Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/ef85f2-ba01-4447-a6b4-fc81918c4887/1/OnyZlnAGFE9z6qHS8PQZpxuPoJI.roa
File:                     OnyZlnAGFE9z6qHS8PQZpxuPoJI.roa (raw, json)
Hash identifier:          MSNL5ZzuAie/1vcGJ5gTivp3rjaaK9xa+gQRkIgvUMw=
Subject key identifier:   3A:7C:99:96:70:06:14:4F:73:EA:A1:D2:F0:F4:19:A7:1B:8F:A0:92
Certificate issuer:       /CN=095e95bcc8d0de18baf840910079bbc27be9bbf2
Certificate serial:       019DB03B4184F32CB6039D949708E9EAAD21
Authority key identifier: 09:5E:95:BC:C8:D0:DE:18:BA:F8:40:91:00:79:BB:C2:7B:E9:BB:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CV6VvMjQ3hi6-ECRAHm7wnvpu_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/ef85f2-ba01-4447-a6b4-fc81918c4887/1/OnyZlnAGFE9z6qHS8PQZpxuPoJI.roa
Signing time:             Tue 21 Apr 2026 13:29:26 +0000
ROA not before:           Tue 21 Apr 2026 13:29:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203133
IP address blocks:        185.217.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/ef85f2-ba01-4447-a6b4-fc81918c4887/1/CV6VvMjQ3hi6-ECRAHm7wnvpu_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/ef85f2-ba01-4447-a6b4-fc81918c4887/1/CV6VvMjQ3hi6-ECRAHm7wnvpu_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CV6VvMjQ3hi6-ECRAHm7wnvpu_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 13:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:3b:41:84:f3:2c:b6:03:9d:94:97:08:e9:ea:ad:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=095e95bcc8d0de18baf840910079bbc27be9bbf2
        Validity
            Not Before: Apr 21 13:29:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a7c99967006144f73eaa1d2f0f419a71b8fa092
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b1:22:40:0c:20:0f:a9:cc:77:b0:61:3e:df:
                    e5:8c:1a:44:c7:64:31:ea:5c:18:57:66:92:49:bf:
                    05:51:a0:da:38:9b:2a:15:eb:0d:52:74:7c:31:93:
                    a5:38:48:12:42:89:6a:ef:df:bd:cd:5f:65:66:33:
                    da:c7:9f:23:d3:21:91:79:8e:a4:6d:d0:52:9b:0c:
                    04:9b:04:89:80:f7:ad:42:81:3d:ee:62:04:51:a0:
                    ee:3d:9d:cd:8f:1a:59:5f:ff:fc:c3:b8:4a:f7:3f:
                    86:48:cf:ca:c5:3a:2d:de:0c:25:9a:2e:63:c9:8f:
                    5c:b6:c0:15:c2:f1:f6:5f:6b:9d:8a:d2:f3:c1:83:
                    21:f4:34:14:bf:33:13:31:a4:22:4d:b7:3f:6d:fa:
                    2f:84:45:60:37:5b:67:5e:55:e8:1d:35:12:38:5d:
                    cb:5c:b1:6a:b3:35:b0:ec:1e:e0:9d:b6:11:b2:82:
                    20:a0:7d:86:b8:71:61:1d:14:d7:5c:6c:75:c8:9e:
                    46:42:20:66:53:d9:8d:9e:12:3f:d5:08:8a:49:d3:
                    bc:bb:4a:30:08:db:9b:e4:ff:a7:dc:56:c2:2e:0b:
                    72:42:27:be:91:bf:3d:76:26:b8:70:de:b6:a9:6b:
                    d0:02:41:97:78:7b:d3:17:77:eb:80:a2:57:c0:9b:
                    5f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:7C:99:96:70:06:14:4F:73:EA:A1:D2:F0:F4:19:A7:1B:8F:A0:92
            X509v3 Authority Key Identifier:
                keyid:09:5E:95:BC:C8:D0:DE:18:BA:F8:40:91:00:79:BB:C2:7B:E9:BB:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CV6VvMjQ3hi6-ECRAHm7wnvpu_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ef85f2-ba01-4447-a6b4-fc81918c4887/1/OnyZlnAGFE9z6qHS8PQZpxuPoJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ef85f2-ba01-4447-a6b4-fc81918c4887/1/CV6VvMjQ3hi6-ECRAHm7wnvpu_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:e6:81:d8:00:d1:a4:61:79:5f:20:25:e1:45:e3:06:bb:74:
         e1:c9:c5:b9:c3:69:ff:bf:66:1d:75:0e:83:05:8f:5b:f7:d0:
         e3:01:3d:c0:4b:6d:3e:22:9b:c8:29:3b:95:58:9d:a3:75:e5:
         51:0e:2d:fa:71:19:af:69:a3:f0:c4:ac:fb:40:c3:57:1a:ee:
         04:c5:83:4b:75:45:63:5a:99:b9:b6:ee:d0:bf:bc:6f:1b:0f:
         9d:ae:15:9b:4f:9e:71:02:a6:bd:ea:d7:d1:3a:38:29:f8:ae:
         9f:63:be:18:cf:79:e3:3a:b1:ec:84:c8:9a:48:b1:8d:4b:09:
         d5:73:34:b4:d9:e9:e0:67:83:a7:04:aa:c7:12:a9:c4:02:8e:
         e3:71:d8:1c:e8:b9:3d:4c:7a:13:83:72:64:29:e4:6c:a8:e4:
         26:c1:b0:d5:d7:c5:c7:97:37:16:06:3d:ab:45:ba:e0:55:50:
         00:df:58:32:54:fe:81:6b:ca:8c:6a:2d:52:fe:68:60:a3:b5:
         d9:6c:6e:40:b8:c8:22:50:65:56:9f:64:3b:c8:8b:55:76:98:
         eb:42:d5:74:72:3f:ed:e4:7d:ce:18:2e:a4:c6:ea:37:08:6f:
         81:be:88:44:1a:b0:45:bd:91:b6:48:64:43:6b:8b:16:90:b3:
         a6:15:1c:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2wO0GE8yy2A52Ulwjp6q0hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NWU5NWJjYzhkMGRlMThiYWY4NDA5MTAwNzliYmMyN2Jl
OWJiZjIwHhcNMjYwNDIxMTMyOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTdjOTk5NjcwMDYxNDRmNzNlYWExZDJmMGY0MTlhNzFiOGZhMDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7EiQAwgD6nMd7BhPt/ljBpEx2Qx
6lwYV2aSSb8FUaDaOJsqFesNUnR8MZOlOEgSQolq79+9zV9lZjPax58j0yGReY6k
bdBSmwwEmwSJgPetQoE97mIEUaDuPZ3NjxpZX//8w7hK9z+GSM/KxTot3gwlmi5j
yY9ctsAVwvH2X2uditLzwYMh9DQUvzMTMaQiTbc/bfovhEVgN1tnXlXoHTUSOF3L
XLFqszWw7B7gnbYRsoIgoH2GuHFhHRTXXGx1yJ5GQiBmU9mNnhI/1QiKSdO8u0ow
CNub5P+n3FbCLgtyQie+kb89dia4cN62qWvQAkGXeHvTF3frgKJXwJtfRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDp8mZZwBhRPc+qh0vD0Gacbj6CSMB8GA1UdIwQY
MBaAFAlelbzI0N4YuvhAkQB5u8J76bvyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1Y2VnZNalEzaGk2LUVDUkFIbTd3bnZwdV9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9lZjg1ZjItYmEwMS00NDQ3LWE2YjQt
ZmM4MTkxOGM0ODg3LzEvT255WmxuQUdGRTl6NnFIUzhQUVpweHVQb0pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9lZjg1ZjItYmEwMS00NDQ3LWE2YjQtZmM4MTkxOGM0ODg3
LzEvQ1Y2VnZNalEzaGk2LUVDUkFIbTd3bnZwdV9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudnYMA0G
CSqGSIb3DQEBCwUAA4IBAQAy5oHYANGkYXlfICXhReMGu3ThycW5w2n/v2YddQ6D
BY9b99DjAT3AS20+IpvIKTuVWJ2jdeVRDi36cRmvaaPwxKz7QMNXGu4ExYNLdUVj
Wpm5tu7Qv7xvGw+drhWbT55xAqa96tfROjgp+K6fY74Yz3njOrHshMiaSLGNSwnV
czS02engZ4OnBKrHEqnEAo7jcdgc6Lk9THoTg3JkKeRsqOQmwbDV18XHlzcWBj2r
RbrgVVAA31gyVP6Ba8qMai1S/mhgo7XZbG5AuMgiUGVWn2Q7yItVdpjrQtV0cj/t
5H3OGC6kxuo3CG+BvohEGrBFvZG2SGRDa4sWkLOmFRxb
-----END CERTIFICATE-----