Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/3qwG3xPSfwa0YxOj5FJBzoydLoM.roa
File:                     3qwG3xPSfwa0YxOj5FJBzoydLoM.roa (raw, json)
Hash identifier:          V1GEjUt4Eq1OKBUX6efcLjByQeBfNaO1ln7hfsoEcr8=
Subject key identifier:   DE:AC:06:DF:13:D2:7F:06:B4:63:13:A3:E4:52:41:CE:8C:9D:2E:83
Certificate issuer:       /CN=e138ec242a43e9c9d4ceb25dc90e5453373d3f46
Certificate serial:       019D08C4D38F83852F938B24D068BC716E21
Authority key identifier: E1:38:EC:24:2A:43:E9:C9:D4:CE:B2:5D:C9:0E:54:53:37:3D:3F:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/3qwG3xPSfwa0YxOj5FJBzoydLoM.roa
Signing time:             Fri 20 Mar 2026 01:03:30 +0000
ROA not before:           Fri 20 Mar 2026 01:03:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200415
IP address blocks:        194.180.32.0/24 maxlen: 24
                          194.180.33.0/24 maxlen: 24
                          194.180.34.0/24 maxlen: 24
                          194.180.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Mar 2026 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:08:c4:d3:8f:83:85:2f:93:8b:24:d0:68:bc:71:6e:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e138ec242a43e9c9d4ceb25dc90e5453373d3f46
        Validity
            Not Before: Mar 20 01:03:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=deac06df13d27f06b46313a3e45241ce8c9d2e83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:ec:39:5d:72:78:0b:1d:54:20:36:98:f9:57:
                    25:b3:c6:55:4f:92:33:9b:a6:a0:8a:f6:a6:d1:19:
                    9d:6c:d4:0b:09:30:ef:02:e6:d9:e9:20:08:97:c1:
                    36:86:7b:ed:c7:49:39:fc:d9:9b:4f:b3:9e:fe:79:
                    9b:71:eb:64:88:3e:48:e3:f2:fa:ce:be:a6:a0:87:
                    ff:81:cf:85:a3:f2:8e:a5:f1:f7:e5:7d:fe:e2:8e:
                    e6:00:af:da:32:00:a6:09:96:91:11:d1:a9:9d:4a:
                    da:08:a1:f4:c5:fd:3e:86:a9:89:ed:65:ef:54:29:
                    20:e9:a5:84:44:78:aa:ba:85:ad:be:fc:4e:e8:57:
                    4a:80:7d:5e:cf:52:f1:f3:fe:0c:e5:38:3e:ef:2a:
                    38:64:99:cf:5a:e2:90:e2:97:61:b3:d1:2a:ca:36:
                    65:a2:ec:56:eb:bf:52:26:3b:e5:85:bb:c4:89:54:
                    cf:5d:e7:09:38:68:f4:dd:89:37:b7:6e:d7:2e:66:
                    25:e1:64:78:1f:36:cc:6e:a3:a8:10:78:2f:e5:ef:
                    5b:99:b7:0a:65:e5:b6:8d:10:71:88:c4:7e:7c:f2:
                    2c:8d:ea:40:a3:ec:65:ed:8a:3a:ac:28:5a:f7:a4:
                    8e:1e:78:b7:2c:df:42:a8:17:bf:d4:cd:56:38:ee:
                    dc:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:AC:06:DF:13:D2:7F:06:B4:63:13:A3:E4:52:41:CE:8C:9D:2E:83
            X509v3 Authority Key Identifier:
                keyid:E1:38:EC:24:2A:43:E9:C9:D4:CE:B2:5D:C9:0E:54:53:37:3D:3F:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/3qwG3xPSfwa0YxOj5FJBzoydLoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:3f:36:24:7f:ab:1b:65:36:59:c8:99:ee:26:15:55:02:75:
         1e:1b:df:34:f9:e6:ce:4a:f3:3e:d1:26:ff:ce:21:9b:5a:bd:
         7d:6d:90:f4:45:5f:a9:4a:09:28:3b:65:73:50:b1:54:ca:d9:
         cd:91:49:b2:ad:a4:29:cc:7a:f1:eb:7a:63:3a:e2:63:33:40:
         02:2f:64:58:9e:65:b9:2f:60:b2:90:ec:a3:6c:3d:46:18:ac:
         61:55:82:a4:0d:fb:b8:9c:92:96:6b:27:6d:4f:14:e7:78:c0:
         37:b7:ec:84:10:2d:ee:92:3f:11:43:43:cc:e5:8c:31:a3:62:
         05:ab:e3:a6:34:75:b1:69:c0:48:25:83:7f:8f:e0:bd:b4:2f:
         77:ad:30:0e:1f:cc:8f:c4:a7:56:91:3c:3c:97:14:10:e4:a2:
         65:1d:3e:63:9d:d4:d2:d1:2e:85:b0:eb:1d:e2:6f:fb:fb:6d:
         f5:58:d9:a1:13:bc:8a:b1:e5:90:05:e7:de:6e:da:66:5d:98:
         a4:fd:b1:75:7c:02:df:71:b6:cd:49:62:1d:d6:b1:5d:32:32:
         5b:11:1d:f8:ed:49:53:6b:bb:be:4b:b0:e0:ac:f0:64:d7:d4:
         76:b3:56:46:e5:39:b0:54:c9:bc:9b:24:d3:b7:b8:1e:0d:b0:
         a7:23:19:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0IxNOPg4Uvk4sk0Gi8cW4hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMzhlYzI0MmE0M2U5YzlkNGNlYjI1ZGM5MGU1NDUzMzcz
ZDNmNDYwHhcNMjYwMzIwMDEwMzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWFjMDZkZjEzZDI3ZjA2YjQ2MzEzYTNlNDUyNDFjZThjOWQyZTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ew5XXJ4Cx1UIDaY+Vcls8ZVT5Iz
m6agivam0RmdbNQLCTDvAubZ6SAIl8E2hnvtx0k5/NmbT7Oe/nmbcetkiD5I4/L6
zr6moIf/gc+Fo/KOpfH35X3+4o7mAK/aMgCmCZaREdGpnUraCKH0xf0+hqmJ7WXv
VCkg6aWERHiquoWtvvxO6FdKgH1ez1Lx8/4M5Tg+7yo4ZJnPWuKQ4pdhs9EqyjZl
ouxW679SJjvlhbvEiVTPXecJOGj03Yk3t27XLmYl4WR4HzbMbqOoEHgv5e9bmbcK
ZeW2jRBxiMR+fPIsjepAo+xl7Yo6rCha96SOHni3LN9CqBe/1M1WOO7cYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6sBt8T0n8GtGMTo+RSQc6MnS6DMB8GA1UdIwQY
MBaAFOE47CQqQ+nJ1M6yXckOVFM3PT9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFRqc0pDcEQ2Y25VenJKZHlRNVVVemM5UDBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8wYjdmZDMtOTBmMC00NWQxLThhNTgt
Njc4NWNkNDU2ODcxLzEvM3F3RzN4UFNmd2EwWXhPajVGSkJ6b3lkTG9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8wYjdmZDMtOTBmMC00NWQxLThhNTgtNjc4NWNkNDU2ODcx
LzEvNFRqc0pDcEQ2Y25VenJKZHlRNVVVemM5UDBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwrQgMA0G
CSqGSIb3DQEBCwUAA4IBAQCePzYkf6sbZTZZyJnuJhVVAnUeG980+ebOSvM+0Sb/
ziGbWr19bZD0RV+pSgkoO2VzULFUytnNkUmyraQpzHrx63pjOuJjM0ACL2RYnmW5
L2CykOyjbD1GGKxhVYKkDfu4nJKWaydtTxTneMA3t+yEEC3ukj8RQ0PM5Ywxo2IF
q+OmNHWxacBIJYN/j+C9tC93rTAOH8yPxKdWkTw8lxQQ5KJlHT5jndTS0S6FsOsd
4m/7+231WNmhE7yKseWQBefebtpmXZik/bF1fALfcbbNSWId1rFdMjJbER347UlT
a7u+S7DgrPBk19R2s1ZG5TmwVMm8myTTt7geDbCnIxmI
-----END CERTIFICATE-----