Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/OOgM0-iyUugGKM1AErBHV3ak228.roa
File:                     OOgM0-iyUugGKM1AErBHV3ak228.roa (raw, json)
Hash identifier:          CzxOqgB3SowyUJL8kJyxpZhbGu+OOlEvXGgaW+6e45A=
Subject key identifier:   38:E8:0C:D3:E8:B2:52:E8:06:28:CD:40:12:B0:47:57:76:A4:DB:6F
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       019E16DA78435B4B3BD7644E6DE9558B9181
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/OOgM0-iyUugGKM1AErBHV3ak228.roa
Signing time:             Mon 11 May 2026 11:44:36 +0000
ROA not before:           Mon 11 May 2026 11:44:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58144
IP address blocks:        185.20.252.0/22 maxlen: 24
                          185.20.252.0/24 maxlen: 24
                          185.20.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 May 2026 11:44:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:16:da:78:43:5b:4b:3b:d7:64:4e:6d:e9:55:8b:91:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: May 11 11:44:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=38e80cd3e8b252e80628cd4012b0475776a4db6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:3c:ce:a2:f5:e7:a2:4b:c6:bb:cc:f5:56:7c:
                    98:f0:f1:c6:89:21:3a:85:b0:d6:07:d1:00:85:ea:
                    29:f7:49:d6:35:d6:69:52:c3:0c:42:7d:15:6c:55:
                    7e:3f:15:16:7c:a8:83:4b:10:ac:fb:5e:a6:6f:a6:
                    22:0f:18:78:e3:75:df:b1:a8:b3:df:73:f0:49:4e:
                    f4:a6:6c:26:94:e2:ad:2f:74:a2:9d:34:d8:e9:a9:
                    27:8c:42:34:43:6e:5c:a0:c6:11:9d:86:29:c2:0e:
                    77:ac:35:0b:4d:c5:e1:f3:30:77:4b:dd:f6:b0:25:
                    c3:d9:21:7e:4d:82:f2:39:d2:f3:a2:bb:2b:c7:26:
                    5d:b9:92:bd:49:f4:20:e6:6a:29:a7:0a:ef:60:59:
                    78:d0:d3:bc:b8:fe:6e:2b:a9:6d:dc:46:e2:10:e0:
                    da:84:37:a2:70:d5:34:ba:96:58:13:5f:e0:e6:92:
                    55:af:66:17:68:98:9f:da:fb:ca:d3:ae:a9:07:d3:
                    93:29:33:cf:a3:cd:53:0e:e2:2e:85:07:db:7b:97:
                    2d:61:3e:dc:67:94:f7:f4:c5:6c:41:84:f8:e6:60:
                    fe:2c:e5:6f:f0:55:84:21:8d:59:81:b5:60:3e:e5:
                    38:1a:34:d0:4b:53:c9:dd:63:ba:82:ea:4d:ad:fb:
                    60:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:E8:0C:D3:E8:B2:52:E8:06:28:CD:40:12:B0:47:57:76:A4:DB:6F
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/OOgM0-iyUugGKM1AErBHV3ak228.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:5c:05:65:bf:6f:c7:e1:5e:7d:17:43:d9:37:ca:39:9c:b4:
         70:99:f8:7c:b4:bc:de:15:77:d1:1a:71:f2:f5:21:c4:67:18:
         60:9e:af:ae:fe:72:59:ab:54:ea:05:c6:e3:fe:51:99:11:fe:
         bc:0e:b0:90:8b:b0:d4:38:79:ec:e4:1b:5b:b8:4d:d7:d4:07:
         e3:e1:4e:f4:a9:c5:65:37:b6:ab:96:b3:58:6f:3a:f6:bc:2a:
         25:b3:7e:3a:63:6c:f8:ef:dd:2e:f5:85:9a:36:03:7d:6c:90:
         c7:89:62:c8:f6:13:9c:01:03:87:d3:70:9b:06:86:d8:10:7e:
         16:4d:99:36:c4:f2:72:b9:31:34:82:2a:42:6c:7a:b9:80:e0:
         36:cb:79:43:bd:18:cc:4d:b9:61:b4:72:da:f9:f1:14:7a:92:
         ed:ef:f4:d5:79:8c:fe:9f:12:b8:ca:40:86:8c:a4:f0:cf:3f:
         96:c4:32:c6:58:48:30:c8:29:f4:85:85:6e:cb:03:90:2c:3e:
         98:64:6b:d2:c0:46:4e:6a:ff:98:74:d4:47:ba:10:2e:9a:98:
         1c:f5:99:75:16:5e:8c:fe:8c:31:2e:db:b8:5f:f4:33:a2:5a:
         de:3d:58:fb:b8:d7:46:65:1c:64:c0:25:63:cb:17:df:8d:f7:
         0c:6f:9c:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4W2nhDW0s712RObelVi5GBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjYwNTExMTE0NDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGU4MGNkM2U4YjI1MmU4MDYyOGNkNDAxMmIwNDc1Nzc2YTRkYjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTzOovXnokvGu8z1VnyY8PHGiSE6
hbDWB9EAheop90nWNdZpUsMMQn0VbFV+PxUWfKiDSxCs+16mb6YiDxh443Xfsaiz
33PwSU70pmwmlOKtL3SinTTY6aknjEI0Q25coMYRnYYpwg53rDULTcXh8zB3S932
sCXD2SF+TYLyOdLzorsrxyZduZK9SfQg5moppwrvYFl40NO8uP5uK6lt3EbiEODa
hDeicNU0upZYE1/g5pJVr2YXaJif2vvK066pB9OTKTPPo81TDuIuhQfbe5ctYT7c
Z5T39MVsQYT45mD+LOVv8FWEIY1ZgbVgPuU4GjTQS1PJ3WO6gupNrftgKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDjoDNPoslLoBijNQBKwR1d2pNtvMB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvT09nTTAtaXlVdWdHS00xQUVyQkhWM2FrMjI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRT8MA0G
CSqGSIb3DQEBCwUAA4IBAQA0XAVlv2/H4V59F0PZN8o5nLRwmfh8tLzeFXfRGnHy
9SHEZxhgnq+u/nJZq1TqBcbj/lGZEf68DrCQi7DUOHns5BtbuE3X1Afj4U70qcVl
N7arlrNYbzr2vCols346Y2z4790u9YWaNgN9bJDHiWLI9hOcAQOH03CbBobYEH4W
TZk2xPJyuTE0gipCbHq5gOA2y3lDvRjMTblhtHLa+fEUepLt7/TVeYz+nxK4ykCG
jKTwzz+WxDLGWEgwyCn0hYVuywOQLD6YZGvSwEZOav+YdNRHuhAumpgc9Zl1Fl6M
/owxLtu4X/QzolrePVj7uNdGZRxkwCVjyxffjfcMb5wi
-----END CERTIFICATE-----