Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/827325-11b9-4510-ab10-dbae4bb3331e/1/OUoJvoWH8pOpVRM1-JGyTDYnKo0.roa
File:                     OUoJvoWH8pOpVRM1-JGyTDYnKo0.roa (raw, json)
Hash identifier:          Wg7N+IAl1TJAnxWuhOrKXbJO2MhgSDNe7L2xICbhWLk=
Subject key identifier:   39:4A:09:BE:85:87:F2:93:A9:55:13:35:F8:91:B2:4C:36:27:2A:8D
Certificate issuer:       /CN=e5148278a835169f14aa8be28b18e12ca049605b
Certificate serial:       019E0150560FEA765D4E1363C830E2CEB64D
Authority key identifier: E5:14:82:78:A8:35:16:9F:14:AA:8B:E2:8B:18:E1:2C:A0:49:60:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5RSCeKg1Fp8UqoviixjhLKBJYFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/827325-11b9-4510-ab10-dbae4bb3331e/1/OUoJvoWH8pOpVRM1-JGyTDYnKo0.roa
Signing time:             Thu 07 May 2026 07:21:42 +0000
ROA not before:           Thu 07 May 2026 07:21:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30929
IP address blocks:        185.98.208.0/22 maxlen: 24
                          2a06:cc0::/29 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/827325-11b9-4510-ab10-dbae4bb3331e/1/5RSCeKg1Fp8UqoviixjhLKBJYFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/827325-11b9-4510-ab10-dbae4bb3331e/1/5RSCeKg1Fp8UqoviixjhLKBJYFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5RSCeKg1Fp8UqoviixjhLKBJYFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:01:50:56:0f:ea:76:5d:4e:13:63:c8:30:e2:ce:b6:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5148278a835169f14aa8be28b18e12ca049605b
        Validity
            Not Before: May  7 07:21:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=394a09be8587f293a9551335f891b24c36272a8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0a:0d:a4:a9:fb:07:f6:35:e1:24:cd:a0:a4:
                    4f:41:4a:82:08:2d:f8:e0:5e:9b:bd:97:dd:e5:b2:
                    e7:6e:47:4f:1c:6e:65:44:c1:f3:98:a9:37:76:d8:
                    25:1a:ff:80:97:42:78:c0:85:96:56:e7:ec:41:17:
                    20:13:b1:98:b6:a4:8f:00:e6:95:6c:75:75:8e:19:
                    89:ee:6e:11:d6:fc:76:e8:6a:d8:cb:63:39:8c:ed:
                    42:6d:95:6f:8f:24:ab:46:d1:80:c0:1b:da:52:3d:
                    85:0c:0b:da:34:69:56:d7:1f:cb:5b:6b:54:95:f1:
                    fd:d3:3a:fe:43:cf:15:81:89:c0:0c:48:56:24:45:
                    7a:e3:3d:8a:da:45:e9:ef:63:96:26:34:ef:ad:ea:
                    ed:0e:86:84:92:4f:58:9d:4c:f6:fe:67:f8:fb:6d:
                    8e:fb:f7:7e:e6:7b:59:75:21:94:d8:7f:90:b5:3b:
                    9b:dd:ca:75:f5:dd:71:9f:bb:55:df:1d:f2:5f:a7:
                    f5:a0:45:04:13:40:fc:7c:b9:89:2e:52:d0:00:ab:
                    0f:b4:f0:9d:3f:8b:fb:a3:1b:99:21:88:80:6d:60:
                    eb:d7:43:5b:50:54:e8:db:b0:d7:dc:fb:3b:b2:7a:
                    57:ca:45:6e:fc:3c:4a:e9:d9:9d:33:af:7b:b4:c8:
                    78:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:4A:09:BE:85:87:F2:93:A9:55:13:35:F8:91:B2:4C:36:27:2A:8D
            X509v3 Authority Key Identifier:
                keyid:E5:14:82:78:A8:35:16:9F:14:AA:8B:E2:8B:18:E1:2C:A0:49:60:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5RSCeKg1Fp8UqoviixjhLKBJYFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/827325-11b9-4510-ab10-dbae4bb3331e/1/OUoJvoWH8pOpVRM1-JGyTDYnKo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/827325-11b9-4510-ab10-dbae4bb3331e/1/5RSCeKg1Fp8UqoviixjhLKBJYFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.208.0/22
                IPv6:
                  2a06:cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:9b:de:91:68:01:3f:56:69:b4:bd:67:78:6c:d9:d1:56:7d:
         8f:ae:9f:24:4b:74:58:3a:73:81:a0:96:d5:04:b3:23:1b:0c:
         92:24:c6:1f:56:b1:9f:7f:81:6f:8b:d5:ca:f4:60:29:92:9a:
         4a:76:4d:c1:e3:79:96:28:08:46:51:00:5e:f4:84:a2:6f:df:
         c1:ca:cc:dc:0c:17:e4:81:1c:5b:70:c3:f1:6e:7a:2f:b2:97:
         19:b0:3f:68:5f:09:52:88:ae:ef:f6:5e:b2:b4:87:98:06:87:
         f2:05:40:0b:01:d6:fe:eb:2a:00:6e:aa:18:18:55:e7:cd:28:
         d5:7e:05:46:e5:93:76:ca:64:2c:23:a9:77:8b:21:d1:f6:86:
         02:2e:ce:fe:12:1b:2b:3d:05:2d:8b:df:1b:16:8f:ee:36:93:
         5e:91:80:31:2a:ef:c6:ee:6a:66:d3:a9:2c:a7:5c:ce:13:df:
         e2:c2:94:47:44:f5:f6:c3:38:ad:1b:67:ef:8f:80:0e:71:33:
         90:8c:2a:40:84:ae:d9:65:33:a3:ac:13:8f:ed:70:16:4e:fd:
         9c:99:10:40:d9:55:61:9e:71:5e:02:08:f2:86:03:63:23:ac:
         53:d2:4f:28:3d:a7:1d:f6:28:70:b6:31:d5:e8:04:eb:a5:c0:
         79:f4:0c:2b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ4BUFYP6nZdThNjyDDizrZNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MTQ4Mjc4YTgzNTE2OWYxNGFhOGJlMjhiMThlMTJjYTA0
OTYwNWIwHhcNMjYwNTA3MDcyMTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTRhMDliZTg1ODdmMjkzYTk1NTEzMzVmODkxYjI0YzM2MjcyYThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAoNpKn7B/Y14STNoKRPQUqCCC34
4F6bvZfd5bLnbkdPHG5lRMHzmKk3dtglGv+Al0J4wIWWVufsQRcgE7GYtqSPAOaV
bHV1jhmJ7m4R1vx26GrYy2M5jO1CbZVvjySrRtGAwBvaUj2FDAvaNGlW1x/LW2tU
lfH90zr+Q88VgYnADEhWJEV64z2K2kXp72OWJjTvrertDoaEkk9YnUz2/mf4+22O
+/d+5ntZdSGU2H+QtTub3cp19d1xn7tV3x3yX6f1oEUEE0D8fLmJLlLQAKsPtPCd
P4v7oxuZIYiAbWDr10NbUFTo27DX3Ps7snpXykVu/DxK6dmdM697tMh4FwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDlKCb6Fh/KTqVUTNfiRskw2JyqNMB8GA1UdIwQY
MBaAFOUUgnioNRafFKqL4osY4SygSWBbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVJTQ2VLZzFGcDhVcW92aWl4amhMS0JKWUZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi84MjczMjUtMTFiOS00NTEwLWFiMTAt
ZGJhZTRiYjMzMzFlLzEvT1VvSnZvV0g4cE9wVlJNMS1KR3lURFluS28wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi84MjczMjUtMTFiOS00NTEwLWFiMTAtZGJhZTRiYjMzMzFl
LzEvNVJTQ2VLZzFGcDhVcW92aWl4amhMS0JKWUZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWLQMA0E
AgACMAcDBQMqBgzAMA0GCSqGSIb3DQEBCwUAA4IBAQCFm96RaAE/Vmm0vWd4bNnR
Vn2Prp8kS3RYOnOBoJbVBLMjGwySJMYfVrGff4Fvi9XK9GApkppKdk3B43mWKAhG
UQBe9ISib9/ByszcDBfkgRxbcMPxbnovspcZsD9oXwlSiK7v9l6ytIeYBofyBUAL
Adb+6yoAbqoYGFXnzSjVfgVG5ZN2ymQsI6l3iyHR9oYCLs7+EhsrPQUti98bFo/u
NpNekYAxKu/G7mpm06ksp1zOE9/iwpRHRPX2wzitG2fvj4AOcTOQjCpAhK7ZZTOj
rBOP7XAWTv2cmRBA2VVhnnFeAgjyhgNjI6xT0k8oPacd9ihwtjHV6ATrpcB59Awr
-----END CERTIFICATE-----