Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/OCtjTL7LEYo09sktNYyXcFrFZy8.roa
File:                     OCtjTL7LEYo09sktNYyXcFrFZy8.roa (raw, json)
Hash identifier:          /y1MTLAXpk40TihUVh8iSniEB1L6rquCUp+trmvai0s=
Subject key identifier:   38:2B:63:4C:BE:CB:11:8A:34:F6:C9:2D:35:8C:97:70:5A:C5:67:2F
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019E68723B98BC55AE548E5AF1F8B61AB248
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/OCtjTL7LEYo09sktNYyXcFrFZy8.roa
Signing time:             Wed 27 May 2026 07:59:37 +0000
ROA not before:           Wed 27 May 2026 07:59:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213476
IP address blocks:        188.255.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jun 2026 15:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:68:72:3b:98:bc:55:ae:54:8e:5a:f1:f8:b6:1a:b2:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May 27 07:59:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=382b634cbecb118a34f6c92d358c97705ac5672f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:2a:f7:12:3c:31:a3:68:39:db:51:d7:6e:4f:
                    1c:dc:9b:60:d1:90:09:1f:0b:44:1b:e6:20:72:5e:
                    ae:b5:2b:f3:13:cd:23:8b:ea:d5:63:38:6b:de:0e:
                    27:44:ba:05:ab:16:ef:e2:02:b9:51:8d:b5:b3:be:
                    b4:1b:d1:8c:92:3a:45:69:fc:3e:7e:79:5d:57:87:
                    bf:cd:b5:4d:b4:68:56:23:26:9c:8c:fe:ab:97:3d:
                    92:27:70:fe:aa:a9:35:bb:59:6c:a3:8f:54:b6:a9:
                    56:06:e7:eb:50:ab:40:58:fb:6b:23:11:cd:fb:6e:
                    53:1e:ef:5c:93:e1:09:9c:2c:6c:78:4c:2c:04:2c:
                    02:f8:84:d9:a4:a3:3c:2d:70:c2:07:4a:0d:88:3a:
                    7e:cc:3d:67:59:77:da:82:db:9d:41:81:cc:25:b8:
                    03:9c:22:2a:12:d5:fc:e5:a6:84:da:c9:a4:cd:89:
                    d3:bb:34:ce:84:c0:9a:4f:93:07:12:98:56:87:fc:
                    25:f1:ab:9f:d3:49:d5:49:09:20:95:f9:12:d3:6d:
                    2d:24:91:96:28:11:ab:ec:f3:48:7f:cd:ef:86:8b:
                    56:7f:8f:d4:09:83:fb:9f:ab:02:5f:d6:1e:00:72:
                    49:7d:f0:bf:2c:5b:7f:2f:d8:4c:f3:af:61:8e:f1:
                    2a:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:2B:63:4C:BE:CB:11:8A:34:F6:C9:2D:35:8C:97:70:5A:C5:67:2F
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/OCtjTL7LEYo09sktNYyXcFrFZy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:09:b5:45:33:1e:19:83:cf:f8:46:84:4b:30:87:3a:bd:68:
         35:c2:f7:70:79:9e:0b:91:63:f6:ad:e7:3c:8e:af:86:c6:af:
         8b:2d:ae:93:be:59:91:9a:6a:ca:b5:54:4a:e6:22:f9:f3:76:
         5b:1c:ff:e5:cf:52:53:9b:95:35:b3:56:a5:49:e0:4e:54:ed:
         d3:9e:8a:52:e6:7b:2c:18:60:5d:78:06:64:a5:65:97:78:76:
         2c:2d:6a:35:d4:5a:42:fd:1b:be:7e:a8:58:1a:5c:61:00:b9:
         2c:89:84:52:b5:4f:fa:ae:1c:48:07:43:79:1a:20:99:bf:f5:
         26:be:ee:37:a9:22:ff:7d:48:1e:0d:89:f1:02:e2:a5:95:70:
         3a:b6:0d:ce:d3:28:1b:49:83:d8:b7:7b:3d:97:e8:0d:ae:6d:
         38:fe:3b:48:a5:6b:67:94:5b:c8:f8:34:92:b2:01:4d:ee:e4:
         ef:26:5d:28:ac:03:8e:f8:7a:81:42:16:52:e7:8c:06:76:c0:
         aa:0e:d6:ab:26:d3:29:81:0c:24:78:89:8e:79:d7:ed:80:cf:
         72:26:8a:11:72:af:a9:b7:35:b6:f3:23:32:c0:1e:a7:df:14:
         52:f7:da:b4:88:a7:70:b6:62:79:bf:dd:5f:57:12:1d:98:a6:
         e3:67:ed:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5ocjuYvFWuVI5a8fi2GrJIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTI3MDc1OTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODJiNjM0Y2JlY2IxMThhMzRmNmM5MmQzNThjOTc3MDVhYzU2NzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCr3Ejwxo2g521HXbk8c3Jtg0ZAJ
HwtEG+Ygcl6utSvzE80ji+rVYzhr3g4nRLoFqxbv4gK5UY21s760G9GMkjpFafw+
fnldV4e/zbVNtGhWIyacjP6rlz2SJ3D+qqk1u1lso49UtqlWBufrUKtAWPtrIxHN
+25THu9ck+EJnCxseEwsBCwC+ITZpKM8LXDCB0oNiDp+zD1nWXfagtudQYHMJbgD
nCIqEtX85aaE2smkzYnTuzTOhMCaT5MHEphWh/wl8auf00nVSQkglfkS020tJJGW
KBGr7PNIf83vhotWf4/UCYP7n6sCX9YeAHJJffC/LFt/L9hM869hjvEqTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgrY0y+yxGKNPbJLTWMl3BaxWcvMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvT0N0alRMN0xFWW8wOXNrdE5ZeVhjRnJGWnk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP/FMA0G
CSqGSIb3DQEBCwUAA4IBAQCRCbVFMx4Zg8/4RoRLMIc6vWg1wvdweZ4LkWP2rec8
jq+Gxq+LLa6TvlmRmmrKtVRK5iL583ZbHP/lz1JTm5U1s1alSeBOVO3TnopS5nss
GGBdeAZkpWWXeHYsLWo11FpC/Ru+fqhYGlxhALksiYRStU/6rhxIB0N5GiCZv/Um
vu43qSL/fUgeDYnxAuKllXA6tg3O0ygbSYPYt3s9l+gNrm04/jtIpWtnlFvI+DSS
sgFN7uTvJl0orAOO+HqBQhZS54wGdsCqDtarJtMpgQwkeImOedftgM9yJooRcq+p
tzW28yMywB6n3xRS99q0iKdwtmJ5v91fVxIdmKbjZ+0v
-----END CERTIFICATE-----