Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/OgnY-NMSgOoCE-ZScEAylkDalwg.roa
File:                     OgnY-NMSgOoCE-ZScEAylkDalwg.roa (raw, json)
Hash identifier:          bN2n0Sah+rX6MTACLojpsSKmVutIyRbwm/7BMMyURRc=
Subject key identifier:   3A:09:D8:F8:D3:12:80:EA:02:13:E6:52:70:40:32:96:40:DA:97:08
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019E49F645742BE10EC9C67C631D73976CA9
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/OgnY-NMSgOoCE-ZScEAylkDalwg.roa
Signing time:             Thu 21 May 2026 09:55:36 +0000
ROA not before:           Thu 21 May 2026 09:55:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207691
IP address blocks:        78.128.10.0/23 maxlen: 24
                          185.43.56.0/23 maxlen: 24
                          185.43.56.0/24 maxlen: 24
                          185.43.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:49:f6:45:74:2b:e1:0e:c9:c6:7c:63:1d:73:97:6c:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: May 21 09:55:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a09d8f8d31280ea0213e6527040329640da9708
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:9e:14:94:21:03:7a:a5:8a:c8:ea:da:21:99:
                    5a:61:b2:16:fa:c2:59:a0:c4:73:a5:df:98:2b:d7:
                    a0:87:fa:9a:dd:f7:55:6f:4d:6f:ad:7f:99:f1:77:
                    3d:77:fc:0e:a2:ba:7c:83:7e:91:44:33:d1:fc:4e:
                    63:09:62:10:4f:9c:a9:19:e9:14:ed:7f:bc:de:04:
                    5d:30:c1:cf:8e:f2:db:33:8b:36:0b:83:fd:a5:2a:
                    72:cb:ee:45:e4:f3:63:bc:33:02:00:99:32:63:8c:
                    9e:86:c4:00:f2:ff:84:b7:4a:70:ca:75:07:51:15:
                    63:cc:4d:a4:52:8e:71:15:3f:c9:9e:ed:fe:96:51:
                    ee:d8:f4:ab:8d:ba:11:bb:0a:9a:26:66:87:82:26:
                    5c:1c:a8:30:3f:02:5e:64:68:71:f6:a9:27:cc:40:
                    a2:cc:92:90:30:5c:27:25:39:01:a3:4a:dd:9a:f1:
                    9b:46:35:1a:55:8b:b8:26:65:3f:3a:bf:d8:82:af:
                    59:31:10:80:cb:ee:94:41:e0:df:24:8f:39:41:16:
                    dd:02:f7:04:76:2a:72:75:a6:07:9b:84:9d:d6:be:
                    9d:e6:eb:69:fd:bb:5b:88:59:62:37:34:ba:30:36:
                    4b:ca:fe:cd:29:3e:e2:6a:3c:4e:17:b8:c2:01:4c:
                    da:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:09:D8:F8:D3:12:80:EA:02:13:E6:52:70:40:32:96:40:DA:97:08
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/OgnY-NMSgOoCE-ZScEAylkDalwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.128.10.0/23
                  185.43.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:47:05:9d:fe:52:1a:6a:47:03:5b:bd:fa:d5:09:cd:c8:52:
         55:51:59:e0:04:5c:a6:6d:fc:49:04:47:b1:81:20:1c:cd:c9:
         91:a2:0c:53:19:2f:df:d2:2a:82:c3:04:96:95:28:94:c0:f5:
         e4:63:17:df:92:56:cb:ff:07:e4:2f:00:d0:49:25:28:77:d2:
         2d:ff:40:a3:45:72:0f:c6:12:8a:1e:d1:91:4d:02:bc:95:d8:
         75:dc:6d:52:ce:a2:45:7d:5e:04:73:ec:14:f7:0a:8e:77:82:
         1b:73:0b:00:8b:5a:53:d9:a7:b8:64:e8:39:29:c3:e4:50:2a:
         00:64:3a:97:f8:05:3b:df:57:f1:cc:72:b5:40:74:d2:32:18:
         e5:44:14:3a:e2:90:bf:98:ba:42:c5:80:7e:ad:b9:7f:e9:b7:
         3f:bc:4e:cc:57:3e:79:cd:8c:4b:70:56:10:41:80:91:0c:6b:
         1f:5e:ae:b5:8e:b6:73:e9:77:2a:70:ba:fb:4e:0d:2d:f0:8f:
         3e:80:46:88:59:8a:e8:12:72:ba:ff:f3:13:bf:9d:89:7a:30:
         8b:94:bc:0d:9d:33:73:65:99:0d:a2:53:c9:e4:dd:c1:44:52:
         08:b3:79:5d:a5:0c:5a:fa:71:3a:79:f7:af:47:30:72:c4:c2:
         91:6c:bc:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5J9kV0K+EOycZ8Yx1zl2ypMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjYwNTIxMDk1NTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTA5ZDhmOGQzMTI4MGVhMDIxM2U2NTI3MDQwMzI5NjQwZGE5NzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt54UlCEDeqWKyOraIZlaYbIW+sJZ
oMRzpd+YK9egh/qa3fdVb01vrX+Z8Xc9d/wOorp8g36RRDPR/E5jCWIQT5ypGekU
7X+83gRdMMHPjvLbM4s2C4P9pSpyy+5F5PNjvDMCAJkyY4yehsQA8v+Et0pwynUH
URVjzE2kUo5xFT/Jnu3+llHu2PSrjboRuwqaJmaHgiZcHKgwPwJeZGhx9qknzECi
zJKQMFwnJTkBo0rdmvGbRjUaVYu4JmU/Or/Ygq9ZMRCAy+6UQeDfJI85QRbdAvcE
dipydaYHm4Sd1r6d5utp/btbiFliNzS6MDZLyv7NKT7iajxOF7jCAUzatwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDoJ2PjTEoDqAhPmUnBAMpZA2pcIMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvT2duWS1OTVNnT29DRS1aU2NFQXlsa0RhbHdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBToAKAwQB
uSs4MA0GCSqGSIb3DQEBCwUAA4IBAQB2RwWd/lIaakcDW7361QnNyFJVUVngBFym
bfxJBEexgSAczcmRogxTGS/f0iqCwwSWlSiUwPXkYxffklbL/wfkLwDQSSUod9It
/0CjRXIPxhKKHtGRTQK8ldh13G1SzqJFfV4Ec+wU9wqOd4IbcwsAi1pT2ae4ZOg5
KcPkUCoAZDqX+AU731fxzHK1QHTSMhjlRBQ64pC/mLpCxYB+rbl/6bc/vE7MVz55
zYxLcFYQQYCRDGsfXq61jrZz6XcqcLr7Tg0t8I8+gEaIWYroEnK6//MTv52JejCL
lLwNnTNzZZkNolPJ5N3BRFIIs3ldpQxa+nE6efevRzByxMKRbLyZ
-----END CERTIFICATE-----