Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/owhUlWrxdBGsBlgjScU8kJ0Oh9M.roa
File:                     owhUlWrxdBGsBlgjScU8kJ0Oh9M.roa (raw, json)
Hash identifier:          vcUUhbYK2wOelZ6gkthYXYHswViZE4OD48N/zrw4ZFw=
Subject key identifier:   A3:08:54:95:6A:F1:74:11:AC:06:58:23:49:C5:3C:90:9D:0E:87:D3
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019DA9BF559894ED9DB08A073302E1401825
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/owhUlWrxdBGsBlgjScU8kJ0Oh9M.roa
Signing time:             Mon 20 Apr 2026 07:16:21 +0000
ROA not before:           Mon 20 Apr 2026 07:16:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        217.144.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a9:bf:55:98:94:ed:9d:b0:8a:07:33:02:e1:40:18:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 20 07:16:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a30854956af17411ac06582349c53c909d0e87d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:22:2a:3f:5e:56:5b:85:53:8f:51:1f:f6:95:
                    36:e3:73:2d:97:84:2a:f8:f6:e4:ec:c1:b2:e8:fd:
                    6a:4f:c5:41:47:71:12:71:03:55:64:f6:d6:f2:a7:
                    fa:ab:43:7d:4a:ca:fe:1d:cd:e0:17:c0:eb:51:7e:
                    de:16:4e:7f:65:e3:77:d6:c9:2a:e0:30:d7:c0:8a:
                    b3:94:87:1d:e2:54:a7:0e:18:fd:d8:d8:84:07:f4:
                    2d:96:20:a5:67:1b:9a:43:c1:11:cf:cd:83:f6:87:
                    1f:da:1f:fe:9f:b5:05:a2:a7:ee:a8:15:06:47:57:
                    e9:58:8d:be:cd:39:65:8a:77:05:a1:38:33:c5:3f:
                    2d:a7:02:92:a2:26:68:a7:17:f3:d5:ff:aa:88:d6:
                    67:56:b2:8e:8a:b7:c4:42:e9:e5:35:1d:8c:d8:c9:
                    9e:70:13:47:46:dd:5d:5b:99:33:ed:95:bd:72:32:
                    46:4e:48:01:ac:1c:96:66:7c:d4:37:5f:a6:b5:17:
                    05:df:65:b7:0d:91:6a:f3:63:3e:8f:c3:dc:37:f3:
                    47:82:2f:66:6c:8c:dd:2b:93:49:31:0e:dd:7c:db:
                    c0:8b:22:c3:30:42:aa:18:89:c1:82:87:34:52:80:
                    6e:7f:aa:12:b1:68:53:0a:69:06:28:70:cd:8d:e4:
                    4a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:08:54:95:6A:F1:74:11:AC:06:58:23:49:C5:3C:90:9D:0E:87:D3
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/owhUlWrxdBGsBlgjScU8kJ0Oh9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.144.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:a9:2d:c5:b4:0d:55:17:78:e7:32:10:f0:cc:fd:3e:bd:a3:
         5c:92:b1:f4:3e:24:33:09:6d:c2:b8:9a:d0:46:5c:a6:e8:7e:
         f3:9f:41:e6:0e:9b:71:30:c4:57:9f:e3:f3:cb:b4:c8:cc:a9:
         5d:aa:02:d7:1e:d4:e6:1e:5d:cd:29:d8:32:5a:0b:1a:8d:60:
         fb:a6:7d:19:46:8d:c6:6d:c9:29:aa:78:cc:c6:d5:73:df:1f:
         88:5e:d8:45:ff:45:35:74:63:7a:51:23:ab:c6:28:1b:0a:37:
         cf:9e:ba:30:5f:56:f5:5b:77:59:a6:15:13:9c:fa:a6:8b:c5:
         1b:fa:d3:23:91:87:6d:a9:69:a4:26:85:75:ef:05:e2:43:11:
         a4:c3:1f:8a:f8:99:08:17:02:2b:ca:02:66:26:37:1d:03:65:
         fe:19:06:2e:1e:ff:ad:03:34:3a:85:22:e1:dc:88:23:97:a9:
         64:c0:7f:54:bd:d2:9c:6a:40:ed:35:b2:53:7c:1e:38:f9:2b:
         d6:a2:2c:be:24:26:98:ed:e4:39:da:ba:7c:e9:bb:8a:3d:0d:
         ea:76:e8:dc:19:d7:4c:5c:89:b9:e3:5f:44:d0:d7:71:87:c1:
         e2:ff:77:7d:60:60:de:16:07:25:82:6f:81:b0:28:8a:59:3f:
         ec:3c:07:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2pv1WYlO2dsIoHMwLhQBglMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNDIwMDcxNjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzA4NTQ5NTZhZjE3NDExYWMwNjU4MjM0OWM1M2M5MDlkMGU4N2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CIqP15WW4VTj1Ef9pU243Mtl4Qq
+Pbk7MGy6P1qT8VBR3EScQNVZPbW8qf6q0N9Ssr+Hc3gF8DrUX7eFk5/ZeN31skq
4DDXwIqzlIcd4lSnDhj92NiEB/QtliClZxuaQ8ERz82D9ocf2h/+n7UFoqfuqBUG
R1fpWI2+zTllincFoTgzxT8tpwKSoiZopxfz1f+qiNZnVrKOirfEQunlNR2M2Mme
cBNHRt1dW5kz7ZW9cjJGTkgBrByWZnzUN1+mtRcF32W3DZFq82M+j8PcN/NHgi9m
bIzdK5NJMQ7dfNvAiyLDMEKqGInBgoc0UoBuf6oSsWhTCmkGKHDNjeRKcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKMIVJVq8XQRrAZYI0nFPJCdDofTMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvb3doVWxXcnhkQkdzQmxnalNjVThrSjBPaDlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZCZMA0G
CSqGSIb3DQEBCwUAA4IBAQCLqS3FtA1VF3jnMhDwzP0+vaNckrH0PiQzCW3CuJrQ
Rlym6H7zn0HmDptxMMRXn+Pzy7TIzKldqgLXHtTmHl3NKdgyWgsajWD7pn0ZRo3G
bckpqnjMxtVz3x+IXthF/0U1dGN6USOrxigbCjfPnrowX1b1W3dZphUTnPqmi8Ub
+tMjkYdtqWmkJoV17wXiQxGkwx+K+JkIFwIrygJmJjcdA2X+GQYuHv+tAzQ6hSLh
3Igjl6lkwH9UvdKcakDtNbJTfB44+SvWoiy+JCaY7eQ52rp86buKPQ3qdujcGddM
XIm5419E0Ndxh8Hi/3d9YGDeFgclgm+BsCiKWT/sPAfh
-----END CERTIFICATE-----