Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/dc35eb-6ecf-4452-8599-70d59cc4f7cc/1/OXg0TjUhSvtV7LtPBTa7S_RSHjs.roa
File:                     OXg0TjUhSvtV7LtPBTa7S_RSHjs.roa (raw, json)
Hash identifier:          canGGkhdPWTKzNqqcACagBLpPsyetsivYP+q4meoXFA=
Subject key identifier:   39:78:34:4E:35:21:4A:FB:55:EC:BB:4F:05:36:BB:4B:F4:52:1E:3B
Certificate issuer:       /CN=f0bfad31c14c93daa5344ba04f4b52354696dfaf
Certificate serial:       019CE7F4DABA9E577F030621C3BFC6CFF69C
Authority key identifier: F0:BF:AD:31:C1:4C:93:DA:A5:34:4B:A0:4F:4B:52:35:46:96:DF:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8L-tMcFMk9qlNEugT0tSNUaW368.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/dc35eb-6ecf-4452-8599-70d59cc4f7cc/1/OXg0TjUhSvtV7LtPBTa7S_RSHjs.roa
Signing time:             Fri 13 Mar 2026 16:08:29 +0000
ROA not before:           Fri 13 Mar 2026 16:08:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52129
IP address blocks:        185.169.148.0/22 maxlen: 24
                          185.169.148.0/24 maxlen: 24
                          185.169.149.0/24 maxlen: 24
                          185.169.150.0/24 maxlen: 24
                          185.169.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/dc35eb-6ecf-4452-8599-70d59cc4f7cc/1/8L-tMcFMk9qlNEugT0tSNUaW368.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/dc35eb-6ecf-4452-8599-70d59cc4f7cc/1/8L-tMcFMk9qlNEugT0tSNUaW368.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8L-tMcFMk9qlNEugT0tSNUaW368.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e7:f4:da:ba:9e:57:7f:03:06:21:c3:bf:c6:cf:f6:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0bfad31c14c93daa5344ba04f4b52354696dfaf
        Validity
            Not Before: Mar 13 16:08:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3978344e35214afb55ecbb4f0536bb4bf4521e3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:47:e3:41:67:fa:47:64:cc:b8:ea:68:bb:42:
                    c9:e4:81:f1:fe:48:e8:7d:00:c5:4e:6e:fb:33:f3:
                    12:9f:fb:b3:4c:d5:2b:d7:43:fb:54:6d:52:b5:15:
                    03:cc:34:53:16:cf:01:10:85:83:47:af:ee:43:61:
                    c7:dc:16:66:b7:f7:de:9c:f8:e0:2e:92:ce:9a:a5:
                    40:f8:c9:ab:79:85:c9:54:ed:8a:20:49:8d:a2:87:
                    96:90:31:29:f7:c8:9d:2d:20:d3:4c:e6:4a:98:99:
                    0e:7b:86:f0:1c:ca:b1:7a:ab:5f:49:7a:c7:50:32:
                    27:61:06:60:35:29:2d:2e:63:87:f4:07:6a:eb:be:
                    db:e0:07:2a:3e:16:09:ce:85:22:0c:31:e1:f7:0f:
                    f3:60:ee:d7:be:9d:ac:07:62:c9:73:f6:10:dd:9e:
                    35:2b:d8:ef:94:4b:8e:70:42:9e:2c:16:ec:00:51:
                    00:4a:54:01:6b:f5:36:d4:98:4a:ea:42:18:42:5d:
                    b3:5e:8f:20:d2:0d:12:f2:35:44:57:8e:ba:dd:cd:
                    26:93:4d:18:fa:c7:49:cc:cd:96:bd:44:f6:b1:f4:
                    3d:c1:f0:99:f7:e9:0d:bb:e7:1d:f0:bb:cd:1d:2d:
                    58:f0:a0:4f:a7:fa:38:ad:ae:f2:d6:21:e4:e5:9b:
                    b2:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:78:34:4E:35:21:4A:FB:55:EC:BB:4F:05:36:BB:4B:F4:52:1E:3B
            X509v3 Authority Key Identifier:
                keyid:F0:BF:AD:31:C1:4C:93:DA:A5:34:4B:A0:4F:4B:52:35:46:96:DF:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8L-tMcFMk9qlNEugT0tSNUaW368.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/dc35eb-6ecf-4452-8599-70d59cc4f7cc/1/OXg0TjUhSvtV7LtPBTa7S_RSHjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/dc35eb-6ecf-4452-8599-70d59cc4f7cc/1/8L-tMcFMk9qlNEugT0tSNUaW368.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:09:1c:6b:07:37:f1:3c:9a:59:6b:f7:71:4b:b1:87:9b:8e:
         a6:ac:f4:64:0d:25:2e:d1:5d:6c:f9:2e:a0:fa:e6:b0:70:85:
         f4:f4:ed:d4:53:13:7a:d3:49:97:36:d0:ea:ff:e0:79:b2:82:
         07:44:bf:14:70:93:af:4c:80:e0:2e:38:f5:8c:67:de:2a:9b:
         e2:e8:5c:6f:ec:f3:3d:cb:04:82:d9:ab:ad:5b:b3:7c:81:76:
         52:fe:94:cc:f1:8a:ec:08:af:a9:db:7c:41:2d:df:a8:80:47:
         ac:7e:a4:07:c1:c5:03:e4:b5:27:60:49:d6:15:55:90:a5:1d:
         92:43:99:e9:6d:50:6d:a4:85:32:d9:d0:b3:01:1b:50:35:a9:
         87:8a:f0:7a:88:cf:f8:f1:75:bf:5e:8d:71:88:e4:47:fa:7e:
         c7:1d:47:4c:12:a0:0f:62:3d:d1:76:cf:45:1e:75:eb:2f:7b:
         98:f1:7a:95:0b:d6:11:83:48:b0:de:f7:9f:a6:2e:70:de:19:
         3f:bc:67:db:fc:1d:06:09:50:32:7f:51:a2:52:9b:f1:da:10:
         92:16:ec:48:01:dc:45:ce:4f:71:32:86:4d:70:29:b1:aa:c7:
         e8:28:6b:71:8f:ce:6b:5f:87:c4:6d:21:d3:2d:eb:7e:eb:c9:
         f0:8b:28:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzn9Nq6nld/AwYhw7/Gz/acMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYmZhZDMxYzE0YzkzZGFhNTM0NGJhMDRmNGI1MjM1NDY5
NmRmYWYwHhcNMjYwMzEzMTYwODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTc4MzQ0ZTM1MjE0YWZiNTVlY2JiNGYwNTM2YmI0YmY0NTIxZTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0fjQWf6R2TMuOpou0LJ5IHx/kjo
fQDFTm77M/MSn/uzTNUr10P7VG1StRUDzDRTFs8BEIWDR6/uQ2HH3BZmt/fenPjg
LpLOmqVA+MmreYXJVO2KIEmNooeWkDEp98idLSDTTOZKmJkOe4bwHMqxeqtfSXrH
UDInYQZgNSktLmOH9Adq677b4AcqPhYJzoUiDDHh9w/zYO7Xvp2sB2LJc/YQ3Z41
K9jvlEuOcEKeLBbsAFEASlQBa/U21JhK6kIYQl2zXo8g0g0S8jVEV4663c0mk00Y
+sdJzM2WvUT2sfQ9wfCZ9+kNu+cd8LvNHS1Y8KBPp/o4ra7y1iHk5ZuyewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDl4NE41IUr7Vey7TwU2u0v0Uh47MB8GA1UdIwQY
MBaAFPC/rTHBTJPapTRLoE9LUjVGlt+vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEwtdE1jRk1rOXFsTkV1Z1QwdFNOVWFXMzY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni9kYzM1ZWItNmVjZi00NDUyLTg1OTkt
NzBkNTljYzRmN2NjLzEvT1hnMFRqVWhTdnRWN0x0UEJUYTdTX1JTSGpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni9kYzM1ZWItNmVjZi00NDUyLTg1OTktNzBkNTljYzRmN2Nj
LzEvOEwtdE1jRk1rOXFsTkV1Z1QwdFNOVWFXMzY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuamUMA0G
CSqGSIb3DQEBCwUAA4IBAQB9CRxrBzfxPJpZa/dxS7GHm46mrPRkDSUu0V1s+S6g
+uawcIX09O3UUxN600mXNtDq/+B5soIHRL8UcJOvTIDgLjj1jGfeKpvi6Fxv7PM9
ywSC2autW7N8gXZS/pTM8YrsCK+p23xBLd+ogEesfqQHwcUD5LUnYEnWFVWQpR2S
Q5npbVBtpIUy2dCzARtQNamHivB6iM/48XW/Xo1xiORH+n7HHUdMEqAPYj3Rds9F
HnXrL3uY8XqVC9YRg0iw3vefpi5w3hk/vGfb/B0GCVAyf1GiUpvx2hCSFuxIAdxF
zk9xMoZNcCmxqsfoKGtxj85rX4fEbSHTLet+68nwiyiv
-----END CERTIFICATE-----