Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/42e19a-e13a-4998-99ae-ea9619beb56e/1/0ytIcMc7s2KoW63HVSZx59FHMA4.roa
File:                     0ytIcMc7s2KoW63HVSZx59FHMA4.roa (raw, json)
Hash identifier:          y6w2/4+MhPYuFogumAKM5UC/Y1Ii8rBrK+24Be22zc4=
Subject key identifier:   D3:2B:48:70:C7:3B:B3:62:A8:5B:AD:C7:55:26:71:E7:D1:47:30:0E
Certificate issuer:       /CN=3eced3d386accd5569ffb17ab63139ba6d47b5ea
Certificate serial:       019B7F154EF3C2F9069147805E9CF888F0C9
Authority key identifier: 3E:CE:D3:D3:86:AC:CD:55:69:FF:B1:7A:B6:31:39:BA:6D:47:B5:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ps7T04aszVVp_7F6tjE5um1Hteo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/42e19a-e13a-4998-99ae-ea9619beb56e/1/0ytIcMc7s2KoW63HVSZx59FHMA4.roa
Signing time:             Fri 02 Jan 2026 14:21:01 +0000
ROA not before:           Fri 02 Jan 2026 14:21:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39675
IP address blocks:        195.5.102.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/42e19a-e13a-4998-99ae-ea9619beb56e/1/Ps7T04aszVVp_7F6tjE5um1Hteo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/42e19a-e13a-4998-99ae-ea9619beb56e/1/Ps7T04aszVVp_7F6tjE5um1Hteo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ps7T04aszVVp_7F6tjE5um1Hteo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:4e:f3:c2:f9:06:91:47:80:5e:9c:f8:88:f0:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eced3d386accd5569ffb17ab63139ba6d47b5ea
        Validity
            Not Before: Jan  2 14:21:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d32b4870c73bb362a85badc7552671e7d147300e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7d:48:66:89:f3:3e:ff:bf:c8:ed:b2:7a:d5:
                    f9:60:bd:8a:0b:02:f1:c4:33:4b:43:5d:c5:e1:ae:
                    69:c2:cb:06:f5:1b:d8:76:32:54:20:7c:db:26:7f:
                    93:f7:bf:9d:c3:89:71:cc:29:b9:d6:91:bb:3c:17:
                    f0:99:65:1d:71:58:cb:a4:05:f0:db:30:12:a4:e5:
                    cd:f0:4d:ad:83:7b:03:92:47:49:5f:70:b0:26:fd:
                    65:5e:50:cb:c1:32:c0:0f:59:e5:e3:6c:e1:8d:2f:
                    e7:9b:85:40:b8:b5:b3:5a:36:38:7c:b1:72:9e:5c:
                    5e:c4:23:60:6a:f1:9c:e8:fb:80:2f:86:55:a7:cd:
                    4b:93:f5:57:12:cd:d4:04:4b:73:d9:93:e1:35:23:
                    97:dd:cd:97:08:d8:4d:43:8d:a4:71:99:96:9c:a7:
                    de:1a:b4:9f:bf:cf:2a:23:4f:d4:85:a7:d1:65:39:
                    39:e6:20:15:fd:f8:f8:5a:df:53:30:c4:07:bb:2a:
                    a4:7c:63:ec:3a:61:7b:dc:82:c5:64:e2:98:45:42:
                    35:75:69:e4:31:36:b6:58:fb:88:f9:73:b6:80:34:
                    7b:1d:ef:bb:4f:13:8a:28:94:64:26:6b:8d:c7:ec:
                    65:df:3a:fd:f2:6c:d0:91:ff:b6:4c:22:11:1a:4c:
                    6e:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:2B:48:70:C7:3B:B3:62:A8:5B:AD:C7:55:26:71:E7:D1:47:30:0E
            X509v3 Authority Key Identifier:
                keyid:3E:CE:D3:D3:86:AC:CD:55:69:FF:B1:7A:B6:31:39:BA:6D:47:B5:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ps7T04aszVVp_7F6tjE5um1Hteo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/42e19a-e13a-4998-99ae-ea9619beb56e/1/0ytIcMc7s2KoW63HVSZx59FHMA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/42e19a-e13a-4998-99ae-ea9619beb56e/1/Ps7T04aszVVp_7F6tjE5um1Hteo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:f8:36:77:7c:87:c7:f4:ea:8c:d7:b8:ad:66:6b:45:84:c5:
         18:40:2e:97:c0:70:de:aa:26:7f:8e:49:53:3e:72:17:ec:c7:
         db:1a:c7:ec:7e:49:9c:f1:55:6f:96:46:1a:b6:d4:90:c7:f2:
         8e:41:46:5f:82:fe:a5:4d:26:87:6d:0b:dc:f8:1a:ef:e5:4a:
         1a:09:e0:5c:ff:9b:29:dc:fc:23:be:31:5c:b6:5c:e4:d2:70:
         af:0a:41:1f:32:54:83:f1:b8:cf:ed:be:f8:07:91:fa:5f:39:
         3b:a5:d3:51:52:65:86:eb:1b:21:d0:41:b2:f2:03:00:a8:6b:
         db:7e:e5:d9:ec:18:91:bd:ac:58:d4:2b:e7:cb:55:08:0e:c3:
         03:51:bb:28:da:fa:d2:fd:a3:bb:a3:2b:d8:4d:6d:fb:3f:d0:
         8d:2c:b2:18:8f:f4:a4:3e:fd:f8:22:95:9a:67:c5:c5:00:ac:
         54:6c:6d:fb:12:5a:d2:8d:2a:b3:2c:c3:78:95:7b:4b:43:98:
         d7:8d:bb:70:98:15:b6:87:71:9f:6c:f0:8b:51:22:75:97:d0:
         f7:a3:cc:17:e4:81:3f:04:93:7b:2c:d4:10:0e:bb:5c:a8:19:
         db:80:a1:c0:40:7b:f6:89:c6:81:d3:78:cc:61:01:44:90:cf:
         04:0e:62:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FU7zwvkGkUeAXpz4iPDJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlY2VkM2QzODZhY2NkNTU2OWZmYjE3YWI2MzEzOWJhNmQ0
N2I1ZWEwHhcNMjYwMTAyMTQyMTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzJiNDg3MGM3M2JiMzYyYTg1YmFkYzc1NTI2NzFlN2QxNDczMDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzX1IZonzPv+/yO2yetX5YL2KCwLx
xDNLQ13F4a5pwssG9RvYdjJUIHzbJn+T97+dw4lxzCm51pG7PBfwmWUdcVjLpAXw
2zASpOXN8E2tg3sDkkdJX3CwJv1lXlDLwTLAD1nl42zhjS/nm4VAuLWzWjY4fLFy
nlxexCNgavGc6PuAL4ZVp81Lk/VXEs3UBEtz2ZPhNSOX3c2XCNhNQ42kcZmWnKfe
GrSfv88qI0/UhafRZTk55iAV/fj4Wt9TMMQHuyqkfGPsOmF73ILFZOKYRUI1dWnk
MTa2WPuI+XO2gDR7He+7TxOKKJRkJmuNx+xl3zr98mzQkf+2TCIRGkxuVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMrSHDHO7NiqFutx1UmcefRRzAOMB8GA1UdIwQY
MBaAFD7O09OGrM1Vaf+xerYxObptR7XqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHM3VDA0YXN6VlZwXzdGNnRqRTV1bTFIdGVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy80MmUxOWEtZTEzYS00OTk4LTk5YWUt
ZWE5NjE5YmViNTZlLzEvMHl0SWNNYzdzMktvVzYzSFZTWng1OUZITUE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy80MmUxOWEtZTEzYS00OTk4LTk5YWUtZWE5NjE5YmViNTZl
LzEvUHM3VDA0YXN6VlZwXzdGNnRqRTV1bTFIdGVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwwVmMA0G
CSqGSIb3DQEBCwUAA4IBAQAw+DZ3fIfH9OqM17itZmtFhMUYQC6XwHDeqiZ/jklT
PnIX7MfbGsfsfkmc8VVvlkYattSQx/KOQUZfgv6lTSaHbQvc+Brv5UoaCeBc/5sp
3PwjvjFctlzk0nCvCkEfMlSD8bjP7b74B5H6Xzk7pdNRUmWG6xsh0EGy8gMAqGvb
fuXZ7BiRvaxY1Cvny1UIDsMDUbso2vrS/aO7oyvYTW37P9CNLLIYj/SkPv34IpWa
Z8XFAKxUbG37ElrSjSqzLMN4lXtLQ5jXjbtwmBW2h3GfbPCLUSJ1l9D3o8wX5IE/
BJN7LNQQDrtcqBnbgKHAQHv2icaB03jMYQFEkM8EDmL9
-----END CERTIFICATE-----