Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/OLla4azvXvDVFfwRUwN-WTflF_s.roa
File:                     OLla4azvXvDVFfwRUwN-WTflF_s.roa (raw, json)
Hash identifier:          03MQq5dEo3oE8HaXDBpjZ1A6N/fjcCiZ35oFLaXfAU8=
Subject key identifier:   38:B9:5A:E1:AC:EF:5E:F0:D5:15:FC:11:53:03:7E:59:37:E5:17:FB
Certificate issuer:       /CN=0e3f31c9eace6f0a5eccdb8df2b01c7351568686
Certificate serial:       019DAD0433C96B3936A6365562D1FCA2E4B6
Authority key identifier: 0E:3F:31:C9:EA:CE:6F:0A:5E:CC:DB:8D:F2:B0:1C:73:51:56:86:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/OLla4azvXvDVFfwRUwN-WTflF_s.roa
Signing time:             Mon 20 Apr 2026 22:30:26 +0000
ROA not before:           Mon 20 Apr 2026 22:30:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204785
IP address blocks:        185.73.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 22:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ad:04:33:c9:6b:39:36:a6:36:55:62:d1:fc:a2:e4:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e3f31c9eace6f0a5eccdb8df2b01c7351568686
        Validity
            Not Before: Apr 20 22:30:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=38b95ae1acef5ef0d515fc1153037e5937e517fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:67:e3:98:05:4d:0d:36:68:b1:e3:b2:7f:61:
                    b9:aa:37:31:53:1b:d2:6d:5c:47:02:d8:3b:c8:93:
                    a2:ae:d1:98:79:ff:8c:45:e1:42:b2:34:08:81:58:
                    8e:10:ef:41:b8:4a:72:a0:39:35:65:6b:f2:79:97:
                    9f:fb:4a:4f:4d:e1:eb:79:92:b6:94:e9:2d:94:1a:
                    15:58:06:14:aa:aa:50:0d:8a:a4:b1:a6:b5:22:e2:
                    9d:30:3c:37:19:08:57:5c:c0:6a:f8:53:df:bc:83:
                    ac:d7:71:95:8f:8f:3d:84:4e:c5:40:80:b4:e2:6f:
                    b5:40:31:76:c3:e9:b3:30:d9:78:dc:e4:a7:26:f1:
                    f3:39:db:ab:dd:cb:2b:36:62:5d:f6:3c:6c:41:7a:
                    61:90:b4:05:e6:9a:b1:51:96:e9:a9:20:bb:81:b4:
                    2a:3d:9e:70:85:6a:e1:90:f4:ce:bc:86:fa:5a:8b:
                    e7:d7:74:cb:5f:d2:3e:23:d2:75:9a:5c:fc:fc:df:
                    2e:c5:08:13:ae:84:3f:fb:a8:9f:f6:f8:73:98:1e:
                    25:4c:d5:cc:38:08:d5:7d:27:ea:9b:ea:53:5a:f1:
                    a3:17:34:06:2a:fe:87:15:21:fb:f5:6d:52:3c:37:
                    b2:cf:9a:4c:ba:26:79:2a:f9:55:f3:1a:fa:29:87:
                    0f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:B9:5A:E1:AC:EF:5E:F0:D5:15:FC:11:53:03:7E:59:37:E5:17:FB
            X509v3 Authority Key Identifier:
                keyid:0E:3F:31:C9:EA:CE:6F:0A:5E:CC:DB:8D:F2:B0:1C:73:51:56:86:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/OLla4azvXvDVFfwRUwN-WTflF_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:3a:68:02:a6:6a:2f:45:a0:f9:22:73:07:40:d7:e4:22:a3:
         25:f8:84:b6:c9:2a:5c:4d:7f:70:d2:79:9d:6c:44:53:b3:5d:
         ce:28:81:29:36:d5:01:6f:fa:c3:a2:77:8e:7e:86:75:11:be:
         48:8d:a9:70:a4:ed:93:47:77:ae:5e:34:38:9f:cc:94:27:8e:
         54:25:67:a6:eb:73:aa:af:8d:a4:3f:b5:52:9f:bc:20:fe:fe:
         51:cc:76:72:36:04:a5:a0:d4:28:93:69:4e:bb:37:b5:cd:e1:
         f8:98:11:6a:17:d0:0c:58:25:f1:75:d8:6f:85:1c:6e:9e:d5:
         a3:38:ca:8d:ad:21:5b:72:8d:fa:0c:5f:be:b1:40:7e:71:a6:
         94:17:3b:91:a7:97:5f:b2:ec:64:82:35:84:bf:d2:19:a5:4f:
         4c:e1:49:0c:bc:82:1d:ee:99:55:21:12:15:44:42:4e:a7:0e:
         49:bd:19:4c:ed:97:23:b0:40:6a:af:db:ca:56:8c:29:f9:56:
         c7:d7:65:1f:ce:21:f5:98:36:c1:15:15:b4:9b:cc:76:0d:19:
         17:76:c6:e5:9e:5f:88:ee:f8:f1:08:b1:e3:a4:f7:20:41:7c:
         1f:84:ee:ad:28:66:a4:06:12:f3:b0:42:ec:23:17:44:ac:8c:
         7c:6f:90:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2tBDPJazk2pjZVYtH8ouS2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlM2YzMWM5ZWFjZTZmMGE1ZWNjZGI4ZGYyYjAxYzczNTE1
Njg2ODYwHhcNMjYwNDIwMjIzMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGI5NWFlMWFjZWY1ZWYwZDUxNWZjMTE1MzAzN2U1OTM3ZTUxN2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomfjmAVNDTZoseOyf2G5qjcxUxvS
bVxHAtg7yJOirtGYef+MReFCsjQIgViOEO9BuEpyoDk1ZWvyeZef+0pPTeHreZK2
lOktlBoVWAYUqqpQDYqksaa1IuKdMDw3GQhXXMBq+FPfvIOs13GVj489hE7FQIC0
4m+1QDF2w+mzMNl43OSnJvHzOdur3csrNmJd9jxsQXphkLQF5pqxUZbpqSC7gbQq
PZ5whWrhkPTOvIb6Wovn13TLX9I+I9J1mlz8/N8uxQgTroQ/+6if9vhzmB4lTNXM
OAjVfSfqm+pTWvGjFzQGKv6HFSH79W1SPDeyz5pMuiZ5KvlV8xr6KYcPBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDi5WuGs717w1RX8EVMDflk35Rf7MB8GA1UdIwQY
MBaAFA4/Mcnqzm8KXszbjfKwHHNRVoaGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGo4eHllck9id3Blek51TjhyQWNjMUZXaG9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9hNmRkYTEtMWI4Ny00ZWMzLTkzOGYt
ZGQ1ZGRkMDVkYjBiLzEvT0xsYTRhenZYdkRWRmZ3UlV3Ti1XVGZsRl9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9hNmRkYTEtMWI4Ny00ZWMzLTkzOGYtZGQ1ZGRkMDVkYjBi
LzEvRGo4eHllck9id3Blek51TjhyQWNjMUZXaG9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUl9MA0G
CSqGSIb3DQEBCwUAA4IBAQAPOmgCpmovRaD5InMHQNfkIqMl+IS2ySpcTX9w0nmd
bERTs13OKIEpNtUBb/rDoneOfoZ1Eb5IjalwpO2TR3euXjQ4n8yUJ45UJWem63Oq
r42kP7VSn7wg/v5RzHZyNgSloNQok2lOuze1zeH4mBFqF9AMWCXxddhvhRxuntWj
OMqNrSFbco36DF++sUB+caaUFzuRp5dfsuxkgjWEv9IZpU9M4UkMvIId7plVIRIV
REJOpw5JvRlM7ZcjsEBqr9vKVowp+VbH12UfziH1mDbBFRW0m8x2DRkXdsblnl+I
7vjxCLHjpPcgQXwfhO6tKGakBhLzsELsIxdErIx8b5Ag
-----END CERTIFICATE-----