Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/O_JWRj5Djic4pjl6umhJDPP7BuI.roa
File:                     O_JWRj5Djic4pjl6umhJDPP7BuI.roa (raw, json)
Hash identifier:          oXNGdNb1x3OVweYzH4oXuC+MRGHHCd9nwAtXQGgCLxw=
Subject key identifier:   3B:F2:56:46:3E:43:8E:27:38:A6:39:7A:BA:68:49:0C:F3:FB:06:E2
Certificate issuer:       /CN=a5b0c05731efa4bbe5c2a30ae5189f7785d2d499
Certificate serial:       019E73AEAA575805AECDABD4B24FD05B4304
Authority key identifier: A5:B0:C0:57:31:EF:A4:BB:E5:C2:A3:0A:E5:18:9F:77:85:D2:D4:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/O_JWRj5Djic4pjl6umhJDPP7BuI.roa
Signing time:             Fri 29 May 2026 12:21:27 +0000
ROA not before:           Fri 29 May 2026 12:21:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24670
IP address blocks:        193.150.188.0/22 maxlen: 24
                          193.150.189.0/24 maxlen: 24
                          193.150.190.0/24 maxlen: 24
                          193.150.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Jun 2026 12:28:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:73:ae:aa:57:58:05:ae:cd:ab:d4:b2:4f:d0:5b:43:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5b0c05731efa4bbe5c2a30ae5189f7785d2d499
        Validity
            Not Before: May 29 12:21:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3bf256463e438e2738a6397aba68490cf3fb06e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b4:8a:28:09:0a:ad:2c:53:26:3d:6d:94:da:
                    31:3c:74:86:42:52:ea:f2:84:c6:50:ab:7d:e4:be:
                    66:c8:24:bb:1d:9c:cc:55:79:6e:4d:b0:b2:08:31:
                    b4:95:23:12:13:fe:4d:1f:54:87:09:3c:34:24:4e:
                    d8:aa:a5:f9:31:05:66:72:db:0f:c2:a6:0c:40:ba:
                    51:2f:91:b7:27:07:db:bc:5c:c1:68:78:4c:5a:16:
                    92:6a:9b:cf:f3:f1:a8:39:94:53:8e:ec:21:5f:ef:
                    3f:c3:69:cc:f3:86:bb:59:da:a2:8f:81:9c:23:36:
                    c3:c4:ea:58:c8:38:d5:2c:9a:7e:8f:f8:12:03:be:
                    ea:b8:90:7a:bc:44:b3:bc:0d:e2:b5:9e:a5:08:7c:
                    0d:63:a4:92:ed:c2:0b:f9:bd:d9:59:6e:e7:34:87:
                    eb:8a:05:1d:4e:89:bb:ad:dc:a0:34:fc:b6:59:80:
                    e4:57:98:d7:fb:8f:2a:9a:b8:60:99:89:05:78:23:
                    55:6f:d5:41:52:59:a9:34:1b:f1:36:de:06:11:01:
                    1a:b4:29:54:e5:62:b1:03:8b:8a:54:d1:bd:b3:1f:
                    58:a1:23:67:63:f8:f2:b1:c5:54:71:96:a0:1d:ea:
                    a9:3f:32:d0:02:6a:05:07:03:bf:cc:cf:1b:08:1b:
                    b0:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:F2:56:46:3E:43:8E:27:38:A6:39:7A:BA:68:49:0C:F3:FB:06:E2
            X509v3 Authority Key Identifier:
                keyid:A5:B0:C0:57:31:EF:A4:BB:E5:C2:A3:0A:E5:18:9F:77:85:D2:D4:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/O_JWRj5Djic4pjl6umhJDPP7BuI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.150.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:cc:49:b6:a7:81:b4:71:82:45:21:2d:10:59:dc:77:e6:74:
         4c:9b:ae:51:48:e8:cf:68:d0:ee:21:bd:e4:c4:ef:e1:b4:bb:
         b7:80:1e:df:2d:f7:dc:ca:d5:bd:06:cb:13:1c:56:0f:d5:38:
         0c:23:f4:b7:ec:49:e3:95:77:c5:ae:43:87:6e:00:3c:ff:73:
         a0:70:5b:d4:1c:f7:af:18:ed:07:6a:92:d5:93:8a:7d:cd:6e:
         3d:33:c0:5d:ea:f5:79:11:1d:76:77:04:f9:c1:a6:15:31:60:
         3a:f7:32:d0:e4:cb:e7:2d:7a:65:20:d4:03:7d:e4:f4:d0:77:
         24:2f:41:08:6b:c1:91:ef:2e:00:77:6a:6b:50:35:9e:16:a3:
         ad:ca:96:09:97:05:d7:da:75:9f:a4:4d:b4:5d:ca:92:eb:fc:
         35:2a:b3:41:a1:5a:89:2f:0f:a3:d2:13:f9:8d:ba:02:27:c6:
         ef:04:8f:5b:c0:34:4c:1e:d8:26:1b:b6:d9:cf:46:9c:2f:34:
         f2:75:00:20:a4:1e:db:5e:87:f6:e2:7f:09:6e:f6:6b:2b:11:
         b7:45:8a:ac:7e:ab:85:03:f4:f5:35:24:3f:6f:de:55:a8:11:
         8b:5c:2d:2f:81:33:37:f2:d3:a6:c7:d4:a5:52:a6:7e:e9:8e:
         73:c2:fd:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5zrqpXWAWuzavUsk/QW0MEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YjBjMDU3MzFlZmE0YmJlNWMyYTMwYWU1MTg5Zjc3ODVk
MmQ0OTkwHhcNMjYwNTI5MTIyMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmYyNTY0NjNlNDM4ZTI3MzhhNjM5N2FiYTY4NDkwY2YzZmIwNmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLSKKAkKrSxTJj1tlNoxPHSGQlLq
8oTGUKt95L5myCS7HZzMVXluTbCyCDG0lSMSE/5NH1SHCTw0JE7YqqX5MQVmctsP
wqYMQLpRL5G3JwfbvFzBaHhMWhaSapvP8/GoOZRTjuwhX+8/w2nM84a7Wdqij4Gc
IzbDxOpYyDjVLJp+j/gSA77quJB6vESzvA3itZ6lCHwNY6SS7cIL+b3ZWW7nNIfr
igUdTom7rdygNPy2WYDkV5jX+48qmrhgmYkFeCNVb9VBUlmpNBvxNt4GEQEatClU
5WKxA4uKVNG9sx9YoSNnY/jyscVUcZagHeqpPzLQAmoFBwO/zM8bCBuwxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDvyVkY+Q44nOKY5erpoSQzz+wbiMB8GA1UdIwQY
MBaAFKWwwFcx76S75cKjCuUYn3eF0tSZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGJEQVZ6SHZwTHZsd3FNSzVSaWZkNFhTMUprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yNTE0OWMtMDkzMi00NjgzLThhYjgt
ZDE1ZmViZGY1ZWNmLzEvT19KV1JqNURqaWM0cGpsNnVtaEpEUFA3QnVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yNTE0OWMtMDkzMi00NjgzLThhYjgtZDE1ZmViZGY1ZWNm
LzEvcGJEQVZ6SHZwTHZsd3FNSzVSaWZkNFhTMUprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwZa8MA0G
CSqGSIb3DQEBCwUAA4IBAQAizEm2p4G0cYJFIS0QWdx35nRMm65RSOjPaNDuIb3k
xO/htLu3gB7fLffcytW9BssTHFYP1TgMI/S37EnjlXfFrkOHbgA8/3OgcFvUHPev
GO0HapLVk4p9zW49M8Bd6vV5ER12dwT5waYVMWA69zLQ5MvnLXplINQDfeT00Hck
L0EIa8GR7y4Ad2prUDWeFqOtypYJlwXX2nWfpE20XcqS6/w1KrNBoVqJLw+j0hP5
jboCJ8bvBI9bwDRMHtgmG7bZz0acLzTydQAgpB7bXof24n8JbvZrKxG3RYqsfquF
A/T1NSQ/b95VqBGLXC0vgTM38tOmx9SlUqZ+6Y5zwv2T
-----END CERTIFICATE-----