Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/OCxjUdfS_ZiX9yJR2BW0nzS04dI.roa
File:                     OCxjUdfS_ZiX9yJR2BW0nzS04dI.roa (raw, json)
Hash identifier:          akwY11USGRsGHnKBLh4aHihObrJ6I3jB00pmLo8xnL4=
Subject key identifier:   38:2C:63:51:D7:D2:FD:98:97:F7:22:51:D8:15:B4:9F:34:B4:E1:D2
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019CD4274C0E97807B4D66A23291A069C5D9
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/OCxjUdfS_ZiX9yJR2BW0nzS04dI.roa
Signing time:             Mon 09 Mar 2026 19:51:10 +0000
ROA not before:           Mon 09 Mar 2026 19:51:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7488
IP address blocks:        194.61.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 11:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d4:27:4c:0e:97:80:7b:4d:66:a2:32:91:a0:69:c5:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Mar  9 19:51:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=382c6351d7d2fd9897f72251d815b49f34b4e1d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b4:6d:1a:af:9d:fb:50:fb:bf:5d:f1:13:95:
                    56:78:91:92:e2:f9:1f:90:a5:ab:e6:fb:0e:12:ec:
                    a9:35:c0:0e:9e:c6:e3:03:6b:dc:61:0b:ae:9d:a9:
                    55:a8:10:a4:4a:b4:e9:3e:57:bb:cb:8d:f9:35:b2:
                    72:92:d7:48:7c:bc:66:ea:02:2b:1d:ff:b3:4d:53:
                    77:1a:21:4c:c6:53:95:26:40:1c:95:ee:5b:90:fa:
                    43:33:4e:fe:a8:e8:39:da:b9:c6:fc:b9:98:7d:f4:
                    a7:94:21:f1:b9:ad:4c:15:3e:52:4a:e4:e8:59:24:
                    b4:93:94:8a:6a:0d:6e:0c:b4:89:b7:18:5d:83:f2:
                    1c:7c:30:d1:12:f9:80:15:c2:8b:c6:a1:31:7b:2b:
                    32:af:4c:5f:d6:3f:44:48:e7:c0:2d:65:ac:5d:4d:
                    74:2c:a2:dc:24:20:b2:3a:92:bf:7b:72:e4:91:33:
                    68:ed:9b:6d:8e:cb:82:71:04:82:12:49:63:08:82:
                    05:d5:29:81:66:1e:1b:54:92:eb:8e:d4:1d:eb:dd:
                    35:8b:3b:0e:0a:3d:60:63:10:6d:fd:eb:73:48:6a:
                    b2:ce:6f:94:d0:6f:7f:4d:84:cf:89:37:1d:df:64:
                    97:49:e7:f5:1b:cb:4a:0d:e2:86:72:bc:6a:b8:7a:
                    32:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:2C:63:51:D7:D2:FD:98:97:F7:22:51:D8:15:B4:9F:34:B4:E1:D2
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/OCxjUdfS_ZiX9yJR2BW0nzS04dI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:f3:c9:d1:c7:19:b8:f7:89:83:7b:57:bb:f6:70:c5:da:b0:
         3f:a9:ca:51:59:39:e0:9b:d0:43:d1:d0:ac:bf:64:0e:3d:05:
         23:75:90:4d:ca:21:5b:a3:d6:72:fa:bc:4d:ad:d2:6b:f2:95:
         a2:0a:94:24:00:d4:16:17:38:22:e2:2d:23:4c:0a:7d:4f:fe:
         d8:f9:d0:b8:f0:9c:f5:0a:37:27:4d:64:19:9d:59:d4:f4:71:
         03:25:8d:df:eb:25:f6:dc:c9:d0:d1:64:ac:a2:80:fb:88:c8:
         54:c6:92:b0:a1:28:10:1a:d5:b3:48:7b:af:5a:d9:08:21:be:
         de:c5:8e:08:e9:d9:b0:d7:9b:86:e3:a3:43:2e:47:3e:99:97:
         ec:db:55:23:64:5a:46:d2:5d:41:a8:8f:17:9c:c2:4c:a7:da:
         cf:ad:5d:c1:4a:70:c1:0e:e1:37:25:3a:98:0b:8c:d3:c3:b5:
         b5:24:82:2c:39:a2:16:0e:7f:52:46:11:9f:46:df:3a:bd:2e:
         15:30:78:8b:59:57:38:25:27:37:01:48:1e:4e:71:a1:7d:9f:
         0b:c4:6d:70:a3:db:d8:b6:7f:12:e0:5b:66:98:4a:af:14:10:
         61:b2:75:75:d1:7e:ac:44:c6:02:ea:b8:8d:f6:54:53:b0:20:
         97:f0:ce:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzUJ0wOl4B7TWaiMpGgacXZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwMzA5MTk1MTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODJjNjM1MWQ3ZDJmZDk4OTdmNzIyNTFkODE1YjQ5ZjM0YjRlMWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLRtGq+d+1D7v13xE5VWeJGS4vkf
kKWr5vsOEuypNcAOnsbjA2vcYQuunalVqBCkSrTpPle7y435NbJyktdIfLxm6gIr
Hf+zTVN3GiFMxlOVJkAcle5bkPpDM07+qOg52rnG/LmYffSnlCHxua1MFT5SSuTo
WSS0k5SKag1uDLSJtxhdg/IcfDDREvmAFcKLxqExeysyr0xf1j9ESOfALWWsXU10
LKLcJCCyOpK/e3LkkTNo7ZttjsuCcQSCEkljCIIF1SmBZh4bVJLrjtQd6901izsO
Cj1gYxBt/etzSGqyzm+U0G9/TYTPiTcd32SXSef1G8tKDeKGcrxquHoyCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgsY1HX0v2Yl/ciUdgVtJ80tOHSMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvT0N4alVkZlNfWmlYOXlKUjJCVzBuelMwNGRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj1JMA0G
CSqGSIb3DQEBCwUAA4IBAQBq88nRxxm494mDe1e79nDF2rA/qcpRWTngm9BD0dCs
v2QOPQUjdZBNyiFbo9Zy+rxNrdJr8pWiCpQkANQWFzgi4i0jTAp9T/7Y+dC48Jz1
CjcnTWQZnVnU9HEDJY3f6yX23MnQ0WSsooD7iMhUxpKwoSgQGtWzSHuvWtkIIb7e
xY4I6dmw15uG46NDLkc+mZfs21UjZFpG0l1BqI8XnMJMp9rPrV3BSnDBDuE3JTqY
C4zTw7W1JIIsOaIWDn9SRhGfRt86vS4VMHiLWVc4JSc3AUgeTnGhfZ8LxG1wo9vY
tn8S4FtmmEqvFBBhsnV10X6sRMYC6riN9lRTsCCX8M4I
-----END CERTIFICATE-----