Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/DawgmbF4zRjsfVe4a4FzN8y0mQA.roa
File:                     DawgmbF4zRjsfVe4a4FzN8y0mQA.roa (raw, json)
Hash identifier:          afn5hxUejct66tT0JGmr4cEMo/gnTzzdfUoke9AjNOU=
Subject key identifier:   0D:AC:20:99:B1:78:CD:18:EC:7D:57:B8:6B:81:73:37:CC:B4:99:00
Certificate issuer:       /CN=25bbed0bff7ffeab67f302b411a00701854a6c30
Certificate serial:       019D29270EDA2A019F1538723EDBCC90598A
Authority key identifier: 25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/DawgmbF4zRjsfVe4a4FzN8y0mQA.roa
Signing time:             Thu 26 Mar 2026 07:58:38 +0000
ROA not before:           Thu 26 Mar 2026 07:58:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        194.104.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 08:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:27:0e:da:2a:01:9f:15:38:72:3e:db:cc:90:59:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25bbed0bff7ffeab67f302b411a00701854a6c30
        Validity
            Not Before: Mar 26 07:58:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0dac2099b178cd18ec7d57b86b817337ccb49900
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ea:3d:fb:c2:8c:e9:f2:3a:92:94:db:5f:09:
                    4d:ea:7d:c1:cb:53:64:46:2b:6c:0d:ea:36:14:6a:
                    49:59:df:1a:a8:c6:e8:37:76:60:6f:5c:f6:8a:b6:
                    cb:f5:58:61:14:e4:45:7f:27:d5:dd:89:32:ed:f6:
                    5b:48:83:70:32:ad:8a:a0:cd:a9:1d:da:5b:1c:42:
                    94:f8:0f:a4:4e:0e:7f:c2:64:f3:3f:ac:d0:4a:b9:
                    a1:5c:35:b7:43:81:6d:13:f9:e9:48:76:ae:6e:4e:
                    9e:74:2c:87:5f:4c:bb:0a:c2:2e:93:c0:01:9d:89:
                    18:81:75:70:8e:d8:9a:d6:31:48:4e:fb:85:83:f0:
                    63:78:1d:5f:2e:f7:0e:1d:0b:54:09:2c:c0:29:30:
                    19:69:01:08:b0:0e:51:c6:b1:98:d0:13:88:da:b4:
                    4a:3d:48:4e:58:50:af:4c:96:34:1e:25:78:0c:cf:
                    d0:9e:6a:5f:f4:c0:87:3a:a4:5b:20:7a:58:73:8f:
                    89:50:cb:fe:19:cb:07:06:28:be:42:60:85:cc:b7:
                    c8:97:3b:f4:81:6e:db:10:0f:22:f2:26:01:1c:c6:
                    e3:d8:1f:06:25:14:22:f0:a5:ce:11:e9:93:c1:1b:
                    f6:49:2e:60:2d:69:69:69:26:0f:f4:f6:6a:67:64:
                    3e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:AC:20:99:B1:78:CD:18:EC:7D:57:B8:6B:81:73:37:CC:B4:99:00
            X509v3 Authority Key Identifier:
                keyid:25:BB:ED:0B:FF:7F:FE:AB:67:F3:02:B4:11:A0:07:01:85:4A:6C:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JbvtC_9__qtn8wK0EaAHAYVKbDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/DawgmbF4zRjsfVe4a4FzN8y0mQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/3b9aff-f00d-4187-af94-5717b4544237/1/JbvtC_9__qtn8wK0EaAHAYVKbDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:3b:46:53:4e:ee:f8:9d:12:90:09:8e:e5:b0:01:56:a8:63:
         d6:1b:db:f5:92:af:e8:aa:e6:b9:a8:f8:0a:b5:fd:ff:f0:85:
         eb:93:bb:5b:6b:8d:ba:fd:71:df:d0:f8:48:fa:75:71:6e:27:
         c5:3a:95:3d:a4:b8:6b:db:bb:ca:74:8f:f7:ad:34:50:f8:97:
         3a:a2:e4:3c:b4:0a:b5:56:d2:9d:ef:c5:79:b6:9e:2a:10:be:
         7f:1e:a6:47:27:fb:c9:ba:98:eb:25:79:03:b9:71:7a:26:e7:
         28:9c:30:cb:cc:9d:73:22:d8:34:e8:69:fa:1f:1f:a7:43:f3:
         53:f6:6a:09:d9:93:53:8d:1d:54:05:0a:62:85:9a:c8:4f:b5:
         a5:52:8f:6f:5d:d9:21:e2:41:ee:b9:3e:d3:d6:3b:2c:be:b6:
         f7:ee:e7:ab:f5:ba:07:53:78:e4:65:2a:a5:8f:10:90:c9:83:
         7f:ab:e9:ad:4f:83:63:57:51:fe:21:41:08:14:77:58:20:a1:
         79:1b:f9:b4:17:9e:63:b9:40:7f:20:a1:54:ac:22:22:1a:b0:
         79:38:94:cf:63:9a:d3:04:41:59:08:0f:0c:eb:97:0e:cb:46:
         2f:da:ac:95:68:33:4f:48:2c:c4:6e:9c:4a:6f:f6:ae:f9:76:
         e1:1a:f1:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0pJw7aKgGfFThyPtvMkFmKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YmJlZDBiZmY3ZmZlYWI2N2YzMDJiNDExYTAwNzAxODU0
YTZjMzAwHhcNMjYwMzI2MDc1ODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGFjMjA5OWIxNzhjZDE4ZWM3ZDU3Yjg2YjgxNzMzN2NjYjQ5OTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeo9+8KM6fI6kpTbXwlN6n3By1Nk
RitsDeo2FGpJWd8aqMboN3Zgb1z2irbL9VhhFORFfyfV3Yky7fZbSINwMq2KoM2p
HdpbHEKU+A+kTg5/wmTzP6zQSrmhXDW3Q4FtE/npSHaubk6edCyHX0y7CsIuk8AB
nYkYgXVwjtia1jFITvuFg/BjeB1fLvcOHQtUCSzAKTAZaQEIsA5RxrGY0BOI2rRK
PUhOWFCvTJY0HiV4DM/Qnmpf9MCHOqRbIHpYc4+JUMv+GcsHBii+QmCFzLfIlzv0
gW7bEA8i8iYBHMbj2B8GJRQi8KXOEemTwRv2SS5gLWlpaSYP9PZqZ2Q+6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA2sIJmxeM0Y7H1XuGuBczfMtJkAMB8GA1UdIwQY
MBaAFCW77Qv/f/6rZ/MCtBGgBwGFSmwwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmJ2dENfOV9fcXRuOHdLMEVhQUhBWVZLYkRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8zYjlhZmYtZjAwZC00MTg3LWFmOTQt
NTcxN2I0NTQ0MjM3LzEvRGF3Z21iRjR6UmpzZlZlNGE0RnpOOHkwbVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8zYjlhZmYtZjAwZC00MTg3LWFmOTQtNTcxN2I0NTQ0MjM3
LzEvSmJ2dENfOV9fcXRuOHdLMEVhQUhBWVZLYkRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmiKMA0G
CSqGSIb3DQEBCwUAA4IBAQBjO0ZTTu74nRKQCY7lsAFWqGPWG9v1kq/oqua5qPgK
tf3/8IXrk7tba426/XHf0PhI+nVxbifFOpU9pLhr27vKdI/3rTRQ+Jc6ouQ8tAq1
VtKd78V5tp4qEL5/HqZHJ/vJupjrJXkDuXF6JuconDDLzJ1zItg06Gn6Hx+nQ/NT
9moJ2ZNTjR1UBQpihZrIT7WlUo9vXdkh4kHuuT7T1jssvrb37uer9boHU3jkZSql
jxCQyYN/q+mtT4NjV1H+IUEIFHdYIKF5G/m0F55juUB/IKFUrCIiGrB5OJTPY5rT
BEFZCA8M65cOy0Yv2qyVaDNPSCzEbpxKb/au+XbhGvES
-----END CERTIFICATE-----