Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/2OHYoT-Zosv0TSP0mD3syDltxiI.roa
File:                     2OHYoT-Zosv0TSP0mD3syDltxiI.roa (raw, json)
Hash identifier:          n1Lo9lXpdHgGuXNEAwoEn0rduxR1E46L0wmYc1TnePY=
Subject key identifier:   D8:E1:D8:A1:3F:99:A2:CB:F4:4D:23:F4:98:3D:EC:C8:39:6D:C6:22
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019D674CE549471349D30F5168A6DD7859D0
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/2OHYoT-Zosv0TSP0mD3syDltxiI.roa
Signing time:             Tue 07 Apr 2026 09:36:25 +0000
ROA not before:           Tue 07 Apr 2026 09:36:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40352
IP address blocks:        178.253.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 17:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:67:4c:e5:49:47:13:49:d3:0f:51:68:a6:dd:78:59:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Apr  7 09:36:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8e1d8a13f99a2cbf44d23f4983decc8396dc622
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:cb:10:eb:91:fb:a0:77:9f:34:ac:0a:87:90:
                    1e:70:15:55:58:d7:96:8a:40:16:90:ea:9d:cf:90:
                    81:a1:36:af:f2:d8:aa:16:fd:80:82:d8:b1:2a:0a:
                    90:1f:ae:de:e0:c6:92:95:09:b8:a1:e8:ca:6f:b0:
                    c5:24:4d:d6:80:d9:72:0e:45:45:27:d7:05:9a:a3:
                    51:d5:8c:a3:17:3d:41:8d:23:13:b5:b5:74:1f:2f:
                    91:59:ea:4d:36:c5:2d:61:07:ce:c5:69:fb:a8:c3:
                    64:c7:ac:3e:ee:2b:29:d5:f6:5f:55:21:24:b6:65:
                    a8:5e:4f:21:41:15:23:f8:cd:b1:7c:28:30:ac:07:
                    fc:31:ba:83:05:23:e6:fc:88:ac:f5:4d:ec:2e:67:
                    4a:b8:ec:77:06:bd:13:36:d3:4b:38:20:57:a3:0a:
                    9b:0f:57:2a:65:cd:da:2b:d1:ad:2f:d3:8f:56:ad:
                    fd:9a:17:d9:d9:9d:a5:96:e0:fc:20:79:e2:95:50:
                    1e:08:96:75:a9:36:8e:6b:91:2d:a1:24:5e:4e:37:
                    0b:39:59:c6:e2:95:f2:6b:95:e8:11:3e:84:a6:b6:
                    05:7f:68:cd:f8:f2:45:5b:42:81:51:aa:b8:ff:69:
                    8f:f0:ff:ad:10:69:d5:be:c3:a5:c5:29:0e:98:30:
                    a5:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:E1:D8:A1:3F:99:A2:CB:F4:4D:23:F4:98:3D:EC:C8:39:6D:C6:22
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/2OHYoT-Zosv0TSP0mD3syDltxiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:05:9f:16:39:40:3e:29:a6:f7:39:11:ed:5c:a7:6e:14:0b:
         a8:4c:e5:7d:1b:36:4a:62:fa:52:bd:91:dd:83:0f:3a:ac:6d:
         99:6c:1e:87:12:7d:95:bd:ad:0f:40:21:4a:c0:b1:92:66:d9:
         1f:d7:04:49:1b:09:59:75:c1:de:55:11:f0:d6:21:dd:be:2f:
         03:e2:0b:c7:49:2a:6f:72:38:85:fe:bb:4a:dd:d3:d6:ca:31:
         79:03:82:48:01:dc:1d:96:e9:73:84:91:24:9b:f6:96:54:f6:
         c6:66:69:d7:9b:7e:b3:b2:3d:fd:01:ee:0e:5b:ea:70:dd:f4:
         2a:50:d0:16:2e:0d:e9:8f:b9:9b:dd:79:92:1d:c4:d4:a5:e8:
         38:4f:74:c9:13:9d:05:2e:a0:ba:d8:69:34:1d:d1:96:18:f0:
         49:e7:aa:f6:91:a5:be:c1:db:29:0f:51:5a:89:19:76:f5:9f:
         bb:97:a4:c3:c3:6b:93:c8:b4:da:f4:09:7e:16:d5:d1:b5:c6:
         df:d4:30:03:45:c5:44:30:e2:ab:bc:c3:d2:17:21:e8:62:0c:
         f9:e2:eb:c7:25:51:0b:b7:e2:d6:a9:c3:13:bf:a6:a3:c4:a4:
         44:25:58:cc:aa:7a:c7:a5:f3:10:84:45:39:a7:42:bf:20:2f:
         2b:01:76:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1nTOVJRxNJ0w9RaKbdeFnQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwNDA3MDkzNjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGUxZDhhMTNmOTlhMmNiZjQ0ZDIzZjQ5ODNkZWNjODM5NmRjNjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcsQ65H7oHefNKwKh5AecBVVWNeW
ikAWkOqdz5CBoTav8tiqFv2AgtixKgqQH67e4MaSlQm4oejKb7DFJE3WgNlyDkVF
J9cFmqNR1YyjFz1BjSMTtbV0Hy+RWepNNsUtYQfOxWn7qMNkx6w+7isp1fZfVSEk
tmWoXk8hQRUj+M2xfCgwrAf8MbqDBSPm/Iis9U3sLmdKuOx3Br0TNtNLOCBXowqb
D1cqZc3aK9GtL9OPVq39mhfZ2Z2lluD8IHnilVAeCJZ1qTaOa5EtoSReTjcLOVnG
4pXya5XoET6EprYFf2jN+PJFW0KBUaq4/2mP8P+tEGnVvsOlxSkOmDCl+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNjh2KE/maLL9E0j9Jg97Mg5bcYiMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvMk9IWW9ULVpvc3YwVFNQMG1EM3N5RGx0eGlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv0fMA0G
CSqGSIb3DQEBCwUAA4IBAQAPBZ8WOUA+Kab3ORHtXKduFAuoTOV9GzZKYvpSvZHd
gw86rG2ZbB6HEn2Vva0PQCFKwLGSZtkf1wRJGwlZdcHeVRHw1iHdvi8D4gvHSSpv
cjiF/rtK3dPWyjF5A4JIAdwdlulzhJEkm/aWVPbGZmnXm36zsj39Ae4OW+pw3fQq
UNAWLg3pj7mb3XmSHcTUpeg4T3TJE50FLqC62Gk0HdGWGPBJ56r2kaW+wdspD1Fa
iRl29Z+7l6TDw2uTyLTa9Al+FtXRtcbf1DADRcVEMOKrvMPSFyHoYgz54uvHJVEL
t+LWqcMTv6ajxKREJVjMqnrHpfMQhEU5p0K/IC8rAXYc
-----END CERTIFICATE-----