Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/2b4d0f-219f-4c00-8648-a12de3a33553/1/OpXaDaqMLnQD8_pmVps5LotevYs.roa
File:                     OpXaDaqMLnQD8_pmVps5LotevYs.roa (raw, json)
Hash identifier:          OtMNohCL4mtMzZIbyNI3YgTQ7sw7Te2CDE8+86NkE1M=
Subject key identifier:   3A:95:DA:0D:AA:8C:2E:74:03:F3:FA:66:56:9B:39:2E:8B:5E:BD:8B
Certificate issuer:       /CN=52226f671c2643a5c04846264fee01f943ac2bfc
Certificate serial:       019EF412388A79DED3DD651A085D86994DD7
Authority key identifier: 52:22:6F:67:1C:26:43:A5:C0:48:46:26:4F:EE:01:F9:43:AC:2B:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UiJvZxwmQ6XASEYmT-4B-UOsK_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/2b4d0f-219f-4c00-8648-a12de3a33553/1/OpXaDaqMLnQD8_pmVps5LotevYs.roa
Signing time:             Tue 23 Jun 2026 10:41:35 +0000
ROA not before:           Tue 23 Jun 2026 10:41:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15731
IP address blocks:        80.86.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/2b4d0f-219f-4c00-8648-a12de3a33553/1/UiJvZxwmQ6XASEYmT-4B-UOsK_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/2b4d0f-219f-4c00-8648-a12de3a33553/1/UiJvZxwmQ6XASEYmT-4B-UOsK_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UiJvZxwmQ6XASEYmT-4B-UOsK_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 14:12:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f4:12:38:8a:79:de:d3:dd:65:1a:08:5d:86:99:4d:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52226f671c2643a5c04846264fee01f943ac2bfc
        Validity
            Not Before: Jun 23 10:41:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a95da0daa8c2e7403f3fa66569b392e8b5ebd8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:81:16:f0:6e:77:d0:d9:67:84:7e:b8:06:0c:
                    96:66:cc:a8:2e:ad:81:55:14:3c:cd:d5:19:c6:a6:
                    4b:76:cc:32:37:cc:a0:15:6b:ff:ec:7a:a7:b0:7f:
                    f4:96:a0:05:b6:3f:a6:07:e2:19:ee:39:30:c2:b3:
                    a1:6c:79:6b:89:82:5c:53:71:b9:f7:cd:c7:34:d9:
                    a2:2a:8b:b3:3b:26:87:7b:af:be:8e:f6:d7:0a:d8:
                    5b:b2:81:c2:94:a5:58:f7:c9:bb:e5:c9:58:4b:18:
                    6b:95:4a:e8:45:a4:0d:df:b3:80:d0:6a:e9:a8:4f:
                    47:e7:5e:27:64:ae:e2:05:64:2a:c0:d2:e9:54:47:
                    d0:1d:dc:ae:39:61:3a:fe:f4:e8:f7:de:6e:53:a4:
                    47:c5:3c:18:c7:25:43:b4:47:38:82:89:63:6b:25:
                    71:bf:38:75:06:ae:83:68:f9:54:07:05:5c:3d:10:
                    db:cf:26:ef:05:5f:d7:e9:ec:c2:a0:62:c1:f4:aa:
                    80:d9:e4:77:5f:62:35:73:62:20:b1:f4:7a:90:41:
                    3c:ff:f4:4f:09:f1:a9:22:37:60:25:e8:55:e8:52:
                    10:d5:7d:c9:d3:30:e5:ad:5b:89:fc:f4:7c:57:59:
                    eb:bc:be:b7:32:4f:82:ab:20:d4:f8:1d:73:79:64:
                    ce:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:95:DA:0D:AA:8C:2E:74:03:F3:FA:66:56:9B:39:2E:8B:5E:BD:8B
            X509v3 Authority Key Identifier:
                keyid:52:22:6F:67:1C:26:43:A5:C0:48:46:26:4F:EE:01:F9:43:AC:2B:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UiJvZxwmQ6XASEYmT-4B-UOsK_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/2b4d0f-219f-4c00-8648-a12de3a33553/1/OpXaDaqMLnQD8_pmVps5LotevYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/2b4d0f-219f-4c00-8648-a12de3a33553/1/UiJvZxwmQ6XASEYmT-4B-UOsK_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.86.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:1b:d7:f3:60:0e:a0:3a:a8:01:1d:7a:46:8b:cf:5d:64:a3:
         a8:56:78:25:3f:8c:83:0b:10:f8:f0:6e:2d:76:d2:3f:a3:58:
         30:81:77:e7:1c:a4:3d:68:3a:4c:e5:c1:10:13:05:a3:ed:ce:
         22:80:7c:1e:9b:74:80:9f:63:f6:35:be:4a:13:16:e4:82:25:
         30:b4:51:2e:45:06:ca:cc:e8:01:26:eb:9b:d2:08:bf:93:40:
         4a:4a:8d:94:a7:a1:f5:57:86:c7:fd:85:14:b0:c8:30:38:71:
         3c:2a:20:0b:b9:c1:6c:0a:b2:28:f2:36:c4:c8:53:8f:8f:ee:
         41:18:16:12:cd:a9:f8:ba:ed:8e:f4:2e:a2:2c:a4:3d:b1:43:
         55:ef:57:a7:a3:12:0d:19:92:0c:54:13:45:cc:e0:3c:67:9b:
         0d:2d:45:f7:52:37:5c:51:f1:ca:60:8d:dc:59:61:80:96:e3:
         15:ec:f4:f7:3e:7c:8c:bc:bb:39:79:da:1b:ef:60:6e:e3:ac:
         52:ea:1a:3b:02:0d:f6:3b:52:c5:6f:a7:bc:65:e5:7f:24:6f:
         6d:26:f1:89:ee:2e:9a:a1:60:1c:13:34:7d:bb:aa:cf:5e:ae:
         be:92:5c:fd:07:ca:ad:fb:e5:dd:9b:ce:74:bd:8c:e5:a2:aa:
         b0:46:6c:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ70EjiKed7T3WUaCF2GmU3XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMjI2ZjY3MWMyNjQzYTVjMDQ4NDYyNjRmZWUwMWY5NDNh
YzJiZmMwHhcNMjYwNjIzMTA0MTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTk1ZGEwZGFhOGMyZTc0MDNmM2ZhNjY1NjliMzkyZThiNWViZDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04EW8G530NlnhH64BgyWZsyoLq2B
VRQ8zdUZxqZLdswyN8ygFWv/7HqnsH/0lqAFtj+mB+IZ7jkwwrOhbHlriYJcU3G5
983HNNmiKouzOyaHe6++jvbXCthbsoHClKVY98m75clYSxhrlUroRaQN37OA0Grp
qE9H514nZK7iBWQqwNLpVEfQHdyuOWE6/vTo995uU6RHxTwYxyVDtEc4goljayVx
vzh1Bq6DaPlUBwVcPRDbzybvBV/X6ezCoGLB9KqA2eR3X2I1c2IgsfR6kEE8//RP
CfGpIjdgJehV6FIQ1X3J0zDlrVuJ/PR8V1nrvL63Mk+CqyDU+B1zeWTOmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDqV2g2qjC50A/P6ZlabOS6LXr2LMB8GA1UdIwQY
MBaAFFIib2ccJkOlwEhGJk/uAflDrCv8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWlKdlp4d21RNlhBU0VZbVQtNEItVU9zS193LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8yYjRkMGYtMjE5Zi00YzAwLTg2NDgt
YTEyZGUzYTMzNTUzLzEvT3BYYURhcU1MblFEOF9wbVZwczVMb3RldllzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8yYjRkMGYtMjE5Zi00YzAwLTg2NDgtYTEyZGUzYTMzNTUz
LzEvVWlKdlp4d21RNlhBU0VZbVQtNEItVU9zS193LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFbZMA0G
CSqGSIb3DQEBCwUAA4IBAQCQG9fzYA6gOqgBHXpGi89dZKOoVnglP4yDCxD48G4t
dtI/o1gwgXfnHKQ9aDpM5cEQEwWj7c4igHwem3SAn2P2Nb5KExbkgiUwtFEuRQbK
zOgBJuub0gi/k0BKSo2Up6H1V4bH/YUUsMgwOHE8KiALucFsCrIo8jbEyFOPj+5B
GBYSzan4uu2O9C6iLKQ9sUNV71enoxINGZIMVBNFzOA8Z5sNLUX3UjdcUfHKYI3c
WWGAluMV7PT3PnyMvLs5edob72Bu46xS6ho7Ag32O1LFb6e8ZeV/JG9tJvGJ7i6a
oWAcEzR9u6rPXq6+klz9B8qt++Xdm850vYzloqqwRmwG
-----END CERTIFICATE-----