Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/DTxRtWdc02pjlUXaQIgG7uvgReo.roa
File:                     DTxRtWdc02pjlUXaQIgG7uvgReo.roa (raw, json)
Hash identifier:          GlFAuY0HK+jawCdzfILLS9QTgrRHMLmyfsdh1Tz+gss=
Subject key identifier:   0D:3C:51:B5:67:5C:D3:6A:63:95:45:DA:40:88:06:EE:EB:E0:45:EA
Certificate issuer:       /CN=8cd802512ccb745b2a1b8f315714ebe39395403e
Certificate serial:       019EEF7C8432E5D32DA650661BFA2790759D
Authority key identifier: 8C:D8:02:51:2C:CB:74:5B:2A:1B:8F:31:57:14:EB:E3:93:95:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/DTxRtWdc02pjlUXaQIgG7uvgReo.roa
Signing time:             Mon 22 Jun 2026 13:19:35 +0000
ROA not before:           Mon 22 Jun 2026 13:19:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        195.238.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ef:7c:84:32:e5:d3:2d:a6:50:66:1b:fa:27:90:75:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8cd802512ccb745b2a1b8f315714ebe39395403e
        Validity
            Not Before: Jun 22 13:19:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d3c51b5675cd36a639545da408806eeebe045ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:52:9f:2d:ff:21:ab:83:df:a2:18:4c:ea:6f:
                    62:ba:fa:bf:f8:99:8f:c3:53:74:5e:c4:d6:b1:5b:
                    a8:15:eb:63:a6:1c:7a:82:82:c9:50:3b:90:d4:19:
                    ea:eb:ab:f2:78:2b:45:70:9a:d6:73:75:78:aa:65:
                    e9:97:73:45:46:7d:d7:0b:40:8b:b9:6c:f7:e9:e9:
                    cb:96:50:03:32:cd:fa:16:19:22:f2:54:22:89:16:
                    cb:8f:ba:f2:10:6c:93:b9:d7:56:06:88:42:9b:35:
                    65:76:a9:96:f6:b4:2d:2c:a4:ea:b7:a1:31:34:e4:
                    ce:00:55:1a:d4:32:7f:73:11:38:4c:8a:96:b7:ef:
                    d3:48:1b:2f:b3:7c:33:76:c1:b3:fb:3c:29:74:34:
                    2f:81:e3:62:3e:4c:f7:03:a7:58:09:7c:71:3e:94:
                    e2:e6:4b:84:10:0b:49:66:d6:a9:56:e1:e1:3f:a5:
                    7f:09:9a:6b:1a:a8:7a:41:06:70:a2:ea:31:c9:4f:
                    be:5c:fa:cb:4c:7b:af:77:ba:ff:a0:3f:6f:98:0b:
                    ab:41:67:f9:37:3b:61:e9:c9:d5:eb:3a:e8:cc:82:
                    bd:ca:94:1f:72:ad:ef:f8:02:4a:c5:aa:db:5d:27:
                    c8:78:5e:0b:22:ca:e3:82:cc:4a:e8:de:14:06:1a:
                    56:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:3C:51:B5:67:5C:D3:6A:63:95:45:DA:40:88:06:EE:EB:E0:45:EA
            X509v3 Authority Key Identifier:
                keyid:8C:D8:02:51:2C:CB:74:5B:2A:1B:8F:31:57:14:EB:E3:93:95:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jNgCUSzLdFsqG48xVxTr45OVQD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/DTxRtWdc02pjlUXaQIgG7uvgReo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/3d893a-5b1a-4d70-9ebb-38e068536e6b/1/jNgCUSzLdFsqG48xVxTr45OVQD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:cb:2c:c2:55:d9:d7:6f:e8:cd:f2:63:f7:fc:52:29:89:4c:
         45:04:89:f5:ac:f1:f8:ac:0c:35:b5:7b:6f:42:53:e0:45:8f:
         b3:0a:cd:43:e9:ee:74:5b:22:36:ca:3f:8a:93:fc:00:68:df:
         56:87:21:3f:77:b4:f4:e9:d5:04:25:dd:84:57:e8:2e:9d:02:
         f3:a1:3e:67:66:d3:2f:89:29:2e:ef:c6:e5:d9:5b:03:6e:77:
         07:59:95:81:4c:60:08:a5:2c:4d:37:08:61:56:24:a3:ad:e8:
         df:3b:cc:33:75:2e:bc:8d:17:e7:ee:43:de:7b:e4:8b:50:2b:
         5c:2e:11:ce:8f:8b:96:eb:b2:68:02:36:6c:0d:d8:b9:f0:e5:
         25:87:a3:2c:d4:4f:8a:18:17:37:53:2c:3f:1d:10:c9:96:03:
         67:42:ee:a6:de:60:bd:b9:eb:e2:24:e7:8c:3d:be:7d:1e:67:
         b9:db:e7:d7:2e:87:d8:37:88:50:d5:d7:06:68:07:bb:c4:b6:
         5a:ca:b6:30:6f:06:89:ea:8f:6b:50:c4:75:02:6f:3d:7f:a9:
         69:0c:4b:38:38:4e:fd:a6:10:a2:ee:ae:f6:97:56:77:0d:d2:
         bd:1f:b5:88:44:b3:1a:c4:92:07:06:b8:ad:4e:76:e0:64:19:
         c6:44:0a:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7vfIQy5dMtplBmG/onkHWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZDgwMjUxMmNjYjc0NWIyYTFiOGYzMTU3MTRlYmUzOTM5
NTQwM2UwHhcNMjYwNjIyMTMxOTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDNjNTFiNTY3NWNkMzZhNjM5NTQ1ZGE0MDg4MDZlZWViZTA0NWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1FKfLf8hq4PfohhM6m9iuvq/+JmP
w1N0XsTWsVuoFetjphx6goLJUDuQ1Bnq66vyeCtFcJrWc3V4qmXpl3NFRn3XC0CL
uWz36enLllADMs36Fhki8lQiiRbLj7ryEGyTuddWBohCmzVldqmW9rQtLKTqt6Ex
NOTOAFUa1DJ/cxE4TIqWt+/TSBsvs3wzdsGz+zwpdDQvgeNiPkz3A6dYCXxxPpTi
5kuEEAtJZtapVuHhP6V/CZprGqh6QQZwouoxyU++XPrLTHuvd7r/oD9vmAurQWf5
Nzth6cnV6zrozIK9ypQfcq3v+AJKxarbXSfIeF4LIsrjgsxK6N4UBhpWmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA08UbVnXNNqY5VF2kCIBu7r4EXqMB8GA1UdIwQY
MBaAFIzYAlEsy3RbKhuPMVcU6+OTlUA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak5nQ1VTekxkRnNxRzQ4eFZ4VHI0NU9WUUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8zZDg5M2EtNWIxYS00ZDcwLTllYmIt
MzhlMDY4NTM2ZTZiLzEvRFR4UnRXZGMwMnBqbFVYYVFJZ0c3dXZnUmVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8zZDg5M2EtNWIxYS00ZDcwLTllYmItMzhlMDY4NTM2ZTZi
LzEvak5nQ1VTekxkRnNxRzQ4eFZ4VHI0NU9WUUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+5jMA0G
CSqGSIb3DQEBCwUAA4IBAQC/yyzCVdnXb+jN8mP3/FIpiUxFBIn1rPH4rAw1tXtv
QlPgRY+zCs1D6e50WyI2yj+Kk/wAaN9WhyE/d7T06dUEJd2EV+gunQLzoT5nZtMv
iSku78bl2VsDbncHWZWBTGAIpSxNNwhhViSjrejfO8wzdS68jRfn7kPee+SLUCtc
LhHOj4uW67JoAjZsDdi58OUlh6Ms1E+KGBc3Uyw/HRDJlgNnQu6m3mC9ueviJOeM
Pb59Hme52+fXLofYN4hQ1dcGaAe7xLZayrYwbwaJ6o9rUMR1Am89f6lpDEs4OE79
phCi7q72l1Z3DdK9H7WIRLMaxJIHBritTnbgZBnGRAqE
-----END CERTIFICATE-----