdMmzMfTsfGq/kJf304jDajOXQMB8GA1UdIwQY
MBaAFEZe970us9zbqwSQg4DUio8v68YsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw3M3ZTNnozTnVyQkpDRGdOU0tqeV9yeGl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80MDk5NDktZjIyOS00OThkLTkzMTUt
MzRiNjdkZjdjYjAzLzEvb3AweWJNeDlPeDhhci1RbF9mVGlNTnFNNWRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80MDk5NDktZjIyOS00OThkLTkzMTUtMzRiNjdkZjdjYjAz
LzEvUmw3M3ZTNnozTnVyQkpDRGdOU0tqeV9yeGl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnFyMA0G
CSqGSIb3DQEBCwUAA4IBAQAS1MfkOU3L0j/dAZadbTL9IgErkZMRjzi8ID2BGlkO
mAGalLAa6Lttzk65xNUsA2b3htWAwFgzJko7Xxu/VSQ6tR7xdtsGDy/5vPuz64BA
Ej3yWe95g7DDVBCq1zJINu9TtLMoB40YU3yvLfeuCUSVASobV5jMNV3NgC/Y2+ye
V/X2mZ3U7pXjGMONQbq+9YanKiMmwdcL8T7uvEr9UcbIB3Nv7i3Mgr9xaDiNtqYc
dJZCAZ+P+hUEIRfv5mtHmDPN3y0U7Jd33BR62CbyQEJwApxO3ZMypC4L61kounUC
4BYEsYRwmf0l+wJ/TAWTJO39oTqNQIMHZwIKJnYPEeHT
-----END CERTIFICATE-----