Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/3dUSqMgo4inQpVapnEeVM4IcAs4.roa
File:                     3dUSqMgo4inQpVapnEeVM4IcAs4.roa (raw, json)
Hash identifier:          vTH6P/Ep7dD9DzLgPn4STaP/qKVJaxhdQzb154nAfkc=
Subject key identifier:   DD:D5:12:A8:C8:28:E2:29:D0:A5:56:A9:9C:47:95:33:82:1C:02:CE
Certificate issuer:       /CN=060c9ec5d40586ed3255f0fc4fcb3157714dda15
Certificate serial:       019CCD04263F08225F554DBA218B32CAE8F9
Authority key identifier: 06:0C:9E:C5:D4:05:86:ED:32:55:F0:FC:4F:CB:31:57:71:4D:DA:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BgyexdQFhu0yVfD8T8sxV3FN2hU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/3dUSqMgo4inQpVapnEeVM4IcAs4.roa
Signing time:             Sun 08 Mar 2026 10:35:27 +0000
ROA not before:           Sun 08 Mar 2026 10:35:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209193
IP address blocks:        195.69.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/BgyexdQFhu0yVfD8T8sxV3FN2hU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/BgyexdQFhu0yVfD8T8sxV3FN2hU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BgyexdQFhu0yVfD8T8sxV3FN2hU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Mar 2026 19:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:cd:04:26:3f:08:22:5f:55:4d:ba:21:8b:32:ca:e8:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=060c9ec5d40586ed3255f0fc4fcb3157714dda15
        Validity
            Not Before: Mar  8 10:35:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ddd512a8c828e229d0a556a99c479533821c02ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:40:74:7c:2c:3b:69:d1:7a:08:8c:07:e0:8f:
                    40:49:91:0a:6f:3d:df:5c:1f:df:47:15:69:a8:6d:
                    b9:14:46:e0:c7:7a:b7:d4:49:bd:56:56:e6:ee:7f:
                    da:84:0a:d4:12:22:ff:75:b8:b5:87:0c:59:16:1d:
                    7b:5b:e2:23:86:ea:c9:ae:e1:4c:81:89:8d:d4:7b:
                    0b:41:93:28:51:a0:06:35:f4:95:00:46:16:66:2a:
                    b7:87:fb:e0:bc:20:1b:d0:17:45:a6:e7:2d:dc:bf:
                    56:3d:cb:24:66:0b:cc:5a:d2:a2:5e:0b:ab:be:97:
                    35:3c:d9:2e:15:ca:56:dc:3c:9f:62:50:5c:b9:97:
                    4a:cd:f4:f0:f6:18:ce:2b:e0:bc:87:84:a0:f0:d6:
                    30:a5:47:97:2e:76:bb:7a:15:00:62:73:b1:05:b1:
                    45:c6:d9:3f:43:52:4f:5f:4f:fc:af:63:38:86:5f:
                    17:34:d6:20:f8:41:54:aa:52:f9:e2:81:20:66:4b:
                    c3:21:c4:95:32:e7:75:8e:82:65:83:13:ee:a7:1e:
                    78:c4:d8:4e:00:6e:b0:e5:90:a9:c1:80:9f:59:c8:
                    54:11:5f:48:a1:95:3b:c7:76:83:72:9f:c6:2f:43:
                    8b:ad:b1:f3:cf:70:39:ea:7d:75:ad:14:56:8c:28:
                    53:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:D5:12:A8:C8:28:E2:29:D0:A5:56:A9:9C:47:95:33:82:1C:02:CE
            X509v3 Authority Key Identifier:
                keyid:06:0C:9E:C5:D4:05:86:ED:32:55:F0:FC:4F:CB:31:57:71:4D:DA:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BgyexdQFhu0yVfD8T8sxV3FN2hU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/3dUSqMgo4inQpVapnEeVM4IcAs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/ae3a3e-2c0c-405e-bcd7-9e0a513deef2/1/BgyexdQFhu0yVfD8T8sxV3FN2hU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.69.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:5d:d9:04:84:fb:21:d8:23:92:26:3b:cd:77:68:4f:70:8e:
         44:78:b3:32:58:e0:f2:f0:6b:6e:88:7a:07:3b:76:f1:2d:c7:
         06:b2:91:c3:a9:c4:91:3c:60:e9:ba:81:d8:5a:ec:de:c4:8e:
         99:dc:2a:d4:8c:90:71:93:b0:82:c4:3c:ff:27:1f:58:23:05:
         0a:3c:9e:0c:a2:33:7d:6e:ee:de:ae:4e:2d:54:24:b1:14:24:
         63:04:71:43:a5:14:64:80:46:f8:28:66:8a:1c:e6:da:df:84:
         a8:ed:a9:57:dd:28:1b:de:b2:47:b3:22:28:84:2e:81:b5:e9:
         eb:bf:44:73:e6:c9:15:31:b7:16:a0:6a:7e:b9:26:d9:42:bd:
         c5:c6:dd:e8:50:6a:b3:97:df:19:c2:16:fb:88:62:34:69:78:
         ef:28:3a:d0:6c:41:f5:e9:e4:8e:a3:e8:c8:c0:e7:31:95:35:
         58:25:a7:66:1c:1b:31:d7:3a:da:30:61:04:ac:46:ee:94:30:
         cb:81:08:fc:02:77:fc:2f:03:55:f9:40:7c:b7:d5:c0:6a:c8:
         aa:3e:4d:b9:f2:2d:44:31:85:70:c1:a3:0a:99:00:67:6d:e9:
         24:58:82:ae:f0:f4:b3:3f:ac:bf:ca:cb:75:e7:25:50:b3:ba:
         7b:72:2d:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzNBCY/CCJfVU26IYsyyuj5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MGM5ZWM1ZDQwNTg2ZWQzMjU1ZjBmYzRmY2IzMTU3NzE0
ZGRhMTUwHhcNMjYwMzA4MTAzNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGQ1MTJhOGM4MjhlMjI5ZDBhNTU2YTk5YzQ3OTUzMzgyMWMwMmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EB0fCw7adF6CIwH4I9ASZEKbz3f
XB/fRxVpqG25FEbgx3q31Em9Vlbm7n/ahArUEiL/dbi1hwxZFh17W+IjhurJruFM
gYmN1HsLQZMoUaAGNfSVAEYWZiq3h/vgvCAb0BdFpuct3L9WPcskZgvMWtKiXgur
vpc1PNkuFcpW3DyfYlBcuZdKzfTw9hjOK+C8h4Sg8NYwpUeXLna7ehUAYnOxBbFF
xtk/Q1JPX0/8r2M4hl8XNNYg+EFUqlL54oEgZkvDIcSVMud1joJlgxPupx54xNhO
AG6w5ZCpwYCfWchUEV9IoZU7x3aDcp/GL0OLrbHzz3A56n11rRRWjChTMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN3VEqjIKOIp0KVWqZxHlTOCHALOMB8GA1UdIwQY
MBaAFAYMnsXUBYbtMlXw/E/LMVdxTdoVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmd5ZXhkUUZodTB5VmZEOFQ4c3hWM0ZOMmhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9hZTNhM2UtMmMwYy00MDVlLWJjZDct
OWUwYTUxM2RlZWYyLzEvM2RVU3FNZ280aW5RcFZhcG5FZVZNNEljQXM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9hZTNhM2UtMmMwYy00MDVlLWJjZDctOWUwYTUxM2RlZWYy
LzEvQmd5ZXhkUUZodTB5VmZEOFQ4c3hWM0ZOMmhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0XnMA0G
CSqGSIb3DQEBCwUAA4IBAQBaXdkEhPsh2COSJjvNd2hPcI5EeLMyWODy8GtuiHoH
O3bxLccGspHDqcSRPGDpuoHYWuzexI6Z3CrUjJBxk7CCxDz/Jx9YIwUKPJ4MojN9
bu7erk4tVCSxFCRjBHFDpRRkgEb4KGaKHOba34So7alX3Sgb3rJHsyIohC6Btenr
v0Rz5skVMbcWoGp+uSbZQr3Fxt3oUGqzl98Zwhb7iGI0aXjvKDrQbEH16eSOo+jI
wOcxlTVYJadmHBsx1zraMGEErEbulDDLgQj8Anf8LwNV+UB8t9XAasiqPk258i1E
MYVwwaMKmQBnbekkWIKu8PSzP6y/yst15yVQs7p7ci07
-----END CERTIFICATE-----