Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/120084-c886-47ce-9040-9621b2088c2d/1/5AOG4kUiGD70wVs_XxJDRgh1PMY.roa
File:                     5AOG4kUiGD70wVs_XxJDRgh1PMY.roa (raw, json)
Hash identifier:          MRYcI9nU4eBASWsWUt6T36KO1+qAGLyatjU9/qm4WUA=
Subject key identifier:   E4:03:86:E2:45:22:18:3E:F4:C1:5B:3F:5F:12:43:46:08:75:3C:C6
Certificate issuer:       /CN=dc621dcdc7ad0be331d7c9a447f2a164e42ea4fd
Certificate serial:       019CBAAC67E46A72E39F62D55F7F26D440A8
Authority key identifier: DC:62:1D:CD:C7:AD:0B:E3:31:D7:C9:A4:47:F2:A1:64:E4:2E:A4:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3GIdzcetC-Mx18mkR_KhZOQupP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/120084-c886-47ce-9040-9621b2088c2d/1/5AOG4kUiGD70wVs_XxJDRgh1PMY.roa
Signing time:             Wed 04 Mar 2026 21:06:26 +0000
ROA not before:           Wed 04 Mar 2026 21:06:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48390
IP address blocks:        185.20.3.0/24 maxlen: 24
                          2a0c:d0c0::/29 maxlen: 32
                          2a0c:d0c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/120084-c886-47ce-9040-9621b2088c2d/1/3GIdzcetC-Mx18mkR_KhZOQupP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/120084-c886-47ce-9040-9621b2088c2d/1/3GIdzcetC-Mx18mkR_KhZOQupP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3GIdzcetC-Mx18mkR_KhZOQupP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 06:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ba:ac:67:e4:6a:72:e3:9f:62:d5:5f:7f:26:d4:40:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc621dcdc7ad0be331d7c9a447f2a164e42ea4fd
        Validity
            Not Before: Mar  4 21:06:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e40386e24522183ef4c15b3f5f12434608753cc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:61:a9:7f:f0:3a:b0:39:98:5a:3a:b1:06:07:
                    ec:e5:c8:4a:d4:9c:5a:78:ac:1d:e2:b3:04:2b:81:
                    d7:31:84:43:86:8e:d9:ce:da:92:8d:19:8d:18:40:
                    f4:6c:6e:37:b3:eb:f1:29:b4:15:9a:c1:d0:bc:4e:
                    26:c1:b6:d7:6b:6f:20:60:4f:e6:a4:3a:1d:94:12:
                    5b:e3:bf:04:0e:0b:09:a6:d2:eb:10:14:3c:ed:be:
                    a2:35:71:04:cc:db:62:6f:f2:1c:bb:77:8d:78:1b:
                    e3:4f:ba:f5:43:9b:19:96:53:39:42:fa:84:37:49:
                    27:3b:83:cf:81:12:c0:53:e7:27:49:40:68:15:a5:
                    b3:4b:0a:84:2f:0f:93:8a:c5:c5:f4:d2:d7:75:c2:
                    ff:c3:55:1c:7a:fb:db:0b:69:6b:bc:af:53:7c:08:
                    46:ca:1c:37:31:35:78:f8:e7:0b:c7:5c:9a:e2:ea:
                    94:1a:53:de:b2:5a:38:9a:f6:a1:dd:a6:8b:65:ff:
                    bd:9c:ba:23:09:47:57:c7:db:ca:69:d9:2c:41:30:
                    1d:9f:9e:cd:ec:1c:9b:f0:51:6c:3a:4e:73:d2:f8:
                    dc:3f:6a:0f:b1:47:28:7e:6c:e4:84:f0:f3:38:49:
                    94:20:3a:b4:68:15:35:35:71:b8:f1:8d:36:c7:f5:
                    f8:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:03:86:E2:45:22:18:3E:F4:C1:5B:3F:5F:12:43:46:08:75:3C:C6
            X509v3 Authority Key Identifier:
                keyid:DC:62:1D:CD:C7:AD:0B:E3:31:D7:C9:A4:47:F2:A1:64:E4:2E:A4:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3GIdzcetC-Mx18mkR_KhZOQupP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/120084-c886-47ce-9040-9621b2088c2d/1/5AOG4kUiGD70wVs_XxJDRgh1PMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/120084-c886-47ce-9040-9621b2088c2d/1/3GIdzcetC-Mx18mkR_KhZOQupP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.3.0/24
                IPv6:
                  2a0c:d0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         bb:2e:fe:5d:74:96:b9:53:07:a2:5c:6a:e7:f7:37:a4:28:73:
         17:62:c9:eb:85:bc:73:bf:f1:83:6f:0c:72:75:22:f8:f4:10:
         54:21:05:d8:ee:c9:96:b3:54:53:14:93:ff:87:1d:70:53:6f:
         c5:45:ba:76:2d:96:8d:86:f3:7c:ee:ec:bc:9e:14:9e:c5:ad:
         cd:73:ca:d1:1a:a8:5b:3f:19:bc:e5:38:b0:ae:b1:d9:45:8c:
         1a:23:a4:0c:d5:79:7d:f3:04:7d:b0:49:0b:cc:74:b3:98:e0:
         60:4f:d6:04:82:2d:c5:98:b3:04:2a:45:2a:c3:1d:ba:3b:af:
         a3:82:47:4c:66:98:67:90:6d:24:67:ed:b3:4e:09:ba:5f:ec:
         84:62:c4:03:52:b7:7f:50:2d:09:f4:a8:64:7b:78:08:cc:2d:
         32:58:e0:ee:04:df:38:71:e9:7c:82:cc:16:98:52:a7:db:51:
         79:13:6a:d7:b4:7c:31:8f:8d:78:9c:f5:c3:3d:97:31:5c:3d:
         ef:5e:8d:3a:88:c1:36:d1:9f:ae:50:1d:95:6d:98:8a:ff:4e:
         97:dc:96:34:ad:99:3a:c2:d4:81:bf:28:ff:d3:0e:03:d7:9e:
         d5:7a:05:62:57:d5:b3:66:8d:3e:e8:c7:0f:ab:36:8a:f4:96:
         61:28:0a:73
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZy6rGfkanLjn2LVX38m1ECoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNjIxZGNkYzdhZDBiZTMzMWQ3YzlhNDQ3ZjJhMTY0ZTQy
ZWE0ZmQwHhcNMjYwMzA0MjEwNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDAzODZlMjQ1MjIxODNlZjRjMTViM2Y1ZjEyNDM0NjA4NzUzY2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA32Gpf/A6sDmYWjqxBgfs5chK1Jxa
eKwd4rMEK4HXMYRDho7ZztqSjRmNGED0bG43s+vxKbQVmsHQvE4mwbbXa28gYE/m
pDodlBJb478EDgsJptLrEBQ87b6iNXEEzNtib/Icu3eNeBvjT7r1Q5sZllM5QvqE
N0knO4PPgRLAU+cnSUBoFaWzSwqELw+TisXF9NLXdcL/w1UcevvbC2lrvK9TfAhG
yhw3MTV4+OcLx1ya4uqUGlPeslo4mvah3aaLZf+9nLojCUdXx9vKadksQTAdn57N
7Byb8FFsOk5z0vjcP2oPsUcofmzkhPDzOEmUIDq0aBU1NXG48Y02x/X4wQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOQDhuJFIhg+9MFbP18SQ0YIdTzGMB8GA1UdIwQY
MBaAFNxiHc3HrQvjMdfJpEfyoWTkLqT9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0dJZHpjZXRDLU14MThta1JfS2haT1F1cFAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8xMjAwODQtYzg4Ni00N2NlLTkwNDAt
OTYyMWIyMDg4YzJkLzEvNUFPRzRrVWlHRDcwd1ZzX1h4SkRSZ2gxUE1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8xMjAwODQtYzg4Ni00N2NlLTkwNDAtOTYyMWIyMDg4YzJk
LzEvM0dJZHpjZXRDLU14MThta1JfS2haT1F1cFAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRQDMA0E
AgACMAcDBQMqDNDAMA0GCSqGSIb3DQEBCwUAA4IBAQC7Lv5ddJa5UweiXGrn9zek
KHMXYsnrhbxzv/GDbwxydSL49BBUIQXY7smWs1RTFJP/hx1wU2/FRbp2LZaNhvN8
7uy8nhSexa3Nc8rRGqhbPxm85TiwrrHZRYwaI6QM1Xl98wR9sEkLzHSzmOBgT9YE
gi3FmLMEKkUqwx26O6+jgkdMZphnkG0kZ+2zTgm6X+yEYsQDUrd/UC0J9Khke3gI
zC0yWODuBN84cel8gswWmFKn21F5E2rXtHwxj414nPXDPZcxXD3vXo06iME20Z+u
UB2VbZiK/06X3JY0rZk6wtSBvyj/0w4D157VegViV9WzZo0+6McPqzaK9JZhKApz
-----END CERTIFICATE-----