Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/3bDW1BkII3G0VO8m207jGTh4u9Q.roa
File:                     3bDW1BkII3G0VO8m207jGTh4u9Q.roa (raw, json)
Hash identifier:          fHQIh04Zp5EtKmZlsuAi0f2uI5OmoylBy1KAnWj5sEY=
Subject key identifier:   DD:B0:D6:D4:19:08:23:71:B4:54:EF:26:DB:4E:E3:19:38:78:BB:D4
Certificate issuer:       /CN=11125404c6dd472f1001ed9ffdf726762ac7701d
Certificate serial:       019DFC9A6E91BE5583C6F22D91BC6343582F
Authority key identifier: 11:12:54:04:C6:DD:47:2F:10:01:ED:9F:FD:F7:26:76:2A:C7:70:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/3bDW1BkII3G0VO8m207jGTh4u9Q.roa
Signing time:             Wed 06 May 2026 09:24:32 +0000
ROA not before:           Wed 06 May 2026 09:24:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51765
IP address blocks:        164.138.0.0/22 maxlen: 24
                          164.138.8.0/22 maxlen: 24
                          164.138.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fc:9a:6e:91:be:55:83:c6:f2:2d:91:bc:63:43:58:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11125404c6dd472f1001ed9ffdf726762ac7701d
        Validity
            Not Before: May  6 09:24:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ddb0d6d419082371b454ef26db4ee3193878bbd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:9b:f6:c2:ee:41:0d:dc:b7:d3:61:a2:20:9b:
                    ca:05:c3:dd:60:89:c4:66:9c:7f:61:a1:c5:0b:97:
                    dc:2e:c5:49:e7:97:f1:36:b9:12:ed:a3:59:1c:a2:
                    23:5f:7c:d9:c3:9c:96:70:49:51:2b:95:9b:65:32:
                    be:1f:d4:29:0a:ec:c5:52:4c:c2:fa:13:d3:6e:c9:
                    28:54:07:65:10:28:6d:cf:dc:59:e8:a7:6d:59:c6:
                    89:42:3c:45:aa:a2:90:d8:d2:72:de:6f:5f:79:7d:
                    ce:6a:23:0d:22:01:80:fe:c1:be:16:ea:5e:ba:99:
                    56:8f:86:35:68:1b:f8:a3:26:38:2a:18:84:31:d6:
                    e7:ef:ed:5d:9e:e1:c3:a6:43:1b:fb:5b:c6:8f:cf:
                    33:56:c1:ee:ee:ac:1d:cb:45:7b:0d:8b:6e:39:a5:
                    b9:a8:78:6d:43:dc:a6:f5:fd:89:a5:b0:0d:f8:b2:
                    94:7f:c6:e4:56:26:bd:0e:b2:33:7b:c9:c0:1a:44:
                    3f:4a:85:d6:80:4f:67:38:34:cc:ea:6c:87:14:19:
                    7e:a7:f9:d0:aa:22:af:a5:27:54:e9:8f:7a:f3:80:
                    26:66:48:46:e9:4e:4a:28:6c:47:f0:78:57:0c:3f:
                    0f:c8:90:91:fc:62:1e:92:64:09:79:91:4b:b5:4b:
                    48:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:B0:D6:D4:19:08:23:71:B4:54:EF:26:DB:4E:E3:19:38:78:BB:D4
            X509v3 Authority Key Identifier:
                keyid:11:12:54:04:C6:DD:47:2F:10:01:ED:9F:FD:F7:26:76:2A:C7:70:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/3bDW1BkII3G0VO8m207jGTh4u9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.138.0.0/22
                  164.138.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         cd:bb:34:69:22:9f:3e:b3:40:d5:5f:d2:ed:16:93:5e:10:a5:
         5f:f9:85:56:73:39:f3:09:9b:81:11:4f:0e:ac:81:69:01:af:
         cf:e9:91:68:6e:fd:85:dc:0c:a8:0f:51:bc:20:75:f3:85:6c:
         b5:d4:95:46:ab:fa:4e:e6:e3:06:87:6d:23:87:ba:10:40:89:
         91:4f:6d:66:c1:a6:43:17:75:e4:8c:33:2b:0b:63:81:79:ed:
         18:4a:0a:52:d3:54:f5:60:61:e2:01:43:e7:73:35:59:49:f5:
         46:eb:36:b4:fc:45:af:f1:a6:bc:8d:20:1d:5a:98:1d:ec:4f:
         b0:8a:9e:e2:f3:47:9c:2b:b8:80:9b:3e:85:35:7c:a5:76:af:
         36:27:eb:80:f5:43:2a:60:95:11:f2:2a:4e:82:43:e9:0c:b4:
         76:35:84:68:e6:8b:28:3c:6a:7b:c8:7f:0a:a9:93:1d:42:9c:
         00:0f:3d:6d:a8:94:50:7a:f5:5c:de:ae:e4:36:17:35:bf:7c:
         eb:1f:28:ff:c7:ef:3e:d1:81:92:40:d0:71:1b:7f:81:15:2f:
         d5:e4:46:ed:7f:59:49:9b:f6:b1:1a:02:2e:a4:71:52:d6:2b:
         9b:d2:ee:f0:21:8f:8f:43:58:6f:dd:ba:63:46:f7:b7:8d:cc:
         ba:cc:72:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ38mm6RvlWDxvItkbxjQ1gvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMTI1NDA0YzZkZDQ3MmYxMDAxZWQ5ZmZkZjcyNjc2MmFj
NzcwMWQwHhcNMjYwNTA2MDkyNDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGIwZDZkNDE5MDgyMzcxYjQ1NGVmMjZkYjRlZTMxOTM4NzhiYmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5v2wu5BDdy302GiIJvKBcPdYInE
Zpx/YaHFC5fcLsVJ55fxNrkS7aNZHKIjX3zZw5yWcElRK5WbZTK+H9QpCuzFUkzC
+hPTbskoVAdlEChtz9xZ6KdtWcaJQjxFqqKQ2NJy3m9feX3OaiMNIgGA/sG+Fupe
uplWj4Y1aBv4oyY4KhiEMdbn7+1dnuHDpkMb+1vGj88zVsHu7qwdy0V7DYtuOaW5
qHhtQ9ym9f2JpbAN+LKUf8bkVia9DrIze8nAGkQ/SoXWgE9nODTM6myHFBl+p/nQ
qiKvpSdU6Y9684AmZkhG6U5KKGxH8HhXDD8PyJCR/GIekmQJeZFLtUtIBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN2w1tQZCCNxtFTvJttO4xk4eLvUMB8GA1UdIwQY
MBaAFBESVATG3UcvEAHtn/33JnYqx3AdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJKVUJNYmRSeThRQWUyZl9mY21kaXJIY0IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jZjljZDYtZTcxNy00ZGRhLTgyZWYt
NmRmZTBmN2Q1M2JkLzEvM2JEVzFCa0lJM0cwVk84bTIwN2pHVGg0dTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jZjljZDYtZTcxNy00ZGRhLTgyZWYtNmRmZTBmN2Q1M2Jk
LzEvRVJKVUJNYmRSeThRQWUyZl9mY21kaXJIY0IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCpIoAAwQD
pIoIMA0GCSqGSIb3DQEBCwUAA4IBAQDNuzRpIp8+s0DVX9LtFpNeEKVf+YVWcznz
CZuBEU8OrIFpAa/P6ZFobv2F3AyoD1G8IHXzhWy11JVGq/pO5uMGh20jh7oQQImR
T21mwaZDF3XkjDMrC2OBee0YSgpS01T1YGHiAUPnczVZSfVG6za0/EWv8aa8jSAd
Wpgd7E+wip7i80ecK7iAmz6FNXyldq82J+uA9UMqYJUR8ipOgkPpDLR2NYRo5oso
PGp7yH8KqZMdQpwADz1tqJRQevVc3q7kNhc1v3zrHyj/x+8+0YGSQNBxG3+BFS/V
5Ebtf1lJm/axGgIupHFS1iub0u7wIY+PQ1hv3bpjRve3jcy6zHIb
-----END CERTIFICATE-----