Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/O-QEXm4qSbt72Nnk4qRQFwvPr_0.roa
File:                     O-QEXm4qSbt72Nnk4qRQFwvPr_0.roa (raw, json)
Hash identifier:          vVF+iuhTnkhVo+LKbluIv023EO5M+EyUgI75CD2LSB0=
Subject key identifier:   3B:E4:04:5E:6E:2A:49:BB:7B:D8:D9:E4:E2:A4:50:17:0B:CF:AF:FD
Certificate issuer:       /CN=0e298900355fdf4254c20831f2d7ee3bec429bdb
Certificate serial:       019E4A04EABDA42D349CA0D36DBB73E90823
Authority key identifier: 0E:29:89:00:35:5F:DF:42:54:C2:08:31:F2:D7:EE:3B:EC:42:9B:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DimJADVf30JUwggx8tfuO-xCm9s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/O-QEXm4qSbt72Nnk4qRQFwvPr_0.roa
Signing time:             Thu 21 May 2026 10:11:36 +0000
ROA not before:           Thu 21 May 2026 10:11:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205489
IP address blocks:        194.59.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/DimJADVf30JUwggx8tfuO-xCm9s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/DimJADVf30JUwggx8tfuO-xCm9s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DimJADVf30JUwggx8tfuO-xCm9s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 01:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4a:04:ea:bd:a4:2d:34:9c:a0:d3:6d:bb:73:e9:08:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e298900355fdf4254c20831f2d7ee3bec429bdb
        Validity
            Not Before: May 21 10:11:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3be4045e6e2a49bb7bd8d9e4e2a450170bcfaffd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:32:d3:d4:5b:68:96:81:c9:e6:03:36:ac:b8:
                    55:d4:41:f6:25:42:62:4b:a0:01:94:bf:62:2d:5c:
                    ca:1c:d2:9c:1f:ec:6c:76:1e:1c:7a:11:bb:85:b5:
                    58:be:eb:07:35:98:fc:e6:32:f1:26:90:58:6d:a1:
                    86:2f:24:15:49:26:16:30:72:fa:31:90:c9:14:4c:
                    8d:15:02:44:76:25:be:50:fd:8a:fe:3f:6b:cc:ed:
                    5d:bc:07:9a:16:ac:6b:17:96:c3:08:51:4d:d4:db:
                    e3:42:02:42:7f:ff:fb:d8:9c:a7:93:b9:cc:f4:2d:
                    30:2d:d4:4c:c9:c9:0e:ea:52:05:95:18:6b:ca:85:
                    1d:7f:11:b7:70:84:b2:5b:af:d5:37:9c:77:db:e4:
                    93:9d:55:5c:19:1b:fe:be:d6:73:93:28:70:73:76:
                    07:4a:ec:03:bd:14:bb:a7:08:c1:db:00:a6:11:b1:
                    4d:ea:ea:13:08:90:c7:78:f1:f8:4d:f8:64:88:8f:
                    4e:40:1e:b7:a3:fb:85:9f:76:83:53:56:db:93:43:
                    4e:c8:29:b5:a4:21:0c:4d:55:0c:ac:dd:e7:f8:0e:
                    d3:67:4e:6e:61:30:0b:a5:20:00:29:f2:20:59:53:
                    a1:35:96:1d:6b:2c:57:44:6e:15:e1:02:37:13:09:
                    97:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:E4:04:5E:6E:2A:49:BB:7B:D8:D9:E4:E2:A4:50:17:0B:CF:AF:FD
            X509v3 Authority Key Identifier:
                keyid:0E:29:89:00:35:5F:DF:42:54:C2:08:31:F2:D7:EE:3B:EC:42:9B:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DimJADVf30JUwggx8tfuO-xCm9s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/O-QEXm4qSbt72Nnk4qRQFwvPr_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/cfea9e-bee2-4bcb-8def-3e4b74dd058d/1/DimJADVf30JUwggx8tfuO-xCm9s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:2b:8f:7f:30:1a:d9:9c:77:87:01:57:54:fd:28:fb:db:ec:
         15:b4:b9:02:cb:cd:81:9c:30:cd:fa:45:9a:46:3a:fd:f7:db:
         6d:2d:c6:0e:02:58:59:e9:f3:50:7b:b2:98:6f:ad:90:7f:42:
         9e:48:38:46:c4:bd:14:2c:8a:a2:d1:62:54:85:17:73:c0:5b:
         3a:4d:02:a9:55:8b:1f:c4:6e:7c:1c:69:ab:ac:6a:3c:fd:c3:
         d4:93:d9:f0:13:f1:6b:df:17:f7:0c:66:5d:35:02:1d:39:71:
         e7:e7:d9:ba:52:d6:74:02:14:74:ab:a1:88:55:26:33:15:dc:
         d4:1c:40:ab:45:ab:32:3e:88:ea:0d:f3:53:d1:de:0c:4e:c1:
         98:f9:80:d6:07:27:cd:c3:75:9a:87:3f:86:25:f9:7a:b1:69:
         f7:e5:b8:1c:43:7c:5d:3f:33:85:9f:a7:81:24:a1:c9:19:d3:
         d7:cc:fb:44:4b:63:27:3e:12:10:74:c7:4e:eb:37:32:cd:4f:
         74:97:4d:da:7a:79:d8:c1:96:75:d4:e6:e7:52:bd:ac:52:14:
         f1:81:04:42:2b:34:c7:27:73:fe:2d:91:e3:bc:df:d5:f4:2b:
         9d:1a:3d:35:b0:d8:4e:80:60:a6:4d:31:ea:ca:26:2f:4c:34:
         52:55:ea:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5KBOq9pC00nKDTbbtz6QgjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMjk4OTAwMzU1ZmRmNDI1NGMyMDgzMWYyZDdlZTNiZWM0
MjliZGIwHhcNMjYwNTIxMTAxMTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmU0MDQ1ZTZlMmE0OWJiN2JkOGQ5ZTRlMmE0NTAxNzBiY2ZhZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzLT1FtoloHJ5gM2rLhV1EH2JUJi
S6ABlL9iLVzKHNKcH+xsdh4cehG7hbVYvusHNZj85jLxJpBYbaGGLyQVSSYWMHL6
MZDJFEyNFQJEdiW+UP2K/j9rzO1dvAeaFqxrF5bDCFFN1NvjQgJCf//72Jynk7nM
9C0wLdRMyckO6lIFlRhryoUdfxG3cISyW6/VN5x32+STnVVcGRv+vtZzkyhwc3YH
SuwDvRS7pwjB2wCmEbFN6uoTCJDHePH4TfhkiI9OQB63o/uFn3aDU1bbk0NOyCm1
pCEMTVUMrN3n+A7TZ05uYTALpSAAKfIgWVOhNZYdayxXRG4V4QI3EwmXxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDvkBF5uKkm7e9jZ5OKkUBcLz6/9MB8GA1UdIwQY
MBaAFA4piQA1X99CVMIIMfLX7jvsQpvbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGltSkFEVmYzMEpVd2dneDh0ZnVPLXhDbTlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9jZmVhOWUtYmVlMi00YmNiLThkZWYt
M2U0Yjc0ZGQwNThkLzEvTy1RRVhtNHFTYnQ3Mk5uazRxUlFGd3ZQcl8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9jZmVhOWUtYmVlMi00YmNiLThkZWYtM2U0Yjc0ZGQwNThk
LzEvRGltSkFEVmYzMEpVd2dneDh0ZnVPLXhDbTlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjvfMA0G
CSqGSIb3DQEBCwUAA4IBAQAMK49/MBrZnHeHAVdU/Sj72+wVtLkCy82BnDDN+kWa
Rjr999ttLcYOAlhZ6fNQe7KYb62Qf0KeSDhGxL0ULIqi0WJUhRdzwFs6TQKpVYsf
xG58HGmrrGo8/cPUk9nwE/Fr3xf3DGZdNQIdOXHn59m6UtZ0AhR0q6GIVSYzFdzU
HECrRasyPojqDfNT0d4MTsGY+YDWByfNw3Wahz+GJfl6sWn35bgcQ3xdPzOFn6eB
JKHJGdPXzPtES2MnPhIQdMdO6zcyzU90l03aennYwZZ11ObnUr2sUhTxgQRCKzTH
J3P+LZHjvN/V9CudGj01sNhOgGCmTTHqyiYvTDRSVeoo
-----END CERTIFICATE-----